Vulnerabilities > Paloaltonetworks > PAN OS > 9.0.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-2037 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. | 9.0 |
| 2020-09-09 | CVE-2020-2036 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. | 6.8 |
| 2020-07-08 | CVE-2020-2034 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. | 9.3 |
| 2020-07-08 | CVE-2020-1982 | Inadequate Encryption Strength vulnerability in Paloaltonetworks Pan-Os Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. | 5.8 |
| 2020-06-29 | CVE-2020-2021 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Pan-Os When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. | 9.3 |
| 2020-05-13 | CVE-2020-2011 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. | 7.8 |
| 2020-05-13 | CVE-2020-1996 | Missing Authorization vulnerability in Paloaltonetworks Pan-Os A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. | 5.0 |