Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-36082
Publication date:
03/08/2023
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2023-4068
Publication date:
03/08/2023
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-4069
Publication date:
03/08/2023
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-4070
Publication date:
03/08/2023
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-4071
Publication date:
03/08/2023
Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-4072
Publication date:
03/08/2023
Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-4074
Publication date:
03/08/2023
Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-4075
Publication date:
03/08/2023
Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-33368
Publication date:
03/08/2023
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-1437
Publication date:
02/08/2023
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2024

CVE-2023-1935
Publication date:
02/08/2023
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-39113
Publication date:
02/08/2023
ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.
Severity CVSS v4.0: Pending analysis
Last modification:
06/06/2024
Subscribe to Vulnerabilities