Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-0362
Publication date:
29/05/2002
Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0374
Publication date:
29/05/2002
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0377
Publication date:
29/05/2002
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0235
Publication date:
29/05/2002
Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0241
Publication date:
29/05/2002
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0363
Publication date:
29/05/2002
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0244
Publication date:
29/05/2002
Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0375
Publication date:
29/05/2002
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0252
Publication date:
29/05/2002
Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0155
Publication date:
29/05/2002
Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0033
Publication date:
29/05/2002
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2002-0188
Publication date:
29/05/2002
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026
Subscribe to Vulnerabilities