Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-5047

Publication date:

09/10/2019

An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

27/06/2022

CVE-2019-5048

Publication date:

09/10/2019

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.

Severity CVSS v4.0: Pending analysis

Last modification:

27/06/2022

CVE-2019-5050

Publication date:

09/10/2019

Severity CVSS v4.0: Pending analysis

Last modification:

27/06/2022

CVE-2019-5053

Publication date:

09/10/2019

An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

27/06/2022

CVE-2019-15021

Publication date:

09/10/2019

A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network.

Severity CVSS v4.0: Pending analysis

Last modification:

01/01/2022

CVE-2019-15014

Publication date:

09/10/2019

A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.

Severity CVSS v4.0: Pending analysis

Last modification:

02/02/2023

CVE-2019-15015

Publication date:

09/10/2019

In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.

Severity CVSS v4.0: Pending analysis

Last modification:

04/02/2023

CVE-2019-15016

Publication date:

09/10/2019

An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.

Severity CVSS v4.0: Pending analysis

Last modification:

04/02/2023

CVE-2019-15017

Publication date:

09/10/2019

The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.

Severity CVSS v4.0: Pending analysis

Last modification:

04/02/2023

CVE-2019-15018

Publication date:

09/10/2019

A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.

Severity CVSS v4.0: Pending analysis

Last modification:

15/02/2023

CVE-2019-9535

Publication date:

09/10/2019

A vulnerability exists in the way that iTerm2 integrates with tmux&#39;s control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim&#39;s computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2019-3765

Publication date:

09/10/2019

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.

Severity CVSS v4.0: Pending analysis

Last modification:

17/10/2019

Subscribe to Vulnerabilities