Filtered by vendor Paloaltonetworks
Subscribe
Total
293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1975 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 6.5 MEDIUM | 6.8 MEDIUM |
| Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions. | |||||
| CVE-2019-1583 | 1 Paloaltonetworks | 1 Twistlock | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. | |||||
| CVE-2019-1582 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | |||||
| CVE-2019-1581 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4. | |||||
| CVE-2019-1580 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. | |||||
| CVE-2019-1578 | 1 Paloaltonetworks | 1 Minemeld | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. | |||||
| CVE-2019-1577 | 1 Paloaltonetworks | 1 Traps | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-1576 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | |||||
| CVE-2019-1575 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. | |||||
| CVE-2019-1574 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. | |||||
| CVE-2019-1573 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. | |||||
| CVE-2019-1572 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | |||||
| CVE-2019-1571 | 1 Paloaltonetworks | 1 Expedition | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. | |||||
| CVE-2019-1570 | 1 Paloaltonetworks | 1 Expedition | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | |||||
| CVE-2019-1569 | 1 Paloaltonetworks | 1 Expedition | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. | |||||
| CVE-2019-1568 | 1 Paloaltonetworks | 1 Demisto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | |||||
| CVE-2019-1567 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | |||||
| CVE-2019-1566 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-1565 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-1559 | 13 Canonical, Debian, F5 and 10 more | 90 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 87 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). | |||||