CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1712
https://notcve.org/view.php?id=CVE-2016-1712
02 Aug 2016 — Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. Palo Alto Networks PAN-OS en versiones anteriores a 5.0.19, 5.1.x en versiones anteriores a 5.1.12, 6.0.x en versiones anteriores a 6.0.14, 6.1.x en versiones anteriores a 6.1.12 y 7.0.x en versiones anteriores a 7.0.8 podría permitir a usuarios locales obtener privile... • http://www.securitytracker.com/id/1036326 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2219
https://notcve.org/view.php?id=CVE-2016-2219
12 Jul 2016 — Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz de administración en Palo Alto Networks PAN-OS 7.x en versiones anteriores a 7.0.8 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario a través de vectores no especificados. • http://www.securitytracker.com/id/1036192 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 93%CPEs: 10EXPL: 9CVE-2016-4971 – GNU Wget < 1.18 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-4971
21 Jun 2016 — GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. GNU wget en versiones anteriores a 1.18 permite a servidores remotos escribir archivos arbitrarios redirigiendo una petición desde HTTP a una fuente FTP manipulada. It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expe... • https://packetstorm.news/files/id/162395 • CWE-73: External Control of File Name or Path •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3654
https://notcve.org/view.php?id=CVE-2016-3654
12 Apr 2016 — The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. La interfaz de línea de comandos (CLI) de administración de dispositivo en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 5.1.x en versiones anteriores a 5.1.11, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en... • https://security.paloaltonetworks.com/CVE-2016-3654 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3656
https://notcve.org/view.php?id=CVE-2016-3656
12 Apr 2016 — The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request. El GlobalProtect Portal en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en versiones anteriores a 6.1.10 y 7.0.x en versiones anteriores a 7.0.5H2 permite a atacantes remotos provocar una denegación de servicio (caída de se... • https://security.paloaltonetworks.com/CVE-2016-3656 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3655
https://notcve.org/view.php?id=CVE-2016-3655
12 Apr 2016 — The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. La interfaz web de administración en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en versiones anteriores a 6.1.10 y 7.0.x en versiones anteriores a 7.0.5 permite a atacantes remotos ejecutar comandos del SO arbitrarios a travé... • https://security.paloaltonetworks.com/CVE-2016-3655 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2016-3657
https://notcve.org/view.php?id=CVE-2016-3657
12 Apr 2016 — Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request. Desbordamiento de buffer en el GlobalProtect Portal en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en versiones anteriores a 6.1.10 y 7.0.x en versiones anteriores a 7.0.... • https://security.paloaltonetworks.com/CVE-2016-3657 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2015-4162
https://notcve.org/view.php?id=CVE-2015-4162
02 Jun 2015 — XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data. Vulnerabilidad de entidad externa XML (XXE) en la interfaz de gestión en PAN-OS anterior a 5.0.16, 6.x anterior a 6.0.8, y 6.1.x anterior a 6.1.4 permite a administradores remotos autenticados obtener información sensible a través de datos XML manipulados. • http://www.securityfocus.com/bid/74941 •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3764
https://notcve.org/view.php?id=CVE-2014-3764
06 Jan 2015 — Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563. Vulnerabilidad de XSS en la interfaz de gestión de dispositivos basados en web en Palo Alto Networks PAN-OS anterior a 5.0.15, 5.1.x anterior a 5.1.10, y 6.0.x anterior a 6.0.6 permite a atacantes remotos inyectar secuencias de coma... • http://secunia.com/advisories/61811 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2012-6596
https://notcve.org/view.php?id=CVE-2012-6596
31 Aug 2013 — Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493. Palo Alto Networks PAN-OS anterior a 4.0.9 y 4.1.x anterior a 4.1.3, almacena en texto calro las contraseñas LDAP bind en authd.log, lo que permite a atacantes dependientes del contexto obtener información sensible mediante la lectura de ese archivo. Aka Ref ID 35493. • https://security.paloaltonetworks.com/CVE-2012-6596 • CWE-255: Credentials Management Errors •