Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-30382
Publication date:
23/05/2023
A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-1508
Publication date:
23/05/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-31860
Publication date:
23/05/2023
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2023-2702
Publication date:
23/05/2023
Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.This issue affects Competition Management System: before 23.07.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-23300
Publication date:
23/05/2023
The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device&amp;#39;s firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-23298
Publication date:
23/05/2023
The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device&amp;#39;s firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-31517
Publication date:
23/05/2023
A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via opening a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2024

CVE-2023-23303
Publication date:
23/05/2023
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device&amp;#39;s firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-23302
Publication date:
23/05/2023
The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device&amp;#39;s firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-23301
Publication date:
23/05/2023
The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-2703
Publication date:
23/05/2023
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2023

CVE-2023-23299
Publication date:
23/05/2023
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025
Subscribe to Vulnerabilities