Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-3803
Publication date:
26/01/2017
A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition. More Information: CSCva72252. Known Affected Releases: 15.2(2)E3 15.2(4)E1. Known Fixed Releases: 15.2(2)E6 15.2(4)E3 15.2(5)E1 15.2(5.3.28i)E1 15.2(6.0.49i)E 3.9(1)E.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-3804
Publication date:
26/01/2017
A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. Switches in the FabricPath domain crash because of an __inst_001__isis_fabricpath hap reset when processing a crafted link-state packet. More Information: CSCvc45002. Known Affected Releases: 7.1(3)N1(2.1) 7.1(3)N1(3.12) 7.3(2)N1(0.296) 8.0(1)S2. Known Fixed Releases: 6.2(18)S11 7.0(3)I5(1.170) 7.0(3)I5(2) 7.1(4)N1(0.4) 7.1(4)N1(1b) 7.1(5)N1(0.986) 7.1(5)N1(1) 7.2(3)D1(0.8) 7.3(2)N1(0.304) 7.3(2)N1(1) 8.0(0.96)S0 8.0(1) 8.0(1)E1 8.0(1)S4 8.3(0)CV(0.788).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5596
Publication date:
25/01/2017
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5597
Publication date:
25/01/2017
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-9303
Publication date:
25/01/2017
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-9304
Publication date:
25/01/2017
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-9305
Publication date:
25/01/2017
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-9306
Publication date:
25/01/2017
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-9307
Publication date:
25/01/2017
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5594
Publication date:
25/01/2017
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-8214
Publication date:
25/01/2017
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-8215
Publication date:
25/01/2017
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities