VYPR

Pan OS

by Paloaltonetworks

CVEs (240)

  • CVE-2025-0130HigMay 14, 2025
    risk 0.49cvss 7.5epss 0.00

    A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful…

  • CVE-2017-15942HigDec 11, 2017
    risk 0.49cvss 7.5epss 0.02

    Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface.

  • CVE-2016-3656HigApr 12, 2016
    risk 0.49cvss 7.5epss 0.02

    The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request.

  • CVE-2026-0265HigMay 13, 2026
    risk 0.47cvss epss 0.00

    An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management…

  • CVE-2026-0264HigMay 13, 2026
    risk 0.47cvss epss 0.00

    A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or…

  • CVE-2026-0263HigMay 13, 2026
    risk 0.47cvss epss 0.00

    A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition. Panorama, Cloud…

  • CVE-2025-4615HigOct 9, 2025
    risk 0.47cvss 7.2epss 0.01

    An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly…

  • CVE-2016-3654HigApr 12, 2016
    risk 0.47cvss 7.2epss 0.03

    The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command…

  • CVE-2025-0125MedApr 11, 2025
    risk 0.45cvss epss 0.00

    An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have…

  • CVE-2025-0109MedFeb 12, 2025
    risk 0.45cvss epss 0.01

    An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and…

  • CVE-2025-0116MedMar 12, 2025
    risk 0.44cvss epss 0.00

    A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall…

  • CVE-2025-0115MedMar 12, 2025
    risk 0.44cvss epss 0.00

    A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this…

  • CVE-2026-0262MedMay 13, 2026
    risk 0.43cvss epss 0.00

    Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic. Panorama and Cloud NGFW are not impacted by these…

  • CVE-2026-0229MedFeb 11, 2026
    risk 0.43cvss epss 0.01

    A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the…

  • CVE-2025-4619MedNov 13, 2025
    risk 0.43cvss epss 0.01

    A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance…

  • CVE-2017-7216MedMay 2, 2017
    risk 0.42cvss 6.5epss 0.01

    The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters.

  • CVE-2017-7644MedApr 29, 2017
    risk 0.42cvss 6.5epss 0.01

    The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541.

  • CVE-2017-5583MedMar 15, 2017
    risk 0.42cvss 6.5epss 0.01

    The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors.

  • CVE-2016-9149MedNov 19, 2016
    risk 0.42cvss 6.5epss 0.02

    The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath…

  • CVE-2026-0273MedJun 10, 2026
    risk 0.40cvss epss 0.01

    A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The…

Page 2 of 12