Vulnerabilities > Paloaltonetworks > PAN OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-12 | CVE-2018-10141 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 4.3 |
| 2018-10-08 | CVE-2018-18065 | NULL Pointer Dereference vulnerability in multiple products _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 4.0 |
| 2018-08-16 | CVE-2018-10140 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os 8.1.0/8.1.1/8.1.2 The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. | 4.0 |
| 2018-08-16 | CVE-2018-10139 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 4.3 |
| 2018-07-03 | CVE-2018-9242 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | 6.6 |
| 2018-07-03 | CVE-2018-7636 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os 8.0.10 The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | 4.3 |
| 2018-01-10 | CVE-2017-17841 | Unspecified vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. network paloaltonetworks | 4.3 |
| 2018-01-10 | CVE-2017-16878 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. | 4.3 |
| 2018-01-10 | CVE-2017-15941 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2017-12-11 | CVE-2017-15943 | Server-Side Request Forgery (SSRF) vulnerability in Paloaltonetworks Pan-Os The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | 5.0 |