Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2003-0280
Publication date:
16/06/2003
Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0281
Publication date:
16/06/2003
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0283
Publication date:
16/06/2003
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0285
Publication date:
16/06/2003
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0286
Publication date:
16/06/2003
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0287
Publication date:
16/06/2003
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0288
Publication date:
16/06/2003
Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0289
Publication date:
16/06/2003
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0290
Publication date:
16/06/2003
Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0291
Publication date:
16/06/2003
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0370
Publication date:
16/06/2003
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0284
Publication date:
16/06/2003
Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities