VYPR

Pan OS

by Paloaltonetworks

CVEs (240)

  • CVE-2026-0261MedMay 13, 2026
    risk 0.40cvss epss 0.01

    Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web…

  • CVE-2018-10139MedAug 16, 2018
    risk 0.40cvss 6.1epss 0.02

    The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.

  • CVE-2018-7636MedJul 3, 2018
    risk 0.40cvss 6.1epss 0.01

    The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs.

  • CVE-2017-16878MedJan 10, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration.

  • CVE-2017-15941MedJan 10, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via…

  • CVE-2017-12416MedSep 7, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via…

  • CVE-2017-9467MedAug 2, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2017-9459MedAug 2, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2017-7409MedApr 21, 2017
    risk 0.40cvss 6.1epss 0.01

    Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.

  • CVE-2026-0272MedJun 10, 2026
    risk 0.39cvss epss 0.00

    A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges. The security risk posed by this issue is significantly…

  • CVE-2025-4229MedJun 13, 2025
    risk 0.39cvss epss 0.00

    An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the…

  • CVE-2017-17841MedJan 10, 2018
    risk 0.39cvss 5.9epss 0.02

    Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka…

  • CVE-2025-0123MedApr 11, 2025
    risk 0.38cvss epss 0.00

    A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture…

  • CVE-2025-2182MedAug 13, 2025
    risk 0.36cvss epss 0.00

    A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this…

  • CVE-2018-9334MedJul 3, 2018
    risk 0.36cvss 5.5epss 0.00

    The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.

  • CVE-2018-9242MedJul 3, 2018
    risk 0.36cvss 5.5epss 0.00

    The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters.

  • CVE-2018-9337MedJul 3, 2018
    risk 0.35cvss 5.4epss 0.01

    The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.

  • CVE-2018-9335MedJul 3, 2018
    risk 0.35cvss 5.4epss 0.01

    The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.

  • CVE-2017-15943MedDec 11, 2017
    risk 0.35cvss 5.3epss 0.02

    The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF)…

  • CVE-2017-5584MedMar 15, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Page 3 of 12