API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 25th, 2018
253
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
MXML 30.49 KB | None | 0 0
raw download clone embed print report
  1. <oval_definitions>
  2.   <definitions>
  3.     <definition id="117">
  4.       <metadata>
  5.         <title>ROBOT attack against PAN-OS</title>
  6.         <affected>
  7.           <product>PAN-OS 6.1.19 and earlier, PAN-OS 7.1.14 and earlier, PAN-OS 8.0.6-h3 and earlier</product>
  8.         </affected>
  9.         <reference ref_id="CVE-2017-17841"/>
  10.       </metadata>
  11.     </definition>
  12.     <definition id="105">
  13.       <metadata>
  14.         <title>Command Injection in PAN-OS</title>
  15.         <affected>
  16.           <product>PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.6 and earlier</product>
  17.         </affected>
  18.         <reference ref_id="CVE-2017-15940"/>
  19.       </metadata>
  20.     </definition>
  21.     <definition id="102">
  22.       <metadata>
  23.         <title>Vulnerability in PAN-OS and Panorama on Management Interface</title>
  24.         <affected>
  25.           <product>PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, and PAN-OS 7.1.13 and earlier.</product>
  26.         </affected>
  27.         <reference ref_id="CVE-2017-15944"/>
  28.       </metadata>
  29.     </definition>
  30.     <definition id="114">
  31.       <metadata>
  32.         <title>Cross Site Scripting in PAN-OS Captive Portal</title>
  33.         <affected>
  34.           <product>PAN-OS 8.0.6-h3 and earlier.</product>
  35.         </affected>
  36.         <reference ref_id="CVE-2017-16878"/>
  37.       </metadata>
  38.     </definition>
  39.     <definition id="111">
  40.       <metadata>
  41.         <title>Cross Site Scripting Vulnerability in PAN-OS GlobalProtect</title>
  42.         <affected>
  43.           <product>PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.6-h3 and earlier.</product>
  44.         </affected>
  45.         <reference ref_id="CVE-2017-15941"/>
  46.       </metadata>
  47.     </definition>
  48.     <definition id="96">
  49.       <metadata>
  50.         <title>Denial of Service Against GlobalProtect</title>
  51.         <affected>
  52.           <product>PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.12 and earlier, PAN-OS 8.0.5 and earlier</product>
  53.         </affected>
  54.         <reference ref_id="CVE-2017-15942"/>
  55.       </metadata>
  56.     </definition>
  57.     <definition id="99">
  58.       <metadata>
  59.         <title>Server-Side Request Forgery in PAN-OS</title>
  60.         <affected>
  61.           <product>PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier</product>
  62.         </affected>
  63.         <reference ref_id="CVE-2017-15943"/>
  64.       </metadata>
  65.     </definition>
  66.     <definition id="92">
  67.       <metadata>
  68.         <title>NTP Vulnerability</title>
  69.         <affected>
  70.           <product>PAN-OS 6.1, PAN-OS 7.0.17 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.3 and earlier</product>
  71.         </affected>
  72.         <reference ref_id="CVE-2017-6460"/>
  73.       </metadata>
  74.     </definition>
  75.     <definition id="93">
  76.       <metadata>
  77.         <title>Cross-Site Scripting in PAN-OS</title>
  78.         <affected>
  79.           <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.16 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.2 and earlier</product>
  80.         </affected>
  81.         <reference ref_id="CVE-2017-12416"/>
  82.       </metadata>
  83.     </definition>
  84.     <definition id="94">
  85.       <metadata>
  86.         <title>XML External Entity (XXE) in PAN-OS</title>
  87.         <affected>
  88.           <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.16 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.2 and earlier</product>
  89.         </affected>
  90.         <reference ref_id="CVE-2017-9458"/>
  91.       </metadata>
  92.     </definition>
  93.     <definition id="91">
  94.       <metadata>
  95.         <title>Vulnerability in the PAN-OS DNS Proxy</title>
  96.         <affected>
