Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-1046
Publication date:
16/07/2018
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2020

CVE-2018-10840
Publication date:
16/07/2018
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2023

CVE-2018-10886
Publication date:
16/07/2018
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-14324
Publication date:
16/07/2018
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2019

CVE-2018-10859
Publication date:
16/07/2018
git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-14325
Publication date:
16/07/2018
In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-14326
Publication date:
16/07/2018
In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-5239
Publication date:
16/07/2018
Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-0360
Publication date:
16/07/2018
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2019

CVE-2018-0361
Publication date:
16/07/2018
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2019

CVE-2018-0383
Publication date:
16/07/2018
A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected software incorrectly handles FTP control connections. An attacker could exploit this vulnerability by sending a maliciously crafted FTP connection to transfer a file to an affected device. A successful exploit could allow the attacker to bypass a file policy that is configured to apply the Block upload with reset action to FTP traffic. Cisco Bug IDs: CSCvh70130.
Severity CVSS v4.0: Pending analysis
Last modification:
26/11/2024

CVE-2018-0384
Publication date:
16/07/2018
A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected software incorrectly handles TCP packets that are received out of order when a TCP SYN retransmission is issued. An attacker could exploit this vulnerability by sending a maliciously crafted connection through an affected device. A successful exploit could allow the attacker to bypass a URL-based access control policy that is configured to block traffic for the affected system. Cisco Bug IDs: CSCvh84511.
Severity CVSS v4.0: Pending analysis
Last modification:
26/11/2024
Subscribe to Vulnerabilities