Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15940 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | 9.8 CRITICAL |
| The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2017-15941 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-15942 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface. | |||||
| CVE-2017-15943 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | |||||
| CVE-2017-15944 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. | |||||
| CVE-2017-16878 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. | |||||
| CVE-2017-17841 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | |||||
| CVE-2017-5583 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-5584 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7216 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. | |||||
| CVE-2017-7644 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541. | |||||
| CVE-2017-7945 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. | |||||
| CVE-2017-8390 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. | |||||
| CVE-2017-9458 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2017-9459 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9467 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-10139 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. | |||||
| CVE-2018-10140 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. | |||||
| CVE-2018-10141 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-10142 | 1 Paloaltonetworks | 1 Expedition | 2020-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | |||||
| CVE-2018-10143 | 1 Paloaltonetworks | 1 Expedition | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. | |||||
| CVE-2018-7636 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | |||||
| CVE-2018-8715 | 1 Embedthis | 1 Appweb | 2020-02-17 | 6.8 MEDIUM | 8.1 HIGH |
| The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. | |||||
| CVE-2018-9242 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 6.6 MEDIUM | 5.5 MEDIUM |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | |||||
| CVE-2018-9334 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 2.1 LOW | 5.5 MEDIUM |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. | |||||
| CVE-2018-9335 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-9337 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-15015 | 1 Zingbox | 1 Inspector | 2020-02-17 | 7.2 HIGH | 8.4 HIGH |
| In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. | |||||
| CVE-2019-15016 | 1 Zingbox | 1 Inspector | 2020-02-17 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. | |||||
| CVE-2019-15017 | 1 Zingbox | 1 Inspector | 2020-02-17 | 7.2 HIGH | 8.4 HIGH |
| The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. | |||||
| CVE-2019-15019 | 1 Zingbox | 1 Inspector | 2020-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. | |||||
| CVE-2019-15022 | 1 Zingbox | 1 Inspector | 2020-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. | |||||
| CVE-2019-15023 | 1 Zingbox | 1 Inspector | 2020-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. | |||||
| CVE-2019-1565 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-1567 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | |||||
| CVE-2019-1568 | 1 Paloaltonetworks | 1 Demisto | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | |||||
| CVE-2019-17440 | 1 Paloaltonetworks | 3 Pa-7050, Pa-7080, Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted. | |||||
| CVE-2016-10945 | 1 Pagelines | 1 Pagelines | 2020-02-17 | 6.8 MEDIUM | 8.8 HIGH |
| The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. | |||||
| CVE-2016-10953 | 1 Headwaythemes | 1 Headway | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Headway theme before 3.8.9 for WordPress has XSS via the license key field. | |||||
| CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2020-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | |||||
| CVE-2016-10961 | 1 Inkthemes | 1 Colorway | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter. | |||||
| CVE-2016-10993 | 1 Scoreme Project | 1 Scoreme | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter. | |||||
| CVE-2016-10994 | 1 Truemag Theme Project | 1 Truemag Theme | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. | |||||
| CVE-2020-6399 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-6401 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2020-6405 | 1 Google | 1 Chrome | 2020-02-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-6412 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2020-6413 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. | |||||
| CVE-2020-6414 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6417 | 1 Google | 1 Chrome | 2020-02-17 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. | |||||
