Vulnerabilities > Paloaltonetworks > PAN OS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-3064 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. | 9.8 |
| 2021-09-08 | CVE-2021-3052 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. | 5.4 |
| 2021-09-08 | CVE-2021-3053 | Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. | 7.5 |
| 2021-09-08 | CVE-2021-3054 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Pan-Os A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. | 6.6 |
| 2021-09-08 | CVE-2021-3055 | XXE vulnerability in Paloaltonetworks Pan-Os An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. | 6.5 |
| 2021-08-11 | CVE-2021-3045 | Argument Injection or Modification vulnerability in Paloaltonetworks Pan-Os An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. | 4.9 |
| 2021-08-11 | CVE-2021-3046 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. | 6.5 |
| 2021-08-11 | CVE-2021-3047 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Paloaltonetworks Pan-Os A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. | 3.1 |
| 2021-08-11 | CVE-2021-3048 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. | 5.9 |
| 2021-08-11 | CVE-2021-3050 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. | 8.8 |