Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-38795
Publication date:
07/08/2023
In Gitea through 1.17.1, repo cloning can occur in the migration function.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2023

CVE-2023-3896
Publication date:
07/08/2023
Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-38392
Publication date:
07/08/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2023

CVE-2023-32090
Publication date:
07/08/2023
Pega platform clients who are using versions 6.1 through 7.3.1 may be<br /> utilizing default credentials<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/08/2023

CVE-2023-0426
Publication date:
07/08/2023
<br /> ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves<br /> the reported vulnerabilities in the product versions under maintenance.<br /> An attacker who successfully exploited one or more of these vulnerabilities could cause the product to<br /> stop or make the product inaccessible. <br /> <br /> <br /> <br /> Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:<br /> <br />  Freelance controllers AC 700F: <br /> <br /> from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; <br /> <br /> <br /> <br /> <br /> Freelance controllers AC 900F: <br /> <br /> through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/08/2023

CVE-2023-0425
Publication date:
07/08/2023
<br /> ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves<br /> the reported vulnerabilities in the product versions under maintenance.<br /> An attacker who successfully exploited one or more of these vulnerabilities could cause the product to<br /> stop or make the product inaccessible. <br /> <br /> Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:<br /> <br /> Freelance controllers AC 700F: <br /> <br /> from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; <br /> <br /> Freelance controllers AC 900F: <br /> <br /> Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/08/2023

CVE-2023-39903
Publication date:
07/08/2023
An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379.
Severity CVSS v4.0: Pending analysis
Last modification:
11/08/2023

CVE-2023-20807
Publication date:
07/08/2023
In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2023

CVE-2023-20808
Publication date:
07/08/2023
In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2023

CVE-2023-20806
Publication date:
07/08/2023
In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2023

CVE-2023-20818
Publication date:
07/08/2023
In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2024

CVE-2023-20817
Publication date:
07/08/2023
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453600; Issue ID: ALPS07453600.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024
Subscribe to Vulnerabilities