Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-2638
Publication date:
16/07/2018
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-13387
Publication date:
16/07/2018
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2022

CVE-2018-14085
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit { uint public start; function sweep(address _token, uint _amount) returns (bool) { start = 0x123456789; return true;} }. Then, when one calls the function sweep() in the UserWallet contract, it will change the sweeperList to 0X123456789.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2018

CVE-2018-14088
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount * 1000000000000000" will cause an integer overflow in withdrawToFounders().
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2018

CVE-2018-14089
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance value' condition.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2018

CVE-2018-14087
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the fallback function.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2020

CVE-2018-14084
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell().
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2020

CVE-2018-14086
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell().
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2020

CVE-2018-14072
Publication date:
15/07/2018
libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-14073
Publication date:
15/07/2018
libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-14068
Publication date:
15/07/2018
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2018

CVE-2018-14069
Publication date:
15/07/2018
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2018
Subscribe to Vulnerabilities