Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-5906 | Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. | 4.8 |
| 2024-06-12 | CVE-2024-5907 | Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. | 7.0 |
| 2024-06-12 | CVE-2024-5908 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. | 7.5 |
| 2024-06-12 | CVE-2024-5909 | Improper Privilege Management vulnerability in Paloaltonetworks Cortex XDR Agent A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. | 5.5 |
| 2024-05-06 | CVE-2024-3661 | Missing Authentication for Critical Function vulnerability in multiple products DHCP can add routes to a client’s routing table via the classless static route option (121). | 7.6 |
| 2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |
| 2024-04-10 | CVE-2024-3382 | Memory Leak vulnerability in Paloaltonetworks Pan-Os A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. | 7.5 |
| 2024-04-10 | CVE-2024-3383 | Unspecified vulnerability in Paloaltonetworks Pan-Os A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. | 9.1 |
| 2024-04-10 | CVE-2024-3384 | Unspecified vulnerability in Paloaltonetworks Pan-Os A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. | 7.5 |
| 2024-04-10 | CVE-2024-3385 | NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. | 7.5 |