Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-6640
Publication date:
08/06/2017
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6648
Publication date:
08/06/2017
A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7180
Publication date:
08/06/2017
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-7346
Publication date:
07/06/2017
SQL injection vulnerability in ZCMS 1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2014-9310
Publication date:
07/06/2017
Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-3295
Publication date:
07/06/2017
markdown-it before 4.1.0 does not block data: URLs.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-6959
Publication date:
07/06/2017
Cross-site scripting (XSS) vulnerability in Vindula 1.9.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-4973
Publication date:
07/06/2017
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-6540
Publication date:
07/06/2017
Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-8235
Publication date:
07/06/2017
Directory traversal vulnerability in Spiffy before 5.4.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-5232
Publication date:
07/06/2017
Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-8538
Publication date:
07/06/2017
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities