Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-23026
Publication date:
25/01/2022
On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23011
Publication date:
25/01/2022
On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23027
Publication date:
25/01/2022
On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23012
Publication date:
25/01/2022
On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23024
Publication date:
25/01/2022
On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23023
Publication date:
25/01/2022
On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23028
Publication date:
25/01/2022
On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23025
Publication date:
25/01/2022
On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23030
Publication date:
25/01/2022
On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor) and TCP Segmentation Offload configuration is enabled, undisclosed requests may cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23029
Publication date:
25/01/2022
On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23015
Publication date:
25/01/2022
On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022

CVE-2022-23014
Publication date:
25/01/2022
On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2022
Subscribe to Vulnerabilities