Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-0703

Publication date:
26/07/2002
An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-0704

Publication date:
26/07/2002
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-0713

Publication date:
26/07/2002
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-0714

Publication date:
26/07/2002
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-0715

Publication date:
26/07/2002
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-0716

Publication date:
26/07/2002
Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-0717

Publication date:
26/07/2002
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1599

Publication date:
23/07/2002
DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-0624

Publication date:
23/07/2002
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-0641

Publication date:
23/07/2002
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-0642

Publication date:
23/07/2002
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-0643

Publication date:
23/07/2002
The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024