Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-11170
Publication date:
11/07/2017
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11171
Publication date:
11/07/2017
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7727
Publication date:
11/07/2017
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-7726
Publication date:
11/07/2017
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7728
Publication date:
11/07/2017
On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7729
Publication date:
11/07/2017
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7730
Publication date:
11/07/2017
iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-10600
Publication date:
11/07/2017
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11164
Publication date:
11/07/2017
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6726
Publication date:
10/07/2017
A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.2(1.0)P1.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6735
Publication date:
10/07/2017
A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6734
Publication date:
10/07/2017
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities