Vulnerabilities > Paloaltonetworks > High

DATE CVE VULNERABILITY TITLE RISK
2019-07-19 CVE-2019-1579 Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
network
high complexity
paloaltonetworks CWE-134
8.1
2019-07-16 CVE-2019-1576 OS Command Injection vulnerability in Paloaltonetworks Pan-Os 9.0.0/9.0.1/9.0.2
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.
network
low complexity
paloaltonetworks CWE-78
8.8
2019-07-16 CVE-2019-1575 Information Exposure vulnerability in Paloaltonetworks Pan-Os
Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them.
network
low complexity
paloaltonetworks CWE-200
8.8
2019-03-26 CVE-2019-1572 Unspecified vulnerability in Paloaltonetworks Pan-Os 9.0.0
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.
network
low complexity
paloaltonetworks
7.5
2018-11-27 CVE-2018-10142 Information Exposure vulnerability in Paloaltonetworks Expedition 1.0.106
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.
network
low complexity
paloaltonetworks CWE-200
7.5
2017-12-11 CVE-2017-15942 Unspecified vulnerability in Paloaltonetworks Pan-Os
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface.
network
low complexity
paloaltonetworks
7.5
2017-11-13 CVE-2016-8610 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. 7.5
2017-06-01 CVE-2015-6531 Code Injection vulnerability in Paloaltonetworks Pan-Os
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.
local
low complexity
paloaltonetworks CWE-94
7.8
2017-04-14 CVE-2017-7408 Improper Input Validation vulnerability in Paloaltonetworks Traps 3.4.3
Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.
network
low complexity
paloaltonetworks CWE-20
7.5
2017-04-14 CVE-2017-7218 Improper Input Validation vulnerability in Paloaltonetworks Pan-Os
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.
local
low complexity
paloaltonetworks CWE-20
7.8