CVE-2024-3386
published 2024-04-10CVE-2024-3386: An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.43%
34.7th percentile
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| palo_alto_networks | pan-os | >= 10.0.0 < 10.0.13 | 10.0.13 |
| palo_alto_networks | pan-os | >= 10.1.0 < 10.1.9-h3 | 10.1.9-h3 |
| palo_alto_networks | pan-os | >= 10.1.0 < 10.1.10 | 10.1.10 |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.4-h2 | 10.2.4-h2 |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.5 | 10.2.5 |
| palo_alto_networks | pan-os | >= 11.0.0 < 11.0.1-h2 | 11.0.1-h2 |
| palo_alto_networks | pan-os | >= 11.0.0 < 11.0.2 | 11.0.2 |
| palo_alto_networks | pan-os | >= 9.0.0 < 9.0.17-h2 | 9.0.17-h2 |
| palo_alto_networks | pan-os | >= 9.1.0 < 9.1.17 | 9.1.17 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.0.0 < 10.0.13 | 10.0.13 |
| paloaltonetworks | pan-os | 10.1.0 – 10.1.8 | — |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.4 | 10.2.4 |
| paloaltonetworks | pan-os | >= 11.0.0 < 11.0.1 | 11.0.1 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.16 | 9.0.16 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.17 | 9.1.17 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v293-3p6g-j7w7: An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as inten
ghsa_unreviewed·2024-04-10
CVE-2024-3386 [MEDIUM] CWE-436 GHSA-v293-3p6g-j7w7: An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as inten
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
Jenkins
Jenkins Security Advisory 2024-04-17
vendor_jenkins·2024-04-17·CVSS 5.9
CVE-2023-48795 [MEDIUM] Jenkins Security Advisory 2024-04-17
Title: Jenkins Security Advisory 2024-04-17
Jenkins Security Advisory 2024-04-17
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Descriptions
Terrapin SSH vulnerability in Jenkins CLI client
SECURITY-3386
/
CVE-2023-48795
Severity (CVSS):
Medium
Description:
The CLI client ( jenkins-cli.jar
Palo Alto
PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended
vendor_paloalto·2024-04-10·CVSS 5.3
CVE-2024-3386 [MEDIUM] CWE-436 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended
PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in 9.0.17-h2, 9.0.18, 9.1.17, 10.0.13, 10.1.9-h3, 10.1.10, 10.2.4-h2, 10.2.5, 11.0.1-h2, 11.0.2, and all later PAN-OS versions.
Suricata
ET WEB_SPECIFIC_APPS AlstraSoft Video Share Enterprise album.php UID Parameter SQL Injection
suricata·2010-07-30·CVSS 7.5
CVE-2008-3386 [HIGH] ET WEB_SPECIFIC_APPS AlstraSoft Video Share Enterprise album.php UID Parameter SQL Injection
ET WEB_SPECIFIC_APPS AlstraSoft Video Share Enterprise album.php UID Parameter SQL Injection
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS AlstraSoft Video Share Enterprise album.php UID Parameter SQL Injection"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/album.php?"; nocase; content:"UID="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2008-3386; reference:url,www.milw0rm.com/exploits/6092; reference:url,secunia.com/advisories/31134/; classtype:web-application-attack; sid:2009228; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2024_03_06, m
No public exploits indexed.
No writeups or analysis indexed.
2024-04-10
Published