Vulnerabilities > Paloaltonetworks

DATE CVE VULNERABILITY TITLE RISK
2013-08-31 CVE-2013-5664 Cross-Site Scripting vulnerability in Paloaltonetworks Pan-Os
Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908. 		4.3
4.3
2013-08-31 CVE-2012-6606 Cryptographic Issues vulnerability in Paloaltonetworks Globalprotect and Netconnect
Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate. 		5.8
5.8
2013-08-31 CVE-2012-6605 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896.
network
low complexity
paloaltonetworks CWE-78
critical
 9.0
9.0
2013-08-31 CVE-2012-6604 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249.
network
low complexity
paloaltonetworks CWE-78
critical
 9.0
9.0
2013-08-31 CVE-2012-6603 Improper Authentication vulnerability in Paloaltonetworks Pan-Os
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.
network
low complexity
paloaltonetworks CWE-287
critical
 10.0
10
2013-08-31 CVE-2012-6602 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122.
network
low complexity
paloaltonetworks CWE-78
critical
 9.0
9.0
2013-08-31 CVE-2012-6601 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983.
network
low complexity
paloaltonetworks CWE-78
critical
 10.0
10
2013-08-31 CVE-2012-6600 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502.
network
low complexity
paloaltonetworks CWE-78
critical
 9.0
9.0
2013-08-31 CVE-2012-6599 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.
network
low complexity
paloaltonetworks CWE-78
critical
 9.0
9.0
2013-08-31 CVE-2012-6598 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080.
network
low complexity
paloaltonetworks CWE-78
critical
 9.0
9.0