Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2007-3504

Publication date:

30/06/2007

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-3501

Publication date:

30/06/2007

Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508.

Severity CVSS v4.0: Pending analysis

Last modification:

12/12/2025

CVE-2006-7211

Publication date:

29/06/2007

fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2006-7212

Publication date:

29/06/2007

Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2006-7213

Publication date:

29/06/2007

Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2006-7214

Publication date:

29/06/2007

Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-3488

Publication date:

29/06/2007

Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-3489

Publication date:

29/06/2007

Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-3490

Publication date:

29/06/2007

Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-3491

Publication date:

29/06/2007

Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-3492

Publication date:

29/06/2007

Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

CVE-2007-3493

Publication date:

29/06/2007

A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2025

Subscribe to Vulnerabilities