National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:paloaltonetworks:pan-os:4.0.6
There are 45 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2017-8390

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name.

Published: August 02, 2017; 03:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2015-6531

Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.

Published: June 01, 2017; 12:29:00 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2017-7216

The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters.

Published: May 02, 2017; 11:59:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2017-7945

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.

Published: April 28, 2017; 08:59:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 5.0 MEDIUM
CVE-2017-7644

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541.

Published: April 28, 2017; 08:59:00 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2017-7409

Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.

Published: April 20, 2017; 10:59:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-7218

The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.

Published: April 14, 2017; 10:59:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2017-7217

The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.

Published: April 14, 2017; 10:59:00 AM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2017-5583

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors.

Published: March 15, 2017; 10:59:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2015-4162

XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.

Published: June 02, 2015; 10:59:21 AM -04:00
    V2: 4.0 MEDIUM
CVE-2014-3764

Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.

Published: January 06, 2015; 10:59:01 AM -05:00
    V2: 4.3 MEDIUM
CVE-2013-5664

Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.

Published: August 31, 2013; 01:55:03 PM -04:00
    V2: 4.3 MEDIUM
CVE-2013-5663

The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.

Published: August 31, 2013; 01:55:03 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-6605

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896.

Published: August 31, 2013; 01:55:03 PM -04:00
    V2: 9.0 HIGH
CVE-2012-6604

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249.

Published: August 31, 2013; 01:55:03 PM -04:00
    V2: 9.0 HIGH
CVE-2012-6603

The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.

Published: August 31, 2013; 01:55:03 PM -04:00
    V2: 10.0 HIGH
CVE-2012-6601

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983.

Published: August 31, 2013; 01:55:03 PM -04:00
    V2: 10.0 HIGH
CVE-2012-6600

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502.

Published: August 31, 2013; 01:55:03 PM -04:00
    V2: 9.0 HIGH
CVE-2012-6599

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.

Published: August 31, 2013; 01:55:03 PM -04:00
    V2: 9.0 HIGH
CVE-2012-6598

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080.

Published: August 31, 2013; 01:55:03 PM -04:00
    V2: 9.0 HIGH