Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-38734
Publication date:
22/08/2023
<br /> IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2023

CVE-2023-38733
Publication date:
22/08/2023
<br /> IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2023

CVE-2020-24113
Publication date:
22/08/2023
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
28/08/2023

CVE-2023-39026
Publication date:
22/08/2023
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2023

CVE-2023-33850
Publication date:
22/08/2023
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
27/09/2024

CVE-2023-4475
Publication date:
22/08/2023
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/08/2023

CVE-2023-4212
Publication date:
22/08/2023
<br /> ​A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-38665
Publication date:
22/08/2023
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2023

CVE-2023-38732
Publication date:
22/08/2023
<br /> IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2023

CVE-2023-39141
Publication date:
22/08/2023
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
28/08/2023

CVE-2023-38996
Publication date:
22/08/2023
An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command.
Severity CVSS v4.0: Pending analysis
Last modification:
28/08/2023

CVE-2023-38668
Publication date:
22/08/2023
Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).
Severity CVSS v4.0: Pending analysis
Last modification:
28/08/2023
Subscribe to Vulnerabilities