Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-42840

Publication date:
21/02/2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-42839

Publication date:
21/02/2024
This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-42838

Publication date:
21/02/2024
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-42843

Publication date:
21/02/2024
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2023-42836

Publication date:
21/02/2024
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2025

CVE-2023-42835

Publication date:
21/02/2024
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2023-42834

Publication date:
21/02/2024
A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-42823

Publication date:
21/02/2024
The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2024-22235

Publication date:
21/02/2024
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2025

CVE-2024-25151

Publication date:
21/02/2024
The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2024-1674

Publication date:
21/02/2024
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2024

CVE-2024-1669

Publication date:
21/02/2024
Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2024