  97.           <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.9 and earlier, PAN-OS 8.0.2 and earlier</product>
  98.         </affected>
  99.         <reference ref_id="CVE-2017-8390"/>
  100.       </metadata>
  101.     </definition>
  102.     <definition id="90">
  103.       <metadata>
  104.         <title>Cross-Site Scripting in PAN-OS</title>
  105.         <affected>
  106.           <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier</product>
  107.         </affected>
  108.         <reference ref_id="CVE-2017-9467"/>
  109.       </metadata>
  110.     </definition>
  111.     <definition id="89">
  112.       <metadata>
  113.         <title>Cross-Site Scripting in the Management Web Interface</title>
  114.         <affected>
  115.           <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier</product>
  116.         </affected>
  117.         <reference ref_id="CVE-2017-9459"/>
  118.       </metadata>
  119.     </definition>
  120.     <definition id="88">
  121.       <metadata>
  122.         <title>Kernel Vulnerability</title>
  123.         <affected>
  124.           <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier</product>
  125.         </affected>
  126.         <reference ref_id="CVE-2016-10229"/>
  127.       </metadata>
  128.     </definition>
  129.     <definition id="87">
  130.       <metadata>
  131.         <title>OpenSSL Vulnerability</title>
  132.         <affected>
  133.           <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier</product>
  134.         </affected>
  135.         <reference ref_id="CVE-2016-8610"/>
  136.       </metadata>
  137.     </definition>
  138.     <definition id="85">
  139.       <metadata>
  140.         <title>Kernel Vulnerability</title>
  141.         <affected>
  142.           <product>PAN-OS 6.1, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.9 and earlier</product>
  143.         </affected>
  144.         <reference ref_id="CVE-2016-5696"/>
  145.       </metadata>
  146.     </definition>
  147.     <definition id="86">
  148.       <metadata>
  149.         <title>WGET Vulnerability</title>
  150.         <affected>
  151.           <product>PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.9 and earlier, PAN-OS 8.0</product>
  152.         </affected>
  153.         <reference ref_id="PAN-SA-2017-0016"/>
  154.       </metadata>
  155.     </definition>
  156.     <definition id="82">
  157.       <metadata>
  158.         <title>OpenSSL Vulnerability</title>
  159.         <affected>
  160.           <product>PAN-OS 6.1, PAN-OS 7.0.14 and earlier, PAN-OS 7.1, PAN-OS 8.0</product>
  161.         </affected>
  162.         <reference ref_id="CVE-2017-3731"/>
  163.       </metadata>
  164.     </definition>
  165.     <definition id="84">
  166.       <metadata>
  167.         <title>Brute force attack on the PAN-OS GlobalProtect external interface</title>
  168.         <affected>
  169.           <product>PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.8 and earlier, PAN-OS 8.0.1 and earlier</product>
  170.         </affected>
  171.         <reference ref_id="CVE-2017-7945"/>
  172.       </metadata>
  173.     </definition>
  174.     <definition id="83">
  175.       <metadata>
  176.         <title>Information Disclosure in the Management Web Interface</title>
  177.         <affected>
  178.           <product>PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.8 and earlier</product>
  179.         </affected>
  180.         <reference ref_id="CVE-2017-7644"/>
  181.       </metadata>
  182.     </definition>
  183.     <definition id="73">
  184.       <metadata>
  185.         <title>Kernel Vulnerability</title>
  186.         <affected>
  187.           <product>PAN-OS 5.1, PAN-OS 6.0, PAN-OS 6.1, PAN-OS 7.0.13, PAN-OS 7.1.7 and earlier</product>
  188.         </affected>
  189.         <reference ref_id="CVE-2016-5195"/>
  190.       </metadata>
  191.     </definition>
  192.     <definition id="81">
  193.       <metadata>
  194.         <title>Cross-Site Scripting in PAN-OS</title>
  195.         <affected>
  196.           <product>PAN-OS 7.0.14 and earlier</product>
  197.         </affected>
  198.         <reference ref_id="CVE-2017-7409"/>
  199.       </metadata>
  200.     </definition>
  201.     <definition id="80">
  202.       <metadata>
  203.         <title>Information Disclosure in the Management Web Interface</title>
  204.         <affected>
  205.           <product>PAN-OS 7.1.8 and earlier</product>
  206.         </affected>
  207.         <reference ref_id="CVE-2017-7216"/>
  208.       </metadata>
  209.     </definition>
  210.     <definition id="79">
  211.       <metadata>
  212.         <title>Local Privilege Escalation in the Management Web Interface</title>
  213.         <affected>
  214.           <product>PAN-OS 7.1.8 and earlier</product>
  215.         </affected>
  216.         <reference ref_id="CVE-2017-7218"/>
  217.       </metadata>
  218.     </definition>
  219.     <definition id="78">
  220.       <metadata>
  221.         <title>Tampering of temporary export files in the Management Web Interface</title>
  222.         <affected>
  223.           <product>PAN-OS 7.0.13 and earlier, PAN-OS 7.1.8 and earlier</product>
  224.         </affected>
  225.         <reference ref_id="CVE-2017-7217"/>
  226.       </metadata>
  227.     </definition>
  228.     <definition id="75">
  229.       <metadata>
  230.         <title>Information Disclosure in the Management Web Interface</title>
  231.         <affected>
  232.           <product>PAN-OS 6.1.15 and earlier, PAN-OS 7.0.12 and earlier, PAN-OS 7.1.7 and earlier</product>
  233.         </affected>
  234.         <reference ref_id="CVE-2017-5583"/>
  235.       </metadata>
  236.     </definition>
  237.     <definition id="74">
  238.       <metadata>
  239.         <title>Cross-Site Scripting in the Management Web Interface</title>
  240.         <affected>
  241.           <product>PAN-OS 5.1, PAN-OS 6.0, PAN-OS 6.1.15 and earlier, PAN-OS 7.0.12 and earlier, PAN-OS 7.1.7 and earlier</product>
  242.         </affected>
  243.         <reference ref_id="CVE-2017-5584"/>
  244.       </metadata>
  245.     </definition>
  246.     <definition id="60">
  247.       <metadata>
  248.         <title>Web interface denial of service</title>
  249.         <affected>
  250.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</product>
  251.         </affected>
  252.         <reference ref_id="PAN-SA-2016-0027"/>
  253.       </metadata>
  254.     </definition>
  255.     <definition id="70">
  256.       <metadata>
  257.         <title>XPath Injection</title>
  258.         <affected>
  259.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</product>
  260.         </affected>
  261.         <reference ref_id="PAN-SA-2016-0037"/>
  262.       </metadata>
  263.     </definition>
  264.     <definition id="69">
  265.       <metadata>
  266.         <title>OpenSSH Vulnerability</title>
  267.         <affected>
  268.           <product>PAN-OS 5.0.X and earlier; PAN-OS 5.1.X and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</product>
  269.         </affected>
  270.         <reference ref_id="CVE-2016-6210"/>
  271.       </metadata>
  272.     </definition>
  273.     <definition id="68">
  274.       <metadata>
  275.         <title>Buffer Overflow in the Management Web Interface</title>
  276.         <affected>
  277.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</product>
  278.         </affected>
  279.         <reference ref_id="PAN-SA-2016-0035"/>
  280.       </metadata>
  281.     </definition>
  282.     <definition id="67">
  283.       <metadata>
  284.         <title>Local Privilege Escalation</title>
  285.         <affected>
  286.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</product>
  287.         </affected>
  288.         <reference ref_id="PAN-SA-2016-0034"/>
  289.       </metadata>
  290.     </definition>
  291.     <definition id="66">
  292.       <metadata>
  293.         <title>Cross-Site Scripting in Captive Portal</title>
  294.         <affected>
  295.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier</product>
  296.         </affected>
  297.         <reference ref_id="PAN-SA-2016-0033"/>
  298.       </metadata>
  299.     </definition>
  300.     <definition id="65">
  301.       <metadata>
  302.         <title>Insecure Browser API Token Generation</title>
  303.         <affected>
  304.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier</product>
  305.         </affected>
  306.         <reference ref_id="PAN-SA-2016-0032"/>
  307.       </metadata>
  308.     </definition>
  309.     <definition id="58">
  310.       <metadata>
  311.         <title>Kernel Vulnerabilities</title>
  312.         <affected>
  313.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier</product>
  314.         </affected>
  315.         <reference ref_id="CVE-2015-5364,CVE-2015-5366&#13;"/>
  316.       </metadata>
  317.     </definition>
  318.     <definition id="64">
  319.       <metadata>
  320.         <title>Cross-Site Scripting in Web Interface</title>
  321.         <affected>
  322.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.13 and earlier; PAN-OS 7.0.9 and earlier; PAN-OS 7.1.4 and earlier</product>
  323.         </affected>
  324.         <reference ref_id="PAN-SA-2016-0031"/>
  325.       </metadata>
  326.     </definition>
  327.     <definition id="63">
  328.       <metadata>
  329.         <title>OpenSSL Vulnerabilities</title>
  330.         <affected>
  331.           <product>PAN-OS 5.0; PAN-OS 5.1; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.11 and earlier</product>
  332.         </affected>
  333.         <reference ref_id="CVE-2016-0704,CVE-2016-0703,CVE-2016-0800"/>
  334.       </metadata>
  335.     </definition>
  336.     <definition id="52">
  337.       <metadata>
  338.         <title>NTP Vulnerabilities</title>
  339.         <affected>
  340.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.1 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earlier</product>
  341.         </affected>
  342.         <reference ref_id="CVE-2015-7978,CVE-2015-8138,CVE-2015-7975,CVE-2015-7977,CVE-2015-7974,CVE-2015-7976,CVE-2015-7979,CVE-2015-7973"/>
  343.       </metadata>
  344.     </definition>
  345.     <definition id="54">
  346.       <metadata>
  347.         <title>Glibc DNS Resolver Vulnerability</title>
  348.         <affected>
  349.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier; PAN-OS 7.1.3 and earlier</product>
  350.         </affected>
  351.         <reference ref_id="PAN-SA-2016-0021"/>
  352.       </metadata>
  353.     </definition>
  354.     <definition id="62">
  355.       <metadata>
  356.         <title>Insecure Server Configuration</title>
  357.         <affected>
  358.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier</product>
  359.         </affected>
  360.         <reference ref_id="PAN-SA-2016-0029"/>
  361.       </metadata>
  362.     </definition>
  363.     <definition id="61">
  364.       <metadata>
  365.         <title>OpenSSL Vulnerabilities</title>
  366.         <affected>
  367.           <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier</product>
  368.         </affected>
  369.         <reference ref_id="CVE-2014-8176,CVE-2015-1792,CVE-2015-1789,CVE-2015-1788,CVE-2015-4000,CVE-2015-1790,CVE-2015-1791"/>
  370.       </metadata>
  371.     </definition>
  372.     <definition id="59">
  373.       <metadata>
  374.         <title>GlobalProtect Portal Version Disclosure</title>
  375.         <affected>
  376.           <product>PAN-OS 7.0.9 and earlier; PAN-OS 7.1.4 and earlier</product>
  377.         </affected>
  378.         <reference ref_id="PAN-SA-2016-0026"/>
  379.       </metadata>
  380.     </definition>
  381.     <definition id="45">
  382.       <metadata>
  383.         <title>Local privilege escalation</title>
  384.         <affected>
  385.           <product>PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier</product>
  386.         </affected>
  387.         <reference ref_id="PAN-SA-2016-0012"/>
  388.       </metadata>
  389.     </definition>
  390.     <definition id="57">
  391.       <metadata>
  392.         <title>Web interface denial of service</title>
  393.         <affected>
  394.           <product>PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.2 and earlier</product>
  395.         </affected>
  396.         <reference ref_id="PAN-SA-2016-0024"/>
  397.       </metadata>
  398.     </definition>
  399.     <definition id="42">
  400.       <metadata>
