Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-2175

Publication date:
31/12/2002
phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2340

Publication date:
31/12/2002
Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2342

Publication date:
31/12/2002
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2400

Publication date:
31/12/2002
Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2402

Publication date:
31/12/2002
SURECOM broadband router EP-4501 uses a default SNMP read community string of "public" and a default SNMP read/write community string of "secret," which allows remote attackers to read and modify router configuration information.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2404

Publication date:
31/12/2002
Buffer overflow in IISPop email server 1.161 and 1.181 allows remote attackers to cause a denial of service (crash) via a long request to the POP3 port (TCP port 110).
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2414

Publication date:
31/12/2002
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2022

Publication date:
31/12/2002
Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2023

Publication date:
31/12/2002
The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2026

Publication date:
31/12/2002
Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to execute arbitrary code via a long FTP "220" message reply.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2027

Publication date:
31/12/2002
Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not properly verify user permissions, which allows remote attackers to perform unauthorized activities.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2029

Publication date:
31/12/2002
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025