Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-29486
Publication date:
21/12/2023
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation described here is a Microsoft Windows issue, not a Heimdal specific vulnerability. The USB control solution by Heimdal is meant to manage Microsoft Windows native USB restrictions. They maintain that their solution functions as a management layer over Windows settings and is not to blame for limitations in Windows' detection capabilities.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-29487
Publication date:
21/12/2023
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-45700
Publication date:
21/12/2023
HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2024

CVE-2023-47093
Publication date:
21/12/2023
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2023

CVE-2023-49032
Publication date:
21/12/2023
An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2025

CVE-2023-51390
Publication date:
21/12/2023
journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2024

CVE-2023-41166
Publication date:
21/12/2023
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It&amp;#39;s possible to know if a specific user account exists on the SNS firewall by using remote access commands.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2023

CVE-2023-45703
Publication date:
21/12/2023
HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2024

CVE-2023-46131
Publication date:
21/12/2023
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2024

CVE-2023-50988
Publication date:
20/12/2023
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-50989
Publication date:
20/12/2023
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-50990
Publication date:
20/12/2023
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023
Subscribe to Vulnerabilities