Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-34936
Publication date:
28/06/2023
A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2023

CVE-2023-34935
Publication date:
28/06/2023
A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2023

CVE-2023-34934
Publication date:
28/06/2023
A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2023

CVE-2023-34933
Publication date:
28/06/2023
A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2023

CVE-2023-26615
Publication date:
28/06/2023
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2023

CVE-2023-20192
Publication date:
28/06/2023
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-20199
Publication date:
28/06/2023
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-20119
Publication date:
28/06/2023
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.<br /> <br /> This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2024

CVE-2023-20178
Publication date:
28/06/2023
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established.<br /> <br /> This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2024

CVE-2023-20105
Publication date:
28/06/2023
A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with Read-only credentials to elevate privileges to Administrator on an affected system.<br /> <br /> This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by authenticating to the application as a Read-only user and sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user.<br /> <br /> Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2024

CVE-2023-20108
Publication date:
28/06/2023
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM &amp;amp; Presence Service (Unified CM IM&amp;amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&amp;amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.<br /> <br /> This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&amp;amp;P users who were authenticated prior to an attack.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2024

CVE-2023-20116
Publication date:
28/06/2023
A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2024
Subscribe to Vulnerabilities