Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-6432
Publication date:
27/10/2016
A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-6431
Publication date:
27/10/2016
A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-1000122
Publication date:
27/10/2016
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-1000121
Publication date:
27/10/2016
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-1000120
Publication date:
27/10/2016
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-5764
Publication date:
27/10/2016
Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-1598
Publication date:
27/10/2016
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-1592
Publication date:
27/10/2016
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2015-0787
Publication date:
27/10/2016
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-8506
Publication date:
26/10/2016
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-8505
Publication date:
26/10/2016
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-8504
Publication date:
26/10/2016
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025
Subscribe to Vulnerabilities