Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2014-9483
Publication date:
28/08/2017
Emacs 24.4 allows remote attackers to bypass security restrictions.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2014-9513
Publication date:
28/08/2017
Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-0101
Publication date:
28/08/2017
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2014-5301
Publication date:
28/08/2017
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2014-5302
Publication date:
28/08/2017
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2014-9557
Publication date:
28/08/2017
Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2014-9312
Publication date:
28/08/2017
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2014-8871
Publication date:
28/08/2017
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-13709
Publication date:
27/08/2017
In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-13710
Publication date:
27/08/2017
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12595
Publication date:
27/08/2017
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-13707
Publication date:
27/08/2017
Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities