Filtered by vendor Paloaltonetworks
Subscriptions
Total
276 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-9149 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. | ||||
CVE-2016-8610 | 7 Debian, Fujitsu, Netapp and 4 more | 55 Debian Linux, M10-1, M10-1 Firmware and 52 more | 2024-11-21 | 7.5 High |
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. | ||||
CVE-2016-5195 | 7 Canonical, Debian, Fedoraproject and 4 more | 24 Ubuntu Linux, Debian Linux, Fedora and 21 more | 2024-11-21 | 7.0 High |
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | ||||
CVE-2016-4971 | 5 Canonical, Gnu, Oracle and 2 more | 5 Ubuntu Linux, Wget, Solaris and 2 more | 2024-11-21 | 8.8 High |
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. | ||||
CVE-2016-3657 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request. | ||||
CVE-2016-3656 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request. | ||||
CVE-2016-3655 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. | ||||
CVE-2016-3654 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. | ||||
CVE-2016-2219 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2016-1712 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. | ||||
CVE-2015-6531 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | ||||
CVE-2015-4162 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data. | ||||
CVE-2014-3764 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563. | ||||
CVE-2013-5664 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908. | ||||
CVE-2013-5663 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195. | ||||
CVE-2012-6606 | 1 Paloaltonetworks | 2 Globalprotect, Netconnect | 2024-11-21 | N/A |
Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2012-6605 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896. | ||||
CVE-2012-6604 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249. | ||||
CVE-2012-6603 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. | ||||
CVE-2012-6602 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122. |