Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-15809
Publication date:
23/08/2018
AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-6558
Publication date:
23/08/2018
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-14797
Publication date:
23/08/2018
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2003-1605
Publication date:
23/08/2018
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2018-1159
Publication date:
23/08/2018
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2018

CVE-2018-1157
Publication date:
23/08/2018
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
23/07/2019

CVE-2018-1156
Publication date:
23/08/2018
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-1158
Publication date:
23/08/2018
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-14786
Publication date:
23/08/2018
Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-14791
Publication date:
23/08/2018
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2018-1999047
Publication date:
23/08/2018
A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-3912
Publication date:
23/08/2018
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/02/2023
Subscribe to Vulnerabilities