Vulnerabilities > Paloaltonetworks > PAN OS > 8.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-11 | CVE-2020-1979 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. | 7.8 |
| 2020-02-12 | CVE-2020-1975 | XXE vulnerability in Paloaltonetworks Pan-Os Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. | 8.8 |
| 2019-12-05 | CVE-2019-17437 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. | 7.8 |
| 2019-08-23 | CVE-2019-1582 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | 7.2 |
| 2019-08-23 | CVE-2019-1580 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. | 9.8 |
| 2019-07-19 | CVE-2019-1579 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | 8.1 |
| 2019-07-16 | CVE-2019-1575 | Information Exposure vulnerability in Paloaltonetworks Pan-Os Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. | 8.8 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
| 2019-01-30 | CVE-2019-1566 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 6.1 |
| 2019-01-30 | CVE-2019-1565 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | 5.4 |