Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2004-0578
Publication date:
06/12/2004
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2003-1208
Publication date:
03/12/2004
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1083
Publication date:
03/12/2004
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1081
Publication date:
02/12/2004
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1084
Publication date:
02/12/2004
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1085
Publication date:
02/12/2004
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1086
Publication date:
02/12/2004
Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1087
Publication date:
02/12/2004
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1088
Publication date:
02/12/2004
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1089
Publication date:
02/12/2004
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1352
Publication date:
01/12/2004
Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2004-1771
Publication date:
30/11/2004
Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities