The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Palo Alto PAN-OS

vulnerability CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

Intel processors: information disclosure via performance measurement

Synthesis of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Impacted products: XenServer, Debian, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, OpenBSD, openSUSE Leap, PAN-OS, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, ESXi, vCenter Server, VMware vSphere Hypervisor, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/05/2019.
Revision date: 15/05/2019.
Identifiers: CERTFR-2019-AVI-209, CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-213, CERTFR-2019-AVI-215, CERTFR-2019-AVI-217, CERTFR-2019-AVI-229, CERTFR-2019-AVI-230, CERTFR-2019-AVI-233, CERTFR-2019-AVI-311, CTX251995, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, DLA-1787-1, DLA-1789-1, DLA-1789-2, DLA-1799-1, DLA-1799-2, DSA-4444-1, DSA-4447-1, DSA-4447-2, FEDORA-2019-0731828893, FEDORA-2019-1f5832fc0e, FEDORA-2019-640f8d8dd1, FEDORA-2019-6458474bf2, FEDORA-2019-c36afa818c, FEDORA-2019-e6bf55e821, FEDORA-2019-eb08fb0c5f, FG-IR-18-002, FreeBSD-SA-19:07.mds, INTEL-SA-00233, openSUSE-SU-2019:1402-1, openSUSE-SU-2019:1403-1, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1405-1, openSUSE-SU-2019:1407-1, openSUSE-SU-2019:1408-1, openSUSE-SU-2019:1419-1, openSUSE-SU-2019:1420-1, openSUSE-SU-2019:1468-1, openSUSE-SU-2019:1505-1, PAN-SA-2019-0012, RHSA-2019:1155-01, RHSA-2019:1167-01, RHSA-2019:1168-01, RHSA-2019:1169-01, RHSA-2019:1170-01, RHSA-2019:1171-01, RHSA-2019:1172-01, RHSA-2019:1174-01, RHSA-2019:1175-01, RHSA-2019:1176-01, RHSA-2019:1177-01, RHSA-2019:1178-01, RHSA-2019:1180-01, RHSA-2019:1181-01, RHSA-2019:1182-01, RHSA-2019:1183-01, RHSA-2019:1184-01, RHSA-2019:1185-01, RHSA-2019:1186-01, RHSA-2019:1187-01, RHSA-2019:1188-01, RHSA-2019:1189-01, RHSA-2019:1190-01, RHSA-2019:1193-01, RHSA-2019:1194-01, RHSA-2019:1195-01, RHSA-2019:1196-01, RHSA-2019:1197-01, RHSA-2019:1198-01, SSA-616472, SUSE-SU-2019:1235-1, SUSE-SU-2019:1236-1, SUSE-SU-2019:1238-1, SUSE-SU-2019:1239-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1243-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1248-1, SUSE-SU-2019:1268-1, SUSE-SU-2019:1269-1, SUSE-SU-2019:1272-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:1296-1, SUSE-SU-2019:1313-1, SUSE-SU-2019:1347-1, SUSE-SU-2019:1348-1, SUSE-SU-2019:1349-1, SUSE-SU-2019:1356-1, SUSE-SU-2019:1371-1, SUSE-SU-2019:14048-1, SUSE-SU-2019:14051-1, SUSE-SU-2019:14052-1, SUSE-SU-2019:14063-1, SUSE-SU-2019:14133-1, SUSE-SU-2019:1423-1, SUSE-SU-2019:1438-1, SUSE-SU-2019:1452-1, SUSE-SU-2019:1490-1, SUSE-SU-2019:1547-1, SUSE-SU-2019:1550-1, SUSE-SU-2019:1909-1, SUSE-SU-2019:1910-1, SUSE-SU-2019:1954-1, Synology-SA-19:24, USN-3977-1, USN-3977-2, USN-3977-3, USN-3978-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, USN-3983-1, USN-3983-2, USN-3984-1, USN-3985-1, USN-3985-2, VIGILANCE-VUL-29300, VMSA-2019-0008, XSA-297, ZombieLoad.

Description of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-8912

Linux kernel: use after free via af_alg_release

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via af_alg_release() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 19/02/2019.
Identifiers: CERTFR-2019-AVI-131, CERTFR-2019-AVI-145, CERTFR-2019-AVI-335, CVE-2019-8912, FEDORA-2019-16de0047d4, FEDORA-2019-7bdeed7fc5, openSUSE-SU-2019:1193-1, PAN-SA-2019-0017, SUSE-SU-2019:0765-1, SUSE-SU-2019:0767-1, USN-3930-1, USN-3930-2, USN-3931-1, USN-3931-2, VIGILANCE-VUL-28540.

Description of the vulnerability

An attacker can force the usage of a freed memory area via af_alg_release() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-1566

Palo Alto PAN-OS: Cross Site Scripting via Management Web Interface

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Management Web Interface of Palo Alto PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 24/01/2019.
Identifiers: CVE-2019-1566, PAN-SA-2019-0002, VIGILANCE-VUL-28362.

Description of the vulnerability

The Palo Alto PAN-OS product offers a web service.

However, it does not filter received data via Management Web Interface before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Management Web Interface of Palo Alto PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-1565

Palo Alto PAN-OS: Cross Site Scripting via External Dynamic Lists

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via External Dynamic Lists of Palo Alto PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 24/01/2019.
Identifiers: CVE-2019-1565, PAN-SA-2019-0001, VIGILANCE-VUL-28361.

