Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-5768
Publication date:
04/12/2023
A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. <br /> Incomplete or wrong received APDU frame layout may <br /> cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer <br /> with wrong length information of APDU or delayed reception <br /> of data octets.<br /> <br /> <br /> Only communication link of affected HCI IEC 60870-5-104 <br /> is blocked. If attack sequence stops the communication to <br /> the previously attacked link gets normal again.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2023

CVE-2023-41613
Publication date:
04/12/2023
EzViz Studio v2.2.0 is vulnerable to DLL hijacking.
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2023

CVE-2023-48799
Publication date:
04/12/2023
TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution.
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2023

CVE-2023-48800
Publication date:
04/12/2023
In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2023

CVE-2023-6460
Publication date:
04/12/2023
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2023

CVE-2023-48863
Publication date:
04/12/2023
SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2025

CVE-2023-32804
Publication date:
04/12/2023
Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver.This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from r19p0 through r44p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r44p0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2023

CVE-2023-44306
Publication date:
04/12/2023
<br /> <br /> <br /> Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2023

CVE-2023-6481
Publication date:
04/12/2023
A serialization vulnerability in logback receiver component part of <br /> logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service <br /> attack by sending poisoned data.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2023

CVE-2023-44301
Publication date:
04/12/2023
<br /> <br /> <br /> Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user&amp;#39;s web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2023

CVE-2023-44302
Publication date:
04/12/2023
<br /> Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2023

CVE-2023-44304
Publication date:
04/12/2023
<br /> <br /> <br /> Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2023
Subscribe to Vulnerabilities