Filtered by vendor Paloaltonetworks
Subscriptions
Total
270 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1572 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | N/A |
| PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | ||||
| CVE-2019-1576 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | 8.8 High |
| Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | ||||
| CVE-2019-1583 | 1 Paloaltonetworks | 1 Twistlock | 2024-08-04 | N/A |
| Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. | ||||
| CVE-2019-1570 | 1 Paloaltonetworks | 1 Expedition | 2024-08-04 | N/A |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | ||||
| CVE-2019-1567 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-08-04 | N/A |
| The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | ||||
| CVE-2019-1574 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-08-04 | N/A |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. | ||||
| CVE-2019-1577 | 1 Paloaltonetworks | 1 Traps | 2024-08-04 | N/A |
| Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | ||||
| CVE-2019-1578 | 1 Paloaltonetworks | 1 Minemeld | 2024-08-04 | N/A |
| Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. | ||||
| CVE-2019-1571 | 1 Paloaltonetworks | 1 Expedition | 2024-08-04 | N/A |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. | ||||
| CVE-2019-1569 | 1 Paloaltonetworks | 1 Expedition | 2024-08-04 | N/A |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. | ||||
| CVE-2022-0031 | 2 Linux, Paloaltonetworks | 2 Linux Kernel, Cortex Xsoar | 2024-08-02 | 6.7 Medium |
| A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. | ||||
| CVE-2023-38046 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 5.5 Medium |
| A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. | ||||
| CVE-2023-6795 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 5.5 Medium |
| An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | ||||
| CVE-2023-6790 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 8.8 High |
| A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. | ||||
| CVE-2023-6789 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 4.3 Medium |
| A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. | ||||
| CVE-2023-6793 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 2.7 Low |
| An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage. | ||||
| CVE-2023-6791 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 4.9 Medium |
| A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. | ||||
| CVE-2023-6794 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 5.5 Medium |
| An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | ||||
| CVE-2023-3282 | 2 Linux, Paloaltonetworks | 2 Linux Kernel, Cortex Xsoar | 2024-08-02 | 6.4 Medium |
| A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. | ||||
| CVE-2023-0005 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 4.1 Medium |
| A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. | ||||