Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2000-0621
Publication date:
20/07/2000
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0653
Publication date:
20/07/2000
Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0672
Publication date:
20/07/2000
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0615
Publication date:
19/07/2000
LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0619
Publication date:
19/07/2000
Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0622
Publication date:
19/07/2000
Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0636
Publication date:
19/07/2000
HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0633
Publication date:
18/07/2000
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0567
Publication date:
18/07/2000
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0625
Publication date:
18/07/2000
NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0626
Publication date:
18/07/2000
Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0627
Publication date:
18/07/2000
BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities