Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2015-5152

Publication date:

17/07/2017

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2015-0249

Publication date:

17/07/2017

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL).

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-11310

Publication date:

13/07/2017

The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-6249

Publication date:

13/07/2017

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-9788

Publication date:

13/07/2017

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type &#39;Digest&#39; was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no &#39;=&#39; assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-9789

Publication date:

13/07/2017

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-8952

Publication date:

13/07/2017

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-8951

Publication date:

13/07/2017

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2016-6019

Publication date:

13/07/2017

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-7672

Publication date:

13/07/2017

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-1308

Publication date:

13/07/2017

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-9787

Publication date:

13/07/2017

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

Subscribe to Vulnerabilities