Paloaltonetworks PAN-OS vulnerabilities

CVE-2016-9149 [MEDIUM] CWE-19 CVE-2016-9149: The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x b The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.

CVE-2016-5195 [HIGH] CWE-362 CVE-2016-5195: Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to ga Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

CVE-2016-1712 [HIGH] CWE-20 CVE-2016-1712: Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1. Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.

CVE-2016-2219 [MEDIUM] CWE-79 CVE-2016-2219: Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7. Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2016-4971 [HIGH] CVE-2016-4971: GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

CVE-2016-3657 [CRITICAL] CWE-119 CVE-2016-3657: Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.

CVE-2016-3655 [CRITICAL] CWE-20 CVE-2016-3655: The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.

CVE-2016-3654 [HIGH] CWE-20 CVE-2016-3654: The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.

CVE-2016-3656 [HIGH] CWE-119 CVE-2016-3656: The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x befo The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request.

CVE-2015-4162 [MEDIUM] CVE-2015-4162: XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x bef XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.

CVE-2014-3764 [MEDIUM] CWE-79 CVE-2014-3764: Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto N Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.

CVE-2012-6600 [CRITICAL] CWE-78 CVE-2012-6600: The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1 The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502.

CVE-2012-6599 [CRITICAL] CWE-78 CVE-2012-6599: The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1 The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.

CVE-2012-6598 [CRITICAL] CWE-78 CVE-2012-6598: The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080.

CVE-2012-6591 [CRITICAL] CWE-78 CVE-2012-6591: The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x be The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116.

CVE-2012-6594 [CRITICAL] CWE-78 CVE-2012-6594: The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x befor The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299.

CVE-2012-6603 [CRITICAL] CWE-287 CVE-2012-6603: The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x bef The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.

CVE-2012-6602 [CRITICAL] CWE-78 CVE-2012-6602: The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x be The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122.

CVE-2012-6593 [CRITICAL] CWE-78 CVE-2012-6593: Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute ar Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088.

CVE-2012-6595 [CRITICAL] CWE-78 CVE-2012-6595: The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1 The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595.