Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-10294
Publication date:
02/05/2018
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2018

CVE-2018-10115
Publication date:
02/05/2018
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-8115
Publication date:
02/05/2018
A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute.
Severity CVSS v4.0: Pending analysis
Last modification:
13/06/2018

CVE-2018-10680
Publication date:
02/05/2018
Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2018-10677
Publication date:
02/05/2018
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-1104
Publication date:
02/05/2018
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-10676
Publication date:
02/05/2018
CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-10675
Publication date:
02/05/2018
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2023

CVE-2018-1101
Publication date:
02/05/2018
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-10665
Publication date:
02/05/2018
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2018

CVE-2018-10657
Publication date:
02/05/2018
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2018

CVE-2018-9302
Publication date:
02/05/2018
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2018
Subscribe to Vulnerabilities