Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-2008

Publication date:
31/12/2002
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2009

Publication date:
31/12/2002
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3)
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2019

Publication date:
31/12/2002
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2025

Publication date:
31/12/2002
Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to the device name.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2028

Publication date:
31/12/2002
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2077

Publication date:
31/12/2002
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2401

Publication date:
31/12/2002
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1847

Publication date:
31/12/2002
Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1670

Publication date:
31/12/2002
Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1671

Publication date:
31/12/2002
Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1688

Publication date:
31/12/2002
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1705

Publication date:
31/12/2002
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025