Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-47393
Publication date:
22/11/2023
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2024

CVE-2023-29069
Publication date:
22/11/2023
A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2023

CVE-2023-41145
Publication date:
22/11/2023
Autodesk users who no longer have an active license for an account can still access cases for that account.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2023

CVE-2023-48161
Publication date:
22/11/2023
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2023

CVE-2023-46814
Publication date:
22/11/2023
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2023

CVE-2022-35638
Publication date:
22/11/2023
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2023

CVE-2021-37937
Publication date:
22/11/2023
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2021-37942
Publication date:
22/11/2023
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2021-22143
Publication date:
22/11/2023
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2023-40152
Publication date:
22/11/2023
When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2023-5299
Publication date:
22/11/2023
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2024

CVE-2021-22142
Publication date:
22/11/2023
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2023
Subscribe to Vulnerabilities