Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2008-7190

Publication date:

09/09/2009

Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS).

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2008-7191

Publication date:

09/09/2009

Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-2266

Publication date:

09/09/2009

OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2008-7186

Publication date:

09/09/2009

Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2008-7187

Publication date:

09/09/2009

Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2008-7188

Publication date:

09/09/2009

ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3107

Publication date:

08/09/2009

Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3108

Publication date:

08/09/2009

The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3109

Publication date:

08/09/2009

Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-3110

Publication date:

08/09/2009

Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-0627

Publication date:

08/09/2009

Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2009-2632

Publication date:

08/09/2009

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

Subscribe to Vulnerabilities