Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2007-0741

Publication date:
24/04/2007
Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-0742

Publication date:
24/04/2007
The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-0743

Publication date:
24/04/2007
URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-0744

Publication date:
24/04/2007
SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-0746

Publication date:
24/04/2007
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-0747

Publication date:
24/04/2007
load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-0443

Publication date:
24/04/2007
Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-2173

Publication date:
24/04/2007
Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-2174

Publication date:
24/04/2007
The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-2175

Publication date:
24/04/2007
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-2176

Publication date:
24/04/2007
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2007-2177

Publication date:
24/04/2007
Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024