Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-1434
Publication date:
11/04/2003
Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1435
Publication date:
11/04/2003
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1436
Publication date:
11/04/2003
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1438
Publication date:
11/04/2003
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1439
Publication date:
11/04/2003
Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1440
Publication date:
11/04/2003
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1441
Publication date:
11/04/2003
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1442
Publication date:
11/04/2003
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1443
Publication date:
11/04/2003
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1406
Publication date:
11/04/2003
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1407
Publication date:
11/04/2003
TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1408
Publication date:
11/04/2003
Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities