The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139.
Max CVSS
4.3
EPSS Score
0.44%
Published
2013-08-31
Updated
2020-02-17
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116.
Max CVSS
9.0
EPSS Score
0.17%
Published
2013-08-31
Updated
2020-02-17
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091.
Max CVSS
10.0
EPSS Score
0.41%
Published
2013-08-31
Updated
2020-02-17
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088.
Max CVSS
10.0
EPSS Score
0.41%
Published
2013-08-31
Updated
2020-02-17
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299.
Max CVSS
9.0
EPSS Score
0.17%
Published
2013-08-31
Updated
2020-02-17
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595.
Max CVSS
9.0
EPSS Score
0.17%
Published
2013-08-31
Updated
2020-02-17
Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493.
Max CVSS
5.0
EPSS Score
0.18%
Published
2013-08-31
Updated
2020-02-17
Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254.
Max CVSS
6.3
EPSS Score
0.18%
Published
2013-08-31
Updated
2020-02-17
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080.
Max CVSS
9.0
EPSS Score
0.17%
Published
2013-08-31
Updated
2020-02-17
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.
Max CVSS
9.0
EPSS Score
0.17%
Published
2013-08-31
Updated
2020-02-17
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502.
Max CVSS
9.0
EPSS Score
0.17%
Published
2013-08-31
Updated
2020-02-17
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983.
Max CVSS
10.0
EPSS Score
0.88%
Published
2013-08-31
Updated
2020-02-17
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122.
Max CVSS
9.0
EPSS Score
0.17%
Published
2013-08-31
Updated
2020-02-17
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.
Max CVSS
10.0
EPSS Score
0.53%
Published
2013-08-31
Updated
2020-02-17
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249.
Max CVSS
9.0
EPSS Score
0.29%
Published
2013-08-31
Updated
2020-02-17
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896.
Max CVSS
9.0
EPSS Score
0.29%
Published
2013-08-31
Updated
2020-02-17
Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate.
Max CVSS
5.8
EPSS Score
0.06%
Published
2013-08-31
Updated
2020-02-17
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.
Max CVSS
4.3
EPSS Score
1.77%
Published
2013-08-31
Updated
2018-08-13
Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.
Max CVSS
4.3
EPSS Score
0.13%
Published
2013-08-31
Updated
2020-02-17
Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.
Max CVSS
4.3
EPSS Score
0.14%
Published
2015-01-06
Updated
2020-02-17
XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.
Max CVSS
4.0
EPSS Score
0.13%
Published
2015-06-02
Updated
2016-11-28
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.
Max CVSS
9.3
EPSS Score
0.35%
Published
2017-06-01
Updated
2017-06-08
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-08-02
Updated
2020-02-17
Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
5.4
EPSS Score
0.07%
Published
2016-07-12
Updated
2020-02-17
The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.
Max CVSS
9.0
EPSS Score
0.21%
Published
2016-04-12
Updated
2020-02-17
243 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!