Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paloaltonetworks vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2020-1988
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks Gl...
Paloaltonetworks Globalprotect
5.3
CVSSv3
CVE-2020-2033
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to condu...
Paloaltonetworks Globalprotect
7.1
CVSSv3
CVE-2020-1991
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions prior to 5.0.8; 6.1 versions prior to 6.1.4 on Windows. This i...
Paloaltonetworks Traps
5.5
CVSSv3
CVE-2022-0013
A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local malicious user to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 ...
Paloaltonetworks Cortex Xdr Agent
7.3
CVSSv3
CVE-2022-0014
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when ...
Paloaltonetworks Cortex Xdr Agent
7.8
CVSSv3
CVE-2022-0016
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local malicious user to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under...
Paloaltonetworks Globalprotect
6.5
CVSSv3
CVE-2022-0018
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration....
Paloaltonetworks Globalprotect
5.5
CVSSv3
CVE-2022-0019
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. Th...
Paloaltonetworks Globalprotect
6.7
CVSSv3
CVE-2022-0025
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This ...
Paloaltonetworks Cortex Xdr Agent
7.5
CVSSv3
CVE-2017-7408
Palo Alto Networks Traps ESM Console prior to 3.4.4 allows malicious users to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.
Paloaltonetworks Traps
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »