Vulnerabilities > Paloaltonetworks > PAN OS > 9.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-2002 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. | 6.8 |
| 2020-05-13 | CVE-2020-2001 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. | 7.5 |
| 2020-05-13 | CVE-2020-1998 | Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. | 6.5 |
| 2020-05-13 | CVE-2020-1996 | Missing Authorization vulnerability in Paloaltonetworks Pan-Os A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. | 5.0 |
| 2020-05-13 | CVE-2020-1994 | Unspecified vulnerability in Paloaltonetworks Pan-Os A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. | 4.9 |
| 2020-05-13 | CVE-2020-1993 | Session Fixation vulnerability in Paloaltonetworks Pan-Os The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. | 5.5 |
| 2020-04-08 | CVE-2020-1992 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. | 9.3 |
| 2020-04-08 | CVE-2020-1990 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. | 9.0 |
| 2020-02-12 | CVE-2020-1975 | XXE vulnerability in Paloaltonetworks Pan-Os Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. | 6.5 |
| 2019-12-20 | CVE-2019-17440 | Unspecified vulnerability in Paloaltonetworks Pan-Os Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. | 10.0 |