PAN OS

DATE	CVE	VULNERABILITY TITLE	RISK
2024-04-10	CVE-2024-3385	NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. network low complexity paloaltonetworks CWE-476	7.5
2024-04-10	CVE-2024-3386	Interpretation Conflict vulnerability in Paloaltonetworks Pan-Os An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. network low complexity paloaltonetworks CWE-436	5.3
2024-04-10	CVE-2024-3388	Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. network low complexity paloaltonetworks CWE-863	5.0
2024-02-14	CVE-2024-0007	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. network low complexity paloaltonetworks CWE-79	4.8
2024-02-14	CVE-2024-0008	Insufficient Session Expiration vulnerability in Paloaltonetworks Pan-Os Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. network low complexity paloaltonetworks CWE-613	8.8
2024-02-14	CVE-2024-0009	Origin Validation Error vulnerability in Paloaltonetworks Pan-Os An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. network low complexity paloaltonetworks CWE-346	6.3
2024-02-14	CVE-2024-0010	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. network low complexity paloaltonetworks CWE-79	6.1
2024-02-14	CVE-2024-0011	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. network low complexity paloaltonetworks CWE-79	6.1
2023-12-13	CVE-2023-6789	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. network low complexity paloaltonetworks CWE-79	4.8
2023-12-13	CVE-2023-6790	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. network low complexity paloaltonetworks CWE-79	6.1