Shodan
Vulnerabilities
Vulnerable Software
Paloaltonetworks:  Security Vulnerabilities
CVE-2018-10141
GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.
CVSS Score
6.1
EPSS Score
0.442
Published
2018-10-12
CVE-2018-18065
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVSS Score
6.5
EPSS Score
0.073
Published
2018-10-08
CVE-2018-14634
Known exploited
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
CVSS Score
7.8
EPSS Score
0.256
Published
2018-09-25
CVE-2018-10139
The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-08-16
CVE-2018-10140
The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.
CVSS Score
4.3
EPSS Score
0.007
Published
2018-08-16
CVE-2018-9337
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-07-03
CVE-2018-7636
The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-07-03
CVE-2018-9242
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-07-03
CVE-2018-9334
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-07-03
CVE-2018-9335
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-07-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved