paloaltonetworks

348 tracked vulnerabilities.

CVE-2020-2006 HIGH
PAN-OS 7.1.0-7.1.25 and 8.0 - Authenticated Stack-based Buffer Overflow
May 13, 2020
CVSS 7.2
EPSS 0.02
CVE-2020-2005 HIGH
PAN-OS 7.1.0-7.1.25 - Cross-Site Scripting via GlobalProtect Clientless VPN
May 13, 2020
CVSS 7.1
EPSS 0.01
CVE-2020-2004 MEDIUM
GlobalProtect 5.0.0-5.0.8 and 5.1.0-5.1.1 - Sensitive Information Disclosure in PanGPS.log
May 13, 2020
CVSS 6.8
EPSS 0.00
CVE-2020-2003 MEDIUM
PAN-OS 7.1.0-7.1.25 - Authenticated Arbitrary File Deletion via Command Processing
May 13, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-2002 HIGH
PAN-OS 7.1.0-7.1.25 - Authentication Bypass via Kerberos KDC Spoofing
May 13, 2020
CVSS 8.1
EPSS 0.01
CVE-2020-2001 HIGH
Palo Alto Networks PAN-OS 7.1.0-7.1.25 - Unauthenticated Out-of-bounds Write via XSLT Processing
May 13, 2020
CVSS 8.1
EPSS 0.01
CVE-2020-1998 MEDIUM
PAN-OS 7.1.0-7.1.25 - Authentication Bypass via SAML Username Sharing
May 13, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-1997 MEDIUM
PAN-OS 7.1.0-7.1.25 - URL Redirection to Untrusted Site via GlobalProtect Component
May 13, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-1996 MEDIUM
PAN-OS 7.1.0-7.1.25 - Unauthenticated Log Injection in Management Server
May 13, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-1995 MEDIUM
PAN-OS 9.1.0-9.1.1 - Authenticated Denial of Service via rasmgr Daemon NULL Pointer Dereference
May 13, 2020
CVSS 4.9
EPSS 0.01
CVE-2020-1994 MEDIUM
PAN-OS <8.1.13, <9.0.7 - Local Privilege Escalation
May 13, 2020
CVSS 4.1
EPSS 0.00
CVE-2020-1993 LOW
PAN-OS <8.1.14, <9.0.8 - Session Fixation
May 13, 2020
CVSS 3.7
EPSS 0.00
CVE-2020-1992 HIGH
PAN-OS 9.0.0-9.0.6 - Use-After-Free in Varrcvr Daemon via WildFire Log Forwarding
Apr 08, 2020
CVSS 8.1
EPSS 0.03
CVE-2020-1991 HIGH
Palo Alto Networks Traps <5.0.8-6.1.4 - Privilege Escalation
Apr 08, 2020
CVSS 7.8
EPSS 0.00
CVE-2020-1990 HIGH
PAN-OS 8.1.0-8.1.12 - Authenticated Stack-based Buffer Overflow via Corrupted Configuration Upload
Apr 08, 2020
CVSS 7.2
EPSS 0.02
CVE-2020-1989 HIGH
Palo Alto Networks GlobalProtect Agent for Linux < 5.0.8 - Authenticated Privilege Escalation via Application File Write
Apr 08, 2020
CVSS 7.0
EPSS 0.00
CVE-2020-1988 MEDIUM
Palo Alto Networks GlobalProtect Agent <5.0.5-4.1.13 - Privilege Es...
Apr 08, 2020
CVSS 4.2
EPSS 0.00
CVE-2020-1987 LOW
GlobalProtect 5.0-5.0.8 - Authenticated VPN Cookie Exposure via Troubleshooting Log Level
Apr 08, 2020
CVSS 3.9
EPSS 0.00
CVE-2020-1986 MEDIUM
Secdo - Authenticated Denial of Service via Improper Input Validation
Apr 08, 2020
CVSS 5.5
EPSS 0.00
CVE-2020-1985 HIGH
Secdo - Incorrect Default Permissions in Logs Folder
Apr 08, 2020
CVSS 7.8
EPSS 0.00
CVE-2020-1984 HIGH
Secdo - Privilege Escalation via Hardcoded Script Path
Apr 08, 2020
CVSS 7.8
EPSS 0.00
CVE-2020-1978 MEDIUM
Palo Alto Networks VM-Series < 1.0.9 - Insufficiently Protected Azure Dashboard Credentials in TechSupport Files
Apr 08, 2020
CVSS 5.8
EPSS 0.00
CVE-2020-1981 HIGH
PAN-OS 8.1.0-8.1.12 - Local Privilege Escalation via Predictable Temporary Filename
Mar 11, 2020
CVSS 7.0
EPSS 0.00
CVE-2020-1980 HIGH
PAN-OS 8.1.0-8.1.12 - Authenticated OS Command Injection via CLI
Mar 11, 2020
CVSS 7.8
EPSS 0.01
CVE-2020-1979 HIGH
PAN-OS < 8.1.13 - Remote Code Execution via Format String in Log Daemon
Mar 11, 2020
CVSS 8.1
EPSS 0.01