Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2009-0905

Publication date:

30/10/2011

IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2011-1364

Publication date:

30/10/2011

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2011-4211

Publication date:

30/10/2011

The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2009-2747

Publication date:

30/10/2011

The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2009-2748

Publication date:

30/10/2011

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2011-1366

Publication date:

30/10/2011

Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2011-1367

Publication date:

30/10/2011

Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2010-0780

Publication date:

29/10/2011

IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2011-1368

Publication date:

29/10/2011

The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2011-1370

Publication date:

29/10/2011

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2011-3640

Publication date:

28/10/2011

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor&#39;s response was "Strange behavior, but we&#39;re not treating this as a security bug."

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2011-3249

Publication date:

28/10/2011

Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

Subscribe to Vulnerabilities