Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-15241

Publication date:

11/10/2017

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5."

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-15240

Publication date:

11/10/2017

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef."

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-15239

Publication date:

11/10/2017

IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4."

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-15083

Publication date:

11/10/2017

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1642. Reason: This candidate is a reservation duplicate of CVE-2009-1642.2. Notes: All CVE users should reference CVE-2009-1642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2017-14587

Publication date:

11/10/2017

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-14588

Publication date:

11/10/2017

Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-0903

Publication date:

11/10/2017

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-15266

Publication date:

11/10/2017

In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-15267

Publication date:

11/10/2017

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-13720

Publication date:

11/10/2017

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because &#39;\0&#39; characters are incorrectly skipped in situations involving ? characters.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-13722

Publication date:

11/10/2017

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-12188

Publication date:

11/10/2017

arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun."

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

Subscribe to Vulnerabilities