Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-12254
Publication date:
21/09/2017
A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025

CVE-2017-12255
Publication date:
21/09/2017
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerability by entering a specific command with crafted arguments. An exploit could allow the attacker to gain shell access to the underlying system. Cisco Bug IDs: CSCve70762.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12248
Publication date:
21/09/2017
A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025

CVE-2017-12214
Publication date:
21/09/2017
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12215
Publication date:
21/09/2017
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-12219
Publication date:
21/09/2017
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-14624
Publication date:
21/09/2017
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-14625
Publication date:
21/09/2017
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-14623
Publication date:
20/09/2017
In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-14621
Publication date:
20/09/2017
Portus 2.2.0 has XSS via the Team field, related to typeahead.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-9232
Publication date:
20/09/2017
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-14617
Publication date:
20/09/2017
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities