Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2014-5044
Publication date:
07/03/2018
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2018

CVE-2014-8780
Publication date:
07/03/2018
Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2019

CVE-2018-7473
Publication date:
07/03/2018
Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2021

CVE-2018-1000118
Publication date:
07/03/2018
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2018

CVE-2018-1000116
Publication date:
07/03/2018
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-1000117
Publication date:
07/03/2018
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2022

CVE-2018-1000119
Publication date:
07/03/2018
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-1054
Publication date:
07/03/2018
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
17/07/2018

CVE-2018-7741
Publication date:
07/03/2018
Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2018

CVE-2018-7721
Publication date:
07/03/2018
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2018

CVE-2018-7740
Publication date:
07/03/2018
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2019

CVE-2017-18221
Publication date:
07/03/2018
The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.
Severity CVSS v4.0: Pending analysis
Last modification:
31/05/2018
Subscribe to Vulnerabilities