Juan Sacco

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 13.18.2 and older Asterisk Open Source versions 14.7.2 and older Asterisk Open Source versions 15.1.2 and older Certified Asterisk versions 13.13-cert7 and older **Description** An issue in the chan skinny.c file can cause the asterisk process to use excessive virtual memory if the chan skinny channel driver is flooded with certain requests, eventually stopping asterisk from processing any requests. **Recommendations** For Asterisk Open Source versions 13.18.2 and older, update to a version newer than 13.18.2 to resolve the issue. For Asterisk Open Source versions 14.7.2 and older, update to a version newer than 14.7.2 to resolve the issue. For Asterisk Open Source versions 15.1.2 and older, update to a version newer than 15.1.2 to resolve the issue. For Certified Asterisk versions 13.13-cert7 and older, update to a version newer than 13.13-cert7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS versions 7.0.1 through 7.0.7 **Description** A cross-site scripting issue exists in the management interface of the device, allowing remote authenticated users to inject arbitrary web script or HTML. This occurs because data provided by the user is stored without proper sanitization, which can be exploited by tricking an authenticated administrator into injecting malicious JavaScript into the web interface. **Recommendations** For versions 7.0.1 through 7.0.7, update to version 7.0.8 or later to resolve the issue.