Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2005-2927

Publication date:
25/10/2005
Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-2926

Publication date:
25/10/2005
Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-3301

Publication date:
24/10/2005
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-3302

Publication date:
24/10/2005
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-3297

Publication date:
23/10/2005
Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-3298

Publication date:
23/10/2005
Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-3300

Publication date:
23/10/2005
The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-3296

Publication date:
23/10/2005
The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-3295

Publication date:
23/10/2005
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-3294

Publication date:
23/10/2005
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-3299

Publication date:
23/10/2005
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-3266

Publication date:
23/10/2005
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3265. Reason: this candidate is a duplicate of CVE-2005-3265; after initial reservation, the requester discovered that they had the same cause. Notes: All CVE users should reference CVE-2005-3265 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023