Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-8330
Publication date:
27/01/2017
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.7 (Integrity impacts).
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-8328
Publication date:
27/01/2017
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 3.7 (Integrity impacts).
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-9634
Publication date:
27/01/2017
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-9635
Publication date:
27/01/2017
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-8318
Publication date:
27/01/2017
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-8327
Publication date:
27/01/2017
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-5541
Publication date:
27/01/2017
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 4.8 (Integrity and Availability impacts).
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-5590
Publication date:
27/01/2017
Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS v3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-6264
Publication date:
27/01/2017
Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-5827
Publication date:
27/01/2017
The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-5528
Publication date:
27/01/2017
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2016-7569
Publication date:
27/01/2017
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026
Subscribe to Vulnerabilities