Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-42488
Publication date:
25/10/2023
EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-42489
Publication date:
25/10/2023
EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-42490
Publication date:
25/10/2023
<br /> <br /> EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2024

CVE-2023-42491
Publication date:
25/10/2023
EisBaer Scada - CWE-285: Improper Authorization
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-42492
Publication date:
25/10/2023
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-42493
Publication date:
25/10/2023
EisBaer Scada - CWE-256: Plaintext Storage of a Password
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-42494
Publication date:
25/10/2023
EisBaer Scada - CWE-749: Exposed Dangerous Method or Function
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-43281
Publication date:
25/10/2023
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-43360
Publication date:
25/10/2023
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2023

CVE-2023-43488
Publication date:
25/10/2023
The vulnerability allows a low privileged (untrusted) application to<br /> modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.
Severity CVSS v4.0: Pending analysis
Last modification:
06/11/2023

CVE-2023-43506
Publication date:
25/10/2023
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2023-43507
Publication date:
25/10/2023
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023
Subscribe to Vulnerabilities