Vulnerabilities > Paloaltonetworks > PAN OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-9471 | Unspecified vulnerability in Paloaltonetworks Pan-Os A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. | 4.7 |
| 2024-09-11 | CVE-2024-8688 | Unspecified vulnerability in Paloaltonetworks Pan-Os An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall. | 4.4 |
| 2024-08-14 | CVE-2024-5916 | Cleartext Storage of Sensitive Information vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. | 4.4 |
| 2023-12-13 | CVE-2023-6789 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. | 4.8 |
| 2023-12-13 | CVE-2023-6790 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. | 6.1 |
| 2023-12-13 | CVE-2023-6791 | Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. | 4.9 |
| 2023-12-13 | CVE-2023-6792 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | 6.3 |
| 2023-12-13 | CVE-2023-6794 | Unrestricted Upload of File with Dangerous Type vulnerability in Paloaltonetworks Pan-Os An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | 4.7 |
| 2023-12-13 | CVE-2023-6795 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | 4.7 |
| 2023-07-12 | CVE-2023-38046 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os 11.0.0 A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. | 4.9 |