CVE-2018-9334
https://notcve.org/view.php?id=CVE-2018-9334
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. La página de interfaz web de administración de PAN-OS en PAN-OS 6.1.20 y anteriores, PAN-OS 7.1.16 y anteriores, PAN-OS 8.0.8 y anteriores y PAN-OS 8.1.0 podría permitir que un atacante acceda a los hashes de la contraseña de GlobalProtect de los usuarios locales mediante la manipulación del marcado HTML. • http://www.securityfocus.com/bid/104677 http://www.securitytracker.com/id/1041243 https://security.paloaltonetworks.com/CVE-2018-9334 • CWE-269: Improper Privilege Management •
CVE-2018-9337
https://notcve.org/view.php?id=CVE-2018-9337
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. La página de interfaz web de administración de PAN-OS en PAN-OS 6.1.20 y anteriores, PAN-OS 7.1.17 y anteriores, PAN-OS 8.0.10 y anteriores y PAN-OS 8.1.1 y anteriores podría permitir que un atacante inyecte código HTML o JavaScript arbitrario. • http://www.securityfocus.com/bid/104657 http://www.securitytracker.com/id/1041240 https://security.paloaltonetworks.com/CVE-2018-9337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-9335
https://notcve.org/view.php?id=CVE-2018-9335
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. El navegador web de PAN-OS en PAN-OS 6.1.20 y anteriores, PAN-OS 7.1.16 y anteriores, PAN-OS 8.0.9 y anteriores y PAN-OS 8.1.1 y anteriores podría permitir que un atacante inyecte código HTML o JavaScript arbitrario. • http://www.securityfocus.com/bid/104658 http://www.securitytracker.com/id/1041241 https://security.paloaltonetworks.com/CVE-2018-9335 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-9242
https://notcve.org/view.php?id=CVE-2018-9242
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. La página de interfaz web de administración de PAN-OS en PAN-OS 6.1.20 y anteriores, PAN-OS 7.1.16 y anteriores y PAN-OS 8.0.9 y anteriores podría permitir que un atacante elimine archivos en el sistema mediante parámetros de petición específicos. • http://www.securityfocus.com/bid/104676 http://www.securitytracker.com/id/1041242 https://security.paloaltonetworks.com/CVE-2018-9242 • CWE-20: Improper Input Validation •
CVE-2018-7636
https://notcve.org/view.php?id=CVE-2018-7636
The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. La página "continue page" de filtrado de URL alojada en PAN-OS 8.0.10 y anteriores podría permitir que un atacante inyecte código HTML o JavaScript arbitrario mediante URL especialmente manipuladas. • http://www.securityfocus.com/bid/104673 http://www.securitytracker.com/id/1041207 https://security.paloaltonetworks.com/CVE-2018-7636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •