Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paloaltonetworks vulnerabilities and exploits
(subscribe to this query)
6.3
CVSSv3
CVE-2019-1577
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and previous versions may allow an authenticated malicious user to inject arbitrary JavaScript or HTML.
Paloaltonetworks Traps
7.8
CVSSv3
CVE-2023-0002
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
Paloaltonetworks Cortex Xdr Agent
1 Github repository
5.5
CVSSv3
CVE-2022-0021
An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect A...
Paloaltonetworks Globalprotect
5.5
CVSSv3
CVE-2022-0029
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local malicious user to read files on the system with elevated privileges when generating a tech support file.
Paloaltonetworks Cortex Xdr Agent
6.7
CVSSv3
CVE-2023-0001
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or u...
Paloaltonetworks Cortex Xdr Agent
2 Github repositories
6.7
CVSSv3
CVE-2017-15870
Palo Alto Networks GlobalProtect Agent prior to 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."
Paloaltonetworks Globalprotect
4.8
CVSSv3
CVE-2019-1569
The Expedition Migration tool 1.1.8 and previous versions may allow an authenticated malicious user to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.
Paloaltonetworks Expedition
6.1
CVSSv3
CVE-2019-1578
Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and previous versions may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin&rsqu...
Paloaltonetworks Minemeld
8
CVSSv3
CVE-2019-1583
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and previous versions allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the p...
Paloaltonetworks Twistlock
2.3
CVSSv3
CVE-2021-3037
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to ex...
Paloaltonetworks Pan-os
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »