Paloaltonetworks

Pan-os

226 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.2

CVE-2025-0103

  • EPSS 0.18%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 11.01.2025 03:15:22

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables ...

7

CVE-2025-0104

  • EPSS 0.34%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 11.01.2025 03:15:22

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious li...

6.9

CVE-2025-0105

  • EPSS 0.91%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 11.01.2025 03:15:22

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

6.9

CVE-2025-0106

  • EPSS 0.32%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 11.01.2025 03:15:22

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.

7.7

CVE-2025-0107

  • EPSS 24.21%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 15.01.2025 23:15:10

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device conf...

7.5

CVE-2024-3393

Warnung
  • EPSS 64.73%
  • Veröffentlicht 27.12.2024 10:15:17
  • Zuletzt bearbeitet 14.01.2025 16:02:30

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to t...

7.2

CVE-2024-9474

Warnung Medienbericht Exploit
  • EPSS 94.17%
  • Veröffentlicht 18.11.2024 16:15:29
  • Zuletzt bearbeitet 20.12.2024 16:49:55

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impact...

9.8

CVE-2024-0012

Warnung Exploit
  • EPSS 94.23%
  • Veröffentlicht 18.11.2024 16:15:11
  • Zuletzt bearbeitet 20.12.2024 15:47:59

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configur...

6.5

CVE-2024-5919

  • EPSS 0.11%
  • Veröffentlicht 14.11.2024 10:15:09
  • Zuletzt bearbeitet 24.01.2025 16:06:00

A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access...

4.8

CVE-2024-5920

  • EPSS 0.36%
  • Veröffentlicht 14.11.2024 10:15:09
  • Zuletzt bearbeitet 24.01.2025 16:06:43

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS ...