7 matches found
EUVD-2020-22065
An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the...
Privilege Escalation in PAN-OS
Palo Alto Networks is aware of a use-after-free UAF vulnerability in the Linux kernel's sockfssetattr. Ref: PAN-113631/ CVE-2019-8912 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. This issue affects PAN-OS 7.1.23 and earlier...
Kernel Vulnerability
A vulnerability exists in the Linux kernel of PAN-OS that may result in Remote Code Execution. A vulnerability in the Linux kernel networking subsystem for UDP could enable an attacker to execute arbitrary code within the context of the kernel. The Data Plane DP of PAN-OS is not affected by this...
OpenSSL Vulnerability
The OpenSSL library has been found to contain vulnerability CVE-2016-8610. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-68543 / CVE-2016-8610 The OpenSSL library in use by PAN-OS is patched on a regular basis. This issue affects PAN-OS 6.1.17 and...
OpenSSL Vulnerability
The OpenSSL library has been found to contain vulnerability CVE-2017-3731. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-73914 / CVE-2017-3731 The OpenSSL library in use by PAN-OS is patched on a regular basis. This issue affects PAN-OS 6.1, PAN-OS...
PT-2016-3096
Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.x through 4.8.2 Description A race condition in the mm/gup.c component of the Linux kernel allows local users to gain elevated privileges. This occurs due to the incorrect handling of the copy-on-write COW feature—a...
Padding-oracle attack on TLS CBC cipher mode
A vulnerability affecting some implementations of TLS 1.x with CBC cipher modes has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-8730. This padding-oracle attack on TLS CBC cipher modes is a variant of the POODLE vulnerability,...