Palo Alto Networks Security Advisories

1 - 25 of 234
VersionsAffectedUnaffected
8.2 NCVE-2020-2050 PAN-OS: Authentication bypass vulnerability in GlobalProtect client certificate verification
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.5
< 9.0.11
< 8.1.17
>= 10.0.1
>= 9.1.5
>= 9.0.11
>= 8.1.17
2020-11-112020-11-19
7.5CVE-2020-2022 PAN-OS: Panorama session disclosure during context switch into managed device
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.5
< 9.0.11
< 8.1.17
10.0.*
>= 9.1.5
>= 9.0.11
>= 8.1.17
2020-11-112020-11-11
7.2CVE-2020-2000 PAN-OS: OS command injection and memory corruption vulnerability
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.10
< 8.1.16
>= 10.0.1
>= 9.1.4
>= 9.0.10
>= 8.1.16
2020-11-112020-11-13
5.3 NCVE-2020-1999 PAN-OS: Threat signatures are evaded by specifically crafted packets
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.1.5
< 9.0.11
< 8.1.17
8.0.*
7.1.*
10.0.*
>= 9.1.5
>= 9.0.11
>= 8.1.17
none
none
2020-11-112020-11-13
3.3CVE-2020-2048 PAN-OS: System proxy passwords may be logged in clear text while viewing system state
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.2
< 9.0.11
< 8.1.17
10.0.*
>= 9.1.2
>= 9.0.11
>= 8.1.17
2020-11-112020-11-11
0PAN-SA-2020-0010 Informational: Cortex XSOAR: Impact of Linux and Docker vulnerabilities on Cortex XSOAR
Cortex XSOAR all
none
all
2020-10-142020-10-14
9.8 NCVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
none
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
>= 10.0.0
>= 9.1.3
>= 9.0.9
>= 8.1.15
none
2020-09-092020-09-10
8.8CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
< 9.0.9
< 8.1.16
>= 10.0.0
>= 9.1.0
>= 9.0.9
>= 8.1.16
2020-09-092020-09-09
7.5 NCVE-2020-2041 PAN-OS: Management web interface denial-of-service (DoS)
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
none
none
none
< 8.1.16
8.0.*
10.0.*
9.1.*
9.0.*
>= 8.1.16
none
2020-09-092020-09-09
7.2CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.10
none
>= 10.0.1
>= 9.1.4
>= 9.0.10
8.1.*
2020-09-092020-09-09
7.2CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.3
< 9.0.10
< 8.1.16
>= 10.0.0
>= 9.1.3
>= 9.0.10
>= 8.1.16
2020-09-092020-09-09
7.2CVE-2020-2042 PAN-OS: Buffer overflow in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
none
none
none
>= 10.0.1
9.1.*
9.0.*
8.1.*
2020-09-092020-09-09
5.3 NCVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.10
< 8.1.16
>= 10.0.1
>= 9.1.4
>= 9.0.10
>= 8.1.16
2020-09-092020-09-09
3.3CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
< 9.1.3
< 9.0.10
< 8.1.16
8.0.*
>= 9.1.3
>= 9.0.10
>= 8.1.16
none
2020-09-092020-09-09
3.3CVE-2020-2043 PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.4
< 9.0.10
< 8.1.16
>= 10.0.0
>= 9.1.4
>= 9.0.10
>= 8.1.16
2020-09-092020-09-09
3CVE-2020-2035 PAN-OS: URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
10.0.*
9.1.*
9.0.*
8.1.*
none
none
none
none
2020-08-122020-08-12
0PAN-SA-2020-0008 Informational: BootHole Vulnerability Impact on Palo Alto Networks PAN-OS Software
PAN-OS
none
all
2020-08-122020-08-25
0PAN-SA-2020-0009 Informational: Mitigating threats for GlobalProtect clients connecting from untrusted networks
GlobalProtect all
none
none
2020-08-062020-08-25
8.1CVE-2020-2034 PAN-OS: OS command injection vulnerability in GlobalProtect portal
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
7.1.*
>= 9.1.3
>= 9.0.9
>= 8.1.15
none
none
2020-07-082020-07-10
7.2CVE-2020-2030 PAN-OS: OS command injection vulnerability in the management interface
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
none
< 8.1.15
8.0.*
7.1.*
>= 9.1.0
>= 9.0.0
>= 8.1.15
none
none
2020-07-082020-07-08
4.9CVE-2020-2031 PAN-OS: Integer underflow in the management interface
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 9.1.3
none
none
>= 9.1.3
9.0.*
8.1.*
2020-07-082020-07-08
4.8CVE-2020-1982 PAN-OS: TLS 1.0 usage for certain communications with Palo Alto Networks cloud delivered services
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
none
>= 9.1.3
>= 9.0.9
>= 8.1.15
none
7.1.*
2020-07-082020-07-08
0PAN-SA-2020-0007 Informational: Third-party or open source vulnerabilities that do not impact Palo Alto Networks Products
PAN-OS all
none
all
2020-07-082020-07-08
10 NCVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
none
>= 9.1.3
>= 9.0.9
>= 8.1.15
none
7.1.*
2020-06-292020-06-29
7.2CVE-2020-2028 PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.0.7
< 8.1.13
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.13
none
none
2020-06-102020-06-10
1 - 25 of 234 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2020 Palo Alto Networks, Inc. All rights reserved.