Filtered by vendor Paloaltonetworks
Subscriptions
Filtered by product Pan-os
Subscriptions
Total
184 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-9337 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | ||||
CVE-2018-9335 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | ||||
CVE-2018-9242 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | ||||
CVE-2018-9334 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. | ||||
CVE-2018-7636 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | ||||
CVE-2019-1580 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | N/A |
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. | ||||
CVE-2019-1575 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | 8.8 High |
Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. | ||||
CVE-2019-1582 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | N/A |
Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | ||||
CVE-2019-1579 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | 8.1 High |
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | ||||
CVE-2019-1572 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | N/A |
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | ||||
CVE-2019-1576 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-04 | 8.8 High |
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | ||||
CVE-2023-38046 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 5.5 Medium |
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. | ||||
CVE-2023-6795 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 5.5 Medium |
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | ||||
CVE-2023-6790 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 8.8 High |
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. | ||||
CVE-2023-6789 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 4.3 Medium |
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. | ||||
CVE-2023-6793 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 2.7 Low |
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage. | ||||
CVE-2023-6791 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 4.9 Medium |
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. | ||||
CVE-2023-6794 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 5.5 Medium |
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | ||||
CVE-2023-0005 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-02 | 4.1 Medium |
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. | ||||
CVE-2023-0007 | 1 Paloaltonetworks | 4 Pan-os, Panorama M-200, Panorama M-500 and 1 more | 2024-08-02 | 6.5 Medium |
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed. |