Vulnerabilities > Paloaltonetworks

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-3052 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator.
3.5
2021-09-08 CVE-2021-3053 Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash.
7.1
2021-09-08 CVE-2021-3054 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Pan-Os
A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges.
8.5
2021-09-08 CVE-2021-3055 XXE vulnerability in Paloaltonetworks Pan-Os
An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash.
network
low complexity
paloaltonetworks CWE-611
7.5
2021-07-15 CVE-2021-3042 Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 6.1/7.2/7.3
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges.
local
low complexity
paloaltonetworks CWE-427
7.2
2021-07-15 CVE-2021-3043 Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12
A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface.
3.5
2021-06-22 CVE-2021-3044 Unspecified vulnerability in Paloaltonetworks Cortex Xsoar 6.1.0/6.2.0
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API.
network
low complexity
paloaltonetworks
7.5
2021-06-10 CVE-2021-3039 Information Exposure Through Log Files vulnerability in Paloaltonetworks Prisma Cloud
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file.
network
low complexity
paloaltonetworks CWE-532
5.5
2021-06-10 CVE-2021-3040 Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file.
network
low complexity
paloaltonetworks CWE-502
6.5
2021-06-10 CVE-2021-3041 Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent
A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges.
local
low complexity
paloaltonetworks CWE-427
7.2