Lucene search

K

Pan Security Vulnerabilities

cve
cve

CVE-2017-7644

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and...

6.5CVSS

6.2AI Score

0.001EPSS

2017-04-29 12:59 AM
24
cve
cve

CVE-2017-7409

Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and...

6.1CVSS

6.2AI Score

0.001EPSS

2017-04-21 02:59 AM
26
cve
cve

CVE-2017-7217

The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified...

4.3CVSS

5AI Score

0.001EPSS

2017-04-14 02:59 PM
22
cve
cve

CVE-2017-7218

The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request...

7.8CVSS

7.6AI Score

0.002EPSS

2017-04-14 02:59 PM
21
cve
cve

CVE-2017-5583

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified...

6.5CVSS

6AI Score

0.002EPSS

2017-03-15 02:59 PM
22
cve
cve

CVE-2017-5584

Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified...

5.4CVSS

5AI Score

0.001EPSS

2017-03-15 02:59 PM
21
cve
cve

CVE-2016-9151

Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment...

7.8CVSS

7.6AI Score

0.001EPSS

2016-11-19 06:59 AM
19
cve
cve

CVE-2016-9150

Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified...

9.8CVSS

9.8AI Score

0.184EPSS

2016-11-19 06:59 AM
28
cve
cve

CVE-2016-9149

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a...

6.5CVSS

6.2AI Score

0.001EPSS

2016-11-19 06:59 AM
20
cve
cve

CVE-2016-1712

Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local...

7.8CVSS

7.7AI Score

0.0004EPSS

2016-08-02 04:59 PM
28
cve
cve

CVE-2016-2219

Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified...

5.4CVSS

5AI Score

0.001EPSS

2016-07-12 07:59 PM
25
cve
cve

CVE-2016-4971

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP...

8.8CVSS

8.3AI Score

0.953EPSS

2016-06-30 05:59 PM
186
4
cve
cve

CVE-2016-3657

Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN...

9.8CVSS

10AI Score

0.021EPSS

2016-04-12 05:59 PM
32
cve
cve

CVE-2016-3656

The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted...

7.5CVSS

7.3AI Score

0.002EPSS

2016-04-12 05:59 PM
20
cve
cve

CVE-2016-3655

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API...

9.8CVSS

9.8AI Score

0.005EPSS

2016-04-12 05:59 PM
30
cve
cve

CVE-2016-3654

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command...

7.2CVSS

7.2AI Score

0.002EPSS

2016-04-12 05:59 PM
27
cve
cve

CVE-2015-4162

XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML...

5.9AI Score

0.001EPSS

2015-06-02 02:59 PM
20
cve
cve

CVE-2014-3764

Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID...

5.9AI Score

0.001EPSS

2015-01-06 03:59 PM
18
cve
cve

CVE-2012-6590

The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID...

6.5AI Score

0.004EPSS

2013-08-31 05:55 PM
21
cve
cve

CVE-2012-6596

Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID...

6.2AI Score

0.002EPSS

2013-08-31 05:55 PM
26
cve
cve

CVE-2012-6600

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID...

7.5AI Score

0.002EPSS

2013-08-31 05:55 PM
17
cve
cve

CVE-2012-6603

The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID...

7.2AI Score

0.005EPSS

2013-08-31 05:55 PM
23
cve
cve

CVE-2012-6593

Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID...

7.9AI Score

0.004EPSS

2013-08-31 05:55 PM
19
cve
cve

CVE-2012-6605

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID...

7.6AI Score

0.003EPSS

2013-08-31 05:55 PM
17
cve
cve

CVE-2013-5663

The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP...

7AI Score

0.018EPSS

2013-08-31 05:55 PM
27
cve
cve

CVE-2012-6591

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID...

7.5AI Score

0.002EPSS

2013-08-31 05:55 PM
22
cve
cve

CVE-2012-6592

Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID...

7.9AI Score

0.004EPSS

2013-08-31 05:55 PM
19
cve
cve

CVE-2012-6594

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID...

7.5AI Score

0.002EPSS

2013-08-31 05:55 PM
24
cve
cve

CVE-2012-6595

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID...

7.5AI Score

0.002EPSS

2013-08-31 05:55 PM
26
cve
cve

CVE-2012-6598

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID...

7.4AI Score

0.002EPSS

2013-08-31 05:55 PM
20
cve
cve

CVE-2012-6602

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID...

7.5AI Score

0.002EPSS

2013-08-31 05:55 PM
22
cve
cve

CVE-2012-6597

Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID...

6.4AI Score

0.002EPSS

2013-08-31 05:55 PM
17
cve
cve

CVE-2012-6599

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID...

7.5AI Score

0.002EPSS

2013-08-31 05:55 PM
21
cve
cve

CVE-2012-6601

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID...

8AI Score

0.009EPSS

2013-08-31 05:55 PM
21
cve
cve

CVE-2012-6604

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID...

7.6AI Score

0.003EPSS

2013-08-31 05:55 PM
20
cve
cve

CVE-2013-5664

Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID...

5.9AI Score

0.001EPSS

2013-08-31 05:55 PM
19
cve
cve

CVE-2008-2363

The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer...

7.5AI Score

0.041EPSS

2008-06-02 09:30 PM
24
cve
cve

CVE-2003-0855

Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email...

6.6AI Score

0.015EPSS

2003-11-03 05:00 AM
24
Total number of security vulnerabilities188