Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-9595

Publication date:

27/07/2018

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2017-2581

Publication date:

27/07/2018

An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-2586

Publication date:

27/07/2018

A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-2587

Publication date:

27/07/2018

A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-2590

Publication date:

27/07/2018

A vulnerability was found in ipa before 4.4. IdM&#39;s ca-del, ca-disable, and ca-enable commands did not properly check the user&#39;s permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-2614

Publication date:

27/07/2018

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-2623

Publication date:

27/07/2018

It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-2624

Publication date:

27/07/2018

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.

Severity CVSS v4.0: Pending analysis

Last modification:

29/08/2025

CVE-2017-2630

Publication date:

27/07/2018

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server&#39;s response to a &#39;NBD_OPT_LIST&#39; request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2017-2640

Publication date:

27/07/2018

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-2579

Publication date:

27/07/2018

An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

24/06/2019

CVE-2017-2580

Publication date:

27/07/2018

An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

24/06/2019

Subscribe to Vulnerabilities