ReportizFlow
Filtered by vendor Paloaltonetworks
Subscriptions
Total
294 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5195 | 7 Canonical, Debian, Fedoraproject and 4 more | 24 Ubuntu Linux, Debian Linux, Fedora and 21 more | 2025-04-08 | 7 High |
| Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | ||||
| CVE-2017-15944 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-03 | 9.8 Critical |
| Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. | ||||
| CVE-2025-0108 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-03 | 9.1 Critical |
| An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software. | ||||
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2025-03-25 | 5.5 Medium |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | ||||
| CVE-2024-0008 | 1 Paloaltonetworks | 1 Pan-os | 2025-03-24 | 6.6 Medium |
| Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. | ||||
| CVE-2025-0116 | 1 Paloaltonetworks | 1 Pan-os | 2025-03-18 | N/A |
| A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode. This issue does not apply to Cloud NGFWs or Prisma Access software. | ||||
| CVE-2025-0115 | 1 Paloaltonetworks | 1 Pan-os | 2025-03-17 | N/A |
| A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management interface to only trusted users and internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access. | ||||
| CVE-2025-0117 | 1 Paloaltonetworks | 1 Globalprotect App | 2025-03-13 | N/A |
| A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected. | ||||
| CVE-2025-0118 | 1 Paloaltonetworks | 1 Globalprotect App | 2025-03-12 | N/A |
| A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) platforms. | ||||
| CVE-2025-0114 | 1 Paloaltonetworks | 1 Pan-os | 2025-03-12 | N/A |
| A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway. This issue does not apply to Cloud NGFWs or Prisma Access software. | ||||
| CVE-2025-0109 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-25 | N/A |
| An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software. | ||||
| CVE-2025-0111 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-21 | 6.5 Medium |
| An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software. | ||||
| CVE-2025-0112 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2025-02-20 | N/A |
| A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity. | ||||
| CVE-2023-0003 | 2 Fedoraproject, Paloaltonetworks | 2 Fedora, Cortex Xsoar | 2025-02-13 | 6.5 Medium |
| A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. | ||||
| CVE-2023-0004 | 2 Fedoraproject, Paloaltonetworks | 2 Fedora, Pan-os | 2025-02-13 | 6.5 Medium |
| A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software. | ||||
| CVE-2023-38046 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-11 | 5.5 Medium |
| A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. | ||||
| CVE-2023-0005 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-11 | 4.1 Medium |
| A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. | ||||
| CVE-2023-0008 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-11 | 4.4 Medium |
| A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. | ||||
| CVE-2023-0006 | 1 Paloaltonetworks | 1 Globalprotect | 2025-02-07 | 6.3 Medium |
| A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition. | ||||
| CVE-2019-1579 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-07 | 8.1 High |
| Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | ||||