Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2011-1223

Publication date:

17/07/2011

Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2751

Publication date:

17/07/2011

SQL injection vulnerability in Parodia before 6.809 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2754

Publication date:

17/07/2011

Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2755

Publication date:

17/07/2011

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2756

Publication date:

17/07/2011

FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2757

Publication date:

17/07/2011

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2501

Publication date:

17/07/2011

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2750

Publication date:

17/07/2011

NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2752

Publication date:

17/07/2011

CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2753

Publication date:

17/07/2011

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2690

Publication date:

17/07/2011

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-2691

Publication date:

17/07/2011

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

Subscribe to Vulnerabilities