Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-1999-0371

Publication date:

11/02/1999

Lynx allows a local user to overwrite sensitive files through /tmp symlinks.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0353

Publication date:

10/02/1999

rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0370

Publication date:

10/02/1999

In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0407

Publication date:

09/02/1999

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0367

Publication date:

09/02/1999

NetBSD netstat command allows local users to access kernel memory.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0368

Publication date:

09/02/1999

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0366

Publication date:

08/02/1999

In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0350

Publication date:

08/02/1999

Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-1201

Publication date:

06/02/1999

Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025