Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-41120

Publication date:

12/12/2023

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user&#39;s permissions.

Severity CVSS v4.0: Pending analysis

Last modification:

14/12/2023

CVE-2023-41116

Publication date:

12/12/2023

Severity CVSS v4.0: Pending analysis

Last modification:

14/12/2023

CVE-2023-41117

Publication date:

12/12/2023

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.

Severity CVSS v4.0: Pending analysis

Last modification:

27/05/2025

CVE-2023-41114

Publication date:

12/12/2023

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text and get_url_as_bytea that are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user&#39;s permissions.

Severity CVSS v4.0: Pending analysis

Last modification:

14/12/2023

CVE-2023-41115

Publication date:

12/12/2023

Severity CVSS v4.0: Pending analysis

Last modification:

14/12/2023

CVE-2023-41113

Publication date:

12/12/2023

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections.

Severity CVSS v4.0: Pending analysis

Last modification:

14/12/2023

CVE-2023-6709

Publication date:

12/12/2023

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.

Severity CVSS v4.0: Pending analysis

Last modification:

13/12/2023

CVE-2023-50424

Publication date:

12/12/2023

SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions

Severity CVSS v4.0: Pending analysis

Last modification:

28/09/2024

CVE-2023-5536

Publication date:

12/12/2023

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

Severity CVSS v4.0: Pending analysis

Last modification:

18/12/2023

CVE-2023-6542

Publication date:

12/12/2023

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.<br /> <br />

Severity CVSS v4.0: Pending analysis

Last modification:

18/12/2023

CVE-2023-49587

Publication date:

12/12/2023

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.<br /> <br />

Severity CVSS v4.0: Pending analysis

Last modification:

14/12/2023

CVE-2023-50422

Publication date:

12/12/2023

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Severity CVSS v4.0: Pending analysis

Last modification:

28/09/2024

Subscribe to Vulnerabilities