Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-6741

Publication date:

17/07/2017

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device.&nbsp; The vulnerability is due to a buffer overflow in the affected code area. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3). The attacker must know the SNMP read only community string (SNMP version 2c or earlier) or the user credentials (SNMPv3). An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-9338

Publication date:

17/07/2017

Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-9339

Publication date:

17/07/2017

A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-9340

Publication date:

17/07/2017

An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-3742

Publication date:

17/07/2017

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user&#39;s contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-11127

Publication date:

17/07/2017

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-11128

Publication date:

17/07/2017

Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-3754

Publication date:

17/07/2017

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-9639

Publication date:

17/07/2017

An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-11399

Publication date:

17/07/2017

Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-10979

Publication date:

17/07/2017

An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-10983

Publication date:

17/07/2017

An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

Subscribe to Vulnerabilities