Vulnerabilities > Paloaltonetworks > PAN OS > 8.1.15

DATE CVE VULNERABILITY TITLE RISK
2020-11-12 CVE-2020-2000 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
7.2
2020-11-12 CVE-2020-1999 Improper Check for Unusual or Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets.
network
low complexity
paloaltonetworks CWE-754
5.3
2020-09-09 CVE-2020-2044 Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os
An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software.
local
low complexity
paloaltonetworks CWE-532
3.3
2020-09-09 CVE-2020-2041 Unspecified vulnerability in Paloaltonetworks Pan-Os
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash.
network
low complexity
paloaltonetworks
7.5
2020-09-09 CVE-2020-2039 Resource Exhaustion vulnerability in Paloaltonetworks Pan-Os
An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished.
network
low complexity
paloaltonetworks CWE-400
5.3
2020-09-09 CVE-2020-2037 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
7.2
2020-09-09 CVE-2020-2036 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface.
network
low complexity
paloaltonetworks CWE-79
8.8
2020-06-29 CVE-2020-2021 Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Pan-Os
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources.
network
low complexity
paloaltonetworks CWE-347
critical
10.0