Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-23979
Publication date:
14/02/2024
<br /> When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. <br /> <br /> <br /> <br /> <br /> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-23982
Publication date:
14/02/2024
<br /> <br /> <br /> When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2024-24775
Publication date:
14/02/2024
When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-23306
Publication date:
14/02/2024
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2025

CVE-2024-23308
Publication date:
14/02/2024
<br /> When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns."  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2024-23314
Publication date:
14/02/2024
When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-23603
Publication date:
14/02/2024
<br /> An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.<br /> <br /> <br /> <br /> <br /> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2025

CVE-2024-23607
Publication date:
14/02/2024
<br /> A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2024-21782
Publication date:
14/02/2024
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. <br /> <br /> <br /> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-21789
Publication date:
14/02/2024
<br /> <br /> <br /> When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.<br />  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2024-21849
Publication date:
14/02/2024
<br /> <br /> <br /> When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2024-22093
Publication date:
14/02/2024
When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2025
Subscribe to Vulnerabilities