CVE-2024-8688

MEDIUM Year: 2024
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-155
View all →

Vulnerability Description

An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.

Related Vulnerabilities

CVE-2024-47791

HIGH
CVSS:5.3(Medium)

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and f...

CWE-1552024

CVE-2019-3802

LOW
CVSS:3.5(Low)

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatche...

CWE-1552019

CVE-2025-0681

MEDIUM
CVSS:6.2(Medium)

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.

CWE-1552025

CVE-2020-1772

HIGH
CVSS:7.5(High)

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue ...

CWE-1552020

CVE-2024-0054

MEDIUM
CVSS:6.5(Medium)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resour...

CWE-1552024

CVE-2024-0055

MEDIUM
CVSS:6.5(Medium)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. ...

CWE-1552024