Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-6029

Publication date:
04/12/2013
Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-5449

Publication date:
04/12/2013
Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6937

Publication date:
04/12/2013
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6690

Publication date:
03/12/2013
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6703

Publication date:
03/12/2013
The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6704

Publication date:
03/12/2013
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6705

Publication date:
03/12/2013
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-6150

Publication date:
03/12/2013
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-6696

Publication date:
02/12/2013
Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-4528

Publication date:
02/12/2013
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2013-4543

Publication date:
02/12/2013
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2013-6695

Publication date:
02/12/2013
The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025