Total
197 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12416 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation. | |||||
| CVE-2018-9242 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 6.6 MEDIUM | 5.5 MEDIUM |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | |||||
| CVE-2017-8390 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. | |||||
| CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | |||||
| CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | |||||
| CVE-2012-6604 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249. | |||||
| CVE-2018-7636 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | |||||
| CVE-2012-6590 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | N/A |
| The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139. | |||||
| CVE-2012-6603 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
| The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. | |||||
| CVE-2017-9459 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-6591 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116. | |||||
| CVE-2012-6601 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983. | |||||
| CVE-2012-6597 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 6.3 MEDIUM | N/A |
| Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254. | |||||
| CVE-2012-6594 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299. | |||||
| CVE-2018-9334 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 2.1 LOW | 5.5 MEDIUM |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. | |||||
| CVE-2016-9151 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.6 MEDIUM | 7.8 HIGH |
| Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables. | |||||
| CVE-2016-3654 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | 7.2 HIGH |
| The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. | |||||
| CVE-2012-6593 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
| Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088. | |||||
| CVE-2019-1565 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | |||||
| CVE-2017-15942 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface. | |||||