Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-2027 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. | 7.2 |
| 2020-05-13 | CVE-2020-2018 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. | 9.0 |
| 2020-05-13 | CVE-2020-2017 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. | 6.1 |
| 2020-05-13 | CVE-2020-2016 | Race Condition vulnerability in Paloaltonetworks Pan-Os A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. | 7.0 |
| 2020-05-13 | CVE-2020-2015 | Classic Buffer Overflow vulnerability in Paloaltonetworks Pan-Os A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. | 8.8 |
| 2020-05-13 | CVE-2020-2014 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. | 8.8 |
| 2020-05-13 | CVE-2020-2013 | Cleartext Transmission of Sensitive Information vulnerability in Paloaltonetworks Pan-Os A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. | 8.8 |
| 2020-05-13 | CVE-2020-2012 | XXE vulnerability in Paloaltonetworks Pan-Os Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. | 7.5 |
| 2020-05-13 | CVE-2020-2011 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. | 7.5 |
| 2020-05-13 | CVE-2020-2010 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. | 7.2 |