CVSS	Summary	Versions	Affected	Unaffected	Published
6.8	CVE-2020-1975 Missing XML Validation in PAN-OS Web Interface	PAN-OS 8.1 PAN-OS 9.0	< 8.1.12 < 9.0.6	7.1.* 8.0.* >= 8.1.12 >= 9.0.6	2020-02-12
7.5	CVE-2020-1977 Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.	Expedition 1.1	<= 1.1.51	>= 1.1.52	2020-02-12
4.7	CVE-2020-1976 GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.	GlobalProtect 5.0	<= 5.0.5 on Mac OS	>= 5.0.6 on Mac OS	2020-02-12
10 N	CVE-2019-17440 PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access	PAN-OS 9.0	< 9.0.5-h3 on PA-7000 Series with 2nd Generation SMC	8.0 8.1 >= 9.0.6, 9.0.5-h3 on PA-7000 Series with 2nd Generation SMC	2019-12-19
7.8	CVE-2019-17437 PAN-OS: Custom-role users may escalate privileges	PAN-OS 7.1 PAN-OS 8.0 PAN-OS 8.1 PAN-OS 9.0	< 7.1.25 < 8.0.20 < 8.1.11 < 9.0.5	>= 7.1.25 >= 8.0.20 >= 8.1.11 >= 9.0.5	2019-12-04
5.9	CVE-2019-1559 OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS	PAN-OS 7.1 PAN-OS 8.0 PAN-OS 8.1 PAN-OS 9.0	< 7.1.25 < 8.0.20 < 8.1.8 < 9.0.2	>= 7.1.25 >= 8.0.20 >= 8.1.8 >= 9.0.2	2019-12-04
7.1	CVE-2019-17436 Local Privilege Escalation in GlobalProtect Agent for Linux and Mac OS	GlobalProtect Agent 5.0 GlobalProtect Agent 4.1	<= 4.1.12 <= 5.0.4	>= 4.1.13 >= 5.0.5	2019-10-15
5.5	CVE-2019-17435 Local Privilege Escalation in GlobalProtect Agent for Windows	GlobalProtect Agent 5.0 GlobalProtect Agent 4.1	<= 4.1.12 <= 5.0.3	>= 4.1.13 >= 5.0.4	2019-10-15
7.5 N	CVE-2019-15023 Insecure Password Storage in Zingbox Inspector	Zingbox Inspector 1	<= 1.294	>= 1.295	2019-10-01
7.5 N	CVE-2019-15022 ARP Spoofing in Zingbox Inspector	Zingbox Inspector 1	<= 1.294	>= 1.295	2019-10-01
5.3 N	CVE-2019-15021 Server-side Request Forgery in Zingbox Inspector	Zingbox Inspector 1	<= 1.294	>= 1.295	2019-10-01
9.8 N	CVE-2019-15020 Command Injection in Zingbox Inspector	Zingbox Inspector 1	<= 1.293	>= 1.294	2019-10-01
9.8 N	CVE-2019-15019 Insecure Firmware Validation in Zingbox Inspector	Zingbox Inspector 1	<= 1.294	>= 1.295	2019-10-01
7.5 N	CVE-2019-15018 Tenant authentication bypass in Zingbox Inspector	Zingbox Inspector 1	<= 1.280	>= 1.281	2019-10-01
8.4	CVE-2019-15017 SSH Service Exposed in Zingbox Inspector	Zingbox Inspector 1	<= 1.294	>= 1.295	2019-10-01
8.8	CVE-2019-15016 SQL Injection in Zingbox Inspector	Zingbox Inspector 1	<= 1.288	>= 1.289	2019-10-01
8.4	CVE-2019-15015 Hardcoded Credentials in Zingbox Inspector	Zingbox Inspector 1	<= 1.294	>= 1.295	2019-10-01
8.8	CVE-2019-15014 Command Injection in Zingbox Inspector	Zingbox Inspector 1	<= 1.286	>= 1.287	2019-10-01
9.8 N	CVE-2019-1584 Remote Command Injection in Zingbox Inspector	Zingbox Inspector 1	<= 1.293	>= 1.294	2019-10-01
8	CVE-2019-1583 Escalation of Privilege in Twistlock	Twistlock Console 19.07	<= 19.07.357	>= 19.07.358	2019-08-22
7.2	CVE-2019-1582 Memory Corruption in PAN-OS	PAN-OS 8.1 PAN-OS 9.0	<= 8.1.9 <= 9.0.3	>= 8.1.9-h4 >= 9.0.3-h3	2019-08-21
9.8 N	CVE-2019-1581 Remote code execution in PAN-OS SSH management interface	PAN-OS 7.1 PAN-OS 8.0 PAN-OS 8.1 PAN-OS 9.0	<= 7.1.24 <= 8.0.19 <= 8.1.9 <= 9.0.3	>= 7.1.24-h1 >= 8.0.19-h1 >= 8.1.9-h4 >= 9.0.3-h3	2019-08-21
9.8 N	CVE-2019-1580 Memory Corruption in PAN-OS	PAN-OS 7.1 PAN-OS 8.0 PAN-OS 8.1 PAN-OS 9.0	<= 7.1.24 <= 8.0.19 <= 8.1.9 <= 9.0.3	>= 7.1.24-h1 >= 8.0.19-h1 >= 8.1.9-h4 >= 9.0.3-h3	2019-08-21
8.1	CVE-2019-1579 Remote Code Execution in GlobalProtect Portal/Gateway Interface	PAN-OS 7.1 PAN-OS 8.0 PAN-OS 8.1	<= 7.1.18 <= 8.0.11-h1 <= 8.1.2	>= 7.1.19 >= 8.0.12 >= 8.1.3	2019-07-18
8.8	CVE-2019-1575 Information Disclosure in PAN-OS Management API Usage	PAN-OS 7.1 PAN-OS 8.0 PAN-OS 8.1 PAN-OS 9.0	<= 7.1.23 <= 8.0.18 <= 8.1.8-h4 <= 9.0.2	>= 7.1.24 >= 8.0.19 >= 8.1.8 >= 9.0.2	2019-07-15

N = Exploitable over the network with low complexity, unauthenticated attack.