Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-10993
Publication date:
21/07/2017
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11502
Publication date:
20/07/2017
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11468
Publication date:
20/07/2017
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11503
Publication date:
20/07/2017
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11501
Publication date:
20/07/2017
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11495
Publication date:
20/07/2017
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-11500
Publication date:
20/07/2017
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-0378
Publication date:
20/07/2017
XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7058
Publication date:
20/07/2017
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Notifications" component. It allows physically proximate attackers to read unintended notifications on the lock screen.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7056
Publication date:
20/07/2017
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7055
Publication date:
20/07/2017
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7059
Publication date:
20/07/2017
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities