CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1577
https://notcve.org/view.php?id=CVE-2019-1577
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. Vulnerabilidad de inyección de código en Palo Alto Networks Traps versión 5.0.5 y anteriores puede permitir que un atacante autenticado inyecte JavaScript o HTML arbitrario. • http://www.securityfocus.com/bid/109053 https://security.paloaltonetworks.com/CVE-2019-1577 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1568
https://notcve.org/view.php?id=CVE-2019-1568
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. La vulnerabilidad de XSS en Palo Alto Networks Demisto, versión 4.5 build 40249, puede permitir que un atacante no autenticado ejecute JavaScript o HTML arbitrarios. • https://security.paloaltonetworks.com/CVE-2019-1568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1574
https://notcve.org/view.php?id=CVE-2019-1574
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. Palo Alto Networks Expedition Migration Tool, en las versiones 1.1.12 y anteriores, es vulnerable a un XSS que podría permitir a un atacante no autenticado ejecutar JavaScript o HTML arbitrario en Devices View. • http://www.securityfocus.com/bid/107900 https://security.paloaltonetworks.com/CVE-2019-1574 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1573 – Information Disclosure in GlobalProtect Agent
https://notcve.org/view.php?id=CVE-2019-1573
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. GlobalProtect Agent versión 4.1.0 para Windows y GlobalProtect Agent versión 4.1.10 y anteriores para macOS pueden permitir un atacante autenticado local que haya comprometido la cuenta del usuario final y haya obtenido la capacidad de inspeccionar la memoria, para acceder a los tokens de autenticación y/o sesión y los reproduzca para falsificar la sesión VPN y conseguir acceso como usuario. • http://www.securityfocus.com/bid/107868 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005 https://security.paloaltonetworks.com/CVE-2019-1573 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783 https://www.kb.cert.org/vuls/id/192371 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1567
https://notcve.org/view.php?id=CVE-2019-1567
The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. La herramienta Migration de Expedition versión 1.1.6 y anteriores, pueden permitir que un atacante autenticado ejecute de manera arbitraria JavaScript o HTML en la configuración de asignación de usuarios. • https://security.paloaltonetworks.com/CVE-2019-1567 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •