Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2008-1537

Publication date:
28/03/2008
Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1541

Publication date:
28/03/2008
Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Webshop 2.50 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1240

Publication date:
28/03/2008
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1532

Publication date:
28/03/2008
Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1533

Publication date:
28/03/2008
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1530

Publication date:
27/03/2008
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1531

Publication date:
27/03/2008
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1150

Publication date:
27/03/2008
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1151

Publication date:
27/03/2008
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1152

Publication date:
27/03/2008
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1384

Publication date:
27/03/2008
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-1391

Publication date:
27/03/2008
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025