Filtered by vendor Paloaltonetworks
Subscriptions
Filtered by product Pan-os
Subscriptions
Total
221 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6591 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116. | ||||
| CVE-2012-6602 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122. | ||||
| CVE-2012-6604 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249. | ||||
| CVE-2012-6598 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080. | ||||
| CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | ||||
| CVE-2012-6590 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139. | ||||
| CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | ||||
| CVE-2012-6605 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896. | ||||
| CVE-2024-0008 | 1 Paloaltonetworks | 1 Pan-os | 2025-03-24 | 6.6 Medium |
| Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. | ||||
| CVE-2023-0004 | 2 Fedoraproject, Paloaltonetworks | 2 Fedora, Pan-os | 2025-02-13 | 6.5 Medium |
| A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software. | ||||
| CVE-2023-38046 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-10 | 5.5 Medium |
| A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. | ||||
| CVE-2023-0005 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-10 | 4.1 Medium |
| A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. | ||||
| CVE-2023-0008 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-10 | 4.4 Medium |
| A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. | ||||
| CVE-2023-0007 | 1 Paloaltonetworks | 4 Pan-os, Panorama M-200, Panorama M-500 and 1 more | 2025-01-24 | 6.5 Medium |
| A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed. | ||||
| CVE-2024-3388 | 1 Paloaltonetworks | 2 Pan-os, Prisma Access | 2025-01-24 | 4.1 Medium |
| A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | ||||
| CVE-2024-5919 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | 6.5 Medium |
| A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface. | ||||
| CVE-2024-5917 | 1 Paloaltonetworks | 2 Cloud Ngfw, Pan-os | 2025-01-24 | 4.9 Medium |
| A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. | ||||
| CVE-2024-2552 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | 6.0 Medium |
| A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. | ||||
| CVE-2024-2551 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | 7.5 High |
| A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. | ||||
| CVE-2024-2550 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | 7.5 High |
| A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. | ||||