Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2003-0508
Publication date:
07/08/2003
Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0509
Publication date:
07/08/2003
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0510
Publication date:
07/08/2003
Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the "sessions" command.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0497
Publication date:
07/08/2003
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0498
Publication date:
07/08/2003
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-1205
Publication date:
06/08/2003
Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the "con" MS-DOS device name.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0643
Publication date:
25/07/2003
Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash).
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0348
Publication date:
24/07/2003
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0349
Publication date:
24/07/2003
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0359
Publication date:
24/07/2003
nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0366
Publication date:
24/07/2003
lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0379
Publication date:
24/07/2003
Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities