Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2006-0293

Publication date:

02/02/2006

The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0294

Publication date:

02/02/2006

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element&#39;s style from position:relative to position:static, which causes Gecko to operate on freed memory.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0295

Publication date:

02/02/2006

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0296

Publication date:

02/02/2006

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user&#39;s localstore.rdf file.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0529

Publication date:

02/02/2006

Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0530

Publication date:

02/02/2006

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0528

Publication date:

02/02/2006

The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0516

Publication date:

02/02/2006

Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0517

Publication date:

02/02/2006

Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0521

Publication date:

02/02/2006

Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0525

Publication date:

02/02/2006

Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0526

Publication date:

02/02/2006

The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

Subscribe to Vulnerabilities