Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-23299
Publication date:
23/05/2023
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025

CVE-2023-2702
Publication date:
23/05/2023
Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.This issue affects Competition Management System: before 23.07.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-23298
Publication date:
23/05/2023
The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device&amp;#39;s firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-31752
Publication date:
23/05/2023
SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-31517
Publication date:
23/05/2023
A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via opening a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2024

CVE-2023-23306
Publication date:
23/05/2023
The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device&amp;#39;s firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2023-23305
Publication date:
23/05/2023
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device&amp;#39;s firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2023-23304
Publication date:
23/05/2023
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user&amp;#39;s consent and disclose potentially private or sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2023-23303
Publication date:
23/05/2023
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device&amp;#39;s firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-23302
Publication date:
23/05/2023
The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device&amp;#39;s firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-23301
Publication date:
23/05/2023
The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-31518
Publication date:
23/05/2023
A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025
Subscribe to Vulnerabilities