Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2003-0411

Publication date:
30/06/2003
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-1067

Publication date:
19/06/2003
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-1086

Publication date:
17/06/2003
PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0297

Publication date:
16/06/2003
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0282

Publication date:
16/06/2003
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0354

Publication date:
16/06/2003
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0364

Publication date:
16/06/2003
The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0195

Publication date:
16/06/2003
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0246

Publication date:
16/06/2003
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0247

Publication date:
16/06/2003
Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-0248

Publication date:
16/06/2003
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1565

Publication date:
16/06/2003
Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025