Export limit exceeded: 79414 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79414 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3063 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.5 High |
| An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h4; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8-h4; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers are not impacted by this issue. | ||||
| CVE-2021-3062 | 1 Paloaltonetworks | 2 Pan-os, Vm-series Firewall | 2024-11-21 | 8.1 High |
| An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue. | ||||
| CVE-2021-3060 | 1 Paloaltonetworks | 2 Pan-os, Prisma Access | 2024-11-21 | 8.1 High |
| An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue. | ||||
| CVE-2021-3059 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.1 High |
| An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 Preferred or Prisma Access 2.1 Innovation firewalls are impacted by this issue. | ||||
| CVE-2021-3058 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.8 High |
| An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does not impact Prisma Access firewalls. | ||||
| CVE-2021-3057 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 8.1 High |
| A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux. | ||||
| CVE-2021-3056 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.8 High |
| A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue. | ||||
| CVE-2021-3054 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.2 High |
| A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This issue does not affect Prisma Access. | ||||
| CVE-2021-3053 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.5 High |
| An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access. | ||||
| CVE-2021-3052 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8 High |
| A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access. | ||||
| CVE-2021-3051 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2024-11-21 | 8.1 High |
| An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances. | ||||
| CVE-2021-3050 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.8 High |
| An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue. | ||||
| CVE-2021-3043 | 1 Paloaltonetworks | 1 Prisma Cloud | 2024-11-21 | 7.5 High |
| A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439. | ||||
| CVE-2021-3042 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-11-21 | 7.8 High |
| A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent. | ||||
| CVE-2021-3041 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-11-21 | 7.8 High |
| A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version. | ||||
| CVE-2021-3025 | 1 Invisioncommunity | 1 Ips Community Suite | 2024-11-21 | 8.8 High |
| Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php). | ||||
| CVE-2021-3020 | 1 Clusterlabs | 1 Hawk | 2024-11-21 | 8.8 High |
| An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root. | ||||
| CVE-2021-3019 | 1 Lanproxy Project | 1 Lanproxy | 2024-11-21 | 7.5 High |
| ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet. | ||||
| CVE-2021-3017 | 1 Intelbras | 4 Win 300, Win 300 Firmware, Wrn 342 and 1 more | 2024-11-21 | 7.5 High |
| The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. | ||||
| CVE-2021-3006 | 1 Seal Finance Project | 1 Seal Finance | 2024-11-21 | 7.5 High |
| The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021. | ||||