  401.         <title>Cross-site scripting vulnerability</title>
  402.         <affected>
  403.           <product>PAN-OS 7.0.1 to PAN-OS 7.0.7</product>
  404.         </affected>
  405.         <reference ref_id="PAN-SA-2016-0009"/>
  406.       </metadata>
  407.     </definition>
  408.     <definition id="44">
  409.       <metadata>
  410.         <title>OpenSSH vulnerabilities</title>
  411.         <affected>
  412.           <product>PAN-OS 7.0.9 and earlier; PAN-OS 7.1.2 and earlier</product>
  413.         </affected>
  414.         <reference ref_id="CVE-2016-0778"/>
  415.       </metadata>
  416.     </definition>
  417.     <definition id="53">
  418.       <metadata>
  419.         <title>OpenSSL Vulnerabilities</title>
  420.         <affected>
  421.           <product>PAN-OS 5.0.X; PAN-OS-5.1.X; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earlier</product>
  422.         </affected>
  423.         <reference ref_id="CVE-2016-2842,CVE-2014-8176,CVE-2015-1792,CVE-2016-2108,CVE-2015-1789,CVE-2015-1788,CVE-2015-1790,CVE-2015-4000,CVE-2016-2109,CVE-2016-2176,CVE-2015-3195,CVE-2016-2106,CVE-2016-2107,CVE-2015-1794,CVE-2016-2105,CVE-2015-1791"/>
  424.       </metadata>
  425.     </definition>
  426.     <definition id="49">
  427.       <metadata>
  428.         <title>Web Interface Privilege Escalation</title>
  429.         <affected>
  430.           <product>PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.10 and earlier; PAN-OS 7.0.4 and earlier</product>
  431.         </affected>
  432.         <reference ref_id="PAN-SA-2016-0016"/>
  433.       </metadata>
  434.     </definition>
  435.     <definition id="48">
  436.       <metadata>
  437.         <title>Cron local privilege escalation</title>
  438.         <affected>
  439.           <product>PAN-OS 5.0.18 and prior; PAN-OS 5.1.11 and prior; PAN-OS 6.0.13 and prior; PAN-OS 6.1.11 and prior; PAN-OS 7.0.6 and prior; PAN-OS 7.1.1 and prior</product>
  440.         </affected>
  441.         <reference ref_id="PAN-SA-2016-0015"/>
  442.       </metadata>
  443.     </definition>
  444.     <definition id="47">
  445.       <metadata>
  446.         <title>Cross-site scripting issue in policy</title>
  447.         <affected>
  448.           <product>PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier</product>
  449.         </affected>
  450.         <reference ref_id="PAN-SA-2016-0014"/>
  451.       </metadata>
  452.     </definition>
  453.     <definition id="46">
  454.       <metadata>
  455.         <title>Captive Portal denial of service</title>
  456.         <affected>
  457.           <product>PAN-OS 5.0.18 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.6 and earlier; PAN-OS 7.1.1 and earlier</product>
  458.         </affected>
  459.         <reference ref_id="PAN-SA-2016-0013"/>
  460.       </metadata>
  461.     </definition>
  462.     <definition id="41">
  463.       <metadata>
  464.         <title>PAN-OS API denial of service</title>
  465.         <affected>
  466.           <product>PAN-OS 7.0.1 to PAN-OS 7.0.7</product>
  467.         </affected>
  468.         <reference ref_id="PAN-SA-2016-0008"/>
  469.       </metadata>
  470.     </definition>
  471.     <definition id="39">
  472.       <metadata>
  473.         <title>HTTP Header Evasion</title>
  474.         <affected>
  475.           <product>PAN-OS releases 5.0.X; 6.0.X; 6.1.X; 7.0.X and 7.1.0</product>
  476.         </affected>
  477.         <reference ref_id="PAN-SA-2016-0006"/>
  478.       </metadata>
  479.     </definition>
  480.     <definition id="38">
  481.       <metadata>
  482.         <title>Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface</title>
  483.         <affected>
  484.           <product>PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.4 and prior</product>
  485.         </affected>
  486.         <reference ref_id="PAN-SA-2016-0005"/>
  487.       </metadata>
  488.     </definition>
  489.     <definition id="37">
  490.       <metadata>
  491.         <title>Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface</title>
  492.         <affected>
  493.           <product>PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.5 and prior</product>
  494.         </affected>
