Palo Alto Networks Security Advisories

1 - 25 of 52
VersionsAffectedUnaffected
4.3CVE-2021-3031 PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.1.5 on PA-220, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
< 9.0.12 on PA-220, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
< 8.1.18 on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
8.0.* on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
7.1.* on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
10.0.*
>= 9.1.5
>= 9.0.12
>= 8.1.18
none
none
2021-01-132021-01-19
5.3 NCVE-2020-1999 PAN-OS: Threat signatures are evaded by specifically crafted packets
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.1.5
< 9.0.11
< 8.1.17
8.0.*
7.1.*
10.0.*
>= 9.1.5
>= 9.0.11
>= 8.1.17
none
none
2020-11-112020-11-11
9.8 NCVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
none
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
>= 10.0.0
>= 9.1.3
>= 9.0.9
>= 8.1.15
none
2020-09-092020-09-09
7.5 NCVE-2020-2041 PAN-OS: Management web interface denial-of-service (DoS)
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
none
none
none
< 8.1.16
8.0.*
10.0.*
9.1.*
9.0.*
>= 8.1.16
none
2020-09-092020-09-09
3.3CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
< 9.1.3
< 9.0.10
< 8.1.16
8.0.*
>= 9.1.3
>= 9.0.10
>= 8.1.16
none
2020-09-092020-09-09
8.1CVE-2020-2034 PAN-OS: OS command injection vulnerability in GlobalProtect portal
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
7.1.*
>= 9.1.3
>= 9.0.9
>= 8.1.15
none
none
2020-07-082020-07-10
7.2CVE-2020-2030 PAN-OS: OS command injection vulnerability in the management interface
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
none
< 8.1.15
8.0.*
7.1.*
>= 9.1.0
>= 9.0.0
>= 8.1.15
none
none
2020-07-082020-07-08
4.8CVE-2020-1982 PAN-OS: TLS 1.0 usage for certain communications with Palo Alto Networks cloud delivered services
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.3
< 9.0.9
< 8.1.14
8.0.*
none
>= 9.1.3
>= 9.0.9
>= 8.1.14
none
7.1.*
2020-07-082023-05-10
10 NCVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
none
>= 9.1.3
>= 9.0.9
>= 8.1.15
none
7.1.*
2020-06-292020-06-29
7.2CVE-2020-2027 PAN-OS: Buffer overflow in authd authentication response
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.0.7
< 8.1.13
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.13
none
none
2020-06-102020-06-10
7.2CVE-2020-2029 PAN-OS: OS command injection vulnerability in management interface certificate generator
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
none
< 8.1.13
8.0.*
< 7.1.26
>= 9.1.0
>= 9.0.0
>= 8.1.13
none
>= 7.1.26
2020-06-102020-06-10
7.2CVE-2020-2028 PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.0.7
< 8.1.13
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.13
none
none
2020-06-102020-06-10
9CVE-2020-2018 PAN-OS: Panorama authentication bypass vulnerability
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.6
< 8.1.12
8.0.*
< 7.1.26
>= 9.0.6
>= 8.1.12
none
>= 7.1.26
2020-05-132020-05-13
8.8CVE-2020-2017 PAN-OS: DOM-Based cross site scripting vulnerability in management web interface
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.0.6
< 8.1.13
8.0.*
< 7.1.26
>= 9.1.0
>= 9.0.6
>= 8.1.13
none
>= 7.1.26
2020-05-132020-05-13
8.8CVE-2020-2015 PAN-OS: Buffer overflow in the management server
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.1
< 9.0.7
< 8.1.13
8.0.*
< 7.1.26
>= 9.1.1
>= 9.0.7
>= 8.1.13
none
>= 7.1.26
2020-05-132020-05-13
8.8CVE-2020-2014 PAN-OS: OS injection vulnerability in PAN-OS management server
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.0.7
< 8.1.14
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.14
none
none
2020-05-132020-05-13
8.3CVE-2020-2013 PAN-OS: Panorama context switch session cookie disclosure
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.1.1
< 9.0.6
< 8.1.13
8.0.*
< 7.1.26
>= 9.1.1
>= 9.0.6
>= 8.1.13
none
>= 7.1.26
2020-05-132020-05-13
8.1CVE-2020-2002 PAN-OS: Spoofed Kerberos key distribution center authentication bypass
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.6
< 8.1.13
8.0.*
< 7.1.26
>= 9.0.6
>= 8.1.13
none
>= 7.1.26
2020-05-132020-05-13
8.1CVE-2020-2001 PAN-OS: Panorama External control of file vulnerability leads to privilege escalation
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.6
< 8.1.12
8.0.*
7.1.*
>= 9.0.6
>= 8.1.12
none
none
2020-05-132020-09-11
7.8PAN-SA-2020-0005 PAN-OS: OpenSSH software upgraded to resolve multiple vulnerabilities
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.1
< 8.1.13
8.0.*
< 7.1.26
>= 9.0.1
>= 8.1.13
none
>= 7.1.26
2020-05-132020-05-13
7.5 NCVE-2020-2011 PAN-OS: Panorama registration denial of service
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.0.7
< 8.1.14
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.14
none
none
2020-05-132020-05-20
7.5 NPAN-SA-2020-0006 PAN-OS: Nginx software upgraded to resolve multiple vulnerabilities
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.7
< 8.1.14
8.0.*
7.1.*
>= 9.0.7
>= 8.1.14
none
none
2020-05-132020-05-13
7.5 NCVE-2020-2012 PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.0.7
< 8.1.13
8.0.*
7.1.*
>= 9.1.0
>= 9.0.7
>= 8.1.13
none
none
2020-05-132020-05-13
7.2CVE-2020-2006 PAN-OS: Buffer overflow in management server payload parser
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 8.1.14
8.0.*
7.1.*
>= 8.1.14
none
none
2020-05-132020-05-13
7.2CVE-2020-2007 PAN-OS: OS command injection in management server
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
< 9.0.7
< 8.1.14
8.0.*
7.1.*
>= 9.0.7
>= 8.1.14
none
none
2020-05-132020-05-13
1 - 25 of 52 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2024 Palo Alto Networks, Inc. All rights reserved.