Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-2798
Publication date:
24/05/2017
An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-2799
Publication date:
24/05/2017
An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-2801
Publication date:
24/05/2017
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-2817
Publication date:
24/05/2017
A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-2819
Publication date:
24/05/2017
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-2823
Publication date:
24/05/2017
A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-2800
Publication date:
24/05/2017
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9216
Publication date:
24/05/2017
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9217
Publication date:
24/05/2017
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8314
Publication date:
23/05/2017
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8310
Publication date:
23/05/2017
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-8311
Publication date:
23/05/2017
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities