Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2010-5078

Publication date:

17/09/2012

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-2995

Publication date:

17/09/2012

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-2996

Publication date:

17/09/2012

Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-2575

Publication date:

17/09/2012

Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3908

Publication date:

16/09/2012

Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3915

Publication date:

16/09/2012

The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3919

Publication date:

16/09/2012

The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3923

Publication date:

16/09/2012

The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3924

Publication date:

16/09/2012

The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3051

Publication date:

16/09/2012

Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3052

Publication date:

16/09/2012

Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3893

Publication date:

16/09/2012

The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

Subscribe to Vulnerabilities