Vulnerabilities > Paloaltonetworks > PAN OS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-08 | CVE-2020-1992 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. | 9.8 |
| 2020-04-08 | CVE-2020-1990 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. | 7.2 |
| 2020-04-08 | CVE-2020-1978 | Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os and Vm-Series TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. | 4.4 |
| 2020-03-11 | CVE-2020-1981 | Exposure of Resource to Wrong Sphere vulnerability in Paloaltonetworks Pan-Os A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. | 7.8 |
| 2020-03-11 | CVE-2020-1980 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. | 7.8 |
| 2020-03-11 | CVE-2020-1979 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. | 7.8 |
| 2020-02-12 | CVE-2020-1975 | XXE vulnerability in Paloaltonetworks Pan-Os Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. | 8.8 |
| 2019-12-20 | CVE-2019-17440 | Unspecified vulnerability in Paloaltonetworks Pan-Os Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. | 9.8 |
| 2019-12-05 | CVE-2019-17437 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. | 7.8 |
| 2019-08-23 | CVE-2019-1582 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | 7.2 |