Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-7566
Publication date:
06/04/2017
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7565
Publication date:
06/04/2017
Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-10319
Publication date:
06/04/2017
In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7237
Publication date:
06/04/2017
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-2675
Publication date:
06/04/2017
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6968
Publication date:
06/04/2017
GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-6130
Publication date:
06/04/2017
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7192
Publication date:
06/04/2017
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5887
Publication date:
06/04/2017
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-0305
Publication date:
06/04/2017
F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7452
Publication date:
06/04/2017
The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-7453
Publication date:
06/04/2017
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities