Get support
Security advisories
Report vulnerabilities
Subscribe
RSS feed
Palo Alto Networks Security Advisories
Clear
Options
version
severity
CRITICAL
HIGH
MEDIUM
LOW
NONE
product
Bridgecrew Checkov
2
CloudGenix
2
Cortex XDR Agent
4
Cortex XSOAR
8
Cortex XSOAR PowerShell Image
1
Demisto
1
Expedition
6
GlobalProtect App
18
MineMeld
1
NetConnect
1
PAN-OS
200
Prisma Cloud Compute
3
Prisma Cloud compute
1
Secdo
3
Terminal Server Agent
4
Traps
2
Traps ESM Console
2
Traps ESM Core
1
Twistlock Console
1
Update server
1
User-ID Agent
2
VM-Series Plugin
1
WildFire Appliance
3
WildFire Cloud
2
Zingbox Inspector
11
Clear
1 - 25 of 270
Newest
Updated
Severe
Earliest published
Earliest updated
Least Severe
Sort ID ↑
Sort ID ↓
CVSS
Summary
Versions
Affected
Unaffected
Published
Updated
8.1
CVE-2020-10188 PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.6
< 9.1.9
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.6
>= 9.1.9
>= 9.0.14
>= 8.1.20
2021-09-08
2021-09-08
8.1
CVE-2021-3051 Cortex XSOAR: Authentication Bypass in SAML Authentication
Cortex XSOAR 6.2.0
Cortex XSOAR 6.1.0
Cortex XSOAR 5.5.0
< 1578666
< 1578663
< 1578677
>= 1578666
>= 1578663
>= 1578677
2021-09-08
2021-09-13
8
CVE-2021-3052 PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.2
< 9.1.10
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.2
>= 9.1.10
>= 9.0.14
>= 8.1.20
2021-09-08
2021-09-13
7.5
N
CVE-2021-3053 PAN-OS: Exceptional Condition Denial-of-Service (DoS)
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.5
< 9.1.9
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.5
>= 9.1.9
>= 9.0.14
>= 8.1.20
2021-09-08
2021-09-13
7.2
CVE-2021-3054 PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.1.2
< 10.0.7
< 9.1.11
< 9.0.14
< 8.1.20
>= 10.1.2
>= 10.0.7
>= 9.1.11
>= 9.0.14
>= 8.1.20
2021-09-08
2021-09-13
6.5
CVE-2021-3055 PAN-OS: XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.6
< 9.1.10
< 9.0.14
< 8.1.20
10.1.*
>= 10.0.6
>= 9.1.10
>= 9.0.14
>= 8.1.20
2021-09-08
2021-09-13
2.6
CVE-2021-3049 Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability
Cortex XSOAR 6.2.0
Cortex XSOAR 6.1.0
Cortex XSOAR 5.5.0
none
< 12099345
all
all
>= 12099345
none
2021-09-08
2021-09-08
8.8
CVE-2021-3050 PAN-OS: OS Command Injection Vulnerability in Web Interface
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
>= 10.1.0
>= 10.0.0
>= 9.1.4
>= 9.0.10
none
>= 10.1.2
>= 10.0.8
>= 9.1.11
>= 9.0.15
8.1.*
2021-08-11
2021-08-11
6.8
CVE-2021-3046 PAN-OS: Improper SAML Authentication Vulnerability in GlobalProtect Portal
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.5
< 9.1.9
< 9.0.14
< 8.1.19
10.1.*
>= 10.0.5
>= 9.1.9
>= 9.0.14
>= 8.1.19
2021-08-11
2021-08-11
5.9
CVE-2021-3048 PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.5
< 9.1.9
< 9.0.14
none
10.1.*
>= 10.0.5
>= 9.1.9
>= 9.0.14
8.1.*
2021-08-11
2021-08-11
4.9
CVE-2021-3045 PAN-OS: OS Command Argument Injection in Web Interface
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
< 9.1.10
< 9.0.14
< 8.1.19
10.1.*
10.0.*
>= 9.1.10
>= 9.0.14
>= 8.1.19
2021-08-11
2021-08-11
4.2
CVE-2021-3047 PAN-OS: Weak Cryptography Used in Web Interface Authentication
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 10.0.4
< 9.1.10
< 9.0.14
< 8.1.19
10.1.*
>= 10.0.4
>= 9.1.10
>= 9.0.14
>= 8.1.19
2021-08-11
2021-08-11
0
CVE-2021-26701 Informational: Impact of Microsoft PowerShell Vulnerability CVE-2021-26701 on Cortex XSOAR
Cortex XSOAR PowerShell Image 7.1
< 7.1.3.20270
>= 7.1.3.20270
2021-08-11
2021-08-11
7.8
CVE-2021-3042 Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation
Cortex XDR Agent 7.3
Cortex XDR Agent 7.2
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
7.3.* without content update 181 or later on Windows
7.2.* without content update 181 or later on Windows
6.1.* without content update 181 or later on Windows
none
7.3.* with content update 181 or later on Windows
7.2.* with content update 181 or later on Windows
6.1.* with content update 181 or later on Windows
all
2021-07-14
2021-07-15
7.5
CVE-2021-3043 Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console
Prisma Cloud Compute 21.04
Prisma Cloud Compute 20.12
< 21.04.439
< 20.12.552
>= 21.04.439
>= 20.12.552
2021-07-14
2021-07-14
9.8
N
CVE-2021-3044 Cortex XSOAR: Unauthorized Usage of the REST API
Cortex XSOAR 6.2.0
Cortex XSOAR 6.1.0
Cortex XSOAR 6.0.2
Cortex XSOAR 6.0.1
Cortex XSOAR 6.0.0
Cortex XSOAR 5.5.0
< 1271065
>= 1016923 and < 1271064
none
none
none
none
>= 1271065
< 1016923, >= 1271064
all
all
all
all
2021-06-22
2021-06-23
7.8
CVE-2021-3041 Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation
Cortex XDR Agent 7.2
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
< 7.2.3 or without content update 171 or later
< 6.1.8
< 5.0.11
>= 7.2.3 with content update 171 or later
>= 6.1.8
>= 5.0.11
2021-06-09
2021-06-09
6.7
CVE-2021-3040 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution
Bridgecrew Checkov 2.0
Bridgecrew Checkov 1.0
< 2.0.139
none
>= 2.0.139
all
2021-06-09
2021-06-09
3.8
CVE-2021-3039 Prisma Cloud Compute: User role authorization secret for Console leaked through log file export
Prisma Cloud Compute 20.04
< 21.04.412
>= 21.04.412
2021-06-09
2021-06-09
0
PAN-SA-2021-0003 Informational: Impact of the NAME:WRECK DNS vulnerabilities
PAN-OS
CloudGenix
none
none
all
all
2021-05-10
2021-05-12
6.7
CVE-2021-3035 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution
Bridgecrew Checkov 2.0
Bridgecrew Checkov 1.0
< 2.0.26
none
>= 2.0.26
all
2021-04-14
2021-04-14
5.5
CVE-2021-3038 GlobalProtect App: Windows VPN kernel driver denial of service (DoS)
GlobalProtect App 5.2
GlobalProtect App 5.1
< 5.2.4 on Windows
< 5.1.8 on Windows
>= 5.2.4 on Windows
>= 5.1.8 on Windows
2021-04-14
2021-04-20
4.4
CVE-2021-3036 PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.6
< 9.0.12
< 8.1.19
>= 10.0.1
>= 9.1.6
>= 9.0.12
>= 8.1.19
2021-04-14
2021-04-14
2.3
CVE-2021-3037 PAN-OS: Secrets for scheduled configuration exports are logged in system logs
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.4
< 9.0.13
< 8.1.19
>= 10.0.0
>= 9.1.4
>= 9.0.13
>= 8.1.19
2021-04-14
2021-04-14
0
CVE-2021-28041 PAN-OS: Informational: Impact of the OpenSSH vulnerability CVE-2021-28041
PAN-OS
none
all
2021-03-24
2021-04-14
1 - 25 of 270
25 per page
50 per page
100 per page
Download
N
= Exploitable over the network with low complexity, unauthenticated attack.
© 2020 Palo Alto Networks, Inc. All rights reserved.