Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2012-2469

Publication date:

06/08/2012

Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP) packet, aka Bug IDs CSCtk34535 and CSCtk19132.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-1338

Publication date:

06/08/2012

Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-1340

Publication date:

06/08/2012

The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP header, aka Bug ID CSCtn93151.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-4146

Publication date:

06/08/2012

Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-4143

Publication date:

06/08/2012

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-4144

Publication date:

06/08/2012

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-4145

Publication date:

06/08/2012

Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue."

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3866

Publication date:

06/08/2012

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-4142

Publication date:

06/08/2012

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3864

Publication date:

06/08/2012

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user&#39;s certificate and private key in a GET request.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3865

Publication date:

06/08/2012

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3867

Publication date:

06/08/2012

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

Subscribe to Vulnerabilities