Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-10 | CVE-2021-3040 | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 7.2 |
| 2021-06-10 | CVE-2021-3041 | Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. | 7.8 |
| 2021-04-20 | CVE-2021-3038 | Unspecified vulnerability in Paloaltonetworks Globalprotect A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. | 5.5 |
| 2021-04-20 | CVE-2021-3037 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. | 2.3 |
| 2021-04-20 | CVE-2021-3036 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. | 4.4 |
| 2021-04-20 | CVE-2021-3035 | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 7.2 |
| 2021-03-10 | CVE-2021-3034 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Cortex Xsoar An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. | 5.1 |
| 2021-02-10 | CVE-2021-3033 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Prisma Cloud An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. | 9.8 |
| 2021-01-13 | CVE-2021-3032 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. | 4.4 |
| 2021-01-13 | CVE-2021-3031 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Paloaltonetworks Pan-Os Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. | 4.3 |