Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-14977
Publication date:
02/10/2017
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-14970
Publication date:
02/10/2017
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-14955
Publication date:
02/10/2017
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-14974
Publication date:
02/10/2017
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-14797
Publication date:
01/10/2017
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-9794
Publication date:
30/09/2017
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-14924
Publication date:
30/09/2017
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-14925
Publication date:
30/09/2017
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-14927
Publication date:
30/09/2017
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-14935
Publication date:
30/09/2017
Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-14945
Publication date:
30/09/2017
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068."
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2017-14946
Publication date:
30/09/2017
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e."
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026
Subscribe to Vulnerabilities