Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2007-6359
Publication date:
15/12/2007
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6360
Publication date:
15/12/2007
Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6361
Publication date:
15/12/2007
Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6362
Publication date:
15/12/2007
SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6363
Publication date:
15/12/2007
IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6364
Publication date:
15/12/2007
Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLMForo System allows remote authenticated users to inject arbitrary web script or HTML via a signature.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6365
Publication date:
15/12/2007
Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the day and year vectors are covered by CVE-2007-6274.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6366
Publication date:
15/12/2007
Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6367
Publication date:
15/12/2007
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6368
Publication date:
15/12/2007
Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the link parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6369
Publication date:
15/12/2007
Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) size or (2) path parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6371
Publication date:
15/12/2007
Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025
Subscribe to Vulnerabilities