Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2009-3634
Publication date:
02/11/2009
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3635
Publication date:
02/11/2009
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3636
Publication date:
02/11/2009
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3834
Publication date:
02/11/2009
SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3835
Publication date:
02/11/2009
SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3837
Publication date:
02/11/2009
Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3838
Publication date:
02/11/2009
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3839
Publication date:
02/11/2009
Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3733
Publication date:
02/11/2009
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3836
Publication date:
02/11/2009
ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3833
Publication date:
02/11/2009
Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-2267
Publication date:
02/11/2009
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025
Subscribe to Vulnerabilities