Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <oval_definitions>
- <definitions>
- <definition id="117">
- <metadata>
- <title>ROBOT attack against PAN-OS</title>
- <affected>
- <product>PAN-OS 6.1.19 and earlier, PAN-OS 7.1.14 and earlier, PAN-OS 8.0.6-h3 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-17841"/>
- </metadata>
- </definition>
- <definition id="105">
- <metadata>
- <title>Command Injection in PAN-OS</title>
- <affected>
- <product>PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.6 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-15940"/>
- </metadata>
- </definition>
- <definition id="102">
- <metadata>
- <title>Vulnerability in PAN-OS and Panorama on Management Interface</title>
- <affected>
- <product>PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, and PAN-OS 7.1.13 and earlier.</product>
- </affected>
- <reference ref_id="CVE-2017-15944"/>
- </metadata>
- </definition>
- <definition id="114">
- <metadata>
- <title>Cross Site Scripting in PAN-OS Captive Portal</title>
- <affected>
- <product>PAN-OS 8.0.6-h3 and earlier.</product>
- </affected>
- <reference ref_id="CVE-2017-16878"/>
- </metadata>
- </definition>
- <definition id="111">
- <metadata>
- <title>Cross Site Scripting Vulnerability in PAN-OS GlobalProtect</title>
- <affected>
- <product>PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.6-h3 and earlier.</product>
- </affected>
- <reference ref_id="CVE-2017-15941"/>
- </metadata>
- </definition>
- <definition id="96">
- <metadata>
- <title>Denial of Service Against GlobalProtect</title>
- <affected>
- <product>PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.12 and earlier, PAN-OS 8.0.5 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-15942"/>
- </metadata>
- </definition>
- <definition id="99">
- <metadata>
- <title>Server-Side Request Forgery in PAN-OS</title>
- <affected>
- <product>PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-15943"/>
- </metadata>
- </definition>
- <definition id="92">
- <metadata>
- <title>NTP Vulnerability</title>
- <affected>
- <product>PAN-OS 6.1, PAN-OS 7.0.17 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.3 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-6460"/>
- </metadata>
- </definition>
- <definition id="93">
- <metadata>
- <title>Cross-Site Scripting in PAN-OS</title>
- <affected>
- <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.16 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.2 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-12416"/>
- </metadata>
- </definition>
- <definition id="94">
- <metadata>
- <title>XML External Entity (XXE) in PAN-OS</title>
- <affected>
- <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.16 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.2 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-9458"/>
- </metadata>
- </definition>
- <definition id="91">
- <metadata>
- <title>Vulnerability in the PAN-OS DNS Proxy</title>
- <affected>
- <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.9 and earlier, PAN-OS 8.0.2 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-8390"/>
- </metadata>
- </definition>
- <definition id="90">
- <metadata>
- <title>Cross-Site Scripting in PAN-OS</title>
- <affected>
- <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-9467"/>
- </metadata>
- </definition>
- <definition id="89">
- <metadata>
- <title>Cross-Site Scripting in the Management Web Interface</title>
- <affected>
- <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-9459"/>
- </metadata>
- </definition>
- <definition id="88">
- <metadata>
- <title>Kernel Vulnerability</title>
- <affected>
- <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier</product>
- </affected>
- <reference ref_id="CVE-2016-10229"/>
- </metadata>
- </definition>
- <definition id="87">
- <metadata>
- <title>OpenSSL Vulnerability</title>
- <affected>
- <product>PAN-OS 6.1.17 and earlier, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.10 and earlier</product>
- </affected>
- <reference ref_id="CVE-2016-8610"/>
- </metadata>
- </definition>
- <definition id="85">
- <metadata>
- <title>Kernel Vulnerability</title>
- <affected>
- <product>PAN-OS 6.1, PAN-OS 7.0.15 and earlier, PAN-OS 7.1.9 and earlier</product>
- </affected>
- <reference ref_id="CVE-2016-5696"/>
- </metadata>
- </definition>
- <definition id="86">
- <metadata>
- <title>WGET Vulnerability</title>
- <affected>
