Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-15284
Publication date:
12/10/2017
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15281
Publication date:
12/10/2017
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15274
Publication date:
12/10/2017
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12192
Publication date:
12/10/2017
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5791
Publication date:
11/10/2017
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5789
Publication date:
11/10/2017
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-14370
Publication date:
11/10/2017
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-14371
Publication date:
11/10/2017
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8016
Publication date:
11/10/2017
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8017
Publication date:
11/10/2017
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8025
Publication date:
11/10/2017
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-14372
Publication date:
11/10/2017
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities