New Alerts for Cisco, Palo Alto Networks, Fortinet, IBM, BD, and curl.
Cisco
Cisco has released 6 bulletins, 5 rated Medium and 1 Informational. Highest CVSSv3 score of 6.7
More info.
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow a remote attacker to cause a DoS. CVSSv3 score of 4.3
More info.
Vulnerabilities in the ACL processing on MPLS interfaces and the classic ACL compression feature of Cisco IOS XR Software could allow a remote attacker to bypass a configured ACL. CVSSv3 score of 5.8
More info. And here.
BGP software such as FRRouting FRR included as part of the PAN-OS virtual routing feature enable a remote attacker to incorrectly reset network sessions though an invalid BGP update. CVSSv3 score of 7.5
More info.
Fortinet has published 12 new bulletins. Three are rated High, 9 rated Medium, and 1 Low. Highest CVSSv3 score of 7.4
More info.
A protection mechanism failure vulnerability in FortiWeb may allow an attacker to bypass XSS and CSRF protections. CVSSv3 score of 7.1
More info.
A lack of custom error pages vulnerability [CWE-756] in FortiPresence may allow a remote attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specfiic HTTP paths. CVSSv3 score of 5.3
More info.
Multiple security vulnerabilities in third-party software are addressed with IBM Business Automation Manager Open Editions. Highest CVSSv3 score of 9.8
More info.
IBM Cloud Pak for Security includes components with multiple known vulnerabilities. Highest CVSSv3 score of 9.8
More info.
BD has published security updates for Pyxis, Data Agent, FACSMelody, Accuri C6 Plus, FACSLyric, CCE, Alaris, MAX, and Synapsys.
More info.
curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. This is rated Medium.
More info.
Comments