Vulnerabilities > Paloaltonetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-2005 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. | 4.3 |
| 2020-05-13 | CVE-2020-2002 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. | 6.8 |
| 2020-05-13 | CVE-2020-1998 | Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. | 6.5 |
| 2020-05-13 | CVE-2020-1997 | Open Redirect vulnerability in Paloaltonetworks Pan-Os An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. | 5.8 |
| 2020-05-13 | CVE-2020-1996 | Missing Authorization vulnerability in Paloaltonetworks Pan-Os A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. | 5.0 |
| 2020-05-13 | CVE-2020-1995 | NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os 9.1.0/9.1.1 A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. | 6.8 |
| 2020-05-13 | CVE-2020-1994 | Unspecified vulnerability in Paloaltonetworks Pan-Os A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. | 4.9 |
| 2020-05-13 | CVE-2020-1993 | Session Fixation vulnerability in Paloaltonetworks Pan-Os The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. | 5.5 |
| 2020-04-08 | CVE-2020-1986 | Improper Input Validation vulnerability in Paloaltonetworks Secdo Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. | 4.9 |
| 2020-04-08 | CVE-2020-1985 | Incorrect Default Permissions vulnerability in Paloaltonetworks Secdo Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. | 4.6 |