Vulnerabilities > Paloaltonetworks > PAN OS > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-02 | CVE-2017-8390 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. | 10.0 |
| 2017-06-01 | CVE-2015-6531 | Code Injection vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | 9.3 |
| 2016-11-19 | CVE-2016-9150 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Paloaltonetworks Pan-Os Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2016-04-12 | CVE-2016-3654 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. | 9.0 |
| 2016-04-12 | CVE-2016-3655 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. | 10.0 |
| 2016-04-12 | CVE-2016-3657 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Paloaltonetworks Pan-Os Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request. | 10.0 |
| 2013-08-31 | CVE-2012-6591 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116. | 9.0 |
| 2013-08-31 | CVE-2012-6592 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091. | 10.0 |
| 2013-08-31 | CVE-2012-6593 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088. | 10.0 |
| 2013-08-31 | CVE-2012-6594 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299. | 9.0 |