Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2007-6605

Publication date:
31/12/2007
Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2.77 in SkyFex Client 1.0 allows remote attackers to execute arbitrary code via long strings in the first four arguments to the Start method.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6606

Publication date:
31/12/2007
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6607

Publication date:
31/12/2007
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) shared/footer.php, (2) circ/mbr_fields.php, or (3) admin/custom_marc_form_fields.php, which reveals the path in various error messages.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6608

Publication date:
31/12/2007
Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6609

Publication date:
31/12/2007
Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function in CPI_PlaylistItem.c in CoolPlayer 217 and earlier allow user-assisted remote attackers to execute arbitrary code via a long (1) cTag or (2) cValue field in an OGG Vorbis file.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6337

Publication date:
31/12/2007
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6597

Publication date:
31/12/2007
Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6595

Publication date:
31/12/2007
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6596

Publication date:
31/12/2007
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6590

Publication date:
28/12/2007
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2809. Reason: This candidate is a duplicate of CVE-2008-2809. Notes: All CVE users should reference CVE-2008-2809 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2007-6570

Publication date:
28/12/2007
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-6571

Publication date:
28/12/2007
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025