Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-9988

Publication date:

28/06/2017

The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-9989

Publication date:

28/06/2017

util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-9987

Publication date:

28/06/2017

There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-9984

Publication date:

28/06/2017

The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-9985

Publication date:

28/06/2017

The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-6086

Publication date:

27/06/2017

Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to /application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to /application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to /application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to /application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to /application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to /application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to /application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to /application/controllers/AliasController.php.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2015-7582

Publication date:

27/06/2017

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-2100. Reason: This candidate is a reservation duplicate of CVE-2016-2100. Notes: All CVE users should reference CVE-2016-2100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2015-7780

Publication date:

27/06/2017

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2015-7781

Publication date:

27/06/2017

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2015-0955

Publication date:

27/06/2017

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0955. Reason: This candidate is a duplicate of CVE-2016-0955. Notes: All CVE users should reference CVE-2016-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2016-4383

Publication date:

27/06/2017

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025