Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-1363
Publication date:
25/10/2017
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1164
Publication date:
25/10/2017
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1169
Publication date:
25/10/2017
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1241
Publication date:
25/10/2017
An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12705
Publication date:
25/10/2017
A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15885
Publication date:
25/10/2017
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15880
Publication date:
24/10/2017
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-15881
Publication date:
24/10/2017
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1209
Publication date:
24/10/2017
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123849.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1210
Publication date:
24/10/2017
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1211
Publication date:
24/10/2017
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1212
Publication date:
24/10/2017
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities