Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-17435 | Unspecified vulnerability in Paloaltonetworks Globalprotect A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. | 5.5 |
| 2019-08-23 | CVE-2019-1583 | Cross-site Scripting vulnerability in Paloaltonetworks Twistlock 19.07.357 Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. | 8.0 |
| 2019-08-23 | CVE-2019-1582 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | 7.2 |
| 2019-08-23 | CVE-2019-1580 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. | 9.8 |
| 2019-07-19 | CVE-2019-1579 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | 8.1 |
| 2019-07-16 | CVE-2019-1576 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os 9.0.0/9.0.1/9.0.2 Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | 8.8 |
| 2019-07-16 | CVE-2019-1575 | Information Exposure vulnerability in Paloaltonetworks Pan-Os Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. | 8.8 |
| 2019-07-01 | CVE-2019-1578 | Cross-site Scripting vulnerability in Paloaltonetworks Minemeld 0.9.60 Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. | 6.1 |
| 2019-07-01 | CVE-2019-1577 | Code Injection vulnerability in Paloaltonetworks Traps 5.0/5.0.5 Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | 6.3 |
| 2019-05-09 | CVE-2019-1568 | Cross-site Scripting vulnerability in Paloaltonetworks Demisto 4.5 Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | 6.1 |