Lucene search
K

145 matches found

Cvelist
Cvelist
added 2025/05/14 6:7 p.m.25 views

CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal

A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...

6.9CVSS0.43517EPSS
Exploits8References1
Vulnrichment
Vulnrichment
added 2025/05/14 6:7 p.m.92 views

CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal

A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...

6.9CVSS5.5AI score0.43517EPSS
Exploits8References1
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.18 views

Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.11 / 11.2.x < 11.2.7 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.11, or 11.2.x prior to 11.2.7. It is, therefore, affected by a vulnerability. A reflected cross-site scripting XSS vulnerability in the GlobalProtect gateway and portal features of...

6.9CVSS5.5AI score0.43517EPSS
Exploits8References2
OSV
OSV
added 2023/09/06 6:15 p.m.2 views

CVE-2023-20269

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or ...

9.1CVSS5.9AI score0.21583EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2023/08/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-20269

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN...

9.1CVSS7.3AI score0.21583EPSS
Exploits0References1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10412 - VU#261869 - Clientless PCS products break web browser's domain-based security models

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Clientless PCS products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/12 8:14 a.m.436 views

Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 CVSS score: 7.4, has been described as a "logic error" when handling RSA keys on devices...

9.3CVSS3.3AI score0.39862EPSS
Exploits8
BDU FSTEC
BDU FSTEC
added 2022/08/12 12:0 a.m.8 views

The vulnerability of the Clientless SSL VPN (WebVPN) component of the Cisco Adaptive Security Appliance Software (ASA) allows a attacker to perform a “HTTP request hijacking” attack.

The vulnerability of the Clientless SSL VPN WebVPN component of the Cisco Adaptive Security Appliance Software ASA relates to deficiencies in HTTP request processing. Exploiting this vulnerability could allow a malicious actor to carry out an “HTTP request hijacking” attack...

5CVSS6.6AI score0.01302EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.4 views

Cisco Adaptive Security Appliances Software 跨站脚本漏洞

Cisco ASA is a family of firewalls for enterprise security applications from Cisco. A cross-site scripting vulnerability exists in the Cisco Adaptive Security Appliance ASA Software that stems from incorrect validation of input passed to a clientless SSL VPN component...

6.1CVSS6.2AI score0.01302EPSS
Exploits0References7
Citrix
Citrix
added 2022/07/05 12:0 a.m.8 views

Configure Enterprise File Shares to Use Microsoft Hidden Shares on Windows Server 2008

This article describes how to configure Enterprise File Shares on Access Gateway Enterprise Edition appliance to use Microsoft hidden shares and the %username% environment variable on Microsoft Windows Server 2008. Requirements Remote Desktop Protocol RDP or console access to the Windows Active...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/05/04 12:0 a.m.59 views

Cisco Adaptive Security Appliance Software Clientless SSL VPN Heap Overflow (cisco-sa-asa-ssl-vpn-heap-zLX3FdX)

According to its self-reported version, Cisco ASA Software is affected by an heap overflow condition in the handler for HTTP authentication resources accessed through the Clientless SSL VPN portal which allows an authenticated, remote attacker to cause a denial of service condition or obtain...

8.5CVSS7.1AI score0.01101EPSS
Exploits0References4
OSV
OSV
added 2022/05/03 4:15 a.m.3 views

CVE-2022-20737

A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...

7.1CVSS5.8AI score0.01101EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/04/29 12:0 a.m.4 views

The vulnerability of the Clientless SSL VPN microprogramming system software of Cisco Adaptive Security Appliance Software (ASA) allows a intruder to cause a service failure or expose protected information.

The vulnerability of the Clientless SSL VPN microprogramming system software of Cisco Adaptive Security Appliance ASA is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability can allow an attacker to cause a service failure or expose sensitive information...

8.5CVSS5.9AI score0.01101EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/27 4:0 p.m.3 views

CVE-2022-20737

A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...

8.5CVSS7.1AI score0.01101EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/11/18 12:0 a.m.21 views

Palo Alto Networks PAN-OS 8.1.x < 8.1.20 / 9.0.x < 9.0.14 / 9.1.x < 9.1.9 / 10.0.x < 10.0.1 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.20 or 9.0.x prior to 9.0.14 or 9.1.x prior to 9.1.9 or 10.0.x prior to 10.0.1. It is, therefore, affected by a vulnerability. - A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect...

8.8CVSS8.6AI score0.01488EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/11/18 12:0 a.m.3 views

The vulnerability of the Palo Alto Networks PAN-OS GlobalProtect Clientless VPN operating system allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the Palo Alto Networks PAN-OS GlobalProtect Clientless VPN operating system stems from buffer overflows in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges remotely...

8.8CVSS8.2AI score0.01488EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/11/10 5:15 p.m.20 views

Memory corruption

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...

8.5CVSS8.9AI score0.01488EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/11/12 12:15 a.m.3 views

CVE-2020-2050

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to...

8.2CVSS5.7AI score0.0102EPSS
Exploits0References1
Prion
Prion
added 2020/11/12 12:15 a.m.20 views

Authentication flaw

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to...

6.4CVSS8.3AI score0.0102EPSS
Exploits0References1Affected Software1
Akamai Blog
Akamai Blog
added 2020/10/27 12:1 p.m.31 views

5G, Security, IoT, Asavie and Akamai

Malicious actors never seem to rest and have always worked remotely. That simple realization hit home during recent global events. Specifically, Akamai saw an increase in malware traffic of over 400% between March 9, 2020 and May 11, 2020 from corporate devices, most of which were being used...

1.7AI score
Exploits0
Rows per page
Query Builder