Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-14057

Publication date:

31/08/2017

In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-14059

Publication date:

31/08/2017

In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-14058

Publication date:

31/08/2017

In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-14060

Publication date:

31/08/2017

In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-13708

Publication date:

31/08/2017

Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-1444

Publication date:

31/08/2017

IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-1447

Publication date:

31/08/2017

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-1449

Publication date:

31/08/2017

IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-1450

Publication date:

31/08/2017

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2016-0713

Publication date:

31/08/2017

Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-11158

Publication date:

31/08/2017

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-14048

Publication date:

31/08/2017

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

Subscribe to Vulnerabilities