Vulnerabilities > Paloaltonetworks

DATE CVE VULNERABILITY TITLE RISK
2016-08-02 CVE-2016-1712 Improper Input Validation vulnerability in Paloaltonetworks Pan-Os
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.
local
low complexity
paloaltonetworks CWE-20
7.2
2016-07-12 CVE-2016-2219 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3.5
2016-06-30 CVE-2016-4971 GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
network
low complexity
gnu canonical oracle paloaltonetworks
8.8
2016-04-12 CVE-2016-3657 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Paloaltonetworks Pan-Os
Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.
network
low complexity
paloaltonetworks CWE-119
critical
10.0
2016-04-12 CVE-2016-3656 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Paloaltonetworks Pan-Os
The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request.
network
low complexity
paloaltonetworks CWE-119
5.0
2016-04-12 CVE-2016-3655 Improper Input Validation vulnerability in Paloaltonetworks Pan-Os
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.
network
low complexity
paloaltonetworks CWE-20
critical
10.0
2016-04-12 CVE-2016-3654 Improper Input Validation vulnerability in Paloaltonetworks Pan-Os
The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.
network
low complexity
paloaltonetworks CWE-20
critical
9.0
2015-06-02 CVE-2015-4162 Unspecified vulnerability in Paloaltonetworks Pan-Os
XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.
network
low complexity
paloaltonetworks
4.0
2015-01-06 CVE-2014-3764 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.
4.3
2013-08-31 CVE-2013-5664 Cross-Site Scripting vulnerability in Paloaltonetworks Pan-Os
Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.
4.3