Pan-os Security Vulnerabilities and Issues — Pan-os CVE List

Lucene search

PaloaltonetworksPan-os

11 matches found

CVE•added 2016/11/10 9:59 p.m.•1990 views

CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

7.2CVSS7.8AI score0.94094EPSS

CVE•added 2016/06/30 5:59 p.m.•228 views

CVE-2016-4971

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

8.8CVSS8.3AI score0.75588EPSS

CVE•added 2016/04/12 5:59 p.m.•56 views

CVE-2016-3657

Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.

10CVSS10AI score0.0303EPSS

CVE•added 2016/07/12 7:59 p.m.•53 views

CVE-2016-2219

Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.00127EPSS

CVE•added 2016/11/19 6:59 a.m.•48 views

CVE-2016-9150

Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.8AI score0.51597EPSS

CVE•added 2016/08/02 4:59 p.m.•47 views

CVE-2016-1712

Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.

7.8CVSS7.7AI score0.00046EPSS

CVE•added 2016/04/12 5:59 p.m.•45 views

CVE-2016-3655

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.

10CVSS9.8AI score0.01314EPSS

CVE•added 2016/04/12 5:59 p.m.•43 views

CVE-2016-3654

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.

9CVSS7.2AI score0.00518EPSS

CVE•added 2016/11/19 6:59 a.m.•38 views

CVE-2016-9149

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a cra...

6.5CVSS6.2AI score0.00245EPSS

CVE•added 2016/11/19 6:59 a.m.•36 views

CVE-2016-9151

Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.

7.8CVSS7.6AI score0.00347EPSS

CVE•added 2016/04/12 5:59 p.m.•35 views

CVE-2016-3656

The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request.

7.5CVSS7.3AI score0.00499EPSS