A fix was made to address a vulnerability
with a race condition due to an insecure creation of a file in a
temporary directory in PAN-OS (CVE-2020-2016).
PAN-125122
A fix was made to address a cleartext transmission
of sensitive information vulnerability in Palo Alto Networks PAN-OS
and Panorama that disclosed an authenticated PAN-OS administrator's
PAN-OS session cookie (CVE-2020-2013).
PAN-124621
A fix was made to address an issue where
an OS command injection vulnerability in the PAN-OS web management
interface allowed authenticated administrators to execute arbitrary
OS commands with root privileges by sending a malicious request
to generate new certificates for use in the PAN-OS configuration (CVE-2020-2029).
PAN-123661
A fix was made to address an authentication
bypass vulnerability in the Panorama context switching feature (CVE-2020-2018).
PAN-121058
A fix was made to address a DOM-based cross
site scripting vulnerability in the PAN-OS and Panorama management
web interfaces (CVE-2020-2017).
PAN-118957
A fix was made to address an authentication
bypass spoofing vulnerability in the authentication daemon and User-ID
components of Palo Alto Networks PAN-OS (CVE-2020-2002).
PAN-117479
A fix was made to address a vulnerability
with the Nginx web server included with PAN-OS (CVE-2017-7529).
PAN-111636
A fix was made to address OpenSSH issues (PAN-SA-2020-0002 / CVE-2018-20685, CVE-2019-6109,
and CVE-2019-6111).
PAN-111061
A fix was made to upgrade OpenSSH software
included with PAN-OS (PAN-SA-2020-0005 / CVE-2016-10012).
PAN-108992
A fix was made to address an improper authorization
vulnerability in PAN-OS (CVE-2020-1998).
PAN-100734
A fix was made to address a buffer flow
vulnerability in the PAN-OS management interface where authenticated
users were able to crash system processes or execute arbitrary code
with root privileges (CVE-2020-2015).
PAN-82052
A fix was made to address an open redirection
vulnerability in the GlobalProtect component of Palo Alto Networks
PAN-OS (CVE-2020-1997).