Filtered by vendor Paloaltonetworks
Subscribe
Total
288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1565 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-1568 | 1 Paloaltonetworks | 1 Demisto | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | |||||
| CVE-2017-15942 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface. | |||||
| CVE-2017-15870 | 1 Paloaltonetworks | 1 Globalprotect | 2020-02-17 | 7.2 HIGH | 6.7 MEDIUM |
| Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking." | |||||
| CVE-2017-16878 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. | |||||
| CVE-2016-9150 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-9149 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. | |||||
| CVE-2018-10140 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. | |||||
| CVE-2016-3657 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request. | |||||
| CVE-2012-6596 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 5.0 MEDIUM | N/A |
| Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493. | |||||
| CVE-2016-3655 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. | |||||
| CVE-2019-1567 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | |||||
| CVE-2017-9467 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-15940 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | 9.8 CRITICAL |
| The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2019-1578 | 1 Paloaltonetworks | 1 Minemeld | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. | |||||
| CVE-2019-17437 | 1 Paloaltonetworks | 1 Pan-os | 2019-12-13 | 4.6 MEDIUM | 7.8 HIGH |
| An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue. | |||||
| CVE-2019-1581 | 1 Paloaltonetworks | 1 Pan-os | 2019-12-05 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4. | |||||
| CVE-2018-18065 | 5 Canonical, Debian, Net-snmp and 2 more | 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more | 2019-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | |||||
| CVE-2017-7218 | 1 Paloaltonetworks | 1 Pan-os | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. | |||||
| CVE-2019-1577 | 1 Paloaltonetworks | 1 Traps | 2019-07-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | |||||