Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2000-0475

Publication date:
15/06/2000
Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0473

Publication date:
15/06/2000
Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker to cause a denial of service via a long GET request for a program in the cgi-bin directory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0484

Publication date:
15/06/2000
Small HTTP Server ver 3.06 contains a memory corruption bug causing a memory overflow. The overflowed buffer crashes into a Structured Exception Handler resulting in a Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0483

Publication date:
15/06/2000
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0477

Publication date:
14/06/2000
Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0478

Publication date:
14/06/2000
In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0543

Publication date:
14/06/2000
The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows remote attackers to cause a denial of service if their hostname does not have a reverse DNS entry and they connect to port 4000.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0471

Publication date:
14/06/2000
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0514

Publication date:
14/06/2000
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0542

Publication date:
13/06/2000
Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0565

Publication date:
13/06/2000
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0535

Publication date:
12/06/2000
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025