Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2014-0219
Publication date:
15/11/2017
Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2014-4000
Publication date:
15/11/2017
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-14961
Publication date:
15/11/2017
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15806
Publication date:
15/11/2017
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15271
Publication date:
15/11/2017
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15270
Publication date:
15/11/2017
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15269
Publication date:
15/11/2017
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15272
Publication date:
15/11/2017
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15923
Publication date:
15/11/2017
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15288
Publication date:
15/11/2017
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12633
Publication date:
15/11/2017
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12634
Publication date:
15/11/2017
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities