Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2001-0628
Publication date:
14/08/2001
Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-0629
Publication date:
14/08/2001
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-0635
Publication date:
14/08/2001
Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1231
Publication date:
14/08/2001
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1232
Publication date:
14/08/2001
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1233
Publication date:
14/08/2001
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1135
Publication date:
14/08/2001
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1292
Publication date:
13/08/2001
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1113
Publication date:
13/08/2001
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1114
Publication date:
13/08/2001
book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1115
Publication date:
13/08/2001
generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1157
Publication date:
12/08/2001
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026
Subscribe to Vulnerabilities