Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2000-0190

Publication date:

02/03/2000

AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2000-0193

Publication date:

02/03/2000

The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2000-0189

Publication date:

01/03/2000

ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2000-0207

Publication date:

01/03/2000

SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2000-0201

Publication date:

01/03/2000

The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2000-0176

Publication date:

29/02/2000

The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2000-0208

Publication date:

29/02/2000

The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2000-0216

Publication date:

29/02/2000

Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025