Paloaltonetworks

Pan-os

233 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-0007

  • EPSS 0.53%
  • Veröffentlicht 14.02.2024 18:15:47
  • Zuletzt bearbeitet 17.12.2024 18:09:56

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation o...

8.8

CVE-2024-0008

  • EPSS 0.25%
  • Veröffentlicht 14.02.2024 18:15:47
  • Zuletzt bearbeitet 09.12.2024 15:18:26

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.

6.3

CVE-2024-0009

  • EPSS 0.1%
  • Veröffentlicht 14.02.2024 18:15:47
  • Zuletzt bearbeitet 09.12.2024 15:13:34

An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.

6.1

CVE-2024-0010

  • EPSS 3.54%
  • Veröffentlicht 14.02.2024 18:15:47
  • Zuletzt bearbeitet 09.12.2024 15:08:43

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowi...

6.1

CVE-2024-0011

  • EPSS 0.75%
  • Veröffentlicht 14.02.2024 18:15:47
  • Zuletzt bearbeitet 09.12.2024 15:05:57

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on ...

4.7

CVE-2023-6794

  • EPSS 0.09%
  • Veröffentlicht 13.12.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 08:44:34

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges...

4.7

CVE-2023-6795

  • EPSS 0.12%
  • Veröffentlicht 13.12.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 08:44:34

An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

6.1

CVE-2023-6790

  • EPSS 0.19%
  • Veröffentlicht 13.12.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:44:33

A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS...

4.9

CVE-2023-6791

  • EPSS 0.14%
  • Veröffentlicht 13.12.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:44:34

A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from ...

6.3

CVE-2023-6792

  • EPSS 0.2%
  • Veröffentlicht 13.12.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:44:34

An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.