Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-14031
Publication date:
06/11/2017
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15306
Publication date:
06/11/2017
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-7878
Publication date:
06/11/2017
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11177
Publication date:
06/11/2017
TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16001
Publication date:
06/11/2017
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7425
Publication date:
06/11/2017
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15672
Publication date:
06/11/2017
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-7529
Publication date:
06/11/2017
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16570
Publication date:
06/11/2017
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16569
Publication date:
06/11/2017
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15039
Publication date:
06/11/2017
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16563
Publication date:
06/11/2017
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities