CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2017-7217
https://notcve.org/view.php?id=CVE-2017-7217
14 Apr 2017 — The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. La interfaz web de gestión de Palo Alto Networks PAN-OS en versiones anteriores a 7.0.14 y 7.1.x en versiones anteriores a 7.1.9 permite a los atacantes remotos escribir para exportar archivos a través de parámetros no especificados. • http://www.securityfocus.com/bid/97598 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 52EXPL: 0CVE-2017-5584
https://notcve.org/view.php?id=CVE-2017-5584
15 Mar 2017 — Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Management Web Interface en Palo Alto Networks PAN-OS 5.1, 6.x en versiones anteriores a 6.1.16, 7.0.x en versiones anteriores a 7.0.13 y 7.1.x en versiones anteriores a 7.1.8 permite a usuarios remotos autenticados ... • http://www.securityfocus.com/bid/96371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2017-5583
https://notcve.org/view.php?id=CVE-2017-5583
15 Mar 2017 — The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. La Management Web Interface en Palo Alto Networks PAN-OS en versiones anteriores a 6.1.16, 7.0.x en versiones anteriores a 7.0.13 y 7.1.x en versiones anteriores a 7.1.8 permite a usuarios remotos autenticados leer archivos arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/96370 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 28%CPEs: 87EXPL: 1CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
https://notcve.org/view.php?id=CVE-2016-8610
30 Jan 2017 — A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL de... • https://github.com/cujanovic/CVE-2016-8610-PoC • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 39%CPEs: 6EXPL: 1CVE-2016-9150 – Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-9150
19 Nov 2016 — Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en la interfaz web de gestión en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.20, 5.1.x en versiones anteriores a 5.1.13, 6.0.x en versiones anteriores a 6.0.15, 6.1.x en versiones anteriores a 6.1.15, 7... • https://www.exploit-db.com/exploits/40790 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9149
https://notcve.org/view.php?id=CVE-2016-9149
19 Nov 2016 — The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. El interprete Addresses Object en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.20, 5.1.x en versiones anteriores a 5.1.13, 6.0.x en versiones anteriores a 6.0.15, 6.1.x en versiones anterio... • http://www.securityfocus.com/bid/94401 • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2016-9151 – Palo Alto Networks PanOS - 'root_trace' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-9151
19 Nov 2016 — Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables. Palo Alto Networks PAN-OS en versiones anteriores a 5.0.20, 5.1.x en versiones anteriores a 5.1.13, 6.0.x en versiones anteriores a 6.0.15, 6.1.x en versiones anteriores a 6.1.15, 7.0.x en versiones anteriores a 7.0.11 y 7.1.x en versiones anteriores a 7.1.6 permite a ... • https://www.exploit-db.com/exploits/40788 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 70%CPEs: 41EXPL: 65CVE-2016-5195 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2016-5195
20 Oct 2016 — Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." La condición de carrera en mm / gup.c en el kernel de Linux 2.x a 4.x antes de 4.8.3 permite a los usuarios locales obtener privilegios aprovechando el manejo incorrecto de una función copy-on-write (COW) para escribir en un read- on... • https://packetstorm.news/files/id/139922 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 93%CPEs: 10EXPL: 9CVE-2016-4971 – GNU Wget < 1.18 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-4971
21 Jun 2016 — GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. GNU wget en versiones anteriores a 1.18 permite a servidores remotos escribir archivos arbitrarios redirigiendo una petición desde HTTP a una fuente FTP manipulada. It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expe... • https://packetstorm.news/files/id/162395 • CWE-73: External Control of File Name or Path •