Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-5944
Publication date:
03/07/2017
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8116
Publication date:
03/07/2017
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-10798
Publication date:
03/07/2017
In ObjectPlanet Opinio before 7.6.4, there is XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-10799
Publication date:
03/07/2017
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-10800
Publication date:
03/07/2017
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-10794
Publication date:
02/07/2017
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-10796
Publication date:
02/07/2017
On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8893
Publication date:
02/07/2017
AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8894
Publication date:
02/07/2017
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8797
Publication date:
02/07/2017
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-0377
Publication date:
02/07/2017
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-10706
Publication date:
02/07/2017
When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities