Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

K000138353: Quarterly Security Notification (February 2024)

🗓️ 14 Feb 2024 14:04:38Reported by f5Type 
f5
 f5🔗 my.f5.com👁 57 Views

F5 February 2024 Quarterly Security Notification covering High, Medium, and Low CVEs for BIG-IP and NGIN

Related
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of HTTP/3 QUIC modules in NGINX Plus and NGINX OSS web servers allows attackers to cause service interruptions.
15 Feb 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the ngx_http_v3_module in NGINX and NGINX Plus servers allows a hacker to cause a service failure.
15 Feb 202400:00
bdu_fstec
BDU FSTEC		The vulnerabilities of the BIG-IP Access Policy Manager, as well as of other software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, and BIG-IP Webaccelerator, are related to unlimited resource allocation. This allows attackers to cause service interruptions.
4 Mar 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe—is related to unlimited resource distribution. This allows attackers to execute arbitrary commands.
4 Mar 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the LDAP protocol implementation in F5OS-A operating systems, hardware devices of the F5 rSeries, and F5OS-C application delivery controllers of F5 VELOS allows a hacker to circumvent security restrictions.
12 Apr 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the BIG-IP Access Policy Manager, as well as software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Domain Name System, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IQ Centralized Management, lies in the lack of measures taken to perform data cleaning at the management level. This allows attackers to circumvent existing security restrictions.
15 Apr 202500:00
bdu_fstec
FreeBSD		nginx-devel -- Multiple Vulnerabilities in HTTP/3
14 Feb 202400:00
freebsd
Chainguard		CVE-2024-24989 vulnerabilities
14 Feb 202417:15
cgr
Chainguard		CVE-2024-24990 vulnerabilities
14 Feb 202417:15
cgr
Circl		CVE-2024-21771
24 Mar 202519:23
circl
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Feb 2024 14:04Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.18.7
EPSS0.01061
SSVC
f5 security notificationfebruary 2024high cvesmedium cveslow cvesbig-ipnginxsecurity exposures
57