Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paloaltonetworks pan-os vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-3052
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based malicious user to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in t...
Paloaltonetworks Pan-os
7.5
CVSSv3
CVE-2021-3053
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based malicious user to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempt...
Paloaltonetworks Pan-os
8.8
CVSSv3
CVE-2021-3050
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 throu...
Paloaltonetworks Pan-os
5.9
CVSSv3
CVE-2021-3048
Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even...
Paloaltonetworks Pan-os
6.5
CVSSv3
CVE-2021-3046
An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated malicious user to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This iss...
Paloaltonetworks Pan-os
3.1
CVSSv3
CVE-2021-3047
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS ...
Paloaltonetworks Pan-os
4.9
CVSSv3
CVE-2021-3045
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier th...
Paloaltonetworks Pan-os
2.3
CVSSv3
CVE-2021-3037
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to ex...
Paloaltonetworks Pan-os
4.4
CVSSv3
CVE-2021-3032
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system lo...
Paloaltonetworks Pan-os
4.3
CVSSv3
CVE-2021-3031
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall me...
Paloaltonetworks Pan-os
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »