Monthly Patches are out for Palo Alto Networks. New Alerts for Blackberry, Fsas Technologies, Samsung, Rockwell Automation, HPE, MicroDicom, HashiCorp, and Linux.
Palo Alto Networks
Monthly Patches are out with 5 bulletins. Highest CVSSv4 score of 6.8
More info.
A vulnerability in GlobalProtect app can result in exposure of encrypted user credentials in application logs. CVSSv4 score of 5.5
More info.
An improper input validation vulnerability in the SGI Image Codec of the QNX Software Development Platform could potentially allow an attacker to cause a DoS or execute code. CVSSv3 score of 9.0
More info.
A DoS vulnerability exists in the WAF function of IPCOM products. If a remote attacker sends a specially crafted packet to a website to be inspected by the WAF function, the IPCOM product may stop or restart.
More info.
The Exynos mobile processor has 2 vulnerabilities that can result in OOB Write. Both are rated High by Samsung.
More info. And here.
FactoryTalk View SE contains a vulnerability that allows a remote attacker on a system with FTView to send a packet to the customer's server to view an HMI project without authentication. CVSSv4 score of 8.2
More info. And here.
Multiple OpenSSH vulnerabilities Impact the AirWave Management Platform. Highest CVSSv3 score of 6.5
More info.
DICOM Viewer contains 2 vulnerabilities, Improper Authorization in Handler for Custom URL Scheme and Stack-based Buffer Overflow. Highest CVSSv4 score of 8.7
More info.
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim, allowing an invalid login to succeed when it should have been rejected.
More info.
SUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.
