Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pan\-Os
(Paloaltonetworks)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 196 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-10 | CVE-2024-3388 | A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | Pan\-Os, Prisma_access | 5.0 | ||
| 2024-07-10 | CVE-2024-5913 | An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. | Pan\-Os | 6.8 | ||
| 2024-11-14 | CVE-2024-2550 | A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. | Pan\-Os | 7.5 | ||
| 2024-11-14 | CVE-2024-2551 | A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. | Pan\-Os | 7.5 | ||
| 2024-11-14 | CVE-2024-2552 | A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. | Pan\-Os | 6.0 | ||
| 2024-11-14 | CVE-2024-5917 | A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. | Pan\-Os | 4.9 | ||
| 2024-11-14 | CVE-2024-5919 | A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface. | Pan\-Os | 6.5 | ||
| 2024-11-14 | CVE-2024-5920 | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser. | Pan\-Os | 4.8 | ||
| 2024-04-10 | CVE-2024-3382 | A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled. | Pan\-Os | 7.5 | ||
| 2024-12-27 | CVE-2024-3393 | A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. | Pan\-Os, Prisma_access | 7.5 |