Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-40840

Publication date:

30/08/2023

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "fromGetWirelessRepeat."

Severity CVSS v4.0: Pending analysis

Last modification:

07/09/2023

CVE-2023-40839

Publication date:

30/08/2023

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function &#39;sub_ADF3C&#39; contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands.

Severity CVSS v4.0: Pending analysis

Last modification:

07/09/2023

CVE-2023-40844

Publication date:

30/08/2023

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function &#39;formWifiBasicSet.&#39;

Severity CVSS v4.0: Pending analysis

Last modification:

07/09/2023

CVE-2023-40595

Publication date:

30/08/2023

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

21/11/2024

CVE-2023-40596

Publication date:

30/08/2023

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.

Severity CVSS v4.0: Pending analysis

Last modification:

21/11/2024

CVE-2023-40597

Publication date:

30/08/2023

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

Severity CVSS v4.0: Pending analysis

Last modification:

21/11/2024

CVE-2023-40598

Publication date:

30/08/2023

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.

Severity CVSS v4.0: Pending analysis

Last modification:

21/11/2024

CVE-2023-40592

Publication date:

30/08/2023

In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.

Severity CVSS v4.0: Pending analysis

Last modification:

21/11/2024

CVE-2023-40593

Publication date:

30/08/2023

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.

Severity CVSS v4.0: Pending analysis

Last modification:

21/11/2024

CVE-2023-40594

Publication date:

30/08/2023

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.

Severity CVSS v4.0: Pending analysis

Last modification:

21/11/2024

CVE-2023-20266

Publication date:

30/08/2023

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device.<br /> <br /> This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device.

Severity CVSS v4.0: Pending analysis

Last modification:

25/01/2024