Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pan-os vulnerabilities and exploits
(subscribe to this query)
756
VMScore
CVE-2021-3054
A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 version...
Paloaltonetworks Pan-os
801
VMScore
CVE-2021-3058
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PA...
Paloaltonetworks Pan-os
890
VMScore
CVE-2021-3064
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based malicious user to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have ...
Paloaltonetworks Pan-os
1 Github repository
1 Article
NA
CVE-2023-0007
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser w...
Paloaltonetworks Pan-os
NA
CVE-2023-0010
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted ...
Paloaltonetworks Pan-os
587
VMScore
CVE-2018-9242
The PAN-OS management web interface page in PAN-OS 6.1.20 and previous versions, PAN-OS 7.1.16 and previous versions, PAN-OS 8.0.9 and previous versions may allow an malicious user to delete files in the system via specific request parameters.
Paloaltonetworks Pan-os
694
VMScore
CVE-2020-2041
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to...
Paloaltonetworks Pan-os
356
VMScore
CVE-2020-2044
An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command...
Paloaltonetworks Pan-os
801
VMScore
CVE-2016-3654
The device management command line interface (CLI) in Palo Alto Networks PAN-OS prior to 5.0.18, 5.1.x prior to 5.1.11, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.10, and 7.0.x prior to 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH ...
Paloaltonetworks Pan-os
890
VMScore
CVE-2016-3655
The management web interface in Palo Alto Networks PAN-OS prior to 5.0.18, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.10, and 7.0.x prior to 7.0.5 allows remote malicious users to execute arbitrary OS commands via an unspecified API call.
Paloaltonetworks Pan-os
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »