Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-20252
Publication date:
05/02/2019
In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-8800
Publication date:
05/02/2019
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2020

CVE-2018-8797
Publication date:
05/02/2019
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2020

CVE-2018-8795
Publication date:
05/02/2019
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2020

CVE-2018-8794
Publication date:
05/02/2019
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2020

CVE-2018-8793
Publication date:
05/02/2019
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2020

CVE-2018-20250
Publication date:
05/02/2019
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2025

CVE-2019-6535
Publication date:
05/02/2019
Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.
Severity CVSS v4.0: Pending analysis
Last modification:
26/06/2025

CVE-2019-6590
Publication date:
05/02/2019
On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-6591
Publication date:
05/02/2019
On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2019

CVE-2019-7412
Publication date:
05/02/2019
The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2019

CVE-2018-4056
Publication date:
05/02/2019
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2022
Subscribe to Vulnerabilities