Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-11	CVE-2024-8690	Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent 7.9.102 A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. local low complexity paloaltonetworks	4.4
2024-08-14	CVE-2024-5916	Cleartext Storage of Sensitive Information vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. local low complexity paloaltonetworks CWE-312	4.4
2024-07-10	CVE-2024-5913	Unspecified vulnerability in Paloaltonetworks Pan-Os An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. low complexity paloaltonetworks	6.8
2024-06-12	CVE-2024-5905	Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent 7.9.0/7.9.101 A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. local low complexity paloaltonetworks	4.4
2024-06-12	CVE-2024-5906	Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. network low complexity paloaltonetworks CWE-79	4.8
2024-06-12	CVE-2024-5909	Improper Privilege Management vulnerability in Paloaltonetworks Cortex XDR Agent A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. local low complexity paloaltonetworks CWE-269	5.5
2024-04-10	CVE-2024-3386	Interpretation Conflict vulnerability in Paloaltonetworks Pan-Os An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. network low complexity paloaltonetworks CWE-436	5.3
2024-04-10	CVE-2024-3388	Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. network low complexity paloaltonetworks CWE-863	5.0
2024-02-14	CVE-2024-0007	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. network low complexity paloaltonetworks CWE-79	4.8
2024-02-14	CVE-2024-0009	Origin Validation Error vulnerability in Paloaltonetworks Pan-Os An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. network low complexity paloaltonetworks CWE-346	6.3