- <product>PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.9 and earlier, PAN-OS 8.0</product>
- </affected>
- <reference ref_id="PAN-SA-2017-0016"/>
- </metadata>
- </definition>
- <definition id="82">
- <metadata>
- <title>OpenSSL Vulnerability</title>
- <affected>
- <product>PAN-OS 6.1, PAN-OS 7.0.14 and earlier, PAN-OS 7.1, PAN-OS 8.0</product>
- </affected>
- <reference ref_id="CVE-2017-3731"/>
- </metadata>
- </definition>
- <definition id="84">
- <metadata>
- <title>Brute force attack on the PAN-OS GlobalProtect external interface</title>
- <affected>
- <product>PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.8 and earlier, PAN-OS 8.0.1 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-7945"/>
- </metadata>
- </definition>
- <definition id="83">
- <metadata>
- <title>Information Disclosure in the Management Web Interface</title>
- <affected>
- <product>PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.8 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-7644"/>
- </metadata>
- </definition>
- <definition id="73">
- <metadata>
- <title>Kernel Vulnerability</title>
- <affected>
- <product>PAN-OS 5.1, PAN-OS 6.0, PAN-OS 6.1, PAN-OS 7.0.13, PAN-OS 7.1.7 and earlier</product>
- </affected>
- <reference ref_id="CVE-2016-5195"/>
- </metadata>
- </definition>
- <definition id="81">
- <metadata>
- <title>Cross-Site Scripting in PAN-OS</title>
- <affected>
- <product>PAN-OS 7.0.14 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-7409"/>
- </metadata>
- </definition>
- <definition id="80">
- <metadata>
- <title>Information Disclosure in the Management Web Interface</title>
- <affected>
- <product>PAN-OS 7.1.8 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-7216"/>
- </metadata>
- </definition>
- <definition id="79">
- <metadata>
- <title>Local Privilege Escalation in the Management Web Interface</title>
- <affected>
- <product>PAN-OS 7.1.8 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-7218"/>
- </metadata>
- </definition>
- <definition id="78">
- <metadata>
- <title>Tampering of temporary export files in the Management Web Interface</title>
- <affected>
- <product>PAN-OS 7.0.13 and earlier, PAN-OS 7.1.8 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-7217"/>
- </metadata>
- </definition>
- <definition id="75">
- <metadata>
- <title>Information Disclosure in the Management Web Interface</title>
- <affected>
- <product>PAN-OS 6.1.15 and earlier, PAN-OS 7.0.12 and earlier, PAN-OS 7.1.7 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-5583"/>
- </metadata>
- </definition>
- <definition id="74">
- <metadata>
- <title>Cross-Site Scripting in the Management Web Interface</title>
- <affected>
- <product>PAN-OS 5.1, PAN-OS 6.0, PAN-OS 6.1.15 and earlier, PAN-OS 7.0.12 and earlier, PAN-OS 7.1.7 and earlier</product>
- </affected>
- <reference ref_id="CVE-2017-5584"/>
- </metadata>
- </definition>
- <definition id="60">
- <metadata>
- <title>Web interface denial of service</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0027"/>
- </metadata>
- </definition>
- <definition id="70">
- <metadata>
- <title>XPath Injection</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0037"/>
- </metadata>
- </definition>
- <definition id="69">
- <metadata>
- <title>OpenSSH Vulnerability</title>
- <affected>
- <product>PAN-OS 5.0.X and earlier; PAN-OS 5.1.X and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</product>
- </affected>
- <reference ref_id="CVE-2016-6210"/>
- </metadata>
- </definition>
- <definition id="68">
- <metadata>
- <title>Buffer Overflow in the Management Web Interface</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0035"/>
- </metadata>
- </definition>
- <definition id="67">
- <metadata>
- <title>Local Privilege Escalation</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0034"/>
- </metadata>
- </definition>
- <definition id="66">
- <metadata>
- <title>Cross-Site Scripting in Captive Portal</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0033"/>
- </metadata>
- </definition>
- <definition id="65">
- <metadata>
- <title>Insecure Browser API Token Generation</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0032"/>
- </metadata>
- </definition>
- <definition id="58">
- <metadata>
- <title>Kernel Vulnerabilities</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.4 and earlier</product>
- </affected>
- <reference ref_id="CVE-2015-5364,CVE-2015-5366 "/>
- </metadata>
- </definition>
