Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2015-8844

Publication date:

27/04/2016

The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-8816

Publication date:

27/04/2016

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-8812

Publication date:

27/04/2016

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-7515

Publication date:

27/04/2016

The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-1339

Publication date:

27/04/2016

Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2016-4002

Publication date:

26/04/2016

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2016-3082

Publication date:

26/04/2016

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2016-3081

Publication date:

26/04/2016

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2016-3074

Publication date:

26/04/2016

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2016-1601

Publication date:

26/04/2016

yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-3569

Publication date:

26/04/2016

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3569. Reason: This candidate is a duplicate of CVE-2014-3569. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3569 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2015-3571

Publication date:

26/04/2016

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3571. Reason: This candidate is a duplicate of CVE-2014-3571. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

Subscribe to Vulnerabilities