Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-9465 | SQL Injection vulnerability in Paloaltonetworks Expedition An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. | 9.1 |
| 2024-10-09 | CVE-2024-9466 | Cleartext Storage of Sensitive Information vulnerability in Paloaltonetworks Expedition A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | 6.5 |
| 2024-10-09 | CVE-2024-9467 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft. | 6.1 |
| 2024-10-09 | CVE-2024-9469 | Improper Check for Unusual or Exceptional Conditions vulnerability in Paloaltonetworks Cortex XDR Agent A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. | 5.5 |
| 2024-10-09 | CVE-2024-9471 | Unspecified vulnerability in Paloaltonetworks Pan-Os A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. | 4.7 |
| 2024-10-09 | CVE-2024-9473 | Unspecified vulnerability in Paloaltonetworks Globalprotect A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. | 7.8 |
| 2024-10-09 | CVE-2024-45136 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Incopy InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. | 7.8 |
| 2024-10-09 | CVE-2024-45137 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Indesign InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. | 7.8 |
| 2024-10-09 | CVE-2024-47421 | Out-of-bounds Read vulnerability in Adobe Framemaker Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
| 2024-10-09 | CVE-2024-47422 | Untrusted Search Path vulnerability in Adobe Framemaker Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. | 7.8 |