6
CVE-2024-8689 - ActiveMQ Content Pack: Cleartext Exposure of Credentials
A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles.
6.7
CVE-2024-8688 - PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.
6.9
CVE-2024-8687 - PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall,β¦
8.6
CVE-2024-20304 - Cisco IOS XR Software Packet Memory Exhaustion Vulnerability
A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An aβ¦
8.4
CVE-2024-20489 - Cisco Routed Passive Optical Network Cleartext Password Vulnerability
A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cβ¦
7.2
CVE-2024-20483 - Cisco IOS XR PON Controller Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDBβ¦
7.4
CVE-2024-20406 - Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability
A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficiβ¦
8.8
CVE-2024-20381 - Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the conβ¦
7.4
CVE-2024-20317 - Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability
A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition. β¦
8.8
CVE-2024-20398 - Cisco IOS XR Software Local Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLβ¦