Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paloaltonetworks vulnerabilities and exploits
(subscribe to this query)
2.5
CVSSv3
CVE-2019-1573
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and previous versions for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and repl...
Paloaltonetworks Globalprotect
5.3
CVSSv3
CVE-2020-2033
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to condu...
Paloaltonetworks Globalprotect
4.8
CVSSv3
CVE-2019-1569
The Expedition Migration tool 1.1.8 and previous versions may allow an authenticated malicious user to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.
Paloaltonetworks Expedition
7.8
CVSSv3
CVE-2020-1984
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue a...
Paloaltonetworks Secdo
7.8
CVSSv3
CVE-2020-1985
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
Paloaltonetworks Secdo
5.5
CVSSv3
CVE-2020-1986
Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows.
Paloaltonetworks Secdo
3.3
CVSSv3
CVE-2020-1987
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Glob...
Paloaltonetworks Globalprotect
7.1
CVSSv3
CVE-2020-1991
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions prior to 5.0.8; 6.1 versions prior to 6.1.4 on Windows. This i...
Paloaltonetworks Traps
5.5
CVSSv3
CVE-2020-2004
Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditi...
Paloaltonetworks Globalprotect
4.8
CVSSv3
CVE-2019-1570
The Expedition Migration tool 1.1.8 and previous versions may allow an authenticated malicious user to run arbitrary JavaScript or HTML in the LDAP server settings.
Paloaltonetworks Expedition
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »