Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-11124
Publication date:
10/07/2017
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11125
Publication date:
10/07/2017
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11126
Publication date:
10/07/2017
The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11140
Publication date:
10/07/2017
The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11141
Publication date:
10/07/2017
The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8002
Publication date:
09/07/2017
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8003
Publication date:
09/07/2017
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-4976
Publication date:
09/07/2017
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11111
Publication date:
08/07/2017
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11108
Publication date:
08/07/2017
tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11110
Publication date:
08/07/2017
The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11113
Publication date:
08/07/2017
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities