Vulnerabilities > Paloaltonetworks > PAN OS > 8.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-12 | CVE-2020-1999 | Improper Check for Unusual or Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. | 5.3 |
| 2020-09-09 | CVE-2020-2044 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. | 3.3 |
| 2020-09-09 | CVE-2020-2041 | Unspecified vulnerability in Paloaltonetworks Pan-Os An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. | 7.5 |
| 2020-09-09 | CVE-2020-2040 | Classic Buffer Overflow vulnerability in Paloaltonetworks Pan-Os A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. | 9.8 |
| 2020-07-08 | CVE-2020-2034 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. | 8.1 |
| 2020-07-08 | CVE-2020-2030 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. | 7.2 |
| 2020-07-08 | CVE-2020-1982 | Inadequate Encryption Strength vulnerability in Paloaltonetworks Pan-Os Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. | 4.8 |
| 2020-06-29 | CVE-2020-2021 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Pan-Os When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. | 10.0 |
| 2020-06-10 | CVE-2020-2029 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. | 7.2 |
| 2020-06-10 | CVE-2020-2028 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. | 7.2 |