Vulnerabilities > Paloaltonetworks > Globalprotect > 5.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-0009 | Unspecified vulnerability in Paloaltonetworks Globalprotect A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. | 7.8 |
| 2022-02-10 | CVE-2022-0017 | Link Following vulnerability in Paloaltonetworks Globalprotect An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. | 6.9 |
| 2022-02-10 | CVE-2022-0018 | Information Exposure vulnerability in Paloaltonetworks Globalprotect An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. | 2.6 |
| 2022-02-10 | CVE-2022-0019 | Insufficiently Protected Credentials vulnerability in Paloaltonetworks Globalprotect An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. | 1.9 |
| 2021-10-13 | CVE-2021-3057 | Out-of-bounds Write vulnerability in Paloaltonetworks Globalprotect A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. | 9.3 |
| 2021-04-20 | CVE-2021-3038 | Unspecified vulnerability in Paloaltonetworks Globalprotect A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. | 5.5 |
| 2020-06-10 | CVE-2020-2033 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Globalprotect When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. | 2.9 |
| 2020-06-10 | CVE-2020-2032 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Globalprotect A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. | 6.9 |
| 2020-05-13 | CVE-2020-2004 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. | 1.7 |
| 2020-04-08 | CVE-2020-1987 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". | 2.1 |