Vulnerabilities > Paloaltonetworks > PAN OS > 10.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-9471 | Unspecified vulnerability in Paloaltonetworks Pan-Os A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. | 4.7 |
| 2024-09-11 | CVE-2024-8687 | Unspecified vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. | 7.1 |
| 2024-08-14 | CVE-2024-5916 | Cleartext Storage of Sensitive Information vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. | 4.4 |
| 2024-07-10 | CVE-2024-5913 | Unspecified vulnerability in Paloaltonetworks Pan-Os An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. low complexity paloaltonetworks | 6.8 |
| 2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |
| 2024-04-10 | CVE-2024-3382 | Memory Leak vulnerability in Paloaltonetworks Pan-Os A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. | 7.5 |
| 2024-04-10 | CVE-2024-3383 | Unspecified vulnerability in Paloaltonetworks Pan-Os A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. | 9.1 |
| 2024-04-10 | CVE-2024-3385 | NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. | 7.5 |
| 2024-04-10 | CVE-2024-3386 | Interpretation Conflict vulnerability in Paloaltonetworks Pan-Os An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. | 5.3 |
| 2024-04-10 | CVE-2024-3388 | Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. | 5.0 |