Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2003-0434
Publication date:
24/07/2003
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0348
Publication date:
24/07/2003
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0349
Publication date:
24/07/2003
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0442
Publication date:
24/07/2003
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2001-1409
Publication date:
24/07/2003
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0379
Publication date:
24/07/2003
Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0436
Publication date:
24/07/2003
Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0437
Publication date:
24/07/2003
Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0359
Publication date:
24/07/2003
nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0366
Publication date:
24/07/2003
lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0381
Publication date:
24/07/2003
Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0389
Publication date:
24/07/2003
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities