Quarterly Patches are out for F5, Monthly Patches are out for Palo Alto Networks. New Alerts for Spring, IBM,and Linux.
F5
F5 August Quarterly Security Notification lists 9 CVEs, 4 rated High and 5 rated Medium. Highest CVSSv4 score of 8.9
More info.
An attacker with access to obtain a user's session cookies can continue to use that session to access BIG-IP Next Central Manager and systems managed by BIG-IP Next Central Manager after that user has logged out. CVSSv4 score of 8.9
More info.
Two vulnerabilities allow a remote attacker to cause a DoS on the BIG-IP system. CVSSv4 score of 8.7
More info. And here.
When NGINX Plus is configured to use the MQTT filter module, undisclosed requests can cause an increase in memory resource utilization. CVSSv4 score of 8.7
More info.
Spring Framework has fixed 2 DoS vulnerabilities.
More info.
Palo Alto Monthly Patches include 4 bulletins. Highest CVSSv4 score of 8.6
More info.
Prisma Access Browser has incorporated the latest upstream Chromium security fixes. Highest CVSSv4 score of 8.6
More info.
A command injection issue in Cortex XSOAR CommonScripts Pack allows a remote attacker to execute arbitrary commands within the context of an integration container. CVSSv4 score of 7.
More info.
Vulnerability in Apache Calcite Avatica and jackson-databind affect watsonx.data. CVSSv3 score of 9.8
More info. And here.
QRadar Suite Software has been updated to fix vulnerabilities in third-party software. Highest CVSSv3 score of 9.8
More info.
Oracle Linux has updated the kernel. More info.
SUSE has updated the kernel. More info.
Comments