Slándáil Research:
Feeds
Feeds
Search
Search Engine
Feed: Palo Alto Advisories
Link
CVE-2024-3400 PAN-OS: Arbitrary File Write Leads to OS Command Injection Vulnerability in GlobalProtect (Severity: CRITICAL)
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect (Severity: CRITICAL)
CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect (Severity: CRITICAL)
CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway (Severity: CRITICAL)
CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended (Severity: MEDIUM)
CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN (Severity: MEDIUM)
CVE-2024-3383 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) (Severity: HIGH)
CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled (Severity: HIGH)
CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets (Severity: HIGH)
CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure (Severity: MEDIUM)
CVE-2024-3382 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets (Severity: HIGH)
CVE-2024-3094 Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) (Severity: NONE)
CVE-2023-48795 Impact of Terrapin SSH Attack (Severity: MEDIUM)
CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM)
CVE-2024-2431 GlobalProtect App: Local User Can Disable GlobalProtect (Severity: MEDIUM)
CVE-2024-2433 PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss (Severity: MEDIUM)
CVE-2024-0011 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication (Severity: MEDIUM)
PAN-SA-2024-0002 Impact of Leaky Vessels Vulnerabilities (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653) (Severity: NONE)
CVE-2024-0009 PAN-OS: Improper IP Address Verification in GlobalProtect Gateway (Severity: MEDIUM)
CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface (Severity: MEDIUM)
CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal (Severity: MEDIUM)
CVE-2024-0008 PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface (Severity: MEDIUM)
CVE-2023-48795 Impact of Terrapin SSH Attack (Severity: NONE)
CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials (Severity: MEDIUM)
CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface (Severity: MEDIUM)
CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator (Severity: MEDIUM)
CVE-2023-6789 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (Severity: MEDIUM)
CVE-2023-6790 PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface (Severity: HIGH)
CVE-2023-6795 PAN-OS: OS Command Injection Vulnerability in the Web Interface (Severity: MEDIUM)
CVE-2023-6792 PAN-OS: OS Command Injection Vulnerability in the XML API (Severity: MEDIUM)
CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine (Severity: MEDIUM)
CVE-2023-38545 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546) (Severity: NONE)
CVE-2023-44487 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) (Severity: NONE)
CVE-2023-3281 Cortex XSOAR: Cleartext Exposure of Client Certificate Key in Kafka v3 Integration (Severity: MEDIUM)
CVE-2023-4863 Impact of libwebp Vulnerability CVE-2023-4863 (Severity: NONE)
CVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software (Severity: HIGH)
CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent (Severity: MEDIUM)
PAN-SA-2023-0004 Informational Bulletin: Impact of TunnelCrack Vulnerabilities (CVE-2023-36671, CVE-2023-36672, CVE-2023-35838, and CVE-2023-36673) (Severity: NONE)
PAN-SA-2023-0004 Informational Bulletin: Impact of TunnelCrack Vulnerabilities (CVE-2023-36671 CVE-2023-36672 CVE-2023-35838 CVE-2023-36673) (Severity: NONE)
CVE-2023-0009 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: HIGH)
CVE-2023-38046 PAN-OS: Read System Files and Resources During Configuration Commit (Severity: MEDIUM)
PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) (Severity: NONE)
PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036) (Severity: NONE)
CVE-2023-0009 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM)
CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication (Severity: MEDIUM)
CVE-2020-1982 PAN-OS: TLS 1.0 usage for certain communications with Palo Alto Networks cloud delivered services (Severity: MEDIUM)
CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface (Severity: MEDIUM)
CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface (Severity: MEDIUM)
CVE-2023-0006 GlobalProtect App: Local File Deletion Vulnerability (Severity: MEDIUM)
CVE-2023-0005 PAN-OS: Exposure of Sensitive Information Vulnerability (Severity: MEDIUM)
CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability (Severity: MEDIUM)
