Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2001-1378

Publication date:
06/09/2001
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-1137

Publication date:
06/09/2001
D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-1132

Publication date:
05/09/2001
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-1152

Publication date:
05/09/2001
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-0992

Publication date:
05/09/2001
shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-1012

Publication date:
05/09/2001
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-1020

Publication date:
05/09/2001
edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-1456

Publication date:
04/09/2001
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-0990

Publication date:
04/09/2001
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-0994

Publication date:
04/09/2001
Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-1016

Publication date:
04/09/2001
PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2001-1017

Publication date:
04/09/2001
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024