Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-3904
Publication date:
25/11/2016
An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-5992
Publication date:
25/11/2016
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-5991
Publication date:
25/11/2016
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-5981
Publication date:
25/11/2016
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-5968
Publication date:
25/11/2016
The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-5967
Publication date:
25/11/2016
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-5955
Publication date:
25/11/2016
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-5788
Publication date:
25/11/2016
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-3028
Publication date:
25/11/2016
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-3025
Publication date:
25/11/2016
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-2988
Publication date:
25/11/2016
IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2016-2986
Publication date:
25/11/2016
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025
Subscribe to Vulnerabilities