Vulnerabilities > Paloaltonetworks

DATE CVE VULNERABILITY TITLE RISK
2021-10-13 CVE-2021-3057 Out-of-bounds Write vulnerability in Paloaltonetworks Globalprotect
A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges.
network
paloaltonetworks CWE-787
critical
9.3
2021-09-08 CVE-2021-3049 Incorrect Authorization vulnerability in Paloaltonetworks Cortex Xsoar 5.5.0/6.1.0
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of.
network
low complexity
paloaltonetworks CWE-863
4.0
2021-09-08 CVE-2021-3051 Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Cortex Xsoar
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server.
6.8
2021-09-08 CVE-2021-3052 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator.
3.5
2021-09-08 CVE-2021-3053 Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash.
7.1
2021-09-08 CVE-2021-3054 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Pan-Os
A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges.
8.5
2021-09-08 CVE-2021-3055 XXE vulnerability in Paloaltonetworks Pan-Os
An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash.
network
low complexity
paloaltonetworks CWE-611
7.5
2021-07-15 CVE-2021-3042 Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 6.1/7.2/7.3
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges.
local
low complexity
paloaltonetworks CWE-427
7.2
2021-07-15 CVE-2021-3043 Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12
A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface.
3.5
2021-06-22 CVE-2021-3044 Incorrect Authorization vulnerability in Paloaltonetworks Cortex Xsoar 6.1.0/6.2.0
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API.
network
low complexity
paloaltonetworks CWE-863
7.5