Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2007-4567

Publication date:

21/12/2007

The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6334

Publication date:

20/12/2007

Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6341

Publication date:

20/12/2007

Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6349

Publication date:

20/12/2007

P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6505

Publication date:

20/12/2007

Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6507

Publication date:

20/12/2007

SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6506

Publication date:

20/12/2007

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6285

Publication date:

20/12/2007

The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6472

Publication date:

20/12/2007

Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6473

Publication date:

20/12/2007

Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6474

Publication date:

20/12/2007

Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-6475

Publication date:

20/12/2007

Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

Subscribe to Vulnerabilities