CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6794 – PAN-OS: File Upload Vulnerability in the Web Interface
https://notcve.org/view.php?id=CVE-2023-6794
13 Dec 2023 — An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Vulnerabilidad de carga de archivos arbitraria en el software PAN-OS de Palo Alto Networks permite que un administrador de lectura y escritura autenticado con acceso a la interfaz web interrumpa los procesos del sistema y potencialmente ejecute... • https://security.paloaltonetworks.com/CVE-2023-6794 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6792 – PAN-OS: OS Command Injection Vulnerability in the XML API
https://notcve.org/view.php?id=CVE-2023-6792
13 Dec 2023 — An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Vulnerabilidad de inyección de comandos del sistema operativo en la API XML del software PAN-OS de Palo Alto Networks permite a un usuario de API autenticado interrumpir los procesos del sistema y potencialmente ejecutar código arbitrario con privilegios limitados en el firewall... • https://security.paloaltonetworks.com/CVE-2023-6792 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6790 – PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface
https://notcve.org/view.php?id=CVE-2023-6790
13 Dec 2023 — A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. Vulnerabilidad de cross-site scripting (XSS) basada en DOM en el software PAN-OS de Palo Alto Networks permite a un atacante remoto ejecutar una payload de JavaScript en el contexto del navegador de un administrador cuando ve un enlace específica... • https://security.paloaltonetworks.com/CVE-2023-6790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0010 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
https://notcve.org/view.php?id=CVE-2023-0010
14 Jun 2023 — A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. • https://security.paloaltonetworks.com/CVE-2023-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0008 – PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
https://notcve.org/view.php?id=CVE-2023-0008
10 May 2023 — A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. • https://security.paloaltonetworks.com/CVE-2023-0008 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0007 – PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
https://notcve.org/view.php?id=CVE-2023-0007
10 May 2023 — A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed. • https://security.paloaltonetworks.com/CVE-2023-0007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0005 – PAN-OS: Exposure of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2023-0005
12 Apr 2023 — A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. • https://security.paloaltonetworks.com/CVE-2023-0005 • CWE-312: Cleartext Storage of Sensitive Information CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0004 – PAN-OS: Local File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2023-0004
12 Apr 2023 — A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0028 – Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-0028
10 Aug 2022 — A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an... • https://security.paloaltonetworks.com/CVE-2022-0028 • CWE-406: Insufficient Control of Network Message Volume (Network Amplification) •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-0024 – PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit
https://notcve.org/view.php?id=CVE-2022-0024
11 May 2022 — A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier t... • https://security.paloaltonetworks.com/CVE-2022-0024 • CWE-138: Improper Neutralization of Special Elements •