Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-10796

Publication date:

02/07/2017

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-8893

Publication date:

02/07/2017

AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-8894

Publication date:

02/07/2017

AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-8797

Publication date:

02/07/2017

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-0377

Publication date:

02/07/2017

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay&#39;s family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-10706

Publication date:

02/07/2017

When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-10795

Publication date:

02/07/2017

Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-10791

Publication date:

02/07/2017

There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-10792

Publication date:

02/07/2017

There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-10790

Publication date:

02/07/2017

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-10788

Publication date:

01/07/2017

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-10789

Publication date:

01/07/2017

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting&#39;s documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

Subscribe to Vulnerabilities