  495.         <reference ref_id="PAN-SA-2016-0004"/>
  496.       </metadata>
  497.     </definition>
  498.     <definition id="36">
  499.       <metadata>
  500.         <title>Unauthenticated Command Injection in Management Web Interface</title>
  501.         <affected>
  502.           <product>PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.4 and prior</product>
  503.         </affected>
  504.         <reference ref_id="PAN-SA-2016-0003"/>
  505.       </metadata>
  506.     </definition>
  507.     <definition id="35">
  508.       <metadata>
  509.         <title>Command Injection in Command Line Interface</title>
  510.         <affected>
  511.           <product>PAN-OS releases 5.0.17 and prior; 5.1.10 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.5 and prior</product>
  512.         </affected>
  513.         <reference ref_id="PAN-SA-2016-0002"/>
  514.       </metadata>
  515.     </definition>
  516.     <definition id="33">
  517.       <metadata>
  518.         <title>API key automatic revocation</title>
  519.         <affected>
  520.           <product>PAN-OS versions prior to PAN-OS 7.0.2 and PAN-OS 6.1.7</product>
  521.         </affected>
  522.         <reference ref_id="PAN-SA-2015-0006"/>
  523.       </metadata>
  524.     </definition>
  525.     <definition id="32">
  526.       <metadata>
  527.         <title>Device management authentication bypass</title>
  528.         <affected>
  529.           <product>PAN-OS 7.0.0</product>
  530.         </affected>
  531.         <reference ref_id="PAN-SA-2015-0005"/>
  532.       </metadata>
  533.     </definition>
  534.     <definition id="29">
  535.       <metadata>
  536.         <title>GHOST: glibc vulnerability (CVE-2015-0235)</title>
  537.         <affected>
  538.           <product>PAN-OS versions prior to PAN-OS 7.0.1</product>
  539.         </affected>
  540.         <reference ref_id="CVE-2015-0235"/>
  541.       </metadata>
  542.     </definition>
  543.     <definition id="31">
  544.       <metadata>
  545.         <title>XML External Entity (XXE) Vulnerability</title>
  546.         <affected>
  547.           <product>PAN-OS 5.0.15 and earlier; PAN-OS 6.0.7 and earlier; PAN-OS 6.1.3 and earlier</product>
  548.         </affected>
  549.         <reference ref_id="PAN-SA-2015-0004"/>
  550.       </metadata>
  551.     </definition>
  552.     <definition id="30">
  553.       <metadata>
  554.         <title>Cross-site Scripting Vulnerability</title>
  555.         <affected>
  556.           <product>PAN-OS 6.1.2 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier</product>
  557.         </affected>
  558.         <reference ref_id="PAN-SA-2015-0003"/>
  559.       </metadata>
  560.     </definition>
  561.     <definition id="28">
  562.       <metadata>
  563.         <title>Padding-oracle attack on TLS CBC cipher mode (CVE-2014-8730)</title>
  564.         <affected>
  565.           <product>PAN-OS 6.1.1 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier</product>
  566.         </affected>
  567.         <reference ref_id="PAN-SA-2015-0001"/>
  568.       </metadata>
  569.     </definition>
  570.     <definition id="27">
  571.       <metadata>
  572.         <title>Cross-site scripting vulnerability</title>
  573.         <affected>
  574.           <product>PAN-OS version 6.0.5 and earlier; 5.1.9 and earlier; 5.0.14 and earlier.</product>
  575.         </affected>
  576.         <reference ref_id="CVE-2014-3764"/>
  577.       </metadata>
  578.     </definition>
  579.     <definition id="25">
  580.       <metadata>
  581.         <title>SSL 3.0 MITM Attack (CVE-2014-3566)</title>
  582.         <affected>
  583.           <product>PAN-OS 6.1.1 and earlier; PAN-OS 6.0.7 and earlier; PAN-OS 5.1.x and PAN-OS 5.0.x.</product>
  584.         </affected>
  585.         <reference ref_id="PAN-SA-2014-0005"/>
  586.       </metadata>
  587.     </definition>
  588.     <definition id="24">
  589.       <metadata>
  590.         <title>Bash Shell remote code execution (CVE-2014-6271, CVE-2014-7169)</title>
  591.         <affected>
  592.           <product>This issue affects PAN-OS and Panorama 5.0.14 and earlier; 5.1.9 and earlier; 6.0.5 and earlier; and 6.1.0 and earlier.</product>
