By michele654 on Thursday, 10 October 2024
Category: Vulnerabilities

New Vulnerabilities Thursday 10 October


Monthly Patches are out for Palo Alto Networks and Juniper Networks. New Alerts for Progress, PEPPERL+FUCHS, GitLab, Ruckus, and Linux.

Palo Alto Networks 

Monthly Patches include 7 bulletins, 1 rated Critical, 2 rated High, and 4 rated Medium. Highest CVSSv4 score of 9.9
More info.

Multiple vulnerabilities in Expedition allow a remote attacker to read Expedition database contents and arbitrary files and write arbitrary files to temporary storage locations on the Expedition system. Combined, these include information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. CVSSv4 score of 9.9
More info.

A memory corruption vulnerability in PAN-OS software allows a remote attacker to crash PAN-OS with a crafted packet through the data plane, resulting in a DoS. Repeated attempts will result in PAN-OS entering maintenance mode. CVSSv4 score of 8.2
More info.

Progress 

Multiple bulletins have been issued for Telerik Report Server, for credential stuffing attacks, brute force attacks, and DoS. CVSSv3 scores of 7.5
More info. And here. And here.

Juniper Networks 

Juniper Networks Monthly Patches include 31 bulletins, 1 rated Critical, 13 rated High, and 17 rated Medium. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities have been resolved in nginx software included with Junos OS. Highest CVSSv3 score of 9.8
More info.

PEPPERL+FUCHS 

3D-Vision-Sensors devices are affected by the OpenSSH regreSSHion vulnerability. CVSSv3 score of 8.1
More info. And here.

GitLab 

GitLab has been updated to fix 8 security vulnerabilities, 1 rated Critical, 4 rated High, 2 rated Medium, and 1 rated Low. Highest CVSSv3 score of 9.6
More info.

Ruckus 

Ruckus AP contains a vulnerability that allows a remote attacker to perform a RCE attack via the ssh interface.
More info.

Linux 

SUSE has updated the kernel and cups-filters. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated systemd. More info.
Ubuntu has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

SecurityWizardry.com - Vulnerability Details