Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2012-2598

Publication date:

08/06/2012

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3003

Publication date:

08/06/2012

Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-1814

Publication date:

08/06/2012

Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-1815

Publication date:

08/06/2012

SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-1816

Publication date:

08/06/2012

PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-1817

Publication date:

08/06/2012

Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-1818

Publication date:

08/06/2012

An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-2603

Publication date:

08/06/2012

The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-1826

Publication date:

08/06/2012

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-0507

Publication date:

07/06/2012

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Severity CVSS v4.0: Pending analysis

Last modification:

22/10/2025

CVE-2012-0948

Publication date:

07/06/2012

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025