Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pan-os vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-3050
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 throu...
Paloaltonetworks Pan-os
5.4
CVSSv3
CVE-2021-3052
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based malicious user to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in t...
Paloaltonetworks Pan-os
7.5
CVSSv3
CVE-2021-3053
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based malicious user to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempt...
Paloaltonetworks Pan-os
6.6
CVSSv3
CVE-2021-3054
A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 version...
Paloaltonetworks Pan-os
6.5
CVSSv3
CVE-2021-3055
An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes t...
Paloaltonetworks Pan-os
6.1
CVSSv3
CVE-2017-16878
Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS prior to 8.0.7 allows remote malicious users to inject arbitrary web script or HTML by leveraging an unspecified configuration.
Paloaltonetworks Pan-os
9.8
CVSSv3
CVE-2017-15940
The web interface packet capture management component in Palo Alto Networks PAN-OS prior to 6.1.19, 7.0.x prior to 7.0.19, 7.1.x prior to 7.1.14, and 8.0.x prior to 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Paloaltonetworks Pan-os
6.1
CVSSv3
CVE-2017-15941
Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS prior to 6.1.19, 7.0.x prior to 7.0.19, 7.1.x prior to 7.1.14, and 8.0.x prior to 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote malicious users to inject arbitrary web script or H...
Paloaltonetworks Pan-os
7.5
CVSSv3
CVE-2017-15942
Palo Alto Networks PAN-OS prior to 6.1.19, 7.0.x prior to 7.0.19, 7.1.x prior to 7.1.13, and 8.0.x prior to 8.0.6 allows remote malicious users to cause a denial of service via vectors related to the management interface.
Paloaltonetworks Pan-os
5.3
CVSSv3
CVE-2017-15943
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS prior to 6.1.19, 7.0.x prior to 7.0.19, and 7.1.x prior to 7.1.14 allows remote malicious users to conduct server-side request forgery...
Paloaltonetworks Pan-os
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »