Filtered by vendor Paloaltonetworks
Subscriptions
Total
246 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-10142 | 1 Paloaltonetworks | 1 Expedition | 2024-08-05 | N/A |
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | ||||
CVE-2018-10143 | 1 Paloaltonetworks | 1 Expedition | 2024-08-05 | N/A |
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. | ||||
CVE-2018-9337 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | ||||
CVE-2018-9335 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | ||||
CVE-2018-9242 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | ||||
CVE-2018-9334 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. | ||||
CVE-2018-7636 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | ||||
CVE-2019-17436 | 1 Paloaltonetworks | 1 Globalprotect | 2024-08-05 | 7.1 High |
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | ||||
CVE-2019-17435 | 1 Paloaltonetworks | 1 Globalprotect | 2024-08-05 | 5.5 Medium |
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. | ||||
CVE-2019-1568 | 1 Paloaltonetworks | 1 Demisto | 2024-08-04 | N/A |
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | ||||
CVE-2019-1580 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | N/A |
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. | ||||
CVE-2019-1575 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | 8.8 High |
Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. | ||||
CVE-2019-1582 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | N/A |
Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | ||||
CVE-2019-1579 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | 8.1 High |
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | ||||
CVE-2019-1572 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | N/A |
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | ||||
CVE-2019-1576 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | 8.8 High |
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | ||||
CVE-2019-1583 | 1 Paloaltonetworks | 1 Twistlock | 2024-08-04 | N/A |
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. | ||||
CVE-2019-1570 | 1 Paloaltonetworks | 1 Expedition | 2024-08-04 | N/A |
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | ||||
CVE-2019-1567 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-08-04 | N/A |
The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | ||||
CVE-2019-1574 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-08-04 | N/A |
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. |