Filtered by vendor Paloaltonetworks
Subscriptions
Total
270 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6356 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2024-08-05 | 5.3 Medium |
| Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. | ||||
| CVE-2017-5584 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
| Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-5583 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
| The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-5328 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2024-08-05 | 7.5 High |
| Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors. | ||||
| CVE-2017-5329 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2024-08-05 | 7.8 High |
| Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation. | ||||
| CVE-2018-18065 | 5 Canonical, Debian, Net-snmp and 2 more | 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more | 2024-08-05 | N/A |
| _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | ||||
| CVE-2018-10142 | 1 Paloaltonetworks | 1 Expedition | 2024-08-05 | N/A |
| The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | ||||
| CVE-2018-10143 | 1 Paloaltonetworks | 1 Expedition | 2024-08-05 | N/A |
| The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. | ||||
| CVE-2018-9337 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
| The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | ||||
| CVE-2018-9335 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
| The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | ||||
| CVE-2018-9242 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | ||||
| CVE-2018-9334 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. | ||||
| CVE-2018-7636 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
| The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | ||||
| CVE-2019-17436 | 1 Paloaltonetworks | 1 Globalprotect | 2024-08-05 | 7.1 High |
| A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | ||||
| CVE-2019-17435 | 1 Paloaltonetworks | 1 Globalprotect | 2024-08-05 | 5.5 Medium |
| A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. | ||||
| CVE-2019-1568 | 1 Paloaltonetworks | 1 Demisto | 2024-08-04 | N/A |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | ||||
| CVE-2019-1580 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | N/A |
| Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. | ||||
| CVE-2019-1575 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | 8.8 High |
| Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. | ||||
| CVE-2019-1582 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | N/A |
| Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | ||||
| CVE-2019-1579 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | 8.1 High |
| Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | ||||