Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-23805
Publication date:
14/02/2024
<br /> Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled.<br /> <br /> Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 .<br /> <br /> <br /> <br /> <br /> <br /> <br /> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-23976
Publication date:
14/02/2024
When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance<br /> mode restrictions utilizing iAppsLX templates on a BIG-IP system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2025

CVE-2024-23979
Publication date:
14/02/2024
<br /> When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. <br /> <br /> <br /> <br /> <br /> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-23982
Publication date:
14/02/2024
<br /> <br /> <br /> When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2024-24775
Publication date:
14/02/2024
When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-23306
Publication date:
14/02/2024
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2025

CVE-2024-23308
Publication date:
14/02/2024
<br /> When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns."  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2024-23314
Publication date:
14/02/2024
When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-23603
Publication date:
14/02/2024
<br /> An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.<br /> <br /> <br /> <br /> <br /> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2025

CVE-2024-23607
Publication date:
14/02/2024
<br /> A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2024-21782
Publication date:
14/02/2024
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. <br /> <br /> <br /> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-21789
Publication date:
14/02/2024
<br /> <br /> <br /> When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.<br />  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024
Subscribe to Vulnerabilities