6.5
CVE-2024-1625 - IDOR Vulnerability in lunary-ai/lunary
An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t…
9.8
CVE-2024-2952 - Server-Side Template Injection in BerriAI/litellm
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitiz…
9.9
CVE-2024-3025 - Path Traversal in mintplex-labs/anything-llm
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can le…
4.1
CVE-2024-3388 - PAN-OS: User Impersonation in GlobalProtect SSL VPN
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal asset…
5.3
CVE-2024-3387 - PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attack…
5.3
CVE-2024-3386 - PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decry…
7.5
CVE-2024-3385 - PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the followi…
7.5
CVE-2024-3384 - PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervent…
7.4
CVE-2024-3383 - PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your exis…
7.5
CVE-2024-3382 - PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL …