Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2014-8542
Publication date:
05/11/2014
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-8543
Publication date:
05/11/2014
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-8544
Publication date:
05/11/2014
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3710
Publication date:
05/11/2014
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-4769
Publication date:
05/11/2014
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-4810
Publication date:
05/11/2014
IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-4834
Publication date:
05/11/2014
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-5408
Publication date:
05/11/2014
Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2014-5417
Publication date:
05/11/2014
Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2025

CVE-2014-2373
Publication date:
05/11/2014
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.
Severity CVSS v4.0: Pending analysis
Last modification:
13/10/2025

CVE-2014-2374
Publication date:
05/11/2014
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.
Severity CVSS v4.0: Pending analysis
Last modification:
13/10/2025

CVE-2014-6033
Publication date:
05/11/2014
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities