Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-32209
Publication date:
19/06/2023
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2024

CVE-2023-29532
Publication date:
19/06/2023
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server.<br /> <br /> *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2024

CVE-2023-29531
Publication date:
19/06/2023
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.<br /> <br /> *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2024

CVE-2023-35005
Publication date:
19/06/2023
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.<br /> <br /> This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.<br /> <br /> <br /> This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2023

CVE-2023-34602
Publication date:
19/06/2023
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2023-34603
Publication date:
19/06/2023
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2023-35866
Publication date:
19/06/2023
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor&amp;#39;s position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker."
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2024

CVE-2023-27396
Publication date:
19/06/2023
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2024

CVE-2023-32270
Publication date:
19/06/2023
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2024

CVE-2023-35862
Publication date:
19/06/2023
libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2023

CVE-2023-32201
Publication date:
19/06/2023
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2024

CVE-2023-32542
Publication date:
19/06/2023
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024
Subscribe to Vulnerabilities