Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2009-4316

Publication date:

14/12/2009

Cross-site scripting (XSS) vulnerability in searchresults_main.php in ZeeLyrics 3x allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4318

Publication date:

14/12/2009

Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party information.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4319

Publication date:

14/12/2009

PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4129

Publication date:

14/12/2009

Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4130

Publication date:

14/12/2009

Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4314

Publication date:

14/12/2009

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4307

Publication date:

13/12/2009

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4308

Publication date:

13/12/2009

The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4309

Publication date:

13/12/2009

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4310

Publication date:

13/12/2009

Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4311

Publication date:

13/12/2009

Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-4312

Publication date:

13/12/2009

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

Subscribe to Vulnerabilities