Vulnerabilities > Paloaltonetworks > PAN OS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-2038 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. | 7.2 |
| 2020-05-13 | CVE-2020-2016 | Race Condition vulnerability in Paloaltonetworks Pan-Os A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. | 8.5 |
| 2020-05-13 | CVE-2020-2011 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. | 7.8 |
| 2020-05-13 | CVE-2020-2003 | Unspecified vulnerability in Paloaltonetworks Pan-Os An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. | 8.5 |
| 2020-05-13 | CVE-2020-2001 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. | 7.5 |
| 2020-03-11 | CVE-2020-1981 | Exposure of Resource to Wrong Sphere vulnerability in Paloaltonetworks Pan-Os A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. | 7.2 |
| 2020-03-11 | CVE-2020-1980 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. | 7.2 |
| 2019-08-23 | CVE-2019-1581 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. | 7.5 |
| 2019-07-19 | CVE-2019-1579 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | 8.1 |
| 2017-11-13 | CVE-2016-8610 | Resource Exhaustion vulnerability in multiple products A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. | 7.5 |