pan-os · threatengine.sh

Home/Product/paloaltonetworks pan os

Product

paloaltonetworks pan os

211 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS

>= 10.1.0 and < 10.1.14

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to th

>= 10.2.0 and < 10.2.17

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables

>= 10.2.0 and < 10.2.17

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view ses

>= 10.2.0 and < 10.2.8

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions a

>= 11.1.0 and < 11.1.6

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated att

>= 10.1.0 and < 10.1.14

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with ne

>= 10.1.0 and < 10.1.14

A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthentica

>= 10.1.0 and < 10.1.14

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network

>= 10.1.0 and < 10.1.14

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the

>= 11.1.0 and <= 11.1.1

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated atta

>= 10.1.0 and < 10.1.14

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the manage

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the mana

>= 10.1.0 and < 10.1.14

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama admi

>= 10.1.0 and < 10.1.10

A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated att

>= 10.1.0 and < 10.1.11

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially

>= 10.1.0 and < 10.1.7

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the admin

>= 10.2.0 and < 10.2.7

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system re

>= 10.1.0 and < 10.1.14

A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core

>= 10.2.0 and < 10.2.7

A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthentic

>= 9.0.0 and < 10.0.0

A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS adm

>= 10.2.0 and < 10.2.4

A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to

>= 9.1.0 and < 9.1.17

A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect

>= 9.1.0 and < 9.1.15

An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables

>= 8.1.0 and < 8.1.25

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn

>= 11.2.0 and <= 11.2.2

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system re

>= 10.2.0 and < 10.2.8

An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionall

>= 10.1.0 and < 10.1.14

An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper wi

>= 10.1.0 and < 10.1.9

An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator w

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS

>= 8.1.0 and < 8.1.26

A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonat

>= 10.1.0 and < 10.1.12

A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-t

>= 9.0.0 and < 9.0.16

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from

>= 9.0.0 and <= 9.0.16

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls.

