Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pan\-Os
(Paloaltonetworks)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 182 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-07-12 | CVE-2023-38046 | A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. | Pan\-Os | 4.9 | ||
| 2023-12-13 | CVE-2023-6789 | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. | Pan\-Os | 4.8 | ||
| 2023-12-13 | CVE-2023-6790 | A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. | Pan\-Os | 6.1 | ||
| 2023-12-13 | CVE-2023-6791 | A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. | Pan\-Os | 4.9 | ||
| 2023-12-13 | CVE-2023-6792 | An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | Pan\-Os | 6.3 | ||
| 2023-12-13 | CVE-2023-6795 | An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | Pan\-Os | 4.7 | ||
| 2023-12-13 | CVE-2023-6793 | An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage. | Pan\-Os | 2.7 | ||
| 2023-12-13 | CVE-2023-6794 | An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | Pan\-Os | 4.7 | ||
| 2024-09-11 | CVE-2024-8691 | A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker. | Pan\-Os | 7.1 | ||
| 2024-10-09 | CVE-2024-9471 | A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they... | Pan\-Os | 4.7 |