PAN-SA-2023-0002 Informational Bulletin: Impact of Rorschach Ransomware (Severity: NONE)
CVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809 (Severity: NONE)
CVE-2023-0001 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password (Severity: MEDIUM)
CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User (Severity: MEDIUM)
CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server (Severity: MEDIUM)
PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 (Severity: NONE)
PAN-SA-2022-0007 Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 (Severity: NONE)
CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889 (Severity: NONE)
CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine (Severity: MEDIUM)
PAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602 (Severity: NONE)
PAN-SA-2022-0006 Impact of Critical OpenSSL 3.0 Vulnerability (Severity: NONE)
CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface (Severity: HIGH)
PAN-SA-2022-0005 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator (Severity: NONE)
PAN-SA-2022-0004 Informational: Cortex XDR Agent: Allow List is Visible to Low Privileged Users (Severity: NONE)
CVE-2022-28199 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199 (Severity: NONE)
CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File (Severity: MEDIUM)
CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering (Severity: HIGH)
PAN-SA-2022-0003 Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module (Severity: NONE)
CVE-2017-17841 ROBOT attack against PAN-OS (Severity: MEDIUM)
CVE-2022-0024 PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit (Severity: HIGH)
CVE-2022-0025 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM)
CVE-2022-0026 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM)
CVE-2022-0027 Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports (Severity: MEDIUM)
PAN-SA-2022-0002 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator (Severity: NONE)
PAN-SA-2022-0001 Cortex XDR Agent: Supervisor Password Hash Disclosure Vulnerability When Generating Support Files (Severity: LOW)
CVE-2022-0023 PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy (Severity: MEDIUM)
PAN-SA-2020-0007 Informational: Third-party or open source vulnerabilities that do not impact Palo Alto Networks Products (Severity: NONE)
CVE-2022-22963 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 (Severity: NONE)
CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 (Severity: HIGH)
CVE-2022-22963 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2010-1622 Bypass (Severity: NONE)
CVE-2021-44142 Informational: Impact of the Samba Vulnerability CVE-2021-44142 on PAN-OS (Severity: NONE)
CVE-2022-0022 PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes (Severity: MEDIUM)
CVE-2022-0016 GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication (Severity: HIGH)
CVE-2022-0016 GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon (Severity: HIGH)
CVE-2022-0017 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation (Severity: HIGH)
CVE-2022-0018 GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled (Severity: MEDIUM)
CVE-2022-0011 PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering (Severity: MEDIUM)
CVE-2022-0021 GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon (Severity: LOW)
CVE-2022-0020 Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface (Severity: MEDIUM)
CVE-2022-0019 GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux (Severity: MEDIUM)
CVE-2022-0015 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability (Severity: HIGH)
CVE-2022-0014 Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session (Severity: MEDIUM)
CVE-2022-0013 Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File (Severity: MEDIUM)
CVE-2022-0012 Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability (Severity: MEDIUM)
CVE-2021-44228 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 (Severity: CRITICAL)
CVE-2021-44228 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 (Severity: CRITICAL)
CVE-2021-44228 Impact of Log4j Vulnerability CVE-2021-44228 and CVE-2021-45046 (Severity: CRITICAL)
CVE-2021-44228 Impact of Log4j Vulnerability CVE-2021-44228 (Severity: CRITICAL)
CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (Severity: NONE)
CVE-2021-41617 Informational: Impact of the OpenSSH Vulnerability CVE-2021-41617 on PAN-OS (Severity: NONE)
CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication (Severity: HIGH)
CVE-2021-3062 PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users (Severity: HIGH)
