|
210041
|
7.5 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panora…
|
CWE-611
XXE
|
CVE-2020-2012
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210042
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of P…
|
CWE-78
OS Command
|
CVE-2020-2010
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210043
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and wr…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-2009
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210044
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system…
|
CWE-78
OS Command
|
CVE-2020-2008
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210045
|
8.8 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrat…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2013
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210046
|
7.5 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration reque…
|
CWE-20
Improper Input Validation
|
CVE-2020-2011
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210047
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All…
|
CWE-78
OS Command
|
CVE-2020-2007
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210048
|
8.8 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affec…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-2006
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210049
|
6.1 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2005
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210050
|
5.5 |
MEDIUM
Local
|
paloaltonetworks
|
globalprotect
|
Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtec…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-2004
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