- <definition id="64">
- <metadata>
- <title>Cross-Site Scripting in Web Interface</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.13 and earlier; PAN-OS 7.0.9 and earlier; PAN-OS 7.1.4 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0031"/>
- </metadata>
- </definition>
- <definition id="63">
- <metadata>
- <title>OpenSSL Vulnerabilities</title>
- <affected>
- <product>PAN-OS 5.0; PAN-OS 5.1; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.11 and earlier</product>
- </affected>
- <reference ref_id="CVE-2016-0704,CVE-2016-0703,CVE-2016-0800"/>
- </metadata>
- </definition>
- <definition id="52">
- <metadata>
- <title>NTP Vulnerabilities</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.1 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earlier</product>
- </affected>
- <reference ref_id="CVE-2015-7978,CVE-2015-8138,CVE-2015-7975,CVE-2015-7977,CVE-2015-7974,CVE-2015-7976,CVE-2015-7979,CVE-2015-7973"/>
- </metadata>
- </definition>
- <definition id="54">
- <metadata>
- <title>Glibc DNS Resolver Vulnerability</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier; PAN-OS 7.1.3 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0021"/>
- </metadata>
- </definition>
- <definition id="62">
- <metadata>
- <title>Insecure Server Configuration</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0029"/>
- </metadata>
- </definition>
- <definition id="61">
- <metadata>
- <title>OpenSSL Vulnerabilities</title>
- <affected>
- <product>PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier</product>
- </affected>
- <reference ref_id="CVE-2014-8176,CVE-2015-1792,CVE-2015-1789,CVE-2015-1788,CVE-2015-4000,CVE-2015-1790,CVE-2015-1791"/>
- </metadata>
- </definition>
- <definition id="59">
- <metadata>
- <title>GlobalProtect Portal Version Disclosure</title>
- <affected>
- <product>PAN-OS 7.0.9 and earlier; PAN-OS 7.1.4 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0026"/>
- </metadata>
- </definition>
- <definition id="45">
- <metadata>
- <title>Local privilege escalation</title>
- <affected>
- <product>PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0012"/>
- </metadata>
- </definition>
- <definition id="57">
- <metadata>
- <title>Web interface denial of service</title>
- <affected>
- <product>PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.2 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0024"/>
- </metadata>
- </definition>
- <definition id="42">
- <metadata>
- <title>Cross-site scripting vulnerability</title>
- <affected>
- <product>PAN-OS 7.0.1 to PAN-OS 7.0.7</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0009"/>
- </metadata>
- </definition>
- <definition id="44">
- <metadata>
- <title>OpenSSH vulnerabilities</title>
- <affected>
- <product>PAN-OS 7.0.9 and earlier; PAN-OS 7.1.2 and earlier</product>
- </affected>
- <reference ref_id="CVE-2016-0778"/>
- </metadata>
- </definition>
- <definition id="53">
- <metadata>
- <title>OpenSSL Vulnerabilities</title>
- <affected>
- <product>PAN-OS 5.0.X; PAN-OS-5.1.X; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earlier</product>
- </affected>
- <reference ref_id="CVE-2016-2842,CVE-2014-8176,CVE-2015-1792,CVE-2016-2108,CVE-2015-1789,CVE-2015-1788,CVE-2015-1790,CVE-2015-4000,CVE-2016-2109,CVE-2016-2176,CVE-2015-3195,CVE-2016-2106,CVE-2016-2107,CVE-2015-1794,CVE-2016-2105,CVE-2015-1791"/>
- </metadata>
- </definition>
- <definition id="49">
- <metadata>
- <title>Web Interface Privilege Escalation</title>
- <affected>
- <product>PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.10 and earlier; PAN-OS 7.0.4 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0016"/>
- </metadata>
- </definition>
- <definition id="48">
- <metadata>
- <title>Cron local privilege escalation</title>
- <affected>
- <product>PAN-OS 5.0.18 and prior; PAN-OS 5.1.11 and prior; PAN-OS 6.0.13 and prior; PAN-OS 6.1.11 and prior; PAN-OS 7.0.6 and prior; PAN-OS 7.1.1 and prior</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0015"/>
- </metadata>
- </definition>
- <definition id="47">
- <metadata>
- <title>Cross-site scripting issue in policy</title>
- <affected>
- <product>PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0014"/>
- </metadata>
- </definition>
- <definition id="46">
- <metadata>
- <title>Captive Portal denial of service</title>
- <affected>
- <product>PAN-OS 5.0.18 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.6 and earlier; PAN-OS 7.1.1 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0013"/>
