Vulnerabilities > Paloaltonetworks > High

DATE CVE VULNERABILITY TITLE RISK
2020-11-12 CVE-2020-2022 Improper Privilege Management vulnerability in Paloaltonetworks Pan-Os
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device.
network
high complexity
paloaltonetworks CWE-269
7.5
2020-11-12 CVE-2020-2000 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
7.2
2020-09-09 CVE-2020-2042 Classic Buffer Overflow vulnerability in Paloaltonetworks Pan-Os 10.0.0
A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.
network
low complexity
paloaltonetworks CWE-120
7.2
2020-09-09 CVE-2020-2041 Unspecified vulnerability in Paloaltonetworks Pan-Os
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash.
network
low complexity
paloaltonetworks
7.5
2020-09-09 CVE-2020-2038 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
7.2
2020-09-09 CVE-2020-2037 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
7.2
2020-09-09 CVE-2020-2036 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface.
network
low complexity
paloaltonetworks CWE-79
8.8
2020-07-08 CVE-2020-2034 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges.
network
high complexity
paloaltonetworks CWE-78
8.1
2020-07-08 CVE-2020-2030 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
7.2
2020-06-10 CVE-2020-2032 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Globalprotect
A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges.
local
high complexity
paloaltonetworks CWE-367
7.0