Palo Alto Networks Security Advisories

1 - 25 of 244
VersionsAffectedUnaffected
9.1 NCVE-2021-3033 Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console
Prisma Cloud Compute 20.12
Prisma Cloud Compute 20.09
Prisma Cloud Compute 20.04
Prisma Cloud Compute 19.11
< update 1
<= update 2
<= update 2
<= update 2
>= update 1
none
none
none
2021-02-102021-02-10
0CVE-2020-27619 Informational: Impact of Python Test Suite Vulnerability CVE-2020-27619
PAN-OS
Cortex XSOAR
none
none
all
all
2021-02-102021-02-10
0PAN-SA-2021-0002 Informational: PAN-OS: Impact of NAT Slipstream v1.0 and v2.0 Attacks
PAN-OS
none
all
2021-02-102021-02-12
0CVE-2021-3156 Informational: Impact of Sudo Vulnerability CVE-2021-3156
Prisma Cloud compute
PAN-OS
CloudGenix
none
none
none
all
all
all
2021-02-102021-02-10
4.4CVE-2021-3032 PAN-OS: Configuration secrets for log forwarding may be logged in system logs
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.12
< 8.1.18
>= 10.0.1
>= 9.1.4
>= 9.0.12
>= 8.1.18
2021-01-132021-01-13
4.3CVE-2021-3031 PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.1.5 on PA-220, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
< 9.0.12 on PA-220, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
< 8.1.18 on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
8.0.* on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
7.1.* on PA-200, PA-220, PA-500, PA-5000 Series, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series
10.0.*
>= 9.1.5
>= 9.0.12
>= 8.1.18
none
none
2021-01-132021-01-19
0PAN-SA-2021-0001 Informational: Cortex XSOAR: Impact of Golang XML parsing vulnerabilities
Cortex XSOAR 6.0
Cortex XSOAR 5.5
< 6.0.2
none
>= 6.0.2
5.5.*
2021-01-132021-01-13
7.8CVE-2020-2049 Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation
Cortex XDR Agent 7.2
Cortex XDR Agent 7.1
Cortex XDR Agent 7.0
Cortex XDR Agent 6.1
7.2.* without content update 150 on Windows
7.1.* without content update 150 on Windows
none
none
7.2.* with content update 150 on Windows
7.1.* with content update 150 on Windows
7.0.* with latest content on Windows
6.1.* with latest content on Windows
2020-12-092020-12-09
5.5CVE-2020-2020 Cortex XDR Agent: Exceptional condition denial-of-service (DoS)
Cortex XDR Agent 7.2
Cortex XDR Agent 7.1
Cortex XDR Agent 7.0
Cortex XDR Agent 6.1
Cortex XDR Agent 5.0
none
< 7.1.2
< 7.0.3
< 6.1.7
< 5.0.10
>= 7.2.0
>= 7.1.2
>= 7.0.3
>= 6.1.7
>= 5.0.10
2020-12-092020-12-09
0PAN-SA-2020-0011 Informational: Impact of OpenSSL vulnerability CVE-2020-1971
PAN-OS
GlobalProtect App
Cortex XSOAR
none
none
none
all
all
all
2020-12-092020-12-09
8.2 NCVE-2020-2050 PAN-OS: Authentication bypass vulnerability in GlobalProtect client certificate verification
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.5
< 9.0.11
< 8.1.17
>= 10.0.1
>= 9.1.5
>= 9.0.11
>= 8.1.17
2020-11-112020-11-19
7.5CVE-2020-2022 PAN-OS: Panorama session disclosure during context switch into managed device
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.5
< 9.0.11
< 8.1.17
10.0.*
>= 9.1.5
>= 9.0.11
>= 8.1.17
2020-11-112020-11-11
7.2CVE-2020-2000 PAN-OS: OS command injection and memory corruption vulnerability
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.10
< 8.1.16
>= 10.0.1
>= 9.1.4
>= 9.0.10
>= 8.1.16
2020-11-112020-11-13
5.3 NCVE-2020-1999 PAN-OS: Threat signatures are evaded by specifically crafted packets
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
PAN-OS 7.1
none
< 9.1.5
< 9.0.11
< 8.1.17
8.0.*
7.1.*
10.0.*
>= 9.1.5
>= 9.0.11
>= 8.1.17
none
none
2020-11-112020-11-13
3.3CVE-2020-2048 PAN-OS: System proxy passwords may be logged in clear text while viewing system state
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.2
< 9.0.11
< 8.1.17
10.0.*
>= 9.1.2
>= 9.0.11
>= 8.1.17
2020-11-112020-11-11
0PAN-SA-2020-0010 Informational: Cortex XSOAR: Impact of Linux and Docker vulnerabilities on Cortex XSOAR
Cortex XSOAR all
none
all
2020-10-142020-10-14
9.8 NCVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
none
< 9.1.3
< 9.0.9
< 8.1.15
8.0.*
>= 10.0.0
>= 9.1.3
>= 9.0.9
>= 8.1.15
none
2020-09-092020-09-10
8.8CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
none
< 9.0.9
< 8.1.16
>= 10.0.0
>= 9.1.0
>= 9.0.9
>= 8.1.16
2020-09-092021-02-12
7.5 NCVE-2020-2041 PAN-OS: Management web interface denial-of-service (DoS)
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
none
none
none
< 8.1.16
8.0.*
10.0.*
9.1.*
9.0.*
>= 8.1.16
none
2020-09-092020-09-09
7.2CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.10
none
>= 10.0.1
>= 9.1.4
>= 9.0.10
8.1.*
2020-09-092021-02-12
7.2CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.3
< 9.0.10
< 8.1.16
>= 10.0.0
>= 9.1.3
>= 9.0.10
>= 8.1.16
2020-09-092021-02-12
7.2CVE-2020-2042 PAN-OS: Buffer overflow in the management web interface
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
none
none
none
>= 10.0.1
9.1.*
9.0.*
8.1.*
2020-09-092020-09-09
5.3 NCVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
< 10.0.1
< 9.1.4
< 9.0.10
< 8.1.16
>= 10.0.1
>= 9.1.4
>= 9.0.10
>= 8.1.16
2020-09-092021-02-12
3.3CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
PAN-OS 8.0
< 9.1.3
< 9.0.10
< 8.1.16
8.0.*
>= 9.1.3
>= 9.0.10
>= 8.1.16
none
2020-09-092020-09-09
3.3CVE-2020-2043 PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
none
< 9.1.4
< 9.0.10
< 8.1.16
>= 10.0.0
>= 9.1.4
>= 9.0.10
>= 8.1.16
2020-09-092020-09-09
1 - 25 of 244 Download
N = Exploitable over the network with low complexity, unauthenticated attack.
© 2020 Palo Alto Networks, Inc. All rights reserved.