Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-0770
Publication date:
16/03/2017
Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5643
Publication date:
16/03/2017
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5667
Publication date:
16/03/2017
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5505
Publication date:
16/03/2017
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5617
Publication date:
16/03/2017
The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6510
Publication date:
16/03/2017
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6379
Publication date:
16/03/2017
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-10246
Publication date:
16/03/2017
Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-10247
Publication date:
16/03/2017
Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6377
Publication date:
16/03/2017
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6381
Publication date:
16/03/2017
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the /vendor/phpunit directory from your production deployments
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6061
Publication date:
16/03/2017
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities