Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-3689
Publication date:
03/04/2018
AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM.
Severity CVSS v4.0: Pending analysis
Last modification:
23/11/2021

CVE-2016-8365
Publication date:
03/04/2018
OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2016-7472
Publication date:
03/04/2018
F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request.
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2018

CVE-2018-8836
Publication date:
03/04/2018
Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-0493
Publication date:
03/04/2018
remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-0492
Publication date:
03/04/2018
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2019

CVE-2018-4176
Publication date:
03/04/2018
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2018

CVE-2018-4175
Publication date:
03/04/2018
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2018

CVE-2018-4174
Publication date:
03/04/2018
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-4168
Publication date:
03/04/2018
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2018

CVE-2018-4164
Publication date:
03/04/2018
An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2018

CVE-2018-4160
Publication date:
03/04/2018
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2018
Subscribe to Vulnerabilities