  593.         </affected>
  594.         <reference ref_id="PAN-SA-2014-0004"/>
  595.       </metadata>
  596.     </definition>
  597.     <definition id="23">
  598.       <metadata>
  599.         <title>OpenSSL Man-in-the-middle vulnerability (CVE-2014-0224)</title>
  600.         <affected>
  601.           <product>All versions of PAN-OS / Panorama.</product>
  602.         </affected>
  603.         <reference ref_id="CVE-2014-0224,CVEs"/>
  604.       </metadata>
  605.     </definition>
  606.     <definition id="22">
  607.       <metadata>
  608.         <title>Cross-site Scripting Vulnerability</title>
  609.         <affected>
  610.           <product>PAN-OS version 5.0.9 and earlier; 5.1.4 and earlier.</product>
  611.         </affected>
  612.         <reference ref_id="PAN-SA-2014-0002"/>
  613.       </metadata>
  614.     </definition>
  615.     <definition id="21">
  616.       <metadata>
  617.         <title>Management API Key Bypass</title>
  618.         <affected>
  619.           <product>PAN-OS version 4.1.15 and earlier; 5.0.9 and earlier; 5.1.4 and earlier.</product>
  620.         </affected>
  621.         <reference ref_id="PAN-SA-2014-0001"/>
  622.       </metadata>
  623.     </definition>
  624.     <definition id="20">
  625.       <metadata>
  626.         <title>Cross-site Scripting Vulnerability</title>
  627.         <affected>
  628.           <product>PAN-OS version 4.1.12 and earlier; 5.0.5 and earlier.</product>
  629.         </affected>
  630.         <reference ref_id="PAN-SA-2013-0002"/>
  631.       </metadata>
  632.     </definition>
  633.     <definition id="19">
  634.       <metadata>
  635.         <title>App-ID Cache Poisoning</title>
  636.         <affected>
  637.           <product>All versions of PAN-OS 5.0.1 and earlier.</product>
  638.         </affected>
  639.         <reference ref_id="PAN-SA-2013-0001"/>
  640.       </metadata>
  641.     </definition>
  642.     <definition id="1">
  643.       <metadata>
  644.         <title>Verbose Error Messages</title>
  645.         <affected>
  646.           <product>PAN-OS 4.0.7 and earlier;  PAN-OS 3.0.x is not affected.</product>
  647.         </affected>
  648.         <reference ref_id="PAN-SA-2012-0001"/>
  649.       </metadata>
  650.     </definition>
  651.     <definition id="2">
  652.       <metadata>
  653.         <title>Command Injection Vulnerability</title>
  654.         <affected>
  655.           <product>PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier.</product>
  656.         </affected>
  657.         <reference ref_id="PAN-SA-2012-0002"/>
  658.       </metadata>
  659.     </definition>
  660.     <definition id="3">
  661.       <metadata>
  662.         <title>Command Injection Vulnerability</title>
  663.         <affected>
  664.           <product>PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier.</product>
  665.         </affected>
  666.         <reference ref_id="PAN-SA-2012-0003"/>
  667.       </metadata>
  668.     </definition>
  669.     <definition id="4">
  670.       <metadata>
  671.         <title>Command Injection Vulnerability</title>
  672.         <affected>
  673.           <product>PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier.</product>
  674.         </affected>
  675.         <reference ref_id="PAN-SA-2012-0004"/>
  676.       </metadata>
  677.     </definition>
  678.     <definition id="5">
  679.       <metadata>
  680.         <title>Command Injection Vulnerability</title>
  681.         <affected>
  682.           <product>PAN-OS 4.1.0 and earlier; PAN-OS 4.0.7 and earlier; PAN-OS 3.1.10 and earlier.</product>
  683.         </affected>
  684.         <reference ref_id="PAN-SA-2012-0005"/>
  685.       </metadata>
  686.     </definition>
  687.     <definition id="6">
  688.       <metadata>
  689.         <title>Command Injection Vulnerability</title>
  690.         <affected>
  691.           <product>PAN-OS 4.1.1 and earlier; PAN-OS 4.0.8 and earlier;  PAN-OS 3.0.x is not affected.</product>
  692.         </affected>
  693.         <reference ref_id="PAN-SA-2012-0006"/>
  694.       </metadata>
  695.     </definition>
