Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-1999-1077

Publication date:
01/11/1999
Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0854

Publication date:
01/11/1999
Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0827

Publication date:
01/11/1999
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0829

Publication date:
01/11/1999
HP Secure Web Console uses weak encryption.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0830

Publication date:
01/11/1999
Buffer overflow in SCO UnixWare Xsco command via a long argument.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0354

Publication date:
01/11/1999
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1577

Publication date:
31/10/1999
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0873

Publication date:
30/10/1999
Buffer overflow in Skyfull mail server via MAIL FROM command.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1532

Publication date:
29/10/1999
Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1226

Publication date:
28/10/1999
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0915

Publication date:
28/10/1999
URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0950

Publication date:
28/10/1999
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025