Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-11105
Publication date:
15/05/2018
There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2023

CVE-2018-3611
Publication date:
15/05/2018
Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2018

CVE-2018-3661
Publication date:
15/05/2018
Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
19/06/2018

CVE-2018-3634
Publication date:
15/05/2018
Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2023

CVE-2018-1131
Publication date:
15/05/2018
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-10825
Publication date:
15/05/2018
Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the position and temperature of a baby via a replay or spoofing attack.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-11102
Publication date:
15/05/2018
An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
Severity CVSS v4.0: Pending analysis
Last modification:
02/09/2019

CVE-2018-11098
Publication date:
15/05/2018
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
Severity CVSS v4.0: Pending analysis
Last modification:
19/06/2018

CVE-2018-11097
Publication date:
15/05/2018
An issue was discovered in cloudwu/cstring through 2016-11-09. There is a memory leak vulnerability that could lead to a program crash.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-11100
Publication date:
15/05/2018
The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-11095
Publication date:
15/05/2018
The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-11090
Publication date:
14/05/2018
An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2018
Subscribe to Vulnerabilities