Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
palo alto networks vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2020-2038
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10....
Paloaltonetworks Pan-os
1 Github repository
9.8
CVSSv3
CVE-2018-10143
The Palo Alto Networks Expedition Migration tool 1.0.107 and previous versions may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.
Paloaltonetworks Expedition 1.0.107
9.8
CVSSv3
CVE-2017-9120
PHP 7.x up to and including 7.1.5 allows remote malicious users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
Php Php
Netapp Storage Automation Store -
9.8
CVSSv3
CVE-2017-8923
The zend_string_extend function in Zend/zend_string.h in PHP up to and including 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified ot...
Php Php
5.4
CVSSv3
CVE-2022-0020
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based malicious user to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of auth...
Paloaltonetworks Cortex Xsoar 6.2.0
Paloaltonetworks Cortex Xsoar 6.1.0
10
CVSSv3
CVE-2020-2021
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based malicious...
Paloaltonetworks Pan-os
3 Github repositories
1 Article
8.1
CVSSv3
CVE-2020-2034
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based malicious user to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be ...
Paloaltonetworks Pan-os
2 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-3064
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based malicious user to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have ...
Paloaltonetworks Pan-os
1 Github repository
1 Article
8.1
CVSSv3
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions prior to 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
Embedthis Appweb
3 Github repositories
7.5
CVSSv3
CVE-2023-46324
pkg/suci/suci.go in free5GC udm prior to 1.2.0, when Go prior to 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt...
Free5gc Udm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »