CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2017-12416
https://notcve.org/view.php?id=CVE-2017-12416
07 Sep 2017 — Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la interfaz de puerta de enlace interna y externa de GlobalProtect en Palo Alto Networks PAN-OS en versiones anteriores... • http://www.securityfocus.com/bid/100619 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 0CVE-2017-9458
https://notcve.org/view.php?id=CVE-2017-9458
07 Sep 2017 — XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. Una vulnerabilidad de tipo XML External Entity (XXE) en la interfaz de puerta de enlace interna y externa de GlobalProtect en Palo Alto Net... • http://www.securityfocus.com/bid/100614 • CWE-611: Improper Restriction of XML External Entity Reference CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2017-9467
https://notcve.org/view.php?id=CVE-2017-9467
02 Aug 2017 — Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la interfaz externa de GlobalProtect en Palo Alto Networks PAN-OS en sus versiones anteriores a la 6.1.18, todas las 7.x antes de la 7.0.16, todas las 7.1.x antes de la 7.1.11 y tod... • http://www.securityfocus.com/bid/99907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2017-9459
https://notcve.org/view.php?id=CVE-2017-9459
02 Aug 2017 — Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la interfaz web de gestión en Palo Alto Networks PAN-OS en sus versiones anteriores a la 6.1.18, todas las 7.x antes de la 7.0.16, todas las 7.1.x antes de la 7.1.11 y todas las 8.x antes d... • http://www.securityfocus.com/bid/99902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 4%CPEs: 31EXPL: 0CVE-2017-8390
https://notcve.org/view.php?id=CVE-2017-8390
02 Aug 2017 — The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. El proxy DNS en Palo Alto Networks PAN-OS en sus versiones anteriores a la 6.1.18, todas las 7.x antes de la 7.0.16, todas las 7.1.x antes de la 7.1.11 y todas las 8.x antes de la 8.0.3 permite a los atacantes remotos que ejecuten código arbitrario a través de un nombre de dominio especialmente manipulado. • http://www.securityfocus.com/bid/99911 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7216
https://notcve.org/view.php?id=CVE-2017-7216
02 May 2017 — The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. La interfaz de gestión web de Palo Alto Networks PAN-OS en versiones anteriores a la 7.1.9 permite a los usuarios remotos autenticados obtener información confidencial a través de parámetros de solicitud no especificados. • http://www.securityfocus.com/bid/97590 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 0CVE-2017-7945
https://notcve.org/view.php?id=CVE-2017-7945
29 Apr 2017 — The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. La interfaz externa de GlobalProtect en PAN-OS de Palo Alto Networks en versiones anteriores a 6.1.17, en versiones 7.... • https://security.paloaltonetworks.com/CVE-2017-7945 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2017-7644
https://notcve.org/view.php?id=CVE-2017-7644
29 Apr 2017 — The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541. La interfaz de gestión web en PAN-OS de Palo Alto Networks versiones anteriores a 6.1.17, versiones 7.x anteriores a 7.1.9 y versiones 7.1.x anteriores a 7.1.9 permite a usuarios autenticados remotos la obtención de información sensible aprovechand... • https://security.paloaltonetworks.com/CVE-2017-7644 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7409
https://notcve.org/view.php?id=CVE-2017-7409
21 Apr 2017 — Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. Palo Alto Networks PAN-OS en la versiones anteriores a 7.0.15 tiene XSS en la interfaz externa de GlobalProtect a través de parámetros de solicitud manipulada, vulnerabilidad también conocida como PAN-SA-2017-0011 y PAN-70674. • http://www.securityfocus.com/bid/97953 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7218
https://notcve.org/view.php?id=CVE-2017-7218
14 Apr 2017 — The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. La Management Web Interface en Palo Alto Networks PAN-OS en versiones anteriores a 7.1.9 permite a los usuarios autenticados remotos obtener privilegios mediante parámetros de petición no especificados. • http://www.securityfocus.com/bid/97592 • CWE-20: Improper Input Validation •