Description of the vulnerability

The Palo Alto PAN-OS product offers a web service.

However, it does not filter received data via External Dynamic Lists before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via External Dynamic Lists of Palo Alto PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-10141

Palo Alto PAN-OS: Cross Site Scripting via GlobalProtect Portal Login

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via GlobalProtect Portal Login of Palo Alto PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 12/10/2018.
Identifiers: CVE-2018-10141, PAN-99830, PAN-SA-2018-0014, VIGILANCE-VUL-27494.

Description of the vulnerability

The Palo Alto PAN-OS product offers a web service.

However, it does not filter received data via GlobalProtect Portal Login before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via GlobalProtect Portal Login of Palo Alto PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-18065

Net-SNMP: denial of service via GetNext PDU Multiple Varbinds

Synthesis of the vulnerability

An attacker can generate a fatal error via GetNext PDU Multiple Varbinds of Net-SNMP, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Data ONTAP, Net-SNMP, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user account.
Creation date: 09/10/2018.
Identifiers: bulletinoct2018, CVE-2018-18065, DLA-1540-1, DSA-4314-1, FEDORA-2018-042156f164, NTAP-20181107-0001, openSUSE-SU-2018:3381-1, openSUSE-SU-2018:3508-1, PAN-SA-2019-0007, SUSE-SU-2018:3319-1, SUSE-SU-2018:3333-1, SUSE-SU-2018:3447-1, USN-3792-1, USN-3792-2, USN-3792-3, VIGILANCE-VUL-27441.

Description of the vulnerability

An attacker can generate a fatal error via GetNext PDU Multiple Varbinds of Net-SNMP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-14634

Linux kernel: integer overflow via create_elf_tables

Synthesis of the vulnerability

An attacker can generate an integer overflow via create_elf_tables() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Junos Space, Linux, Palo Alto Firewall PA***, PAN-OS, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 26/09/2018.
Identifiers: CERTFR-2018-AVI-457, CERTFR-2018-AVI-459, CERTFR-2018-AVI-460, CERTFR-2018-AVI-462, CERTFR-2018-AVI-478, CERTFR-2018-AVI-480, CERTFR-2018-AVI-567, CERTFR-2019-AVI-188, CERTFR-2019-AVI-242, CVE-2018-14634, DLA-1529-1, JSA10917, K20934447, PAN-SA-2019-0006, RHSA-2018:2748-01, RHSA-2018:2763-01, RHSA-2018:2846-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, RHSA-2018:3591-01, RHSA-2018:3643-01, SUSE-SU-2018:2879-1, SUSE-SU-2018:2907-1, SUSE-SU-2018:2908-1, SUSE-SU-2018:2908-2, SUSE-SU-2018:3083-1, SUSE-SU-2018:3088-1, USN-3775-1, USN-3775-2, USN-3779-1, VIGILANCE-VUL-27320.

Description of the vulnerability

An attacker can generate an integer overflow via create_elf_tables() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-10139

PAN-OS: Cross Site Scripting via GlobalProtect Response Page

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via GlobalProtect Response Page of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 16/08/2018.
Identifiers: CVE-2018-10139, PAN-84836, PAN-SA-2018-0009, VIGILANCE-VUL-27035.

Description of the vulnerability

The PAN-OS product offers a web service.

However, it does not filter received data via GlobalProtect Response Page before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via GlobalProtect Response Page of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-10140

PAN-OS: denial of service via Management Web Interface

Synthesis of the vulnerability

An attacker can generate a fatal error via Management Web Interface of PAN-OS, in order to trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 16/08/2018.
Identifiers: CVE-2018-10140, PAN-100189, PAN-SA-2018-0010, VIGILANCE-VUL-27034.

Description of the vulnerability

An attacker can generate a fatal error via Management Web Interface of PAN-OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-5391

Linux kernel: denial of service via FragmentSmack

Synthesis of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Impacted products: GAiA, SecurePlatform, CheckPoint Security Gateway, Cisco Aironet, IOS XE Cisco, Nexus by Cisco, Prime Collaboration Assurance, Prime Infrastructure, Cisco Router, Secure ACS, Cisco CUCM, Cisco UCS, Cisco Unified CCX, Cisco IP Phone, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Junos Space, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RHEL, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, Synology DSM, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 16/08/2018.
Identifiers: ADV180022, CERTFR-2018-AVI-390, CERTFR-2018-AVI-392, CERTFR-2018-AVI-419, CERTFR-2018-AVI-457, CERTFR-2018-AVI-478, CERTFR-2018-AVI-533, CERTFR-2019-AVI-233, CERTFR-2019-AVI-242, cisco-sa-20180824-linux-ip-fragment, CVE-2018-5391, DLA-1466-1, DLA-1529-1, DSA-2019-062, DSA-4272-1, FragmentSmack, JSA10917, K74374841, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, openSUSE-SU-2019:0274-1, PAN-SA-2018-0012, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2846-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, RHSA-2018:3459-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, sk134253, SUSE-SU-2018:2344-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2596-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:1289-1, SYMSA1467, Synology-SA-18:44, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, VIGILANCE-VUL-27009, VU#641765.

Description of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Palo Alto PAN-OS: