VYPR

Pan OS

by Paloaltonetworks

CVEs (240)

  • CVE-2024-2433Mar 13, 2024
    risk 0.00cvss epss 0.01

    An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log…

  • CVE-2024-0011Feb 14, 2024
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing…

  • CVE-2024-0010Feb 14, 2024
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that…

  • CVE-2024-0009Feb 14, 2024
    risk 0.00cvss epss 0.00

    An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.

  • CVE-2024-0008Feb 14, 2024
    risk 0.00cvss epss 0.01

    Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.

  • CVE-2024-0007Feb 14, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated…

  • CVE-2023-6793Dec 13, 2023
    risk 0.00cvss epss 0.01

    An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.

  • CVE-2023-6791Dec 13, 2023
    risk 0.00cvss epss 0.01

    A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.

  • CVE-2023-6789Dec 13, 2023
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload…

  • CVE-2023-6795Dec 13, 2023
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

  • CVE-2023-6794Dec 13, 2023
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

  • CVE-2023-6792Dec 13, 2023
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

  • CVE-2023-6790Dec 13, 2023
    risk 0.00cvss epss 0.01

    A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.

  • CVE-2023-38046Jul 12, 2023
    risk 0.00cvss epss 0.00

    A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.

  • CVE-2023-0010Jun 14, 2023
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted…

  • CVE-2023-0008May 10, 2023
    risk 0.00cvss epss 0.01

    A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.

  • CVE-2023-0007May 10, 2023
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when…

  • CVE-2023-0005Apr 12, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.

  • CVE-2023-0004Apr 12, 2023
    risk 0.00cvss epss 0.01

    A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of…

  • CVE-2022-0030Oct 12, 2022
    risk 0.00cvss epss 0.01

    An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.

Page 7 of 12