Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pan-os vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2020-2021
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based malicious...
Paloaltonetworks Pan-os
3 Github repositories
1 Article
3.3
CVSSv3
CVE-2020-2048
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier t...
Paloaltonetworks Pan-os
5.4
CVSSv3
CVE-2018-9335
The PAN-OS session browser in PAN-OS 6.1.20 and previous versions, PAN-OS 7.1.16 and previous versions, PAN-OS 8.0.9 and previous versions, and PAN-OS 8.1.1 and previous versions may allow an malicious user to inject arbitrary JavaScript or HTML.
Paloaltonetworks Pan-os
7.5
CVSSv3
CVE-2016-3656
The GlobalProtect Portal in Palo Alto Networks PAN-OS prior to 5.0.18, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.10, and 7.0.x prior to 7.0.5H2 allows remote malicious users to cause a denial of service (service crash) via a crafted request.
Paloaltonetworks Pan-os
4.8
CVSSv3
CVE-2023-0007
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser w...
Paloaltonetworks Pan-os
5.4
CVSSv3
CVE-2023-0010
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted ...
Paloaltonetworks Pan-os
6.1
CVSSv3
CVE-2017-16878
Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS prior to 8.0.7 allows remote malicious users to inject arbitrary web script or HTML by leveraging an unspecified configuration.
Paloaltonetworks Pan-os
5.4
CVSSv3
CVE-2018-9337
The PAN-OS web interface administration page in PAN-OS 6.1.20 and previous versions, PAN-OS 7.1.17 and previous versions, PAN-OS 8.0.10 and previous versions, and PAN-OS 8.1.1 and previous versions may allow an malicious user to inject arbitrary JavaScript or HTML.
Paloaltonetworks Pan-os
6.1
CVSSv3
CVE-2019-1566
The PAN-OS management web interface in PAN-OS 7.1.21 and previous versions, PAN-OS 8.0.14 and previous versions, and PAN-OS 8.1.5 and previous versions, may allow an unauthenticated malicious user to inject arbitrary JavaScript or HTML.
Paloaltonetworks Pan-os
9.8
CVSSv3
CVE-2019-1581
A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions before 7.1.24-h1, 7.1.25; 8....
Paloaltonetworks Pan-os
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »