Page 3 of 92 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Vulnerabilidad de carga de archivos arbitraria en el software PAN-OS de Palo Alto Networks permite que un administrador de lectura y escritura autenticado con acceso a la interfaz web interrumpa los procesos del sistema y potencialmente ejecute código arbitrario con privilegios limitados en el firewall. • https://security.paloaltonetworks.com/CVE-2023-6794 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0

An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Vulnerabilidad de inyección de comandos del sistema operativo en la API XML del software PAN-OS de Palo Alto Networks permite a un usuario de API autenticado interrumpir los procesos del sistema y potencialmente ejecutar código arbitrario con privilegios limitados en el firewall. • https://security.paloaltonetworks.com/CVE-2023-6792 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. Vulnerabilidad de cross-site scripting (XSS) basada en DOM en el software PAN-OS de Palo Alto Networks permite a un atacante remoto ejecutar una payload de JavaScript en el contexto del navegador de un administrador cuando ve un enlace específicamente manipulado a la interfaz web de PAN-OS. • https://security.paloaltonetworks.com/CVE-2023-6790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. • https://security.paloaltonetworks.com/CVE-2023-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. • https://security.paloaltonetworks.com/CVE-2023-0008 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •