Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-34478
Publication date:
24/07/2023
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.<br /> <br /> Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-37613
Publication date:
24/07/2023
A cross-site scripting (XSS) vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2023

CVE-2023-26077
Publication date:
24/07/2023
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2024

CVE-2023-3322
Publication date:
24/07/2023
<br /> A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted<br /> programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.<br /> This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2023

CVE-2023-3323
Publication date:
24/07/2023
<br /> A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted<br /> programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.<br /> This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2023

CVE-2023-3324
Publication date:
24/07/2023
<br /> A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted<br /> programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.<br /> This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2023

CVE-2023-3321
Publication date:
24/07/2023
<br /> A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted<br /> programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.<br /> This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2023

CVE-2023-3870
Publication date:
24/07/2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-3640
Publication date:
24/07/2023
A possible unauthorized memory access flaw was found in the Linux kernel&amp;#39;s cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the &amp;#39;Randomize per-cpu entry area&amp;#39; feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2023-3745
Publication date:
24/07/2023
A heap-based buffer overflow issue was found in ImageMagick&amp;#39;s PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-3748
Publication date:
24/07/2023
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-3750
Publication date:
24/07/2023
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024
Subscribe to Vulnerabilities