Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-15834
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2018

CVE-2017-18050
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds memory read.
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2018

CVE-2017-18051
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read.
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2018

CVE-2017-15831
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_ndp_end_indication_event_handler(), there is no input validation check on a event_info value coming from firmware, which can cause an integer overflow and then leads to potential heap overwrite.
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2018

CVE-2017-15833
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure.
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2018

CVE-2017-14889
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2018

CVE-2017-14887
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2018

CVE-2017-11082
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2018

CVE-2017-15814
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2018

CVE-2017-15830
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2018

CVE-2017-11074
Publication date:
16/03/2018
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is an obsolete set/reset ssid hotlist API.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2016-9880
Publication date:
16/03/2018
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2018
Subscribe to Vulnerabilities