Vulnerabilities > Paloaltonetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-11 | CVE-2021-3046 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. | 6.5 |
| 2021-08-11 | CVE-2021-3048 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. | 5.9 |
| 2021-07-15 | CVE-2021-3043 | Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12 A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. | 4.8 |
| 2020-11-12 | CVE-2020-1999 | Improper Check for Unusual or Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. | 5.3 |
| 2020-09-09 | CVE-2020-2039 | Resource Exhaustion vulnerability in Paloaltonetworks Pan-Os An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. | 5.3 |
| 2020-07-08 | CVE-2020-2031 | Integer Underflow (Wrap or Wraparound) vulnerability in Paloaltonetworks Pan-Os 9.1.0/9.1.1/9.1.2 An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. | 4.9 |
| 2020-07-08 | CVE-2020-1982 | Inadequate Encryption Strength vulnerability in Paloaltonetworks Pan-Os Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. | 4.8 |
| 2020-06-10 | CVE-2020-2033 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Globalprotect When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. | 5.3 |
| 2020-05-13 | CVE-2020-2017 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. | 6.1 |
| 2020-05-13 | CVE-2020-2005 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. | 6.1 |