>= 8.1.0 and < 8.1.24

A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows

>= 10.1.0 and < 10.1.11

A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables

>= 10.2.0 and < 10.2.7

A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator t

>= 8.1.0 and < 8.1.24

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables e

>= 10.1.0 and < 10.1.11

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software ena

>= 10.2.0 and < 10.2.4

An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malici

>= 10.2.0 and < 10.2.5

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susc

>= 8.1.0 and < 8.1.24

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write admi

>= 8.1.0 and < 8.1.24

An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt syst

>= 8.1.0 and < 8.1.26

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator wit

>= 9.1.0 and < 9.1.17

An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administra

>= 8.1.0 and < 8.1.24

An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to di

>= 8.1.0 and < 8.1.24

A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to ob

>= 8.1.0 and < 8.1.25

A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a

>= 8.1.0 and < 8.1.26

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write admi

>= 10.2.0 and < 10.2.4

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to com

>= 8.1.0 and <= 8.1.24

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow

>= 8.1.0 and < 8.1.25

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with acces

>= 8.1.0 and < 8.1.25

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated r

>= 8.1.0 and < 8.1.24

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of sec

>= 8.1.0 and < 8.1.24

A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files f

>= 8.1.0 and < 8.1.24

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with spe

>= 8.1.0 and < 8.1.23

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-

>= 8.1.0 and < 8.1.23

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to u

>= 8.1.0 and < 8.1.22

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software

>= 8.1.0 and < 8.1.21

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local

>= 8.1.0 and < 8.1.21

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allo

>= 8.1.0 and < 8.1.17

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthe

>= 8.1.0 and < 8.1.21

An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfa

>= 8.1.0 and < 8.1.20

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals

>= 8.1.0 and <= 8.1.20

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated admin

>= 8.1.0 and <= 8.1.20

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an un

>= 8.1.0 and <= 8.1.20

An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates

>= 8.1.0 and <= 8.1.20

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with p

>= 8.1.0 and < 8.1.20

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to e

>= 8.1.0 and < 8.1.20

An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enable

>= 8.1.0 and < 8.1.20

A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an aut

>= 8.1.0 and < 8.1.20

An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an una

>= 8.1.0 and < 8.1.20

A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated networ

>= 9.0.0 and < 9.0.15

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to exe

>= 9.0.0 and < 9.0.14

Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop respondin

>= 8.1.0 and < 8.1.19

A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web

>= 8.1.0 and < 8.1.19

An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker t

>= 8.1.0 and < 8.1.19

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrat

>= 8.1.0 and < 8.1.19

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details f

>= 8.1.0 and < 8.1.19

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML AP

>= 8.1.0 and < 8.1.18

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets fo

>= 8.1.0 and < 8.1.18

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Serie

>= 8.1.0 and < 8.1.17

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that al

>= 8.1.0 and < 8.1.17

An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-

>= 8.1.0 and < 8.1.17

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web

>= 8.1.0 and < 8.1.16

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated admin

>= 7.1.0 and <= 7.1.26

A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communic

>= 8.0.0 and <= 8.0.20

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be log

>= 8.1.0 and <= 8.1.15

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without maskin

>= 10.0.0 and < 10.0.1

A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system proce

>= 8.0.0 and <= 8.0.20

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a spe

>= 8.0.0 and <= 8.0.20

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute a

>= 8.1.0 and < 8.1.16

An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload

>= 9.0.0 and < 9.0.10

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbit

>= 8.1.0 and < 8.1.16

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbit

>= 8.1.0 and < 8.1.16

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to conv

When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature i

>= 7.1.0 and <= 7.1.26

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execu

>= 9.1.0 and < 9.1.3

An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrato

>= 7.1.0 and <= 7.1.26

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbit

>= 8.0.0 and <= 8.0.20

Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographica

>= 8.0.0 and <= 8.0.20

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option i

>= 7.1.0 and < 7.1.26

An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitr

>= 7.1.0 and <= 7.1.26

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS comm

>= 7.1.0 and <= 7.1.26

A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disr

>= 7.1.0 and < 7.1.26

An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panor

>= 7.1.0 and < 7.1.26

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to

>= 7.1.0 and < 7.1.26

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege esc

>= 7.1.0 and < 7.1.26

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentiall

>= 7.1.0 and <= 7.1.26

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell

>= 7.1.0 and <= 7.1.26

A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authentica

>= 7.1.0 and <= 7.1.26

Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allo

>= 7.1.0 and <= 7.1.26

An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote u

>= 7.1.0 and <= 7.1.26

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS

>= 7.1.0 and <= 7.1.26

An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticate

>= 7.1.0 and <= 7.1.26

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administr

>= 7.1.0 and <= 7.1.26

An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially exe

>= 7.1.0 and <= 7.1.26

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to pote

>= 7.1.0 and < 7.1.26

A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clien

>= 7.1.0 and <= 7.1.26

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete

>= 7.1.0 and < 7.1.26

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Network

>= 7.1.0 and <= 7.1.26

An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an

>= 7.1.0 and < 7.1.26

An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intende

>= 7.1.0 and < 7.1.26

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arb

>= 7.1.0 and <= 7.1.26

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user t

>= 9.1.0 and < 9.1.2

A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that

>= 7.1.0 and <= 7.1.26

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary syst

>= 7.1.0 and <= 7.1.26

The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows sessi

>= 9.0.0 and < 9.0.7

A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows re

>= 8.1.0 and < 8.1.13

A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availabili

>= 8.1.0 and < 8.1.13

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who

>= 8.1.0 and < 8.1.13

A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and esc

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of regist

>= 8.1.0 and < 8.1.12

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users

>= 9.0 and <= 9.0.5

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Manage

>= 7.1.0 and < 7.1.25

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role

>= 8.1.0 and <= 8.1.9

Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary m

A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users

Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect

>= 9.0.0 and <= 9.0.2

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and

Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.

>= 7.1.0 and < 7.1.15

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to

>= 7.1.0 and < 7.1.22

The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may all

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allo

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary J

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authent

>= 7.1.0 and < 7.1.23

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to S

>= 8.1.0 and <= 8.1.2

The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down al

The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8

> 6.0.0 and <= 6.1.20

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, a

> 6.0.0 and <= 6.1.20

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and

> 6.0.0 and <= 6.1.20

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PA

> 6.0.0 and <= 6.1.20

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may all

The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML

Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts

Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote at

Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x befor

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS

Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS

Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x b

Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remo

Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code vi

The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive infor

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x be

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote a

Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA

The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via un

The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to

Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote

>= 5.0.0 and < 5.0.20

Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7

>= 5.0.0 and < 5.0.20

Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.

>= 5.0.0 and < 5.0.20

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1

>= 5.1 and < 7.0.14

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging in

>= 5.0.0 and < 5.0.19

Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 mig

Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote a

>= 6.1.0 and <= 6.1.16

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resourc

>= 5.0.0 and < 5.0.18

Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10,

>= 5.0.0 and < 5.0.18

The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.

>= 5.0.0 and < 5.0.18

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x befor

>= 5.0.0 and < 5.0.18

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6

XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.

Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15,

Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13

The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote att

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authe

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authe

The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attack

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authe

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to

Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (man

Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allow

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.

Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecifi

Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecifi

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authe

The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error inform

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin