Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-11 | CVE-2021-3048 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. | 5.9 |
| 2021-08-11 | CVE-2021-3050 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. | 8.8 |
| 2021-07-15 | CVE-2021-3043 | Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12 A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. | 4.8 |
| 2021-06-10 | CVE-2021-3040 | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 7.2 |
| 2021-04-20 | CVE-2021-3035 | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 7.2 |
| 2021-02-10 | CVE-2021-3033 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Prisma Cloud An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. | 9.8 |
| 2020-11-12 | CVE-2020-2050 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. | 8.2 |
| 2020-11-12 | CVE-2020-2048 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. | 3.3 |
| 2020-11-12 | CVE-2020-2022 | Improper Privilege Management vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. | 7.5 |
| 2020-11-12 | CVE-2020-2000 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. | 7.2 |