Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2014-3834
Publication date:
04/06/2014
ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3835
Publication date:
04/06/2014
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3838
Publication date:
04/06/2014
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3837
Publication date:
04/06/2014
The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3836
Publication date:
04/06/2014
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-3786
Publication date:
04/06/2014
Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to contact/.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2012-5056
Publication date:
04/06/2014
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2012-5057
Publication date:
04/06/2014
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2012-5336
Publication date:
04/06/2014
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2013-0204
Publication date:
04/06/2014
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2013-1941
Publication date:
04/06/2014
The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025

CVE-2014-2054
Publication date:
04/06/2014
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2025
Subscribe to Vulnerabilities