Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2001-1584
Publication date:
31/12/2001
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1585
Publication date:
31/12/2001
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1477
Publication date:
31/12/2001
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1478
Publication date:
31/12/2001
Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1479
Publication date:
31/12/2001
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1480
Publication date:
31/12/2001
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1481
Publication date:
31/12/2001
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1483
Publication date:
31/12/2001
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1484
Publication date:
31/12/2001
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1487
Publication date:
31/12/2001
popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1488
Publication date:
31/12/2001
Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1489
Publication date:
31/12/2001
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities