Page 5 of 49 results (0.003 seconds)

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. • https://security.paloaltonetworks.com/CVE-2024-8686 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0

An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. • https://security.paloaltonetworks.com/CVE-2024-5916 • CWE-313: Cleartext Storage in a File or on Disk •

CVSS: 5.2EPSS: 0%CPEs: 5EXPL: 0

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. • https://security.paloaltonetworks.com/CVE-2024-5915 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container. • https://security.paloaltonetworks.com/CVE-2024-5914 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. Una vulnerabilidad de validación de entrada incorrecta en el software PAN-OS de Palo Alto Networks permite a un atacante manipular el sistema de archivos físico para elevar los privilegios. • https://security.paloaltonetworks.com/CVE-2024-5913 • CWE-20: Improper Input Validation •