Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2014-4822
Publication date:
19/10/2014
IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-4825
Publication date:
19/10/2014
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-4827
Publication date:
19/10/2014
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-4828
Publication date:
19/10/2014
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-4830
Publication date:
19/10/2014
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-4833
Publication date:
19/10/2014
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3368
Publication date:
19/10/2014
Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3369
Publication date:
19/10/2014
The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3370
Publication date:
19/10/2014
Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3397
Publication date:
19/10/2014
The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3408
Publication date:
19/10/2014
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3513
Publication date:
19/10/2014
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025
Subscribe to Vulnerabilities