Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-31017
Publication date:
02/11/2023
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2023

CVE-2023-31018
Publication date:
02/11/2023
NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2023

CVE-2023-31019
Publication date:
02/11/2023
NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2023-31020
Publication date:
02/11/2023
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2023

CVE-2023-31021
Publication date:
02/11/2023
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2023

CVE-2023-31022
Publication date:
02/11/2023
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2023

CVE-2023-31016
Publication date:
02/11/2023
NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2023

CVE-2023-46925
Publication date:
02/11/2023
Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2024

CVE-2023-4217
Publication date:
02/11/2023
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2023

CVE-2023-5035
Publication date:
02/11/2023
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2023

CVE-2023-5846
Publication date:
02/11/2023
<br /> Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.<br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2023

CVE-2022-4900
Publication date:
02/11/2023
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities