Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-5971
Publication date:
21/10/2013
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-5542
Publication date:
21/10/2013
Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service (firewall-session disruption or device reload) via crafted ICMP packets, aka Bug ID CSCui77398.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-4115
Publication date:
21/10/2013
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6129
Publication date:
19/10/2013
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6027
Publication date:
19/10/2013
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-5534
Publication date:
19/10/2013
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-5702
Publication date:
19/10/2013
Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6021
Publication date:
19/10/2013
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6025
Publication date:
19/10/2013
The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6026
Publication date:
19/10/2013
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-4113
Publication date:
19/10/2013
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-4114
Publication date:
19/10/2013
The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025
Subscribe to Vulnerabilities