Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-1000344
Publication date:
04/06/2018
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2016-1000345
Publication date:
04/06/2018
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2016-1000346
Publication date:
04/06/2018
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2016-1000352
Publication date:
04/06/2018
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2017-12092
Publication date:
04/06/2018
An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
19/04/2022

CVE-2016-9042
Publication date:
04/06/2018
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-3853
Publication date:
04/06/2018
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2022

CVE-2017-16040
Publication date:
04/06/2018
gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2017-16041
Publication date:
04/06/2018
ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2017-16042
Publication date:
04/06/2018
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2017-16043
Publication date:
04/06/2018
Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2017-16044
Publication date:
04/06/2018
`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019
Subscribe to Vulnerabilities