Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-1999-0692

Publication date:
19/07/1999
The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1518

Publication date:
15/07/1999
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1086

Publication date:
15/07/1999
Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1545

Publication date:
14/07/1999
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1460

Publication date:
13/07/1999
BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1166

Publication date:
11/07/1999
Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1543

Publication date:
10/07/1999
MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0809

Publication date:
09/07/1999
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1537

Publication date:
07/07/1999
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1478

Publication date:
06/07/1999
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0752

Publication date:
06/07/1999
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0728

Publication date:
06/07/1999
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025