Filtered by vendor Paloaltonetworks
Subscribe
Total
217 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-1980 | 1 Paloaltonetworks | 1 Pan-os | 2020-03-13 | 7.2 HIGH | 7.8 HIGH |
A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions. | |||||
CVE-2020-1975 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-18 | 6.5 MEDIUM | 8.8 HIGH |
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions. | |||||
CVE-2012-6591 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116. | |||||
CVE-2012-6590 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | N/A |
The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139. | |||||
CVE-2019-17440 | 1 Paloaltonetworks | 3 Pa-7050, Pa-7080, Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted. | |||||
CVE-2012-6606 | 1 Paloaltonetworks | 2 Globalprotect, Netconnect | 2020-02-17 | 5.8 MEDIUM | N/A |
Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2012-6605 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896. | |||||
CVE-2012-6604 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249. | |||||
CVE-2012-6603 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. | |||||
CVE-2012-6602 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122. | |||||
CVE-2012-6601 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983. | |||||
CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | |||||
CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | |||||
CVE-2012-6598 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080. | |||||
CVE-2012-6597 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 6.3 MEDIUM | N/A |
Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254. | |||||
CVE-2012-6596 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 5.0 MEDIUM | N/A |
Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493. | |||||
CVE-2012-6595 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595. | |||||
CVE-2012-6594 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299. | |||||
CVE-2012-6593 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088. | |||||
CVE-2012-6592 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091. |