Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-11048
Publication date:
10/10/2017
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11046
Publication date:
10/10/2017
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-10514
Publication date:
10/10/2017
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-13675
Publication date:
10/10/2017
A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-13679
Publication date:
10/10/2017
A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15216
Publication date:
10/10/2017
MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12623
Publication date:
10/10/2017
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-5675
Publication date:
10/10/2017
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-7778
Publication date:
10/10/2017
Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-7384
Publication date:
10/10/2017
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-6521
Publication date:
10/10/2017
Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-6918
Publication date:
10/10/2017
salt before 2015.5.5 leaks git usernames and passwords to the log.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities