Vulnerabilities > Paloaltonetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-27 | CVE-2017-5329 | Out-of-bounds Write vulnerability in Paloaltonetworks Terminal Services Agent Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation. | 4.6 |
| 2017-01-27 | CVE-2017-5328 | Unspecified vulnerability in Paloaltonetworks Terminal Services Agent Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors. | 5.0 |
| 2016-11-19 | CVE-2016-9151 | Permissions, Privileges, and Access Controls vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables. | 4.6 |
| 2016-11-19 | CVE-2016-9149 | Data Processing Errors vulnerability in Paloaltonetworks Pan-Os The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. | 4.0 |
| 2016-04-12 | CVE-2016-3656 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Paloaltonetworks Pan-Os The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request. | 5.0 |
| 2015-06-02 | CVE-2015-4162 | Unspecified vulnerability in Paloaltonetworks Pan-Os XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data. | 4.0 |
| 2015-01-06 | CVE-2014-3764 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563. | 4.3 |
| 2013-08-31 | CVE-2013-5664 | Cross-Site Scripting vulnerability in Paloaltonetworks Pan-Os Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908. | 4.3 |
| 2013-08-31 | CVE-2012-6606 | Cryptographic Issues vulnerability in Paloaltonetworks Globalprotect and Netconnect Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2013-08-31 | CVE-2012-6597 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254. | 6.3 |