Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-9079
Publication date:
11/06/2018
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2016-9064
Publication date:
11/06/2018
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2025

CVE-2016-9066
Publication date:
11/06/2018
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2025

CVE-2016-9893
Publication date:
11/06/2018
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2025

CVE-2016-9895
Publication date:
11/06/2018
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2025

CVE-2016-9074
Publication date:
11/06/2018
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2025

CVE-2016-5289
Publication date:
11/06/2018
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2018

CVE-2016-5292
Publication date:
11/06/2018
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2018

CVE-2016-5295
Publication date:
11/06/2018
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2018

CVE-2016-5298
Publication date:
11/06/2018
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2018

CVE-2016-5299
Publication date:
11/06/2018
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2018

CVE-2016-9061
Publication date:
11/06/2018
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2018
Subscribe to Vulnerabilities