Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2010-2311

Publication date:

16/06/2010

Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows user-assisted remote attackers to execute arbitrary code via a .ptb file with a long font name.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-2070

Publication date:

16/06/2010

arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-2071

Publication date:

16/06/2010

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-2072

Publication date:

16/06/2010

Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-2073

Publication date:

16/06/2010

auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-1932

Publication date:

16/06/2010

Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-2074

Publication date:

16/06/2010

istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a &#39;\0&#39; character in a domain name in the (1) subject&#39;s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-2295

Publication date:

15/06/2010

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-2296

Publication date:

15/06/2010

The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-2297

Publication date:

15/06/2010

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-2298

Publication date:

15/06/2010

browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-2299

Publication date:

15/06/2010

The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a "Type Confusion" issue.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

Subscribe to Vulnerabilities