Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.16 views

CVE-2026-0300

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

9.8CVSS6.4AI score0.36157EPSS
Exploits6References1
NVD
NVD
added 2025/10/09 7:15 p.m.6 views

CVE-2025-4615

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...

7.2CVSS0.00737EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/10/09 6:13 p.m.8 views

CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...

4.8CVSS0.00225EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.5 views

Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.12 / 11.2.x < 11.2.8 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.12, or 11.2.x prior to 11.2.8. It is, therefore, affected by a vulnerability. An information disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated...

4.8CVSS6AI score0.00225EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-2034

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

9.3CVSS7.5AI score0.06592EPSS
In wildExploits1References3
RedhatCVE
RedhatCVE
added 2025/06/15 12:21 a.m.10 views

CVE-2025-4230

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this...

8.4CVSS9.4AI score0.00637EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 6:15 p.m.4 views

CVE-2025-0130

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this...

7.5CVSS5.8AI score0.00358EPSS
Exploits0References1
CVE
CVE
added 2025/04/11 5:43 p.m.94 views

CVE-2025-0123

Summary: CVE-2025-0123 affects Palo Alto Networks PAN-OS. Unlicensed administrators can view clear-text data captured via the packet-capture feature in decrypted HTTP/2 data streams on the firewall; HTTP/1.1 streams are not impacted. Exploitation requires access to the management interface and su...

5.9CVSS6.5AI score0.00107EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.8 views

PT-2025-6776

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to...

7.1CVSS5.8AI score0.01862EPSS
Exploits0References64
OSV
OSV
added 2022/04/13 7:15 p.m.4 views

CVE-2022-0023

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle MITM to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to...

5.9CVSS5.8AI score0.00704EPSS
Exploits0References1
OSV
OSV
added 2022/03/09 6:15 p.m.6 views

CVE-2022-0022

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal non-FIPS-CC operationa...

4.4CVSS5.8AI score0.00122EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/09 5:0 p.m.5 views

CVE-2022-0022

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal non-FIPS-CC operationa...

4.6CVSS5.5AI score0.00122EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/11/10 5:15 p.m.2 views

CVE-2021-3064

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the...

9.8CVSS7.7AI score0.19087EPSS
Exploits1References1
OSV
OSV
added 2021/11/10 5:15 p.m.5 views

CVE-2021-3063

An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding...

7.5CVSS7.1AI score0.00904EPSS
Exploits0References1
OSV
OSV
added 2021/11/10 5:15 p.m.5 views

CVE-2021-3058

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;...

7.2CVSS6AI score0.01649EPSS
Exploits0References1
OSV
OSV
added 2021/09/08 5:15 p.m.4 views

CVE-2021-3053

An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request...

7.5CVSS5.8AI score0.01008EPSS
Exploits0References1
Rows per page
Query Builder