Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-9685
Publication date:
18/08/2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9678
Publication date:
18/08/2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9679
Publication date:
18/08/2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9680
Publication date:
18/08/2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9682
Publication date:
18/08/2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9684
Publication date:
18/08/2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7364
Publication date:
18/08/2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11160
Publication date:
18/08/2017
Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-3756
Publication date:
18/08/2017
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-5872
Publication date:
18/08/2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8267
Publication date:
18/08/2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12948
Publication date:
18/08/2017
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities