Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2003-0756

Publication date:
20/10/2003
Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2003-0757

Publication date:
20/10/2003
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2003-1062

Publication date:
15/10/2003
Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2003-1061

Publication date:
14/10/2003
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2003-0791

Publication date:
07/10/2003
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2002-1567

Publication date:
06/10/2003
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2003-0801

Publication date:
06/10/2003
Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2003-0802

Publication date:
06/10/2003
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot).
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2003-0803

Publication date:
06/10/2003
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2003-0805

Publication date:
06/10/2003
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2003-0826

Publication date:
06/10/2003
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2003-0827

Publication date:
06/10/2003
The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026