Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2014-2281
Publication date:
11/03/2014
The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-2282
Publication date:
11/03/2014
The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-2283
Publication date:
11/03/2014
epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-2299
Publication date:
11/03/2014
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-2309
Publication date:
11/03/2014
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0899
Publication date:
11/03/2014
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0102
Publication date:
11/03/2014
The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0100
Publication date:
11/03/2014
Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0049
Publication date:
11/03/2014
Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0101
Publication date:
11/03/2014
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2013-6200
Publication date:
11/03/2014
Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2013-6207
Publication date:
11/03/2014
Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025
Subscribe to Vulnerabilities