Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2000-0412

Publication date:
01/05/1999
The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0194

Publication date:
01/05/1999
Denial of service in in.comsat allows attackers to generate messages.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0807

Publication date:
01/05/1999
The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0487

Publication date:
01/05/1999
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0711

Publication date:
29/04/1999
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0712

Publication date:
27/04/1999
A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0492

Publication date:
23/04/1999
The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0466

Publication date:
21/04/1999
The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0488

Publication date:
21/04/1999
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0490

Publication date:
21/04/1999
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0604

Publication date:
20/04/1999
An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0607

Publication date:
20/04/1999
quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025