Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-0057

Publication date:
08/03/2002
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2002-0060

Publication date:
08/03/2002
IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2002-0062

Publication date:
08/03/2002
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2002-0063

Publication date:
08/03/2002
Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2002-0067

Publication date:
08/03/2002
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2002-0068

Publication date:
08/03/2002
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2002-0069

Publication date:
08/03/2002
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2002-0081

Publication date:
08/03/2002
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2002-1619

Publication date:
08/03/2002
Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1376

Publication date:
04/03/2002
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2001-1377

Publication date:
04/03/2002
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2002-0001

Publication date:
27/02/2002
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026