Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-1999-0956

Publication date:

19/09/1997

The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0965

Publication date:

19/09/1997

Race condition in xterm allows local users to modify arbitrary files via the logging option.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-1214

Publication date:

15/09/1997

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0079

Publication date:

12/09/1997

Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-1275

Publication date:

08/09/1997

Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-1133

Publication date:

01/09/1997

HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0115

Publication date:

01/09/1997

AIX bugfiler program allows local users to gain root access.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0148

Publication date:

01/09/1997

The handler CGI program in IRIX allows arbitrary command execution.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-0191

Publication date:

01/09/1997

IIS newdsn.exe CGI script allows remote users to overwrite files.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-1999-1139

Publication date:

01/09/1997

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025