Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2000-0272

Publication date:
20/04/2000
RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0267

Publication date:
20/04/2000
Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0268

Publication date:
20/04/2000
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0256

Publication date:
19/04/2000
Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0257

Publication date:
19/04/2000
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0292

Publication date:
19/04/2000
The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0083

Publication date:
18/04/2000
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0266

Publication date:
18/04/2000
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0269

Publication date:
18/04/2000
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0270

Publication date:
18/04/2000
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0271

Publication date:
18/04/2000
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2000-0264

Publication date:
17/04/2000
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025