Vendor CVEs
Paloaltonetworks
All CVEs
417 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-1978 | 0.00 | — | 0.00 | Apr 8, 2020 | TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the… | |||
| CVE-2020-1979 | 0.00 | — | 0.01 | Mar 11, 2020 | A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating… | |||
| CVE-2020-1980 | 0.00 | — | 0.01 | Mar 11, 2020 | A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later… | |||
| CVE-2020-1981 | 0.00 | — | 0.00 | Mar 11, 2020 | A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This… | |||
| CVE-2020-1977 | 0.00 | — | 0.01 | Feb 12, 2020 | Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool… | |||
| CVE-2020-1976 | 0.00 | — | 0.00 | Feb 12, 2020 | A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS. | |||
| CVE-2020-1975 | 0.00 | — | 0.01 | Feb 12, 2020 | Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0… | |||
| CVE-2019-17440 | 0.00 | — | 0.02 | Dec 20, 2019 | Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to… | |||
| CVE-2019-17437 | 0.00 | — | 0.00 | Dec 5, 2019 | An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions… | |||
| CVE-2019-18646 | 0.00 | — | 0.01 | Nov 14, 2019 | The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | |||
| CVE-2019-18647 | 0.00 | — | 0.02 | Nov 14, 2019 | The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. | |||
| CVE-2019-18648 | 0.00 | — | 0.01 | Nov 14, 2019 | When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. | |||
| CVE-2019-18649 | 0.00 | — | 0.01 | Nov 14, 2019 | When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. | |||
| CVE-2019-17435 | 0.00 | — | 0.00 | Oct 16, 2019 | A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk… | |||
| CVE-2019-17436 | 0.00 | — | 0.00 | Oct 16, 2019 | A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | |||
| CVE-2019-15014 | 0.00 | — | 0.02 | Oct 9, 2019 | A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. | |||
| CVE-2019-15018 | 0.00 | — | 0.01 | Oct 9, 2019 | A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. | |||
| CVE-2019-15020 | 0.00 | — | 0.01 | Oct 9, 2019 | A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. | |||
| CVE-2019-15023 | 0.00 | — | 0.01 | Oct 9, 2019 | A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. | |||
| CVE-2019-15017 | 0.00 | — | 0.00 | Oct 9, 2019 | The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. | |||
| CVE-2019-15016 | 0.00 | — | 0.01 | Oct 9, 2019 | An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. | |||
| CVE-2019-15019 | 0.00 | — | 0.01 | Oct 9, 2019 | A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. | |||
| CVE-2019-15021 | 0.00 | — | 0.01 | Oct 9, 2019 | A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. | |||
| CVE-2019-1584 | 0.00 | — | 0.03 | Oct 9, 2019 | A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. | |||
| CVE-2019-15015 | 0.00 | — | 0.00 | Oct 9, 2019 | In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. | |||
| CVE-2019-15022 | 0.00 | — | 0.01 | Oct 9, 2019 | A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. | |||
| CVE-2019-1583 | 0.00 | — | 0.01 | Aug 23, 2019 | Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to… | |||
| CVE-2019-1582 | 0.00 | — | 0.01 | Aug 23, 2019 | Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | |||
| CVE-2019-1581 | 0.00 | — | 0.03 | Aug 23, 2019 | A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25;… | |||
| CVE-2019-1580 | 0.00 | — | 0.03 | Aug 23, 2019 | Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. | |||
| CVE-2019-1575 | 0.00 | — | 0.02 | Jul 16, 2019 | Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML… | |||
| CVE-2019-1576 | 0.00 | — | 0.02 | Jul 16, 2019 | Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | |||
| CVE-2019-1578 | 0.00 | — | 0.01 | Jul 1, 2019 | Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. | |||
| CVE-2019-1577 | 0.00 | — | 0.01 | Jul 1, 2019 | Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | |||
| CVE-2019-1568 | 0.00 | — | 0.01 | May 9, 2019 | Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | |||
| CVE-2019-1574 | 0.00 | — | 0.01 | Apr 12, 2019 | Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. | |||
| CVE-2019-1573 | 0.00 | — | 0.00 | Apr 9, 2019 | GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them… | |||
| CVE-2019-1567 | 0.00 | — | 0.01 | Apr 9, 2019 | The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | |||
| CVE-2019-1572 | 0.00 | — | 0.02 | Mar 26, 2019 | PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | |||
| CVE-2019-1570 | 0.00 | — | 0.01 | Mar 26, 2019 | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | |||
| CVE-2019-1569 | 0.00 | — | 0.01 | Mar 26, 2019 | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. | |||
| CVE-2019-9627 | 0.00 | — | 0.00 | Mar 8, 2019 | A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. | |||
| CVE-2019-1566 | 0.00 | — | 0.01 | Jan 30, 2019 | The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||
| CVE-2019-1565 | 0.00 | — | 0.01 | Jan 30, 2019 | The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary… | |||
| CVE-2018-10142 | 0.00 | — | 0.02 | Nov 27, 2018 | The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | |||
| CVE-2015-4162 | 0.00 | — | 0.01 | Jun 2, 2015 | XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data. | |||
| CVE-2014-3764 | 0.00 | — | 0.01 | Jan 6, 2015 | Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563. | |||
| CVE-2013-5664 | 0.00 | — | 0.02 | Aug 31, 2013 | Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908. | |||
| CVE-2013-5663 | 0.00 | — | 0.03 | Aug 31, 2013 | The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP… | |||
| CVE-2012-6606 | 0.00 | — | 0.01 | Aug 31, 2013 | Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate. |
- CVE-2020-1978Apr 8, 2020risk 0.00cvss —epss 0.00
TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the…
- CVE-2020-1979Mar 11, 2020risk 0.00cvss —epss 0.01
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating…
- CVE-2020-1980Mar 11, 2020risk 0.00cvss —epss 0.01
A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later…
- CVE-2020-1981Mar 11, 2020risk 0.00cvss —epss 0.00
A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This…
- CVE-2020-1977Feb 12, 2020risk 0.00cvss —epss 0.01
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool…
- CVE-2020-1976Feb 12, 2020risk 0.00cvss —epss 0.00
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
- CVE-2020-1975Feb 12, 2020risk 0.00cvss —epss 0.01
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0…
- CVE-2019-17440Dec 20, 2019risk 0.00cvss —epss 0.02
Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to…
- CVE-2019-17437Dec 5, 2019risk 0.00cvss —epss 0.00
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions…
- CVE-2019-18646Nov 14, 2019risk 0.00cvss —epss 0.01
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
- CVE-2019-18647Nov 14, 2019risk 0.00cvss —epss 0.02
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
- CVE-2019-18648Nov 14, 2019risk 0.00cvss —epss 0.01
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
- CVE-2019-18649Nov 14, 2019risk 0.00cvss —epss 0.01
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
- CVE-2019-17435Oct 16, 2019risk 0.00cvss —epss 0.00
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk…
- CVE-2019-17436Oct 16, 2019risk 0.00cvss —epss 0.00
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.
- CVE-2019-15014Oct 9, 2019risk 0.00cvss —epss 0.02
A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.
- CVE-2019-15018Oct 9, 2019risk 0.00cvss —epss 0.01
A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.
- CVE-2019-15020Oct 9, 2019risk 0.00cvss —epss 0.01
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.
- CVE-2019-15023Oct 9, 2019risk 0.00cvss —epss 0.01
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.
- CVE-2019-15017Oct 9, 2019risk 0.00cvss —epss 0.00
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.
- CVE-2019-15016Oct 9, 2019risk 0.00cvss —epss 0.01
An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.
- CVE-2019-15019Oct 9, 2019risk 0.00cvss —epss 0.01
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.
- CVE-2019-15021Oct 9, 2019risk 0.00cvss —epss 0.01
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network.
- CVE-2019-1584Oct 9, 2019risk 0.00cvss —epss 0.03
A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.
- CVE-2019-15015Oct 9, 2019risk 0.00cvss —epss 0.00
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.
- CVE-2019-15022Oct 9, 2019risk 0.00cvss —epss 0.01
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.
- CVE-2019-1583Aug 23, 2019risk 0.00cvss —epss 0.01
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to…
- CVE-2019-1582Aug 23, 2019risk 0.00cvss —epss 0.01
Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.
- CVE-2019-1581Aug 23, 2019risk 0.00cvss —epss 0.03
A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25;…
- CVE-2019-1580Aug 23, 2019risk 0.00cvss —epss 0.03
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
- CVE-2019-1575Jul 16, 2019risk 0.00cvss —epss 0.02
Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML…
- CVE-2019-1576Jul 16, 2019risk 0.00cvss —epss 0.02
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.
- CVE-2019-1578Jul 1, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser.
- CVE-2019-1577Jul 1, 2019risk 0.00cvss —epss 0.01
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.
- CVE-2019-1568May 9, 2019risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML.
- CVE-2019-1574Apr 12, 2019risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View.
- CVE-2019-1573Apr 9, 2019risk 0.00cvss —epss 0.00
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them…
- CVE-2019-1567Apr 9, 2019risk 0.00cvss —epss 0.01
The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings.
- CVE-2019-1572Mar 26, 2019risk 0.00cvss —epss 0.02
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.
- CVE-2019-1570Mar 26, 2019risk 0.00cvss —epss 0.01
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.
- CVE-2019-1569Mar 26, 2019risk 0.00cvss —epss 0.01
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.
- CVE-2019-9627Mar 8, 2019risk 0.00cvss —epss 0.00
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
- CVE-2019-1566Jan 30, 2019risk 0.00cvss —epss 0.01
The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
- CVE-2019-1565Jan 30, 2019risk 0.00cvss —epss 0.01
The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary…
- CVE-2018-10142Nov 27, 2018risk 0.00cvss —epss 0.02
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.
- CVE-2015-4162Jun 2, 2015risk 0.00cvss —epss 0.01
XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.
- CVE-2014-3764Jan 6, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.
- CVE-2013-5664Aug 31, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.
- CVE-2013-5663Aug 31, 2013risk 0.00cvss —epss 0.03
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP…
- CVE-2012-6606Aug 31, 2013risk 0.00cvss —epss 0.01
Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate.
Page 8 of 9