Vulnerabilities > Paloaltonetworks > PAN OS > 9.0.3

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2020-1975 XXE vulnerability in Paloaltonetworks Pan-Os
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.
network
low complexity
paloaltonetworks CWE-611
8.8
2019-12-20 CVE-2019-17440 Unspecified vulnerability in Paloaltonetworks Pan-Os
Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS.
network
low complexity
paloaltonetworks
critical
9.8
2019-12-05 CVE-2019-17437 Improper Authentication vulnerability in Paloaltonetworks Pan-Os
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser.
local
low complexity
paloaltonetworks CWE-287
7.8
2019-08-23 CVE-2019-1582 Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os
Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.
network
low complexity
paloaltonetworks CWE-787
7.2
2019-08-23 CVE-2019-1580 Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
network
low complexity
paloaltonetworks CWE-787
critical
9.8