Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2008-1044
Publication date:
27/02/2008
Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument to the UploadLogs method, a different vector than CVE-2007-4722. NOTE: some of these details are obtained from third party information.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-1046
Publication date:
27/02/2008
PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-1051
Publication date:
27/02/2008
PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-1053
Publication date:
27/02/2008
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-0984
Publication date:
26/02/2008
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-0983
Publication date:
26/02/2008
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-0596
Publication date:
26/02/2008
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-0597
Publication date:
26/02/2008
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-0923
Publication date:
26/02/2008
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-0973
Publication date:
25/02/2008
Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-0974
Publication date:
25/02/2008
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector value, which raises a "vector too long" exception; or (2) a certain packet that raises an ospace/time/src\date.cpp exception.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2008-0975
Publication date:
25/02/2008
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector value.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026
Subscribe to Vulnerabilities