Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-39714

Publication date:
01/09/2023
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2023

CVE-2022-3407

Publication date:
01/09/2023
I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device's modem may reset and cause the phone call to not succeed. This may block the user from dialing emergency services. This patch resolves the device's modem reset issue.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2023

CVE-2023-41628

Publication date:
01/09/2023
An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components.
Severity CVSS v4.0: Pending analysis
Last modification:
07/09/2023

CVE-2023-41627

Publication date:
01/09/2023
O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device.
Severity CVSS v4.0: Pending analysis
Last modification:
14/12/2023

CVE-2023-36326

Publication date:
01/09/2023
Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2023

CVE-2023-36327

Publication date:
01/09/2023
Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2023

CVE-2023-39582

Publication date:
01/09/2023
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2023

CVE-2023-39631

Publication date:
01/09/2023
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2023

CVE-2023-40771

Publication date:
01/09/2023
SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2023

CVE-2023-4720

Publication date:
01/09/2023
Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2023

CVE-2023-4721

Publication date:
01/09/2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2023

CVE-2023-4722

Publication date:
01/09/2023
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2023