PAN OS

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-10	CVE-2020-2029	OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. network low complexity paloaltonetworks CWE-78	7.2
2020-06-10	CVE-2020-2028	OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. network low complexity paloaltonetworks CWE-78	7.2
2020-06-10	CVE-2020-2027	Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. network low complexity paloaltonetworks CWE-787	7.2
2020-05-13	CVE-2020-2018	Improper Authentication vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. network high complexity paloaltonetworks CWE-287 critical	9.0
2020-05-13	CVE-2020-2017	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. network low complexity paloaltonetworks CWE-79	6.1
2020-05-13	CVE-2020-2016	Race Condition vulnerability in Paloaltonetworks Pan-Os A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. local high complexity paloaltonetworks CWE-362	7.0
2020-05-13	CVE-2020-2015	Classic Buffer Overflow vulnerability in Paloaltonetworks Pan-Os A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. network low complexity paloaltonetworks CWE-120	8.8
2020-05-13	CVE-2020-2014	OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. network low complexity paloaltonetworks CWE-78	8.8
2020-05-13	CVE-2020-2013	Cleartext Transmission of Sensitive Information vulnerability in Paloaltonetworks Pan-Os A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. network low complexity paloaltonetworks CWE-319	8.8
2020-05-13	CVE-2020-2012	XXE vulnerability in Paloaltonetworks Pan-Os Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. network low complexity paloaltonetworks CWE-611	7.5