Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2003-0852
Publication date:
17/11/2003
Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0853
Publication date:
17/11/2003
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0854
Publication date:
17/11/2003
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0860
Publication date:
17/11/2003
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0861
Publication date:
17/11/2003
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0863
Publication date:
17/11/2003
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0864
Publication date:
17/11/2003
Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0865
Publication date:
17/11/2003
Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0866
Publication date:
17/11/2003
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0870
Publication date:
17/11/2003
Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0872
Publication date:
17/11/2003
Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0874
Publication date:
17/11/2003
Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities