Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-9219
Publication date:
06/04/2017
A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-3832
Publication date:
06/04/2017
A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-3834
Publication date:
06/04/2017
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6884
Publication date:
06/04/2017
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2025

CVE-2017-7569
Publication date:
06/04/2017
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7571
Publication date:
06/04/2017
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7566
Publication date:
06/04/2017
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7565
Publication date:
06/04/2017
Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-10319
Publication date:
06/04/2017
In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7237
Publication date:
06/04/2017
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-2675
Publication date:
06/04/2017
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6968
Publication date:
06/04/2017
GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities