Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-30565
Publication date:
13/07/2023
An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2023

CVE-2023-30564
Publication date:
13/07/2023
Alaris Systems Manager does not perform input validation during the Device Import Function.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2023

CVE-2023-30563
Publication date:
13/07/2023
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2023

CVE-2023-30562
Publication date:
13/07/2023
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
16/02/2024

CVE-2023-30561
Publication date:
13/07/2023
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2023

CVE-2023-34458
Publication date:
13/07/2023
mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction&amp;#39;s sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag `RelayedNonceFixEnableEpoch` was needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2023

CVE-2023-30560
Publication date:
13/07/2023
The configuration from the PCU can be modified without authentication using physical connection to the PCU. <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2023

CVE-2022-42045
Publication date:
13/07/2023
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2024

CVE-2023-30559
Publication date:
13/07/2023
The firmware update package for the wireless card is not properly signed and can be modified.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2024

CVE-2023-35833
Publication date:
13/07/2023
An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the vendor originally reported this as a security issue but then reconsidered because of the requirement for Admin access in order to change the configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2024

CVE-2023-37785
Publication date:
13/07/2023
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2023

CVE-2023-37786
Publication date:
13/07/2023
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2023
Subscribe to Vulnerabilities