Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-29574
Publication date:
12/04/2023
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2025

CVE-2022-24350
Publication date:
12/04/2023
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function is called directly on the Command Buffer before the DataSize is check, leading to possible circumstances where the data immediately following the command buffer could be destroyed before returning a buffer size error.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2023-1829
Publication date:
12/04/2023
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.<br /> We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-30512
Publication date:
12/04/2023
CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2025

CVE-2022-48437
Publication date:
12/04/2023
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2023-22613
Publication date:
11/04/2023
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2025

CVE-2023-29576
Publication date:
11/04/2023
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2023-28808
Publication date:
11/04/2023
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2023

CVE-2023-28313
Publication date:
11/04/2023
Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2023-28314
Publication date:
11/04/2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2023-28311
Publication date:
11/04/2023
Microsoft Word Remote Code Execution Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2023-28312
Publication date:
11/04/2023
Azure Machine Learning Information Disclosure Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024
Subscribe to Vulnerabilities