Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-0720
Publication date:
27/03/2013
The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-2300
Publication date:
27/03/2013
The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-0486
Publication date:
27/03/2013
Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-0487
Publication date:
27/03/2013
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-0488
Publication date:
27/03/2013
Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-0489
Publication date:
27/03/2013
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-0454
Publication date:
26/03/2013
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-0525
Publication date:
26/03/2013
Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-5943
Publication date:
26/03/2013
Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-1608
Publication date:
26/03/2013
Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-1609
Publication date:
26/03/2013
Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-1161
Publication date:
26/03/2013
The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025
Subscribe to Vulnerabilities