Vulnerabilities > Paloaltonetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-2044 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. | 4.0 |
| 2020-09-09 | CVE-2020-2043 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. | 4.0 |
| 2020-09-09 | CVE-2020-2039 | Resource Exhaustion vulnerability in Paloaltonetworks Pan-Os An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. | 5.0 |
| 2020-09-09 | CVE-2020-2036 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. | 6.8 |
| 2020-07-08 | CVE-2020-2031 | Integer Underflow (Wrap or Wraparound) vulnerability in Paloaltonetworks Pan-Os 9.1.0/9.1.1/9.1.2 An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. | 6.8 |
| 2020-07-08 | CVE-2020-1982 | Inadequate Encryption Strength vulnerability in Paloaltonetworks Pan-Os Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. | 5.8 |
| 2020-06-10 | CVE-2020-2032 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Globalprotect A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. | 6.9 |
| 2020-05-13 | CVE-2020-2017 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. | 4.3 |
| 2020-05-13 | CVE-2020-2013 | Cleartext Transmission of Sensitive Information vulnerability in Paloaltonetworks Pan-Os A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. | 6.8 |
| 2020-05-13 | CVE-2020-2012 | XXE vulnerability in Paloaltonetworks Pan-Os Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. | 5.0 |