Search Results | AttackerKB

6 Total Results

Displaying 1-6 of 6

Attacker Value

Unknown

CVE-2017-17841

Disclosure Date: January 10, 2018 (last updated November 26, 2024)

Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Attacker Value

Unknown

CVE-2017-9458

Disclosure Date: September 07, 2017 (last updated November 26, 2024)

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.

Attacker Value

Unknown

CVE-2017-12416

Disclosure Date: September 07, 2017 (last updated November 26, 2024)

Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation.

Attacker Value

Unknown

CVE-2017-8390

Disclosure Date: August 02, 2017 (last updated November 26, 2024)

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name.

Attacker Value

Unknown

CVE-2017-9459

Disclosure Date: August 02, 2017 (last updated November 26, 2024)

Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Attacker Value

Unknown

CVE-2017-9467

Disclosure Date: August 02, 2017 (last updated November 26, 2024)

Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6 Total Results

Displaying 1-6 of 6

Unknown

CVE-2017-17841

Unknown

CVE-2017-9458

Unknown

CVE-2017-12416

Unknown

CVE-2017-8390

Unknown

CVE-2017-9459

Unknown

CVE-2017-9467

Quick Cookie Notification