Filtered by vendor Paloaltonetworks
Subscriptions
Filtered by product Pan-os
Subscriptions
Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5913 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | 6.1 Medium |
| An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. | ||||
| CVE-2024-3386 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | 5.3 Medium |
| An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption. | ||||
| CVE-2024-3385 | 1 Paloaltonetworks | 8 Pa-5410, Pa-5420, Pa-5430 and 5 more | 2025-01-24 | 7.5 High |
| A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls | ||||
| CVE-2024-3384 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | 7.5 High |
| A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. | ||||
| CVE-2024-3383 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | 7.4 High |
| A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules. | ||||
| CVE-2024-3382 | 1 Paloaltonetworks | 6 Pa-5410, Pa-5420, Pa-5430 and 3 more | 2025-01-22 | 7.5 High |
| A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled. | ||||
| CVE-2024-3393 | 1 Paloaltonetworks | 2 Pan-os, Prisma Access | 2025-01-14 | 7.5 High |
| A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. | ||||
| CVE-2023-0010 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-30 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. | ||||
| CVE-2024-9474 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-20 | 7.2 High |
| A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | ||||
| CVE-2024-0012 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-20 | 9.8 Critical |
| An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | ||||
| CVE-2024-0007 | 1 Paloaltonetworks | 4 Pan-os, Panorama M-200, Panorama M-500 and 1 more | 2024-12-17 | 6.8 Medium |
| A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator. | ||||
| CVE-2024-0008 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | 6.6 Medium |
| Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. | ||||
| CVE-2024-0009 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | 6.3 Medium |
| An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. | ||||
| CVE-2024-0010 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | 4.3 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. | ||||
| CVE-2024-0011 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | 4.3 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. | ||||
| CVE-2023-6793 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-02 | 2.7 Low |
| An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage. | ||||
| CVE-2024-3400 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-29 | 10 Critical |
| A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | ||||
| CVE-2023-6795 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.5 Medium |
| An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | ||||
| CVE-2023-6794 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.5 Medium |
| An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | ||||
| CVE-2023-6792 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.5 Medium |
| An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | ||||