CVE-2021-3060 PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP) (Severity: HIGH)
CVE-2021-3059 PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates (Severity: HIGH)
CVE-2021-3058 PAN-OS: OS Command Injection Vulnerability in Web Interface XML API (Severity: HIGH)
CVE-2021-3061 PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI) (Severity: MEDIUM)
CVE-2021-3063 PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces (Severity: HIGH)
CVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces (Severity: CRITICAL)
CVE-2021-3057 GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway (Severity: HIGH)
CVE-2020-1968 PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968 (Severity: LOW)
CVE-2012-6590 Verbose Error Messages (Severity: LOW)
CVE-2021-3051 Cortex XSOAR: Authentication Bypass in SAML Authentication (Severity: HIGH)
CVE-2021-3055 PAN-OS: XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface (Severity: MEDIUM)
CVE-2021-3053 PAN-OS: Exceptional Condition Denial-of-Service (DoS) (Severity: HIGH)
CVE-2020-10188 PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188) (Severity: HIGH)
CVE-2021-3052 PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface (Severity: HIGH)
CVE-2021-3054 PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability (Severity: HIGH)
CVE-2021-3049 Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability (Severity: LOW)
CVE-2021-3045 PAN-OS: OS Command Argument Injection in Web Interface (Severity: MEDIUM)
CVE-2021-3046 PAN-OS: Improper SAML Authentication Vulnerability in GlobalProtect Portal (Severity: MEDIUM)
CVE-2021-26701 Informational: Impact of Microsoft PowerShell Vulnerability CVE-2021-26701 on Cortex XSOAR (Severity: NONE)
CVE-2021-3047 PAN-OS: Weak Cryptography Used in Web Interface Authentication (Severity: MEDIUM)
CVE-2021-3048 PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage (Severity: MEDIUM)
CVE-2021-3050 PAN-OS: OS Command Injection Vulnerability in Web Interface (Severity: HIGH)
CVE-2021-3042 Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation (Severity: HIGH)
CVE-2021-3043 Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console (Severity: HIGH)
CVE-2021-3044 Cortex XSOAR: Unauthorized Usage of the REST API (Severity: CRITICAL)
CVE-2021-3039 Prisma Cloud Compute: User role authorization secret for Console leaked through log file export (Severity: LOW)
CVE-2021-3040 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution (Severity: MEDIUM)
CVE-2021-3041 Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation (Severity: HIGH)
CVE-2020-2035 PAN-OS: URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions (Severity: LOW)
PAN-SA-2021-0003 Informational: Impact of the NAME:WRECK DNS vulnerabilities (Severity: NONE)
CVE-2021-3038 GlobalProtect App: Windows VPN kernel driver denial of service (DoS) (Severity: MEDIUM)
CVE-2021-3035 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution (Severity: MEDIUM)
CVE-2021-28041 PAN-OS: Informational: Impact of the OpenSSH vulnerability CVE-2021-28041 (Severity: NONE)
CVE-2021-3037 PAN-OS: Secrets for scheduled configuration exports are logged in system logs (Severity: LOW)
CVE-2021-3036 PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly (Severity: MEDIUM)
CVE-2021-3034 Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs (Severity: MEDIUM)
PAN-SA-2021-0002 Informational: PAN-OS: NAT slipstreaming v1.0 and v2.0 attacks (Severity: NONE)
CVE-2021-3033 Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console (Severity: CRITICAL)
CVE-2020-2000 PAN-OS: OS command injection and memory corruption vulnerability (Severity: HIGH)
CVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload (Severity: MEDIUM)
CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface (Severity: HIGH)
CVE-2021-3156 Informational: Impact of Sudo Vulnerability CVE-2021-3156 (Severity: NONE)
CVE-2020-27619 Informational: Impact of Python Test Suite Vulnerability CVE-2020-27619 (Severity: NONE)
CVE-2021-3031 PAN-OS: Information exposure in Ethernet data frame construction (Etherleak) (Severity: MEDIUM)
CVE-2021-3032 PAN-OS: Configuration secrets for log forwarding may be logged in system logs (Severity: MEDIUM)
PAN-SA-2021-0001 Informational: Cortex XSOAR: Impact of Golang XML parsing vulnerabilities (Severity: NONE)
PAN-SA-2020-0011 Informational: Impact of OpenSSL vulnerability CVE-2020-1971 (Severity: NONE)
![securit.ie Logo by clatrickparke[@]gmail.com](/static/slandail-logo.png){kind=logo}
Slándáil Research: Feeds