Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2009-3834

Publication date:

02/11/2009

SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3835

Publication date:

02/11/2009

SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3837

Publication date:

02/11/2009

Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3838

Publication date:

02/11/2009

Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3839

Publication date:

02/11/2009

Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3733

Publication date:

02/11/2009

Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3836

Publication date:

02/11/2009

ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3833

Publication date:

02/11/2009

Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-2267

Publication date:

02/11/2009

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3605

Publication date:

02/11/2009

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3722

Publication date:

30/10/2009

The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3549

Publication date:

30/10/2009

packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

Subscribe to Vulnerabilities