Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2015-1982

Publication date:

20/07/2015

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-1979

Publication date:

20/07/2015

Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-1980

Publication date:

20/07/2015

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-1968

Publication date:

20/07/2015

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-1935

Publication date:

20/07/2015

The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-1922

Publication date:

20/07/2015

The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-1883

Publication date:

20/07/2015

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-0157

Publication date:

20/07/2015

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-0130

Publication date:

20/07/2015

Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2014-9196

Publication date:

20/07/2015

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2025

CVE-2014-8910

Publication date:

20/07/2015

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-2972

Publication date:

19/07/2015

Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

Subscribe to Vulnerabilities