CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2015-6531
https://notcve.org/view.php?id=CVE-2015-6531
01 Jun 2017 — Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. Palo Alto Networks Panorama VM Appliance con PAN-OS anterior a la versión 6.0.1 podría permitir a atacantes remotos ejecutar código Python arbitrario a través de un archivo de imagen modificado. • http://www.securityfocus.com/bid/76862 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7216
https://notcve.org/view.php?id=CVE-2017-7216
02 May 2017 — The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. La interfaz de gestión web de Palo Alto Networks PAN-OS en versiones anteriores a la 7.1.9 permite a los usuarios remotos autenticados obtener información confidencial a través de parámetros de solicitud no especificados. • http://www.securityfocus.com/bid/97590 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2017-7644
https://notcve.org/view.php?id=CVE-2017-7644
29 Apr 2017 — The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541. La interfaz de gestión web en PAN-OS de Palo Alto Networks versiones anteriores a 6.1.17, versiones 7.x anteriores a 7.1.9 y versiones 7.1.x anteriores a 7.1.9 permite a usuarios autenticados remotos la obtención de información sensible aprovechand... • https://security.paloaltonetworks.com/CVE-2017-7644 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 0CVE-2017-7945
https://notcve.org/view.php?id=CVE-2017-7945
29 Apr 2017 — The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. La interfaz externa de GlobalProtect en PAN-OS de Palo Alto Networks en versiones anteriores a 6.1.17, en versiones 7.... • https://security.paloaltonetworks.com/CVE-2017-7945 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7409
https://notcve.org/view.php?id=CVE-2017-7409
21 Apr 2017 — Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. Palo Alto Networks PAN-OS en la versiones anteriores a 7.0.15 tiene XSS en la interfaz externa de GlobalProtect a través de parámetros de solicitud manipulada, vulnerabilidad también conocida como PAN-SA-2017-0011 y PAN-70674. • http://www.securityfocus.com/bid/97953 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2017-7217
https://notcve.org/view.php?id=CVE-2017-7217
14 Apr 2017 — The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. La interfaz web de gestión de Palo Alto Networks PAN-OS en versiones anteriores a 7.0.14 y 7.1.x en versiones anteriores a 7.1.9 permite a los atacantes remotos escribir para exportar archivos a través de parámetros no especificados. • http://www.securityfocus.com/bid/97598 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7218
https://notcve.org/view.php?id=CVE-2017-7218
14 Apr 2017 — The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. La Management Web Interface en Palo Alto Networks PAN-OS en versiones anteriores a 7.1.9 permite a los usuarios autenticados remotos obtener privilegios mediante parámetros de petición no especificados. • http://www.securityfocus.com/bid/97592 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2017-5583
https://notcve.org/view.php?id=CVE-2017-5583
15 Mar 2017 — The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. La Management Web Interface en Palo Alto Networks PAN-OS en versiones anteriores a 6.1.16, 7.0.x en versiones anteriores a 7.0.13 y 7.1.x en versiones anteriores a 7.1.8 permite a usuarios remotos autenticados leer archivos arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/96370 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 52EXPL: 0CVE-2017-5584
https://notcve.org/view.php?id=CVE-2017-5584
15 Mar 2017 — Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Management Web Interface en Palo Alto Networks PAN-OS 5.1, 6.x en versiones anteriores a 6.1.16, 7.0.x en versiones anteriores a 7.0.13 y 7.1.x en versiones anteriores a 7.1.8 permite a usuarios remotos autenticados ... • http://www.securityfocus.com/bid/96371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 69%CPEs: 87EXPL: 1CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
https://notcve.org/view.php?id=CVE-2016-8610
30 Jan 2017 — A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL de... • https://github.com/cujanovic/CVE-2016-8610-PoC • CWE-400: Uncontrolled Resource Consumption •