Filtered by vendor Paloaltonetworks Subscriptions
Filtered by product Pan-os Subscriptions
Total 184 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-9337 1 Paloaltonetworks 1 Pan-os 2024-08-05 N/A
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
CVE-2018-9335 1 Paloaltonetworks 1 Pan-os 2024-08-05 N/A
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
CVE-2018-9242 1 Paloaltonetworks 1 Pan-os 2024-08-05 N/A
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters.
CVE-2018-9334 1 Paloaltonetworks 1 Pan-os 2024-08-05 N/A
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.
CVE-2018-7636 1 Paloaltonetworks 1 Pan-os 2024-08-05 N/A
The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs.
CVE-2019-1580 1 Paloaltonetworks 1 Pan-os 2024-08-04 N/A
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
CVE-2019-1575 1 Paloaltonetworks 1 Pan-os 2024-08-04 8.8 High
Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them.
CVE-2019-1582 1 Paloaltonetworks 1 Pan-os 2024-08-04 N/A
Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.
CVE-2019-1579 1 Paloaltonetworks 1 Pan-os 2024-08-04 8.1 High
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
CVE-2019-1572 1 Paloaltonetworks 1 Pan-os 2024-08-04 N/A
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.
CVE-2019-1576 1 Paloaltonetworks 1 Pan-os 2024-08-04 8.8 High
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.
CVE-2023-38046 1 Paloaltonetworks 1 Pan-os 2024-08-02 5.5 Medium
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
CVE-2023-6795 1 Paloaltonetworks 1 Pan-os 2024-08-02 5.5 Medium
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
CVE-2023-6790 1 Paloaltonetworks 1 Pan-os 2024-08-02 8.8 High
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
CVE-2023-6789 1 Paloaltonetworks 1 Pan-os 2024-08-02 4.3 Medium
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.
CVE-2023-6793 1 Paloaltonetworks 1 Pan-os 2024-08-02 2.7 Low
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
CVE-2023-6791 1 Paloaltonetworks 1 Pan-os 2024-08-02 4.9 Medium
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
CVE-2023-6794 1 Paloaltonetworks 1 Pan-os 2024-08-02 5.5 Medium
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
CVE-2023-0005 1 Paloaltonetworks 1 Pan-os 2024-08-02 4.1 Medium
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.
CVE-2023-0007 1 Paloaltonetworks 4 Pan-os, Panorama M-200, Panorama M-500 and 1 more 2024-08-02 6.5 Medium
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.