Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
palo alto networks vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2019-17435
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and previous versions, and GlobalProtect Agent for Windows 4.1.12 and previous versions, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI install...
Paloaltonetworks Globalprotect
7.5
CVSSv3
CVE-2022-3996
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy process...
Openssl Openssl
1 Github repository
8.8
CVSSv3
CVE-2021-3056
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated malicious user to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; ...
Paloaltonetworks Pan-os
Paloaltonetworks Pan-os 10.0.0
8.1
CVSSv3
CVE-2021-3059
An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle malicious user to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8....
Paloaltonetworks Pan-os
8.1
CVSSv3
CVE-2021-3060
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The at...
Paloaltonetworks Prisma Access 2.1
Paloaltonetworks Pan-os
2 Github repositories
7.2
CVSSv3
CVE-2019-1582
Memory corruption in PAN-OS 8.1.9 and previous versions, and PAN-OS 9.0.3 and previous versions will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.
Paloaltonetworks Pan-os
8
CVSSv3
CVE-2019-1583
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and previous versions allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the p...
Paloaltonetworks Twistlock
6.5
CVSSv3
CVE-2021-21706
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritt...
Php Php
9.8
CVSSv3
CVE-2017-18342
In PyYAML prior to 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
Pyyaml Pyyaml
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
8 Github repositories
7.1
CVSSv3
CVE-2019-17436
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and previous versions and version 4.1.12 and previous versions, that can allow non-root users to overwrite root files on the file system.
Paloaltonetworks Globalprotect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »