Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-38062
Publication date:
12/07/2023
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2023

CVE-2023-3595
Publication date:
12/07/2023
<br /> Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2023

CVE-2021-43758
Publication date:
12/07/2023
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.
Severity CVSS v4.0: Pending analysis
Last modification:
19/07/2023

CVE-2021-43759
Publication date:
12/07/2023
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.
Severity CVSS v4.0: Pending analysis
Last modification:
19/07/2023

CVE-2021-43757
Publication date:
12/07/2023
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious 3GP ​file
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-43760
Publication date:
12/07/2023
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file.
Severity CVSS v4.0: Pending analysis
Last modification:
19/07/2023

CVE-2021-44696
Publication date:
12/07/2023
Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2023

CVE-2023-37579
Publication date:
12/07/2023
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker.<br /> <br /> This issue affects Apache Pulsar: before 2.10.4, and 2.11.0.<br /> <br /> Any authenticated user can retrieve a source&amp;#39;s configuration or a sink&amp;#39;s configuration without authorization. Many sources and sinks contain credentials in the configuration, which could lead to leaked credentials. This vulnerability is mitigated by the fact that there is not a known way for an authenticated user to enumerate another tenant&amp;#39;s sources or sinks, meaning the source or sink name would need to be guessed in order to exploit this vulnerability.<br /> <br /> The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.<br /> <br /> 2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.<br /> 2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.<br /> 3.0 Pulsar Function Worker users are unaffected.<br /> Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2023

CVE-2023-37582
Publication date:
12/07/2023
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. <br /> <br /> When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. <br /> <br /> It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2023-31007
Publication date:
12/07/2023
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false.<br /> <br /> This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0.<br /> <br /> 2.9 Pulsar Broker users should upgrade to at least 2.9.5.<br /> 2.10 Pulsar Broker users should upgrade to at least 2.10.4.<br /> 2.11 Pulsar Broker users should upgrade to at least 2.11.1.<br /> 3.0 Pulsar Broker users are unaffected.<br /> Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2023

CVE-2023-35908
Publication date:
12/07/2023
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2023

CVE-2023-36543
Publication date:
12/07/2023
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2023
Subscribe to Vulnerabilities