Latest f5 big-ip next Vulnerabilities

F5-K000138650
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that the...
F5 BIG-IP Next>=20.0.1<=20.0.2
F5 BIG-IP Next Central Manager>=20.0.1<=20.0.2
F5 BIG-IP Next SPK>=1.7.0<=1.9.1
F5 BIG-IP Next CNF>=1.1.0<=1.2.1
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
and 2 more
F5-K000138649
CVE-2023-5981 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. CVE-20...
F5 BIG-IP Next>=20.0.1<=20.0.2
F5 BIG-IP Next Central Manager>=20.0.1<=20.0.2
F5 BIG-IP Next SPK>=1.5.0<=1.9.1
F5 BIG-IP Next CNF>=1.1.0<=1.3.0
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
and 5 more
CVE-2024-0553
Gnutls: incomplete fix for cve-2023-5981
redhat/gnutls<3.8.3
debian/gnutls28<=3.6.7-4+deb10u8<=3.7.1-5+deb11u4<=3.7.1-5+deb11u3
ubuntu/gnutls28<3.6.13-2ubuntu1.10
ubuntu/gnutls28<3.7.3-4ubuntu1.4
ubuntu/gnutls28<3.7.8-5ubuntu1.2
ubuntu/gnutls28<3.8.1-4ubuntu1.2
and 18 more
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that the...
Haxx Curl>=7.46.0<=8.4.0
Fedoraproject Fedora=39
redhat/curl<8.5.0
ubuntu/curl<7.58.0-2ubuntu3.24+
ubuntu/curl<7.68.0-1ubuntu2.21
ubuntu/curl<7.81.0-1ubuntu1.15
and 13 more
CVE-2023-5981
Gnutls: timing side-channel in the rsa-psk authentication
redhat/GnuTLS<3.8.2
ubuntu/gnutls28<3.5.18-1ubuntu1.6+
ubuntu/gnutls28<3.6.13-2ubuntu1.9
ubuntu/gnutls28<3.7.3-4ubuntu1.3
ubuntu/gnutls28<3.7.8-5ubuntu1.1
ubuntu/gnutls28<3.8.1-4ubuntu1.1
and 19 more
CVE-2023-45886
The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.
F5 BIG-IP Next>=20.0.1<=20.1.0
F5 BIG-IP Next SPK>=1.5.0<=1.9.1
F5 BIG-IP Next CNF>=1.1.0<=1.2.1
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
and 16 more
F5-K000137315
The BGP daemon (bgpd) in ZebOS through 7.10.6 allows remote attackers to cause a denial-of-service (DoS) by sending crafted BGP update messages containing a malformed attribute.
F5 BIG-IP Next>=20.0.1<=20.1.0
F5 BIG-IP Next SPK>=1.5.0<=1.9.1
F5 BIG-IP Next CNF>=1.1.0<=1.2.1
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
and 2 more
F5-K000137106
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-...
F5 BIG-IP Next=20.0.1
F5 BIG-IP Next SPK>=1.5.0<=1.8.2
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 BIG-IP>=14.1.0<=14.1.5
and 6 more
CVE-2023-44487
- Rapid Reset HTTP/2 vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
and 568 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203