Vulnerabilities > Paloaltonetworks > PAN OS > 6.0.3

DATE CVE VULNERABILITY TITLE RISK
2020-03-11 CVE-2020-1979 Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges.
local
low complexity
paloaltonetworks CWE-134
4.6
2019-08-23 CVE-2019-1581 Improper Input Validation vulnerability in Paloaltonetworks Pan-Os
A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS.
network
low complexity
paloaltonetworks CWE-20
7.5
2019-08-23 CVE-2019-1580 Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
network
low complexity
paloaltonetworks CWE-787
critical
10.0
2019-07-19 CVE-2019-1579 Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
6.8
2019-07-16 CVE-2019-1575 Information Exposure vulnerability in Paloaltonetworks Pan-Os
Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them.
network
low complexity
paloaltonetworks CWE-200
6.5
2019-01-30 CVE-2019-1565 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.
3.5
2018-10-12 CVE-2018-10141 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.
4.3
2018-10-08 CVE-2018-18065 NULL Pointer Dereference vulnerability in multiple products
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
4.0
2018-08-16 CVE-2018-10139 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
4.3
2018-07-03 CVE-2018-9337 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
3.5