- </metadata>
- </definition>
- <definition id="41">
- <metadata>
- <title>PAN-OS API denial of service</title>
- <affected>
- <product>PAN-OS 7.0.1 to PAN-OS 7.0.7</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0008"/>
- </metadata>
- </definition>
- <definition id="39">
- <metadata>
- <title>HTTP Header Evasion</title>
- <affected>
- <product>PAN-OS releases 5.0.X; 6.0.X; 6.1.X; 7.0.X and 7.1.0</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0006"/>
- </metadata>
- </definition>
- <definition id="38">
- <metadata>
- <title>Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface</title>
- <affected>
- <product>PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.4 and prior</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0005"/>
- </metadata>
- </definition>
- <definition id="37">
- <metadata>
- <title>Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface</title>
- <affected>
- <product>PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.5 and prior</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0004"/>
- </metadata>
- </definition>
- <definition id="36">
- <metadata>
- <title>Unauthenticated Command Injection in Management Web Interface</title>
- <affected>
- <product>PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.4 and prior</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0003"/>
- </metadata>
- </definition>
- <definition id="35">
- <metadata>
- <title>Command Injection in Command Line Interface</title>
- <affected>
- <product>PAN-OS releases 5.0.17 and prior; 5.1.10 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.5 and prior</product>
- </affected>
- <reference ref_id="PAN-SA-2016-0002"/>
- </metadata>
- </definition>
- <definition id="33">
- <metadata>
- <title>API key automatic revocation</title>
- <affected>
- <product>PAN-OS versions prior to PAN-OS 7.0.2 and PAN-OS 6.1.7</product>
- </affected>
- <reference ref_id="PAN-SA-2015-0006"/>
- </metadata>
- </definition>
- <definition id="32">
- <metadata>
- <title>Device management authentication bypass</title>
- <affected>
- <product>PAN-OS 7.0.0</product>
- </affected>
- <reference ref_id="PAN-SA-2015-0005"/>
- </metadata>
- </definition>
- <definition id="29">
- <metadata>
- <title>GHOST: glibc vulnerability (CVE-2015-0235)</title>
- <affected>
- <product>PAN-OS versions prior to PAN-OS 7.0.1</product>
- </affected>
- <reference ref_id="CVE-2015-0235"/>
- </metadata>
- </definition>
- <definition id="31">
- <metadata>
- <title>XML External Entity (XXE) Vulnerability</title>
- <affected>
- <product>PAN-OS 5.0.15 and earlier; PAN-OS 6.0.7 and earlier; PAN-OS 6.1.3 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2015-0004"/>
- </metadata>
- </definition>
- <definition id="30">
- <metadata>
- <title>Cross-site Scripting Vulnerability</title>
- <affected>
- <product>PAN-OS 6.1.2 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2015-0003"/>
- </metadata>
- </definition>
- <definition id="28">
- <metadata>
- <title>Padding-oracle attack on TLS CBC cipher mode (CVE-2014-8730)</title>
- <affected>
- <product>PAN-OS 6.1.1 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier</product>
- </affected>
- <reference ref_id="PAN-SA-2015-0001"/>
- </metadata>
- </definition>
- <definition id="27">
- <metadata>
- <title>Cross-site scripting vulnerability</title>
- <affected>
- <product>PAN-OS version 6.0.5 and earlier; 5.1.9 and earlier; 5.0.14 and earlier.</product>
- </affected>
- <reference ref_id="CVE-2014-3764"/>
- </metadata>
- </definition>
- <definition id="25">
- <metadata>
- <title>SSL 3.0 MITM Attack (CVE-2014-3566)</title>
- <affected>
- <product>PAN-OS 6.1.1 and earlier; PAN-OS 6.0.7 and earlier; PAN-OS 5.1.x and PAN-OS 5.0.x.</product>
- </affected>
- <reference ref_id="PAN-SA-2014-0005"/>
- </metadata>
- </definition>
- <definition id="24">
- <metadata>
- <title>Bash Shell remote code execution (CVE-2014-6271, CVE-2014-7169)</title>
- <affected>
- <product>This issue affects PAN-OS and Panorama 5.0.14 and earlier; 5.1.9 and earlier; 6.0.5 and earlier; and 6.1.0 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2014-0004"/>
- </metadata>
- </definition>
- <definition id="23">
- <metadata>
- <title>OpenSSL Man-in-the-middle vulnerability (CVE-2014-0224)</title>
- <affected>
- <product>All versions of PAN-OS / Panorama.</product>
- </affected>
- <reference ref_id="CVE-2014-0224,CVEs"/>
