Filtered by vendor Paloaltonetworks
Subscribe
Total
236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-1577 | 1 Paloaltonetworks | 1 Traps | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | |||||
CVE-2019-1581 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4. | |||||
CVE-2019-1583 | 1 Paloaltonetworks | 1 Twistlock | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. | |||||
CVE-2019-1575 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. | |||||
CVE-2019-1567 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | |||||
CVE-2018-18065 | 5 Canonical, Debian, Net-snmp and 2 more | 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | |||||
CVE-2018-10140 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. | |||||
CVE-2019-1566 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
CVE-2018-10143 | 1 Paloaltonetworks | 1 Expedition | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. | |||||
CVE-2018-10142 | 1 Paloaltonetworks | 1 Expedition | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | |||||
CVE-2018-10141 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
CVE-2018-10139 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. | |||||
CVE-2019-1559 | 13 Canonical, Debian, F5 and 10 more | 90 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 87 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). | |||||
CVE-2019-1565 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | |||||
CVE-2018-9334 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. | |||||
CVE-2018-9335 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | |||||
CVE-2018-9337 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | |||||
CVE-2018-9242 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 6.6 MEDIUM | 5.5 MEDIUM |
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | |||||
CVE-2018-7636 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | |||||
CVE-2017-12416 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation. |