EUVD-2025-175838

Malicious code in umbra-farout-barnard-redshift npm...

CVE-2023-27161

creationtimestamp| type| source ---|---|--- 2025-02-28 22:27:44+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6019 2025-03-02 11:46:29+00:00| seen| Telegram/RL9dqd7iCqiCQEPrUXyOsOOwqY0SmcSOUlTcdh5AgQ1xxaq...

GHSA-P22M-5PRX-9RM7

creationtimestamp| type| source ---|---|--- 2025-01-06 06:40:26+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/155...

PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet

A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service DoS condition. Repeated attempts to trigger this condition will result in PAN-OS entering...

PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...

PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

A reflected cross-site scripting XSS vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user’s browser if that user clicks on a malicious link, allowing phishing attacks that...

PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal

A reflected cross-site scripting XSS vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credentia...

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator. Work aroun...

PAN-OS: OS Command Injection Vulnerability in the XML API

An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Work around: Customers with a Threat Prevention subscription can...

Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)

The Palo Alto Networks Product Security Assurance team has evaluated the curl and libcurl vulnerabilities CVE-2023-38545, CVE-2023-38546 that were disclosed on October 11, 2023 as they relate to our products. At this time, there are no demonstrated scenarios that enable successful exploitation of...

Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)

The Palo Alto Networks Product Security Assurance team is evaluating the recently disclosed denial-of-service DoS vulnerabilities in the HTTP/2 protocol including Rapid Reset CVE-2023-44487 and CVE-2023-35945. If HTTP/2 inspection is enabled in PAN-OS, an ongoing distributed denial-of-service DDo...

Impact of libwebp Vulnerability CVE-2023-4863

The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical libwebp vulnerability CVE-2023-4863 as it relates to our products. While PAN-OS 10.2 and later versions include this library, PAN-OS software does not offer any scenarios required for the successf...

PAN-OS: Local File Deletion Vulnerability

A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software...

Impact of Apache Text Commons Vulnerability CVE-2022-42889

Palo Alto Networks has evaluated the Apache Commons Text library vulnerability CVE-2022-42889, known as Text4Shell, for all products and services. The Palo Alto Networks Product Security Assurance team has confirmed that all products and services are not impacted by this vulnerability. Work aroun...

PAN-OS: Authentication Bypass in Web Interface

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. Work around: Customers wit...

PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle MITM to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to...

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. Work around: Enable signatures for Unique Threat ID 91585 on traffic processed by the...

PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

PAN-OS: XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface

An improper restriction of XML external entity XXE reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash...

PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability

A time-of-check to time-of-use TOCTOU race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. Work around: Enable signatures for Unique Threat ID 91572...