Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-21149
Publication date:
28/06/2023
In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270050709References: N/A
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2023

CVE-2023-21150
Publication date:
28/06/2023
In handle_set_parameters_ctrl of hal_socket.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-267312009References: N/A
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2023

CVE-2023-21151
Publication date:
28/06/2023
In the Google BMS kernel module, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265149414References: N/A
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2023

CVE-2023-21152
Publication date:
28/06/2023
In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269174022References: N/A
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2023

CVE-2023-21153
Publication date:
28/06/2023
In Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264259730References: N/A
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2023

CVE-2023-21158
Publication date:
28/06/2023
In encode of miscdata.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783635References: N/A
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2023

CVE-2023-21159
Publication date:
28/06/2023
In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783565References: N/A
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2023

CVE-2022-20443
Publication date:
28/06/2023
In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194480991
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2023

CVE-2021-31937
Publication date:
28/06/2023
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-2625
Publication date:
28/06/2023
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023

CVE-2023-27866
Publication date:
28/06/2023
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023

CVE-2023-34937
Publication date:
28/06/2023
A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2023
Subscribe to Vulnerabilities