K000139579: Node.js vulneraility CVE-2024-21891

Security Advisory Description Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects...

K000139578: Node.js vulnerability CVE-2024-21896

Security Advisory Description The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from to obtain a Buffer from the result of path.resolve. By...

K000139577: Node.js vulnerability CVE-2024-21890

Security Advisory Description The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading...

K000139573: node.js vulnerability CVE-2024-22017

Security Advisory Description setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid. This vulnerability affects all...

K000139570: UNIX CPIO vulnerability CVE-2023-7216

Security Advisory Description A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended...

K000139558: Node.js vulnerabilities CVE-2023-46809, CVE-2024-21892, and CVE-2024-22019

Security Advisory Description CVE-2023-46809 Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed...

K000139553: VPN TunnelVision vulnerability CVE-2024-3661

Security Advisory Description By design, the DHCP protocol does not authenticate messages, including for example the classless static route option 121. An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or...

K000139404: Quarterly Security Notification (May 2024)

Security Advisory Description On May 8, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

K000138912: BIG-IP SSL vulnerability CVE-2024-28889

Security Advisory Description When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. CVE-2024-28889 Impact Traffic is...

K000138636: BIG-IP Configuration utility XSS vulnerability CVE-2024-31156

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. CVE-2024-31156 Impact An authenticated attacker may exploit thi...

K000138898: BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, and NGINX App Protect WAF attack signature check failure

Security Advisory Description BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack signature. This issue occurs when all of the following conditions are met: The affected security policy has a large number of attack signatures enabled for example, all or...

K11342432: BIG-IP HTTP non-RFC-compliant security exposure

Security Advisory Description This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a system matching one of the following conditions: BIG-IP 15.1.0 and later version with a virtual server with an HTTP profile with Enforce RFC Compliance enabled. All supported...

K000138894: BIG-IP Configuration utility XSS vulnerability CVE-2024-33604

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. CVE-2024-33604 Impact An attacker may exploit this...

K000132430: The BIG-IP system may fail to block HTTP Request Smuggling attacks

Security Advisory Description The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an HTTP Request Smuggling attack. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP...

K000138520: BIG-IP Configuration utility vulnerability CVE-2024-27202

Security Advisory Description A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. CVE-2024-27202 Impact An attacker may exploit this...

K000138744: BIG-IP APM browser network access VPN client vulnerability CVE-2024-28883

Security Advisory Description An origin validation vulnerability exists in the BIG-IP APM browser network access VPN client, which may allow an attacker to bypass F5 endpoint inspection. CVE-2024-28883 Impact A remote unauthenticated attacker with a man-in-the-middle MITM position may exploit thi...

K000138913: BIG-IP Next CNF vulnerability CVE-2024-28132

Security Advisory Description Exposure of a Sensitive Information vulnerability exists in the Global Server Load Balancing GSLB container, which may allow an authenticated attacker with administrator role privileges to view sensitive information. CVE-2024-28132 Impact An authenticated attacker ma...

K000139217: BIG-IP TMM tenants on VELOS and rSeries vulnerability CVE-2024-32761

Security Advisory Description Under certain conditions, a data leak may occur in the Traffic Management Microkernels TMMs of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of...

K000139012: BIG-IP Next Central Manager vulnerability CVE-2024-33612

Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. CVE-2024-33612...

K000138728: BIG-IP IPsec vulnerability CVE-2024-33608

Security Advisory Description When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2024-33608 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to...

K000138733: BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026

Security Advisory Description An SQL injection vulnerability exists in the BIG-IP Next Central Manager API URI. CVE-2024-26026 Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API URI. This vulnerability...

K000138634: BIG-IP Next Central Manager vulnerability CVE-2024-32049

Security Advisory Description BIG-IP Next Central Manager may allow an unauthenticated, remote attacker to obtain BIG-IP Next LTM/WAF instance credentials. CVE-2024-32049 Impact This vulnerability may allow an unauthenticated attacker in a man-in-the-middle MITM position between a BIG-IP Next...

K000138732: BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793

Security Advisory Description An OData injection vulnerability exists in the BIG-IP Next Central Manager API URI. CVE-2024-21793 Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements which may allow the attacker to access but not update information...

K000139037: TMM vulnerability CVE-2024-25560

Security Advisory Description When a DNS profile is applied to a virtual server, undisclosed DNS traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2024-25560 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated...

K000139447: Apache httpd vulnerability CVE-2024-24795

Security Advisory Description HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this...

K000139532: Node.js vulnerability CVE-2024-27983

Security Advisory Description An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are...

K000139533: MySQL vulnerability CVE-2024-21090

Security Advisory Description Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

K000139508: rust-openssl vulnerability CVE-2024-3296

Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of tria...

K000139491: VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250

Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting a...

K000139489: PostgreSQL JDBC Driver vulnerability CVE-2024-1597

Security Advisory Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a...

K000139430: Linux kernel vulnerability CVE-2024-1086

Security Advisory Description A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can...

K000139446: Oracle Java vulnerability CVE-2024-21005

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerabili...

K000139429: Oracle GraalVM Vulnerability CVE-2024-20954 and CVE-2024-21098

Security Advisory Description CVE-2024-20954 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3....

K000139423: OpenJDK vulnerabilities CVE-2024-21002, CVE-2024-21003, and CVE-2024-21004

Security Advisory Description CVE-2024-21002 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to...

K000139405: MySQL vulnerability CVE-2023-21950

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

K000139377: OpenJDK vulnerabilities CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, and CVE-2024-21094

Security Advisory Description CVE-2024-21011 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracl...

K000139361: Moby Buildkit vulnerabilities CVE-2024-23651,CVE-2024-23652, and CVE-2024-23653

Security Advisory Description CVE-2024-23651 BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead ...

K000139353: aiohttp vulnerability CVE-2024-23334

Security Advisory Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to...

K000139340: Apache Tomcat vulnerability CVE-2024-22029

Security Advisory Description A flaw was found in the Tomcat package of OpenSUSE and derived distributions. This issue occurs due to incorrect permissions and a race condition in the %post section of the Tomcat RPM package, resulting in local privilege escalation when the Tomcat package is...

K000139225: nghttp2 vulnerability CVE-2024-28182

Security Advisory Description nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes...

K000139236: Apache Traffic Server HTTP/2 CONTINUATION DoS attack vulnerability CVE-2024-31309

Security Advisory Description HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. CVE-2024-31309 Impact There is no impact; F5 products are not affected by this...

K000139229: Tempesta vulnerability CVE-2024-2758

Security Advisory Description Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately. CVE-2024-2758 Impact There is no impact; F5 products are not affected by this...

K000139228: Envoy vulnerability CVE-2024-27919

Security Advisory Description Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This...

K000139227: amphp/http vulnerability CVE-2024-2653

Security Advisory Description amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set ENDHEADERS flag, resulting in an OOM crash. CVE-2024-2653 Impact There is no impact; F5 products are not affected by this vulnerability. Securi...

K000139218: CVE-2024-22243 Spring Framework vulnerability

Security Advisory Description Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to...

K000139214: Apache httpd vulnerability CVE-2024-27316

Security Advisory Description HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. CVE-2024-27316 Impact There is no impact; F5 products ar...

K000139152: Linux kernel vulnerability CVE-2023-2006

Security Advisory Description A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute...

K000139141: liblzma vulnerability CVE-2024-3094

Security Advisory Description Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used t...

K000139140: util-linux vulnerability CVE-2024-28085

Security Advisory Description wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not...

K000139092: DNS vulnerability CVE-2023-50387

Security Advisory Description Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone...