Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-2496
Publication date:
09/03/2013
The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2011-4969
Publication date:
08/03/2013
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-1050
Publication date:
08/03/2013
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-0249
Publication date:
08/03/2013
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2011-2504
Publication date:
08/03/2013
Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-0308
Publication date:
08/03/2013
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-0261
Publication date:
08/03/2013
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-0266
Publication date:
08/03/2013
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2011-3201
Publication date:
08/03/2013
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-1762
Publication date:
08/03/2013
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2013-1656
Publication date:
08/03/2013
Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-4066
Publication date:
08/03/2013
The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025
Subscribe to Vulnerabilities