Paloaltonetworks Security Vulnerabilities (CVEs)

An unauthenticated attacker can send specially crafted requests to Palo Alto Networks PAN-OS firewalls, causing them to crash and enter maintenance mo...

An authenticated administrator in Palo Alto Networks PAN-OS software can view session tokens of users logged into the firewall web UI, potentially ena...

An authenticated administrator can bypass system restrictions in Palo Alto Networks PAN-OS management web interface to execute arbitrary commands. Thi...

An authenticated command injection vulnerability in Palo Alto Networks PAN-OS allows administrative users with management interface access to execute ...

A privilege escalation vulnerability in Palo Alto Networks GlobalProtect app on Windows allows local non-admin users to gain SYSTEM privileges by expl...

A vulnerability in Palo Alto Networks GlobalProtect app on Windows allows remote attackers to execute ActiveX controls as an authenticated Windows use...

An unauthenticated attacker can cause a Denial of Service (DoS) in Palo Alto Networks PAN-OS GlobalProtect by sending specially crafted packets over t...

An authenticated file read vulnerability in Palo Alto Networks PAN-OS software allows authenticated attackers with management web interface access to ...

An SQL injection vulnerability in Palo Alto Networks Expedition allows authenticated attackers to extract sensitive database information including pas...

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition allows attackers to execute malicious JavaScript in authenticate...

An unauthenticated attacker can send a malicious DNS packet through a Palo Alto Networks firewall's data plane, causing the firewall to reboot. Repeat...

This CVE describes a privilege escalation vulnerability in Palo Alto Networks PAN-OS software where an authenticated administrator with access to the ...

This XSS vulnerability in Palo Alto Networks PAN-OS allows an authenticated read-write Panorama administrator to push malicious configurations to PAN-...

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS allows an authorized user with a specially crafted client certificate to...

An unauthenticated attacker can send a specially crafted packet to Palo Alto Networks PAN-OS GlobalProtect gateways, causing a null pointer dereferenc...

This CVE describes a command injection vulnerability in Palo Alto Networks PAN-OS software that allows authenticated administrators to bypass system r...

This CVE describes a command injection vulnerability in Palo Alto Networks PAN-OS software that allows authenticated administrators to bypass system r...

This vulnerability allows authenticated administrators (including read-only admins) with CLI access to read arbitrary files on Palo Alto Networks fire...

A vulnerability in Palo Alto Networks Cortex XDR agent on Windows allows administrators to disable the endpoint detection agent. This could enable mal...

This vulnerability allows an authenticated GlobalProtect user to impersonate another GlobalProtect user, disconnecting the legitimate user while hidin...

This vulnerability in Palo Alto Networks PAN-OS allows read-only administrators with config log access to unintentionally view secrets, passwords, and...

An improper input validation vulnerability in Palo Alto Networks PAN-OS software allows attackers with physical file system access to elevate privileg...

A local privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent on Windows allows authenticated local users to execute programs with...

A privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent on Windows allows low-privileged local users to disable the endpoint prote...

A local privilege bypass vulnerability in Palo Alto Networks Cortex XDR agent on Windows allows low-privileged users to disrupt some agent functionali...

A vulnerability in Palo Alto Networks PAN-OS software allows remote attackers to reboot firewalls by sending Windows NTLM packets from Windows servers...

A memory leak vulnerability in Palo Alto Networks PAN-OS software allows attackers to send crafted packets that eventually cause the firewall to stop ...

This DOM-based XSS vulnerability in Palo Alto Networks PAN-OS allows attackers to execute malicious JavaScript in an administrator's browser by tricki...

This CVE describes a local privilege escalation vulnerability in Palo Alto Networks GlobalProtect app on Windows. It allows a local user to execute pr...

This vulnerability in Palo Alto Networks PAN-OS software allows authenticated administrators to upload malicious configurations that can disrupt syste...

A local privilege escalation vulnerability in Palo Alto Networks GlobalProtect app's Connect Before Logon feature allows attackers to gain SYSTEM or r...

This CVE-2021-3059 is an OS command injection vulnerability in Palo Alto Networks PAN-OS management interface that allows man-in-the-middle attackers ...

An improper access control vulnerability in PAN-OS allows authenticated GlobalProtect users to access the EC2 instance metadata endpoint on AWS-hosted...

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN allows authenticated attackers to execute arbitrary code w...

An unauthenticated attacker can send specially crafted network traffic through Palo Alto Networks PAN-OS firewalls to crash the dataplane service. Rep...

CVE-2021-3051 is an improper cryptographic signature verification vulnerability in Cortex XSOAR's SAML authentication that allows unauthenticated atta...

This CVE describes a local privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent on Windows. An authenticated local user with file...

This CVE describes a local privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent on Windows. It allows authenticated local Windows...