111 matches found
Palo Alto Networks PAN-OS Security Vulnerability
Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS that stems from the presence of a mismanagement of privileges vulnerability. An attacker could exploit the vulnerability to revoke XML API ke...
SUSE CVE-2016-3727
The API URL computer/master/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors...
PT-2022-6669 · Cisco · Cisco Unified Communications Manager Session Management Edition +1
Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager versions affected versions not specified Cisco Unified Communications Manager Session Management Edition versions affected versions not specified Description: A vulnerability in the Administrative XML Web...
Hudson 代码问题漏洞
Hudson is a news website. A security vulnerability exists in versions of Hudson prior to 3.3.2, which stems from flawed XML API processing that allows access to potentially sensitive information on the Hudson main server file system...
Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2
In versions prior to 3.3.2, Hudson exhibits a flaw in its XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server...
Exposure of Sensitive Information in Jenkins Core
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints...
OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
Palo Alto Networks PAN-OS Operating System Command Injection Vulnerability (CNVD-2021-102823)
A security vulnerability exists in Palo Alto Networks PAN-OS, an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. This allows an authenticated administrator with access to the XML API to execute arbitrary operating system commands to elevate privileges. No detai...
CVE-2021-3058
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;...
CVE-2021-3058
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;...
CVE-2021-3058 PAN-OS: OS Command Injection Vulnerability in Web Interface XML API
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;...
CVE-2021-3058
CVE-2021-3058 affects Palo Alto Networks PAN-OS web interface via an OS command injection in the XML API. A authenticated administrator with XML API permissions can execute arbitrary OS commands to escalate privileges. Affected versions are PAN-OS: 8.1.x before 8.1.20-h1; 9.0.x before 9.0.14-h3; ...
PAN-OS: OS Command Injection Vulnerability in Web Interface XML API
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. Work around: Enable signatures for Unique Threat ID 91715 on traffic...
CVE-2021-3036
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to...
CVE-2021-3036
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to...
CVE-2021-3036 PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to...
CVE-2021-3036
The CVE-2021-3036 issue affects Palo Alto Networks PAN-OS where secrets are logged in cleartext in web server logs when the PAN-OS XML API is used with duplicate API parameters. Affected component: PAN-OS XML API request handling; root cause: logging of administrator credentials (username, passwo...