Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-31194

Publication date:

05/07/2023

An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

04/11/2025

CVE-2023-35972

Publication date:

05/07/2023

An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.

Severity CVSS v4.0: Pending analysis

Last modification:

10/07/2023

CVE-2023-35973

Publication date:

05/07/2023

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Severity CVSS v4.0: Pending analysis

Last modification:

11/07/2023

CVE-2023-35978

Publication date:

05/07/2023

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim&#39;s browser in the context of the affected interface.

Severity CVSS v4.0: Pending analysis

Last modification:

11/07/2023

CVE-2023-3515

Publication date:

05/07/2023

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2023

CVE-2023-35971

Publication date:

05/07/2023

A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim&#39;s browser in the context of the affected interface.

Severity CVSS v4.0: Pending analysis

Last modification:

11/07/2023

CVE-2023-35979

Publication date:

05/07/2023

There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.

Severity CVSS v4.0: Pending analysis

Last modification:

11/07/2023

CVE-2023-35974

Publication date:

05/07/2023

Severity CVSS v4.0: Pending analysis

Last modification:

11/07/2023

CVE-2023-35975

Publication date:

05/07/2023

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.

Severity CVSS v4.0: Pending analysis

Last modification:

11/07/2023

CVE-2023-35976

Publication date:

05/07/2023

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.

Severity CVSS v4.0: Pending analysis

Last modification:

11/07/2023

CVE-2023-35977

Publication date:

05/07/2023

Severity CVSS v4.0: Pending analysis

Last modification:

11/07/2023

CVE-2023-36665

Publication date:

05/07/2023

"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty.

Severity CVSS v4.0: Pending analysis

Last modification:

28/06/2024

Subscribe to Vulnerabilities