Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-1999-1590

Publication date:
31/12/1999
Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-1999-1591

Publication date:
31/12/1999
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-1999-1592

Publication date:
31/12/1999
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2000-0011

Publication date:
31/12/1999
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2000-0013

Publication date:
31/12/1999
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2000-0015

Publication date:
31/12/1999
CascadeView TFTP server allows local users to gain privileges via a symlink attack.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-1999-0001

Publication date:
30/12/1999
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2000-0003

Publication date:
30/12/1999
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2000-0043

Publication date:
30/12/1999
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2000-0076

Publication date:
30/12/1999
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2000-0007

Publication date:
29/12/1999
Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2000-0009

Publication date:
29/12/1999
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026