A Customer

Name of the Vulnerable Software and Affected Versions: PAN-OS (affected versions not specified) Description: An improper input neutralization issue in the management web interface of the Palo Alto Networks PAN-OS software allows a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. Recommendations: Restrict access to the management web interface to only trusted internal IP addresses according to the recommended critical deployment guidelines. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PAN-OS (affected versions not specified) **Description** The issue is related to a null pointer dereference vulnerability in the PAN-OS software, which enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane, causing a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.4 and up Description: An authorization issue allowed a group maintainer to modify group CI/CD variables, which should be restricted to group owners. Recommendations: For GitLab CE/EE versions 9.4 and up, consider restricting access to group CI/CD variables to only group owners as a temporary workaround until a patch is available.