Filtered by vendor Paloaltonetworks
Subscriptions
Total
276 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-6601 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983. | ||||
CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | ||||
CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | ||||
CVE-2012-6598 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080. | ||||
CVE-2012-6597 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254. | ||||
CVE-2012-6596 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493. | ||||
CVE-2012-6595 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595. | ||||
CVE-2012-6594 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299. | ||||
CVE-2012-6593 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088. | ||||
CVE-2012-6592 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091. | ||||
CVE-2012-6591 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116. | ||||
CVE-2012-6590 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139. | ||||
CVE-2024-2551 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-19 | N/A |
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. | ||||
CVE-2024-9465 | 1 Paloaltonetworks | 1 Expedition | 2024-11-15 | 9.1 Critical |
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system. | ||||
CVE-2024-9472 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-15 | N/A |
A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected. This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS: * 10.2.7-h12 * 10.2.8-h10 * 10.2.9-h9 * 10.2.9-h11 * 10.2.10-h2 * 10.2.10-h3 * 10.2.11 * 10.2.11-h1 * 10.2.11-h2 * 10.2.11-h3 * 11.1.2-h9 * 11.1.2-h12 * 11.1.3-h2 * 11.1.3-h4 * 11.1.3-h6 * 11.2.2 * 11.2.2-h1 | ||||
CVE-2024-2550 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-15 | N/A |
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. | ||||
CVE-2024-2552 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-15 | N/A |
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. | ||||
CVE-2024-5919 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-15 | N/A |
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface. | ||||
CVE-2024-5918 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-15 | N/A |
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate." | ||||
CVE-2024-5920 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-15 | N/A |
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser. |