Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-1999-0488
Publication date:
21/04/1999
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0490
Publication date:
21/04/1999
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0604
Publication date:
20/04/1999
An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0607
Publication date:
20/04/1999
quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0491
Publication date:
20/04/1999
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0684
Publication date:
19/04/1999
Denial of service in Sendmail 8.8.6 in HPUX.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1244
Publication date:
15/04/1999
IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary files via a symlink attack on the saved output file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1369
Publication date:
14/04/1999
Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0446
Publication date:
12/04/1999
Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0444
Publication date:
12/04/1999
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-1323
Publication date:
09/04/1999
Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-1999-0470
Publication date:
09/04/1999
A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities