Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-1150

Publication date:
11/10/2002
The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1151

Publication date:
11/10/2002
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1152

Publication date:
11/10/2002
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1153

Publication date:
11/10/2002
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1165

Publication date:
11/10/2002
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1166

Publication date:
11/10/2002
Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1174

Publication date:
11/10/2002
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1175

Publication date:
11/10/2002
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1178

Publication date:
11/10/2002
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0863

Publication date:
11/10/2002
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0864

Publication date:
11/10/2002
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0969

Publication date:
11/10/2002
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025