Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2000-0331
Publication date:
20/04/2000
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0311
Publication date:
20/04/2000
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0272
Publication date:
20/04/2000
RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0257
Publication date:
19/04/2000
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0292
Publication date:
19/04/2000
The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0256
Publication date:
19/04/2000
Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0083
Publication date:
18/04/2000
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0269
Publication date:
18/04/2000
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0270
Publication date:
18/04/2000
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0271
Publication date:
18/04/2000
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0266
Publication date:
18/04/2000
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0264
Publication date:
17/04/2000
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities