Get support
Security advisories
Report vulnerabilities
Subscribe
RSS feed
Palo Alto Networks Security Advisories
Clear
Options
version
severity
CRITICAL
HIGH
MEDIUM
LOW
NONE
product
Cortex XDR Agent
2
Cortex XSOAR
3
Demisto
1
Expedition
6
GlobalProtect App
17
MineMeld
1
NetConnect
1
PAN-OS
183
Secdo
3
Terminal Server Agent
4
Traps
2
Traps ESM Console
2
Traps ESM Core
1
Twistlock Console
1
Update server
1
User-ID Agent
2
VM-Series Plugin
1
WildFire Appliance
3
WildFire Cloud
2
Zingbox Inspector
11
Clear
1 - 25 of 124
Newest
Updated
Severe
Earliest published
Earliest updated
Least Severe
Sort ID ↑
Sort ID ↓
CVSS
Summary
Versions
Affected
Unaffected
Published
Updated
7.2
CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.10
none
>= 10.0.1
>= 9.1.4
>= 9.0.10
8.1.*
2020-09-09
2020-12-28
7.2
CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.3
< 9.0.10
< 8.1.16
>= 10.0.0
>= 9.1.3
>= 9.0.10
>= 8.1.16
2020-09-09
2020-12-28
8.8
CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
< 9.0.9
< 8.1.16
>= 10.0.0
>= 9.1.0
>= 9.0.9
>= 8.1.16
2020-09-09
2020-12-28
7.8
CVE-2020-2049 Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation
Cortex XDR Agent 7.2
Cortex XDR Agent 7.1
Cortex XDR Agent 7.0
Cortex XDR Agent 6.1
7.2.* without content update 150 on Windows
7.1.* without content update 150 on Windows
none
none
7.2.* with content update 150 on Windows
7.1.* with content update 150 on Windows
7.0.* with latest content on Windows
6.1.* with latest content on Windows
2020-12-09
2020-12-09
8.2
N
CVE-2020-2050 PAN-OS: Authentication bypass vulnerability in GlobalProtect client certificate verification
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.5
< 9.0.11
< 8.1.17
>= 10.0.1
>= 9.1.5
>= 9.0.11
>= 8.1.17
2020-11-11
2020-11-19
7.2
CVE-2020-2000 PAN-OS: OS command injection and memory corruption vulnerability
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.10
< 8.1.16
>= 10.0.1
>= 9.1.4
>= 9.0.10
>= 8.1.16
2020-11-11
2020-11-13
7.5
CVE-2020-2022 PAN-OS: Panorama session disclosure during context switch into managed device
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.5
< 9.0.11
< 8.1.17
10.0.*
>= 9.1.5
>= 9.0.11
>= 8.1.17
2020-11-11
2020-11-11
8.1
CVE-2020-2001 PAN-OS: Panorama External control of file vulnerability leads to privilege escalation
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.6
< 8.1.12
8.0.*
7.1.*
>= 9.0.6
>= 8.1.12
none
none
2020-05-13
2020-09-11
9.8
N
CVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
none
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
>= 10.0.0
>= 9.1.3
>= 9.0.9
>= 8.1.15
none
2020-09-09
2020-09-10
7.5
N
CVE-2020-2041 PAN-OS: Management web interface denial-of-service (DoS)
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
none
none
none
< 8.1.16
8.0.*
10.0.*
9.1.*
9.0.*
>= 8.1.16
none
2020-09-09
2020-09-09
7.2
CVE-2020-2042 PAN-OS: Buffer overflow in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
none
none
none
>= 10.0.1
9.1.*
9.0.*
8.1.*
2020-09-09
2020-09-09
9.8
N
CVE-2018-10143 Remote Code Execution in Expedition Migration Tool
Expedition 1.0
<= 1.0.107
>= 1.0.108
2018-12-11
2020-09-01
7.5
N
CVE-2018-10142 Information Disclosure in Expedition Migration Tool
Expedition 1.0
<= 1.0.106
>= 1.0.107
2018-11-20
2020-09-01
7.1
CVE-2019-17436 Local Privilege Escalation in GlobalProtect App for Linux and Mac OS
GlobalProtect App 5.0
GlobalProtect App 4.1
<= 5.0.4
<= 4.1.12
>= 5.0.5
>= 4.1.13
2019-10-15
2020-09-01
8
CVE-2019-1583 Escalation of Privilege in Twistlock
Twistlock Console 19.07
<= 19.07.357
>= 19.07.358
2019-08-22
2020-09-01
9.8
N
CVE-2019-1584 Remote Command Injection in Zingbox Inspector
Zingbox Inspector 1
<= 1.293
>= 1.294
2019-10-01
2020-09-01
9.8
N
CVE-2019-15019 Insecure Firmware Validation in Zingbox Inspector
Zingbox Inspector 1
<= 1.294
>= 1.295
2019-10-01
2020-09-01
9.8
N
CVE-2019-15020 Command Injection in Zingbox Inspector
Zingbox Inspector 1
<= 1.293
>= 1.294
2019-10-01
2020-09-01
8.8
CVE-2019-15016 SQL Injection in Zingbox Inspector
Zingbox Inspector 1
<= 1.288
>= 1.289
2019-10-01
2020-09-01
8.8
CVE-2019-15014 Command Injection in Zingbox Inspector
Zingbox Inspector 1
<= 1.286
>= 1.287
2019-10-01
2020-09-01
8.4
CVE-2019-15015 Hardcoded Credentials in Zingbox Inspector
Zingbox Inspector 1
<= 1.294
>= 1.295
2019-10-01
2020-09-01
8.4
CVE-2019-15017 SSH Service Exposed in Zingbox Inspector
Zingbox Inspector 1
<= 1.294
>= 1.295
2019-10-01
2020-09-01
7.5
N
CVE-2019-15018 Tenant authentication bypass in Zingbox Inspector
Zingbox Inspector 1
<= 1.280
>= 1.281
2019-10-01
2020-09-01
7.5
N
CVE-2019-15023 Insecure Password Storage in Zingbox Inspector
Zingbox Inspector 1
<= 1.294
>= 1.295
2019-10-01
2020-09-01
7.5
N
CVE-2019-15022 ARP Spoofing in Zingbox Inspector
Zingbox Inspector 1
<= 1.294
>= 1.295
2019-10-01
2020-09-01
1 - 25 of 124
25 per page
50 per page
100 per page
Download
N
= Exploitable over the network with low complexity, unauthenticated attack.
© 2020 Palo Alto Networks, Inc. All rights reserved.