NotCVE - vendor:"Paloaltonetworks" product:"Pan-os" version:" >= 10.0.0 <= 10.0.12"

Page 2 of 51 results (0.003 seconds)

CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 0

CVE-2024-0010 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal

https://notcve.org/view.php?id=CVE-2024-0010

14 Feb 2024 — A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la función del portal GlobalProtect del software PAN-OS de Palo Alto Networks permite la ejecución de JavaScript malicioso (en el contexto del ... • https://security.paloaltonetworks.com/CVE-2024-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2024-0008 – PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface

https://notcve.org/view.php?id=CVE-2024-0008

14 Feb 2024 — Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. Las sesiones web en la interfaz de administración del software PAN-OS de Palo Alto Networks no caducan en determinadas situaciones, lo que las hace susceptibles a accesos no autorizados. • https://security.paloaltonetworks.com/CVE-2024-0008 • CWE-613: Insufficient Session Expiration •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2024-0007 – PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

https://notcve.org/view.php?id=CVE-2024-0007

14 Feb 2024 — A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator. Una vulnerabilidad de Cross-Site Scripting (XSS) en el software PAN-OS de Palo Alto Networks permite a un administrador de lectura y escritura autenticado malicioso almacenar un payload de JavaScript utilizando la interfaz ... • https://security.paloaltonetworks.com/CVE-2024-0007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-6793 – PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator

https://notcve.org/view.php?id=CVE-2023-6793

13 Dec 2023 — An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage. Vulnerabilidad de administración de privilegios inadecuada en el software PAN-OS de Palo Alto Networks permite a un administrador de solo lectura autenticado revocar claves API XML activas desde el firewall e interrumpir el uso de la API XML. • https://security.paloaltonetworks.com/CVE-2023-6793 • CWE-269: Improper Privilege Management •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-6791 – PAN-OS: Plaintext Disclosure of External System Integration Credentials

https://notcve.org/view.php?id=CVE-2023-6791

13 Dec 2023 — A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. Vulnerabilidad de divulgación de credenciales en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado de solo lectura obtener las credenciales en texto plano de integraciones de sistemas externos almacenados, como LD... • https://security.paloaltonetworks.com/CVE-2023-6791 • CWE-522: Insufficiently Protected Credentials CWE CATEGORY •

CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-6789 – PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

https://notcve.org/view.php?id=CVE-2023-6789

13 Dec 2023 — A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. Vulnerabilidad de cross-site scripting (XSS) en el software PAN-OS de Palo Alto Networks permite a un administrador de lectu... • https://security.paloaltonetworks.com/CVE-2023-6789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-6795 – PAN-OS: OS Command Injection Vulnerability in the Web Interface

https://notcve.org/view.php?id=CVE-2023-6795

13 Dec 2023 — An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Vulnerabilidad de inyección de comandos del sistema operativo en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado interrumpir los procesos del sistema y potencialmente ejecutar código arbitrario con privilegios limitados en el firewall. • https://security.paloaltonetworks.com/CVE-2023-6795 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-6792 – PAN-OS: OS Command Injection Vulnerability in the XML API

https://notcve.org/view.php?id=CVE-2023-6792

13 Dec 2023 — An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Vulnerabilidad de inyección de comandos del sistema operativo en la API XML del software PAN-OS de Palo Alto Networks permite a un usuario de API autenticado interrumpir los procesos del sistema y potencialmente ejecutar código arbitrario con privilegios limitados en el firewall... • https://security.paloaltonetworks.com/CVE-2023-6792 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-6790 – PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface

https://notcve.org/view.php?id=CVE-2023-6790

13 Dec 2023 — A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. Vulnerabilidad de cross-site scripting (XSS) basada en DOM en el software PAN-OS de Palo Alto Networks permite a un atacante remoto ejecutar una payload de JavaScript en el contexto del navegador de un administrador cuando ve un enlace específica... • https://security.paloaltonetworks.com/CVE-2023-6790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-0010 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

https://notcve.org/view.php?id=CVE-2023-0010

14 Jun 2023 — A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. • https://security.paloaltonetworks.com/CVE-2023-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5