Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-11869
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2019

CVE-2018-17176
Publication date:
18/09/2018
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-11868
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2019

CVE-2018-11860
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2019

CVE-2018-11863
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11852
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11840
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2019

CVE-2018-11851
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2019

CVE-2018-11843
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11842
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11836
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11827
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2019
Subscribe to Vulnerabilities