Monthly Patches are out for Palo Alto Networks and Juniper Networks. New Alerts for Progress, PEPPERL+FUCHS, GitLab, Ruckus, and Linux.
Palo Alto Networks
Monthly Patches include 7 bulletins, 1 rated Critical, 2 rated High, and 4 rated Medium. Highest CVSSv4 score of 9.9
More info.
Multiple vulnerabilities in Expedition allow a remote attacker to read Expedition database contents and arbitrary files and write arbitrary files to temporary storage locations on the Expedition system. Combined, these include information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. CVSSv4 score of 9.9
More info.
A memory corruption vulnerability in PAN-OS software allows a remote attacker to crash PAN-OS with a crafted packet through the data plane, resulting in a DoS. Repeated attempts will result in PAN-OS entering maintenance mode. CVSSv4 score of 8.2
More info.
Multiple bulletins have been issued for Telerik Report Server, for credential stuffing attacks, brute force attacks, and DoS. CVSSv3 scores of 7.5
More info. And here. And here.
Juniper Networks Monthly Patches include 31 bulletins, 1 rated Critical, 13 rated High, and 17 rated Medium. Highest CVSSv3 score of 9.8
More info.
Multiple vulnerabilities have been resolved in nginx software included with Junos OS. Highest CVSSv3 score of 9.8
More info.
3D-Vision-Sensors devices are affected by the OpenSSH regreSSHion vulnerability. CVSSv3 score of 8.1
More info. And here.
GitLab has been updated to fix 8 security vulnerabilities, 1 rated Critical, 4 rated High, 2 rated Medium, and 1 rated Low. Highest CVSSv3 score of 9.6
More info.
Ruckus AP contains a vulnerability that allows a remote attacker to perform a RCE attack via the ssh interface.
More info.
SUSE has updated the kernel and cups-filters. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated systemd. More info.
Ubuntu has updated the kernel. More info.
