Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-1999-0682

Publication date:
06/08/1999
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0913

Publication date:
05/08/1999
dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0719

Publication date:
05/08/1999
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0671

Publication date:
03/08/1999
Buffer overflow in ToxSoft NextFTP client through CWD command.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0677

Publication date:
03/08/1999
The WebRamp web administration utility has a default password.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0703

Publication date:
03/08/1999
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1337

Publication date:
01/08/1999
FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0672

Publication date:
01/08/1999
Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1130

Publication date:
30/07/1999
Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1536

Publication date:
30/07/1999
.sbstart startup script in AcuShop Salesbuilder is world writable, which allows local users to gain privileges by appending commands to the file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0683

Publication date:
30/07/1999
Denial of service in Gauntlet Firewall via a malformed ICMP packet.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1227

Publication date:
30/07/1999
Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025