Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-9711
Publication date:
22/03/2018
IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2017-1571
Publication date:
22/03/2018
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-1426
Publication date:
22/03/2018
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-1427
Publication date:
22/03/2018
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-1428
Publication date:
22/03/2018
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-1448
Publication date:
22/03/2018
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-8909
Publication date:
22/03/2018
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2018

CVE-2018-8899
Publication date:
22/03/2018
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2018

CVE-2017-17743
Publication date:
22/03/2018
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2018

CVE-2018-8906
Publication date:
22/03/2018
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2018

CVE-2014-4912
Publication date:
22/03/2018
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2018

CVE-2018-8894
Publication date:
22/03/2018
In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2018
Subscribe to Vulnerabilities