Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pan-os vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-2002
An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authe...
Paloaltonetworks Pan-os
6.8
CVSSv2
CVE-2020-2013
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected ...
Paloaltonetworks Pan-os
6.8
CVSSv2
CVE-2019-1579
Remote Code Execution in PAN-OS 7.1.18 and previous versions, PAN-OS 8.0.11-h1 and previous versions, and PAN-OS 8.1.2 and previous versions with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote malicious user to execute arbitrar...
Paloaltonetworks Pan-os
1 Github repository
1 Article
6.8
CVSSv2
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions prior to 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
Embedthis Appweb
3 Github repositories
6.6
CVSSv2
CVE-2018-9242
The PAN-OS management web interface page in PAN-OS 6.1.20 and previous versions, PAN-OS 7.1.16 and previous versions, PAN-OS 8.0.9 and previous versions may allow an malicious user to delete files in the system via specific request parameters.
Paloaltonetworks Pan-os
6.5
CVSSv2
CVE-2020-1998
An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and uni...
Paloaltonetworks Pan-os
6.5
CVSSv2
CVE-2020-1975
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 version...
Paloaltonetworks Pan-os
6.5
CVSSv2
CVE-2019-1582
Memory corruption in PAN-OS 8.1.9 and previous versions, and PAN-OS 9.0.3 and previous versions will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.
Paloaltonetworks Pan-os
6.5
CVSSv2
CVE-2019-1575
Information disclosure in PAN-OS 7.1.23 and previous versions, PAN-OS 8.0.18 and previous versions, PAN-OS 8.1.8-h4 and previous versions, and PAN-OS 9.0.2 and previous versions may allow for an authenticated user with read-only privileges to extract the API key of the device and...
Paloaltonetworks Pan-os
Paloaltonetworks Pan-os 8.1.8
6.5
CVSSv2
CVE-2019-1576
Command injection in PAN-0S 9.0.2 and previous versions may allow an authenticated malicious user to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.
Paloaltonetworks Pan-os
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »