Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-17525

Publication date:

14/12/2017

guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-17529

Publication date:

14/12/2017

af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-17528

Publication date:

14/12/2017

backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-17517

Publication date:

14/12/2017

libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-17516

Publication date:

14/12/2017

scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-17518

Publication date:

14/12/2017

swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a "BROWSER environment variable". Instead, the "browser" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the "options" menu. The default is chosen in the ./configure script, which tests various programs, first tested is "xdg-open".

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-17519

Publication date:

14/12/2017

batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-17511

Publication date:

14/12/2017

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-5663

Publication date:

14/12/2017

In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The &#39;sqlSearch&#39; parameter on a number of endpoints is not sanitized and appended directly to the query.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-17683

Publication date:

14/12/2017

Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-17684

Publication date:

14/12/2017

Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

CVE-2017-17680

Publication date:

14/12/2017

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2025

Subscribe to Vulnerabilities