Suggestions search

All statuses

Filter by:

With package: python314Packages.pan-os-python

Found 13 matching suggestions

View:

Compact

Detailed

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-0262

6.6 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): High (H)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): Unreported (U)
Automatable (AU): No (N)
Recovery (R): User (U)
Value Density (V): Concentrated (C)
Vulnerability Response Effort (RE): Moderate (M)
Provider Urgency (U): Amber (Amber)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): High (H)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse dismissed (not in Nixpkgs) 1 month ago

PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic. Panorama and Cloud NGFW are not impacted by these vulnerabilities.

References

https://security.paloaltonetworks.com/CVE-2026-0262 vendor-advisory

Affected products

PAN-OS

<11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33
<12.1.7, 12.1.4-h5
<11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17
<10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34

Cloud NGFW

==All

Prisma Access

<11.2.7-h13
<10.2.10-h36

Matching in nixpkgs

pkgs.python312Packages.pan-os-python

None

pkgs.python313Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5

pkgs.python314Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5

Package maintainers

@jherland Johan Herland <johan@herland.net>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-0256

4.4 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): High (H)
User Interaction (UI): Passive (P)
Vulnerable System Impact Confidentiality (VC): Low (L)
Vulnerable System Impact Integrity (VI): High (H)
Vulnerable System Impact Availability (VA): None (N)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): Unreported (U)
Automatable (AU): No (N)
Recovery (R): User (U)
Value Density (V): Diffuse (D)
Vulnerability Response Effort (RE): Moderate (M)
Provider Urgency (U): Amber (Amber)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): Passive (P)
Modified Vulnerable System Impact Confidentiality (MVC): Low (L)
Modified Vulnerable System Impact Integrity (MVI): High (H)
Modified Vulnerable System Impact Availability (MVA): None (N)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse dismissed (not in Nixpkgs) 1 month ago

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.

References

https://security.paloaltonetworks.com/CVE-2026-0256 vendor-advisory

Affected products

PAN-OS

<11.2.12
<11.1.15
<12.1.7
<10.2.18-h6

Cloud NGFW

==All

Prisma Access

==All

Matching in nixpkgs

pkgs.python312Packages.pan-os-python

None

pkgs.python313Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5

pkgs.python314Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5

Package maintainers

@jherland Johan Herland <johan@herland.net>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-0300

updated 1 month, 1 week ago by @LeSuisse Activity log

Created suggestion 1 month, 1 week ago
@LeSuisse dismissed (not in Nixpkgs) 1 month, 1 week ago

PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.