Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-43072
Publication date:
05/10/2023
<br /> Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2023

CVE-2023-43073
Publication date:
05/10/2023
<br /> Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2023

CVE-2023-44386
Publication date:
05/10/2023
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2023

CVE-2023-44387
Publication date:
05/10/2023
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2024

CVE-2023-2306
Publication date:
05/10/2023
<br /> <br /> <br /> <br /> <br /> Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records.<br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-44837
Publication date:
05/10/2023
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024

CVE-2023-44838
Publication date:
05/10/2023
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2023

CVE-2023-44839
Publication date:
05/10/2023
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2023

CVE-2023-45160
Publication date:
05/10/2023
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client&amp;#39;s temporary directory is now locked down in the released patch.<br /> <br /> <br /> <br /> Resolution: This has been fixed in patch Q23094 <br /> <br /> This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. <br /> <br /> Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2023-4570
Publication date:
05/10/2023
An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-44828
Publication date:
05/10/2023
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024

CVE-2023-44829
Publication date:
05/10/2023
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024
Subscribe to Vulnerabilities