Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2014-1690

Publication date:
28/02/2014
The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-1874

Publication date:
28/02/2014
The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-2038

Publication date:
28/02/2014
The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-2039

Publication date:
28/02/2014
arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0069

Publication date:
28/02/2014
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0874

Publication date:
28/02/2014
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0759

Publication date:
28/02/2014
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0774

Publication date:
28/02/2014
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0858

Publication date:
27/02/2014
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-2103

Publication date:
27/02/2014
Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0679

Publication date:
27/02/2014
Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-0333

Publication date:
27/02/2014
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025