Page 9 of 61 results (0.062 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. La interfaz de gestión web de PAN-OS, en versiones 7.1.21 y anteriores, en las 8.0.14 y anteriores y en las 8.1.5 y anteriores, puede permitir a un atacante no autenticado inyectar JavaScript o HTML arbitrario. • http://www.securityfocus.com/bid/106750 https://security.paloaltonetworks.com/CVE-2019-1566 https://www.purplemet.com/blog/palo-alto-firewall-multiple-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. Las listas dinámicas externas en PAN-OS, en versiones 7.1.21 y anteriores, en las 8.0.14 y anteriores y en las 8.1.5 y anteriores, podrían permitir que un atacante autenticado en Next Generation Firewall con permisos de escritura en la configuración External Dynamic List inyecte JavaScript o HTML arbitrario. • http://www.securityfocus.com/bid/106752 https://security.paloaltonetworks.com/CVE-2019-1565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. La página GlobalProtect Portal Login en Palo Alto Networks PAN-OS en versiones anteriores a la 8.1.4 permite que un atacante no autenticado inyecte JavaScript o HTML arbitrarios. • https://security.paloaltonetworks.com/CVE-2018-10141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 2

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. _set_key en agent/helpers/table_container.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UDP manipulado, lo que resulta en una denegación de servicio (DoS). • https://www.exploit-db.com/exploits/45547 http://www.securityfocus.com/bid/106265 https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf https://dumpco.re/blog/net-snmp-5.7.3-remote-dos https://security.netapp.com/advisory/ntap-20181107-0001 https://security.paloaltonetworks.com/CVE-2018-18065 https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d https://usn.ubuntu.com/3792-1 https://usn.ubuntu.com/3792-2 https://usn.ubuntu.com/3792-3 • CWE-476: NULL Pointer Dereference •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. La página de respuesta PAN-OS para GlobalProtect Gateway en Palo Alto Networks PAN-OS 6.1.21 y anteriores, PAN-OS 7.1.18 y anteriores, PAN-OS 8.0.11 y anteriores podría permitir que un atacante no autenticado inyecte código HTML o JavaScript arbitrario. PAN-OS 8.1 no se ve afectado. • http://www.securityfocus.com/bid/105111 http://www.securitytracker.com/id/1041544 https://security.paloaltonetworks.com/CVE-2018-10139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •