Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-51019
Publication date:
22/12/2023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.
Severity CVSS v4.0: Pending analysis
Last modification:
27/12/2023

CVE-2023-51020
Publication date:
22/12/2023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi.
Severity CVSS v4.0: Pending analysis
Last modification:
27/12/2023

CVE-2023-51021
Publication date:
22/12/2023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi.
Severity CVSS v4.0: Pending analysis
Last modification:
27/12/2023

CVE-2023-51022
Publication date:
22/12/2023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi.
Severity CVSS v4.0: Pending analysis
Last modification:
27/12/2023

CVE-2023-51033
Publication date:
22/12/2023
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2023

CVE-2023-51034
Publication date:
22/12/2023
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2024

CVE-2023-51035
Publication date:
22/12/2023
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2024

CVE-2023-50147
Publication date:
22/12/2023
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2023

CVE-2023-50708
Publication date:
22/12/2023
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2024

CVE-2023-39251
Publication date:
22/12/2023
<br /> Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2024

CVE-2023-43088
Publication date:
22/12/2023
<br /> Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/01/2024

CVE-2023-51023
Publication date:
22/12/2023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi.
Severity CVSS v4.0: Pending analysis
Last modification:
27/12/2023
Subscribe to Vulnerabilities