Vulnerabilities > Paloaltonetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-01 | CVE-2019-1578 | Cross-site Scripting vulnerability in Paloaltonetworks Minemeld 0.9.60 Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. | 4.3 |
| 2019-07-01 | CVE-2019-1577 | Code Injection vulnerability in Paloaltonetworks Traps 5.0/5.0.5 Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | 6.5 |
| 2019-05-09 | CVE-2019-1568 | Cross-site Scripting vulnerability in Paloaltonetworks Demisto 4.5 Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | 4.3 |
| 2019-03-26 | CVE-2019-1572 | Unspecified vulnerability in Paloaltonetworks Pan-Os 9.0.0 PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | 5.0 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
| 2019-01-30 | CVE-2019-1566 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 6.1 |
| 2018-11-27 | CVE-2018-10142 | Information Exposure vulnerability in Paloaltonetworks Expedition 1.0.106 The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | 5.0 |
| 2018-10-12 | CVE-2018-10141 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 4.3 |
| 2018-10-08 | CVE-2018-18065 | NULL Pointer Dereference vulnerability in multiple products _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 4.0 |
| 2018-08-16 | CVE-2018-10140 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os 8.1.0/8.1.1/8.1.2 The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. | 4.0 |