|
199211
|
10.0 |
CRITICAL
Network
|
paloaltonetworks
|
pan-os
|
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-2021
|
2024-11-21 14:24 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199212
|
5.3 |
MEDIUM
Adjacent
|
paloaltonetworks
|
globalprotect
|
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on t…
|
CWE-295
CWE-290
Improper Certificate Validation
Authentication Bypass by Spoofing
|
CVE-2020-2033
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199213
|
7.0 |
HIGH
Local
|
paloaltonetworks
|
globalprotect
|
A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while p…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-2032
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199214
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request t…
|
CWE-78
OS Command
|
CVE-2020-2029
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199215
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC…
|
CWE-78
OS Command
|
CVE-2020-2028
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199216
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-2027
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199217
|
8.8 |
HIGH
Local
|
katacontainers
fedoraproject
|
runtime
fedora
|
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesy…
|
CWE-59
Link Following
|
CVE-2020-2026
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199218
|
6.3 |
MEDIUM
Local
|
katacontainers
|
runtime
|
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-age…
|
NVD-CWE-noinfo
|
CVE-2020-2023
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199219
|
8.8 |
HIGH
Network
|
jenkins
|
play_framework
|
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerabil…
|
CWE-78
OS Command
|
CVE-2020-2200
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199220
|
6.1 |
MEDIUM
Network
|
jenkins
|
subversion_partial_release_manager
|
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulne…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2199
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
