Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-12927
Publication date:
18/08/2017
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12907
Publication date:
17/08/2017
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12908
Publication date:
17/08/2017
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12909
Publication date:
17/08/2017
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12910
Publication date:
17/08/2017
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6771
Publication date:
17/08/2017
A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6772
Publication date:
17/08/2017
A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6777
Publication date:
17/08/2017
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6710
Publication date:
17/08/2017
A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to specify arbitrary commands that will run as root on the server. An attacker could use this setting to elevate privileges and run commands in the context of the root user on the server. Cisco Bug IDs: CSCvc76670. Known Affected Releases: prior to 5.0.4 and 5.1.4.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6773
Publication date:
17/08/2017
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6776
Publication date:
17/08/2017
A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6778
Publication date:
17/08/2017
A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities