Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-11145
Publication date:
10/07/2017
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11147
Publication date:
10/07/2017
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11139
Publication date:
10/07/2017
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11124
Publication date:
10/07/2017
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11125
Publication date:
10/07/2017
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11126
Publication date:
10/07/2017
The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11140
Publication date:
10/07/2017
The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11141
Publication date:
10/07/2017
The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8002
Publication date:
09/07/2017
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8003
Publication date:
09/07/2017
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-4976
Publication date:
09/07/2017
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11111
Publication date:
08/07/2017
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities