Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-8680

Publication date:

15/02/2017

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-8681

Publication date:

15/02/2017

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-8674

Publication date:

15/02/2017

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-3801

Publication date:

15/02/2017

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-9010

Publication date:

15/02/2017

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim&#39;s click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-9706

Publication date:

15/02/2017

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-5992

Publication date:

15/02/2017

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-8944

Publication date:

15/02/2017

IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-8968

Publication date:

15/02/2017

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-9560

Publication date:

15/02/2017

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-8866

Publication date:

15/02/2017

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-8972

Publication date:

15/02/2017

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

Subscribe to Vulnerabilities