Vulnerabilities > Paloaltonetworks > PAN OS > 9.0.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-9471 | Unspecified vulnerability in Paloaltonetworks Pan-Os A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. | 4.7 |
| 2024-09-11 | CVE-2024-8687 | Unspecified vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. | 7.1 |
| 2024-04-10 | CVE-2024-3384 | Unspecified vulnerability in Paloaltonetworks Pan-Os A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. | 7.5 |
| 2024-04-10 | CVE-2024-3385 | NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. | 7.5 |
| 2024-04-10 | CVE-2024-3386 | Interpretation Conflict vulnerability in Paloaltonetworks Pan-Os An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. | 5.3 |
| 2024-04-10 | CVE-2024-3388 | Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. | 5.0 |
| 2024-02-14 | CVE-2024-0007 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. | 4.8 |
| 2024-02-14 | CVE-2024-0008 | Insufficient Session Expiration vulnerability in Paloaltonetworks Pan-Os Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. | 8.8 |
| 2024-02-14 | CVE-2024-0010 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. | 6.1 |
| 2024-02-14 | CVE-2024-0011 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. | 6.1 |