Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-48772
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation.This issue affects Prevent Landscape Rotation: from n/a through 2.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-48773
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.This issue affects WooCommerce Login Redirect: from n/a through 2.2.4.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-48778
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-24590
Publication date:
18/12/2023
<br /> <br /> <br /> A format string issue in the Controller 6000&amp;#39;s optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service.<br /> <br /> This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/01/2024

CVE-2023-41967
Publication date:
18/12/2023
<br /> Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller&amp;#39;s default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. <br /> <br /> This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/01/2024

CVE-2023-46686
Publication date:
18/12/2023
<br /> A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. <br /> <br /> This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/12/2023

CVE-2023-23570
Publication date:
18/12/2023
<br /> Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. <br /> <br /> This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/01/2024

CVE-2023-23576
Publication date:
18/12/2023
<br /> Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. <br /> <br /> This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/01/2024

CVE-2023-23584
Publication date:
18/12/2023
<br /> An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. <br /> <br /> This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/01/2024

CVE-2023-22439
Publication date:
18/12/2023
<br /> Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface.<br /> <br /> This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/12/2023

CVE-2023-40691
Publication date:
18/12/2023
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-6295
Publication date:
18/12/2023
The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2023
Subscribe to Vulnerabilities