Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-0513

Publication date:
12/08/2002
The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0514

Publication date:
12/08/2002
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0515

Publication date:
12/08/2002
IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0732

Publication date:
12/08/2002
Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0788

Publication date:
12/08/2002
An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0821

Publication date:
12/08/2002
Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0822

Publication date:
12/08/2002
Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0485

Publication date:
12/08/2002
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0793

Publication date:
12/08/2002
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0844

Publication date:
12/08/2002
Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0812

Publication date:
12/08/2002
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0824

Publication date:
12/08/2002
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025