Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2007-4037
Publication date:
27/07/2007
Guidance Software EnCase allows user-assisted attackers to trigger a buffer over-read and application crash via a malformed NTFS filesystem containing a modified FILE record with a certain large offset. NOTE: the vendor disputes the significance of this issue, asserting that relevant attackers typically do not corrupt a filesystem, and indicating that the relevant read operation can be disabled
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-4041
Publication date:
27/07/2007
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-4042
Publication date:
27/07/2007
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-4045
Publication date:
27/07/2007
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-4033
Publication date:
27/07/2007
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-4038
Publication date:
27/07/2007
Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-4047
Publication date:
27/07/2007
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1354
Publication date:
27/07/2007
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-2874
Publication date:
27/07/2007
Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third party information.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-3105
Publication date:
27/07/2007
Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-3333
Publication date:
26/07/2007
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-4003
Publication date:
26/07/2007
pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025
Subscribe to Vulnerabilities