Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2019-1569 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. | 4.8 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
| 2019-01-30 | CVE-2019-1566 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 6.1 |
| 2019-01-30 | CVE-2019-1565 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | 5.4 |
| 2018-12-12 | CVE-2018-10143 | Improper Privilege Management vulnerability in Paloaltonetworks Expedition 1.0.107 The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. | 9.8 |
| 2018-11-27 | CVE-2018-10142 | Information Exposure vulnerability in Paloaltonetworks Expedition 1.0.106 The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | 7.5 |
| 2018-10-12 | CVE-2018-10141 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 6.1 |
| 2018-10-08 | CVE-2018-18065 | NULL Pointer Dereference vulnerability in multiple products _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 6.5 |
| 2018-08-16 | CVE-2018-10140 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os 8.1.0/8.1.1/8.1.2 The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. | 4.3 |
| 2018-08-16 | CVE-2018-10139 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 6.1 |