Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-1156
Publication date:
11/10/2002
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1165
Publication date:
11/10/2002
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1166
Publication date:
11/10/2002
Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1170
Publication date:
11/10/2002
The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1174
Publication date:
11/10/2002
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1175
Publication date:
11/10/2002
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1178
Publication date:
11/10/2002
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1189
Publication date:
11/10/2002
The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0843
Publication date:
11/10/2002
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0865
Publication date:
11/10/2002
A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes."
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0866
Publication date:
11/10/2002
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-0867
Publication date:
11/10/2002
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities