Filtered by vendor Paloaltonetworks
Subscribe
Total
236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9151 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables. | |||||
| CVE-2017-5584 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-5583 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-5328 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors. | |||||
| CVE-2017-7945 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. | |||||
| CVE-2017-7644 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541. | |||||
| CVE-2016-9150 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-9149 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. | |||||
| CVE-2016-3655 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. | |||||
| CVE-2015-4162 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data. | |||||
| CVE-2016-1712 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. | |||||
| CVE-2016-3654 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. | |||||
| CVE-2016-3657 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request. | |||||
| CVE-2016-2219 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-3656 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request. | |||||
| CVE-2016-4971 | 4 Canonical, Gnu, Oracle and 1 more | 4 Ubuntu Linux, Wget, Solaris and 1 more | 2023-12-10 | 4.3 MEDIUM | 8.8 HIGH |
| GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. | |||||
| CVE-2014-3764 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563. | |||||
| CVE-2012-6603 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 10.0 HIGH | N/A |
| The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. | |||||
| CVE-2012-6593 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 10.0 HIGH | N/A |
| Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088. | |||||
| CVE-2012-6602 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122. | |||||