Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-6970
Publication date:
13/08/2018
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2018

CVE-2018-15124
Publication date:
13/08/2018
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2018

CVE-2018-15125
Publication date:
13/08/2018
Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2018

CVE-2018-15123
Publication date:
13/08/2018
Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-14781
Publication date:
13/08/2018
Medtronic MiniMed MMT <br /> <br /> devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2025

CVE-2018-10634
Publication date:
13/08/2018
Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2025

CVE-2018-10636
Publication date:
13/08/2018
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2020

CVE-2018-10598
Publication date:
13/08/2018
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-3782
Publication date:
13/08/2018
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1002203. Reason: This candidate is a reservation duplicate of CVE-2018-1002203. Notes: All CVE users should reference CVE-2018-1002203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-3781
Publication date:
13/08/2018
A missing sanitization of search results for an autocomplete field in NextCloud Talk
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-3780
Publication date:
13/08/2018
A missing sanitization of search results for an autocomplete field in NextCloud Server
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-15145
Publication date:
13/08/2018
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2018
Subscribe to Vulnerabilities