Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2004-0674
Publication date:
06/08/2004
Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-0675
Publication date:
06/08/2004
Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-0676
Publication date:
06/08/2004
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-0677
Publication date:
06/08/2004
Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attackers to cause a denial of service (temporary hang) via the cd command with an unusual argument, possibly due to multiple leading slashes and/or an access to the floppy drive ("A").
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1711
Publication date:
06/08/2004
Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-0657
Publication date:
06/08/2004
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-0667
Publication date:
06/08/2004
Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-0641
Publication date:
05/08/2004
Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1367
Publication date:
04/08/2004
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1709
Publication date:
04/08/2004
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1679
Publication date:
04/08/2004
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1365
Publication date:
04/08/2004
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities