Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2008-3431
Publication date:
05/08/2008
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3357
Publication date:
05/08/2008
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3356
Publication date:
05/08/2008
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3389
Publication date:
05/08/2008
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3451
Publication date:
04/08/2008
PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3453
Publication date:
04/08/2008
Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3456
Publication date:
04/08/2008
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3457
Publication date:
04/08/2008
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3459
Publication date:
04/08/2008
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3452
Publication date:
04/08/2008
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3454
Publication date:
04/08/2008
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-3455
Publication date:
04/08/2008
PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025
Subscribe to Vulnerabilities