- </metadata>
- </definition>
- <definition id="22">
- <metadata>
- <title>Cross-site Scripting Vulnerability</title>
- <affected>
- <product>PAN-OS version 5.0.9 and earlier; 5.1.4 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2014-0002"/>
- </metadata>
- </definition>
- <definition id="21">
- <metadata>
- <title>Management API Key Bypass</title>
- <affected>
- <product>PAN-OS version 4.1.15 and earlier; 5.0.9 and earlier; 5.1.4 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2014-0001"/>
- </metadata>
- </definition>
- <definition id="20">
- <metadata>
- <title>Cross-site Scripting Vulnerability</title>
- <affected>
- <product>PAN-OS version 4.1.12 and earlier; 5.0.5 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2013-0002"/>
- </metadata>
- </definition>
- <definition id="19">
- <metadata>
- <title>App-ID Cache Poisoning</title>
- <affected>
- <product>All versions of PAN-OS 5.0.1 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2013-0001"/>
- </metadata>
- </definition>
- <definition id="1">
- <metadata>
- <title>Verbose Error Messages</title>
- <affected>
- <product>PAN-OS 4.0.7 and earlier; PAN-OS 3.0.x is not affected.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0001"/>
- </metadata>
- </definition>
- <definition id="2">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0002"/>
- </metadata>
- </definition>
- <definition id="3">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0003"/>
- </metadata>
- </definition>
- <definition id="4">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0004"/>
- </metadata>
- </definition>
- <definition id="5">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.1.0 and earlier; PAN-OS 4.0.7 and earlier; PAN-OS 3.1.10 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0005"/>
- </metadata>
- </definition>
- <definition id="6">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.1.1 and earlier; PAN-OS 4.0.8 and earlier; PAN-OS 3.0.x is not affected.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0006"/>
- </metadata>
- </definition>
- <definition id="7">
- <metadata>
- <title>LDAP Passwords Logged in Clear Text</title>
- <affected>
- <product>PAN-OS 4.1.2 and earlier; PAN-OS 4.0.8 and earlier; PAN-OS 3.1 is not affected.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0007"/>
- </metadata>
- </definition>
- <definition id="8">
- <metadata>
- <title>Management Server DOS Vulnerability</title>
- <affected>
- <product>PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0008"/>
- </metadata>
- </definition>
- <definition id="9">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.0.7 and earlier; PAN-OS 3.0.x is not affected.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0009"/>
- </metadata>
- </definition>
- <definition id="10">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.1.0 and earlier; PAN-OS 4.0.7 and earlier; PAN-OS 3.0.x is not affected.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0010"/>
- </metadata>
- </definition>
- <definition id="11">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.1.1 and earlier; PAN-OS 4.0.8 and earlier; PAN-OS 3.0.x is not affected.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0011"/>
- </metadata>
- </definition>
- <definition id="12">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.1.3 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0012"/>
- </metadata>
- </definition>
- <definition id="13">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0013"/>
- </metadata>
- </definition>
- <definition id="14">
- <metadata>
- <title>Credential Bypass Vulnerability</title>
- <affected>
- <product>PAN-OS 4.1.3 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0014"/>
- </metadata>
- </definition>
- <definition id="15">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0015"/>
- </metadata>
- </definition>
- <definition id="16">
- <metadata>
- <title>Command Injection Vulnerability</title>
- <affected>
- <product>PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0016"/>
- </metadata>
- </definition>
- <definition id="17">
- <metadata>
- <title>OpenSSL Plain Text Recovery Attack Vulnerability</title>
- <affected>
- <product>PAN-OS 4.1.2 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.</product>
- </affected>
- <reference ref_id="PAN-SA-2012-0017"/>
- </metadata>
- </definition>
- </definitions>
- </oval_definitions>
Advertisement
Add Comment
Please, Sign In to add comment