  696.     <definition id="7">
  697.       <metadata>
  698.         <title>LDAP Passwords Logged in Clear Text</title>
  699.         <affected>
  700.           <product>PAN-OS 4.1.2 and earlier; PAN-OS 4.0.8 and earlier; PAN-OS 3.1 is not affected.</product>
  701.         </affected>
  702.         <reference ref_id="PAN-SA-2012-0007"/>
  703.       </metadata>
  704.     </definition>
  705.     <definition id="8">
  706.       <metadata>
  707.         <title>Management Server DOS Vulnerability</title>
  708.         <affected>
  709.           <product>PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.</product>
  710.         </affected>
  711.         <reference ref_id="PAN-SA-2012-0008"/>
  712.       </metadata>
  713.     </definition>
  714.     <definition id="9">
  715.       <metadata>
  716.         <title>Command Injection Vulnerability</title>
  717.         <affected>
  718.           <product>PAN-OS 4.0.7 and earlier;  PAN-OS 3.0.x is not affected.</product>
  719.         </affected>
  720.         <reference ref_id="PAN-SA-2012-0009"/>
  721.       </metadata>
  722.     </definition>
  723.     <definition id="10">
  724.       <metadata>
  725.         <title>Command Injection Vulnerability</title>
  726.         <affected>
  727.           <product>PAN-OS 4.1.0 and earlier; PAN-OS 4.0.7 and earlier; PAN-OS 3.0.x is not affected.</product>
  728.         </affected>
  729.         <reference ref_id="PAN-SA-2012-0010"/>
  730.       </metadata>
  731.     </definition>
  732.     <definition id="11">
  733.       <metadata>
  734.         <title>Command Injection Vulnerability</title>
  735.         <affected>
  736.           <product>PAN-OS 4.1.1 and earlier; PAN-OS 4.0.8 and earlier; PAN-OS 3.0.x is not affected.</product>
  737.         </affected>
  738.         <reference ref_id="PAN-SA-2012-0011"/>
  739.       </metadata>
  740.     </definition>
  741.     <definition id="12">
  742.       <metadata>
  743.         <title>Command Injection Vulnerability</title>
  744.         <affected>
  745.           <product>PAN-OS 4.1.3 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.</product>
  746.         </affected>
  747.         <reference ref_id="PAN-SA-2012-0012"/>
  748.       </metadata>
  749.     </definition>
  750.     <definition id="13">
  751.       <metadata>
  752.         <title>Command Injection Vulnerability</title>
  753.         <affected>
  754.           <product>PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier.</product>
  755.         </affected>
  756.         <reference ref_id="PAN-SA-2012-0013"/>
  757.       </metadata>
  758.     </definition>
  759.     <definition id="14">
  760.       <metadata>
  761.         <title>Credential Bypass Vulnerability</title>
  762.         <affected>
  763.           <product>PAN-OS 4.1.3 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.</product>
  764.         </affected>
  765.         <reference ref_id="PAN-SA-2012-0014"/>
  766.       </metadata>
  767.     </definition>
  768.     <definition id="15">
  769.       <metadata>
  770.         <title>Command Injection Vulnerability</title>
  771.         <affected>
  772.           <product>PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.</product>
  773.         </affected>
  774.         <reference ref_id="PAN-SA-2012-0015"/>
  775.       </metadata>
  776.     </definition>
  777.     <definition id="16">
  778.       <metadata>
  779.         <title>Command Injection Vulnerability</title>
  780.         <affected>
  781.           <product>PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.</product>
  782.         </affected>
  783.         <reference ref_id="PAN-SA-2012-0016"/>
  784.       </metadata>
  785.     </definition>
  786.     <definition id="17">
  787.       <metadata>
  788.         <title>OpenSSL Plain Text Recovery Attack Vulnerability</title>
  789.         <affected>
  790.           <product>PAN-OS 4.1.2 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.</product>
  791.         </affected>
  792.         <reference ref_id="PAN-SA-2012-0017"/>
  793.       </metadata>
  794.     </definition>
  795.   </definitions>
  796. </oval_definitions>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!