Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2010-0567
Publication date:
19/02/2010
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (active IPsec tunnel loss and prevention of new tunnels) via a malformed IKE message through an existing tunnel to UDP port 4500, aka Bug ID CSCtc47782.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0568
Publication date:
19/02/2010
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote attackers to bypass NTLMv1 authentication via a crafted username, aka Bug ID CSCte21953.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0106
Publication date:
19/02/2010
The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0108
Publication date:
19/02/2010
Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0416
Publication date:
18/02/2010
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0417
Publication date:
18/02/2010
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0661
Publication date:
18/02/2010
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0662
Publication date:
18/02/2010
The ParamTraits::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified other impact via bitmap data, related to deserialization.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0663
Publication date:
18/02/2010
The ParamTraits::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0664
Publication date:
18/02/2010
Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0650
Publication date:
18/02/2010
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2010-0652
Publication date:
18/02/2010
Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026
Subscribe to Vulnerabilities