Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2015-1116
Publication date:
10/04/2015
The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2017

CVE-2015-1114
Publication date:
10/04/2015
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2019

CVE-2015-1115
Publication date:
10/04/2015
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2017

CVE-2015-1113
Publication date:
10/04/2015
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2017

CVE-2015-1112
Publication date:
10/04/2015
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2015

CVE-2015-1111
Publication date:
10/04/2015
Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2017

CVE-2015-1110
Publication date:
10/04/2015
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2019

CVE-2015-1109
Publication date:
10/04/2015
NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2017

CVE-2015-1108
Publication date:
10/04/2015
The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2017

CVE-2015-1107
Publication date:
10/04/2015
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2017

CVE-2015-1106
Publication date:
10/04/2015
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2017

CVE-2015-1104
Publication date:
10/04/2015
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2019
Subscribe to Vulnerabilities