Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-1439
Publication date:
11/04/2003
Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2008

CVE-2002-1440
Publication date:
11/04/2003
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2008

CVE-2002-1441
Publication date:
11/04/2003
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2008

CVE-2002-1442
Publication date:
11/04/2003
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2008

CVE-2002-1443
Publication date:
11/04/2003
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2017

CVE-2003-0197
Publication date:
11/04/2003
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2016

CVE-2003-0203
Publication date:
11/04/2003
Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2017

CVE-2002-1406
Publication date:
11/04/2003
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2008

CVE-2002-1407
Publication date:
11/04/2003
TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2017

CVE-2002-1408
Publication date:
11/04/2003
Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2008

CVE-2002-1409
Publication date:
11/04/2003
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2017

CVE-2002-1410
Publication date:
11/04/2003
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2008
Subscribe to Vulnerabilities