Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-11661

Publication date:
17/08/2017
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-11662

Publication date:
17/08/2017
The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-11663

Publication date:
17/08/2017
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-11664

Publication date:
17/08/2017
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-12441

Publication date:
17/08/2017
The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-12442

Publication date:
17/08/2017
The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-12443

Publication date:
17/08/2017
The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-12444

Publication date:
17/08/2017
The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-12445

Publication date:
17/08/2017
The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-12892

Publication date:
16/08/2017
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-7546

Publication date:
16/08/2017
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-7547

Publication date:
16/08/2017
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026