CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16878
https://notcve.org/view.php?id=CVE-2017-16878
10 Jan 2018 — Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. Múltiples vulnerabilidades Cross-Site Scripting (XSS) en la función Captive Portal en Palo Alto Networks PAN-OS en versiones anteriores a la 8.0.7 permiten que los atacantes remotos inyecten scripts web o HTML arbitrarios aprovechándose de una configuración no especificada. • http://www.securitytracker.com/id/1040148 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 24EXPL: 0CVE-2017-17841
https://notcve.org/view.php?id=CVE-2017-17841
10 Jan 2018 — Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. Palo Alto Networks PAN-OS 6.1, 7.1 y 8.0.x anteriores a 8.0.7, cuando una interfaz implementa un descifrado SSL con RSA o alberga una puerta de enlace o portal GlobalProtect, podría permitir que los atacantes remotos... • http://www.securityfocus.com/bid/102458 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-15941
https://notcve.org/view.php?id=CVE-2017-15941
10 Jan 2018 — Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Palo Alto Networks PAN-OS en versiones anteriores a 6.1.19, 7.0.x anteriores a 7.0.19, 7.1.x anteriores a 7.1.14 y 8.0.x anteriores a 8.0.7, cuando la puerta de enlace o po... • http://www.securityfocus.com/bid/102446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 4EXPL: 0CVE-2017-15940
https://notcve.org/view.php?id=CVE-2017-15940
11 Dec 2017 — The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors. El componente de gestión de captura de paquetes de la interfaz web en Palo Alto Networks PAN-OS en versiones anteriores a la 6.1.19; versiones 7.0.x anteriores a la 7.0.19; versiones 7.1.x anteriores a la 7.1.14 y versiones 8.0.x anteriores a la 8.0.6 permite que ... • http://www.securityfocus.com/bid/102076 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2017-15942
https://notcve.org/view.php?id=CVE-2017-15942
11 Dec 2017 — Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface. Palo Alto Networks PAN-OS en versiones anteriores a la 6.1.19; versiones 7.0.x anteriores a la 7.0.19; versiones 7.1.x anteriores a la 7.1.13 y versiones 8.0.x anteriores a la 8.0.6 permite que atacantes remotos provoquen una denegación de servicio (DoS) mediante vectores relacionados con la interfaz de... • http://www.securityfocus.com/bid/102075 •
CVSS: 9.8EPSS: 94%CPEs: 4EXPL: 10CVE-2017-15944 – Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-15944
11 Dec 2017 — Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. Palo Alto Networks PAN-OS en versiones anteriores a la 6.1.19; versiones 7.0.x anteriores a la 7.0.19; versiones 7.1.x anteriores a la 07/01/2014 y versiones 8.0.x anteriores a la 8.0.6 permite que atacantes remotos ejecuten código arbitrario mediante vectores relacionados con la interfaz de gestión. Three ... • https://packetstorm.news/files/id/147523 •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2017-12416
https://notcve.org/view.php?id=CVE-2017-12416
07 Sep 2017 — Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la interfaz de puerta de enlace interna y externa de GlobalProtect en Palo Alto Networks PAN-OS en versiones anteriores... • http://www.securityfocus.com/bid/100619 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 29EXPL: 0CVE-2017-9458
https://notcve.org/view.php?id=CVE-2017-9458
07 Sep 2017 — XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. Una vulnerabilidad de tipo XML External Entity (XXE) en la interfaz de puerta de enlace interna y externa de GlobalProtect en Palo Alto Net... • http://www.securityfocus.com/bid/100614 • CWE-611: Improper Restriction of XML External Entity Reference CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 14%CPEs: 31EXPL: 0CVE-2017-8390
https://notcve.org/view.php?id=CVE-2017-8390
02 Aug 2017 — The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. El proxy DNS en Palo Alto Networks PAN-OS en sus versiones anteriores a la 6.1.18, todas las 7.x antes de la 7.0.16, todas las 7.1.x antes de la 7.1.11 y todas las 8.x antes de la 8.0.3 permite a los atacantes remotos que ejecuten código arbitrario a través de un nombre de dominio especialmente manipulado. • http://www.securityfocus.com/bid/99911 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2017-9459
https://notcve.org/view.php?id=CVE-2017-9459
02 Aug 2017 — Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la interfaz web de gestión en Palo Alto Networks PAN-OS en sus versiones anteriores a la 6.1.18, todas las 7.x antes de la 7.0.16, todas las 7.1.x antes de la 7.1.11 y todas las 8.x antes d... • http://www.securityfocus.com/bid/99902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •