Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-1769

Publication date:
31/12/2002
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1895

Publication date:
31/12/2002
The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1905

Publication date:
31/12/2002
Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1906

Publication date:
31/12/2002
The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1932

Publication date:
31/12/2002
Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1973

Publication date:
31/12/2002
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1991

Publication date:
31/12/2002
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2006

Publication date:
31/12/2002
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2008

Publication date:
31/12/2002
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2009

Publication date:
31/12/2002
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3)
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2019

Publication date:
31/12/2002
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-2025

Publication date:
31/12/2002
Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to the device name.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025