Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-41153
Publication date:
29/08/2023
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2023

CVE-2023-4611
Publication date:
29/08/2023
A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2023-38975
Publication date:
29/08/2023
* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2023

CVE-2023-38971
Publication date:
29/08/2023
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2023

CVE-2023-32241
Publication date:
29/08/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2023-4572
Publication date:
29/08/2023
Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-4346
Publication date:
29/08/2023
<br /> KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2023

CVE-2023-39678
Publication date:
29/08/2023
A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
01/09/2023

CVE-2023-3253
Publication date:
29/08/2023
An improper authorization vulnerability exists where an authenticated, <br /> low privileged remote attacker could view a list of all the users <br /> available in the application.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2023-39266
Publication date:
29/08/2023
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim&amp;#39;s browser in the context of the affected interface.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2023

CVE-2023-39267
Publication date:
29/08/2023
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.<br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2023

CVE-2023-39268
Publication date:
29/08/2023
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2023
Subscribe to Vulnerabilities