Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-16 | CVE-2019-1575 | Information Exposure vulnerability in Paloaltonetworks Pan-Os Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. | 8.8 |
| 2019-07-01 | CVE-2019-1578 | Cross-site Scripting vulnerability in Paloaltonetworks Minemeld 0.9.60 Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. | 6.1 |
| 2019-07-01 | CVE-2019-1577 | Code Injection vulnerability in Paloaltonetworks Traps 5.0/5.0.5 Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | 6.3 |
| 2019-05-09 | CVE-2019-1568 | Cross-site Scripting vulnerability in Paloaltonetworks Demisto 4.5 Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | 6.1 |
| 2019-04-12 | CVE-2019-1574 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition Migration Tool Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. | 5.4 |
| 2019-04-09 | CVE-2019-1573 | Missing Encryption of Sensitive Data vulnerability in Paloaltonetworks Globalprotect 4.1.0/4.1.10 GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. | 2.5 |
| 2019-04-09 | CVE-2019-1567 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition Migration Tool The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | 5.4 |
| 2019-03-26 | CVE-2019-1571 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. | 4.8 |
| 2019-03-26 | CVE-2019-1572 | Unspecified vulnerability in Paloaltonetworks Pan-Os 9.0.0 PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | 7.5 |
| 2019-03-26 | CVE-2019-1570 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | 4.8 |