Vulnerabilities > Paloaltonetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-2004 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. | 5.5 |
| 2020-05-13 | CVE-2020-2003 | Unspecified vulnerability in Paloaltonetworks Pan-Os An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. | 6.5 |
| 2020-05-13 | CVE-2020-1997 | Open Redirect vulnerability in Paloaltonetworks Pan-Os An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. | 6.1 |
| 2020-05-13 | CVE-2020-1996 | Missing Authorization vulnerability in Paloaltonetworks Pan-Os A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. | 5.3 |
| 2020-05-13 | CVE-2020-1995 | NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os 9.1.0/9.1.1 A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. | 4.9 |
| 2020-05-13 | CVE-2020-1994 | Unspecified vulnerability in Paloaltonetworks Pan-Os A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. | 4.4 |
| 2020-05-13 | CVE-2020-1993 | Session Fixation vulnerability in Paloaltonetworks Pan-Os The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. | 5.4 |
| 2020-04-08 | CVE-2020-1988 | Unquoted Search Path or Element vulnerability in Paloaltonetworks Globalprotect An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. | 6.7 |
| 2020-04-08 | CVE-2020-1986 | Improper Input Validation vulnerability in Paloaltonetworks Secdo Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. | 5.5 |
| 2020-04-08 | CVE-2020-1978 | Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os and Vm-Series TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. | 4.4 |