Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-50705

Publication date:

20/12/2023

An attacker could create malicious requests to obtain sensitive information about the web server.

Severity CVSS v4.0: Pending analysis

Last modification:

29/12/2023

CVE-2023-50706

Publication date:

20/12/2023

A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.

Severity CVSS v4.0: Pending analysis

Last modification:

29/12/2023

CVE-2023-50707

Publication date:

20/12/2023

Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.

Severity CVSS v4.0: Pending analysis

Last modification:

29/12/2023

CVE-2023-6689

Publication date:

20/12/2023

A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application.

Severity CVSS v4.0: Pending analysis

Last modification:

29/12/2023

CVE-2023-42012

Publication date:

20/12/2023

An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.

Severity CVSS v4.0: Pending analysis

Last modification:

27/12/2023

CVE-2023-42013

Publication date:

20/12/2023

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510.

Severity CVSS v4.0: Pending analysis

Last modification:

27/12/2023

CVE-2023-45887

Publication date:

20/12/2023

DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client&#39;s machine via a modified GPCM message.

Severity CVSS v4.0: Pending analysis

Last modification:

15/02/2024

CVE-2023-47161

Publication date:

20/12/2023

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799.

Severity CVSS v4.0: Pending analysis

Last modification:

27/12/2023

CVE-2023-50703

Publication date:

20/12/2023

An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application.

Severity CVSS v4.0: Pending analysis

Last modification:

29/12/2023

CVE-2023-6928

Publication date:

19/12/2023

EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.

Severity CVSS v4.0: Pending analysis

Last modification:

29/12/2023

CVE-2023-6929

Publication date:

19/12/2023

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.

Severity CVSS v4.0: Pending analysis

Last modification:

29/12/2023

CVE-2023-6930

Publication date:

19/12/2023

EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access.

Severity CVSS v4.0: Pending analysis

Last modification:

29/12/2023

Subscribe to Vulnerabilities