Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2010-1029

Publication date:

19/03/2010

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-0688

Publication date:

19/03/2010

Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-1003

Publication date:

19/03/2010

Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-0736

Publication date:

19/03/2010

Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2009-4271

Publication date:

19/03/2010

The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared Object (VDSO) page and then triggers a segmentation fault.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-0465

Publication date:

19/03/2010

Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-0734

Publication date:

19/03/2010

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-0733

Publication date:

19/03/2010

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-0008

Publication date:

19/03/2010

The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-0732

Publication date:

19/03/2010

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-1023

Publication date:

19/03/2010

Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2010-1024

Publication date:

19/03/2010

SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

Subscribe to Vulnerabilities