Lucene search
+L

530 matches found

CVE
CVE
added 2021/06/10 12:33 p.m.49 views

CVE-2021-3040

Summary: CVE-2021-3040 describes an unsafe deserialization vulnerability in Bridgecrew Checkov (Prisma Cloud) that enables arbitrary code execution when processing a malicious Terraform file. The issue affects Checkov 2.0 versions earlier than 2.0.139; Checkov 1.0 is not affected. Affected softwa...

7.2CVSS7.1AI score0.01295EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/10 12:33 p.m.36 views

CVE-2021-3040 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted...

6.7CVSS7.5AI score0.01295EPSS
Exploits0References1
CVE
CVE
added 2021/06/10 12:33 p.m.49 views

CVE-2021-3039

CVE-2021-3039 affects Palo Alto Networks Prisma Cloud Compute Console. The issue is an information exposure where a secret used to authorize the authenticated user’s role is logged to a debug log file, enabling an authenticated Operator or Auditor with log access to potentially elevate to Adminis...

5.5CVSS4.1AI score0.00537EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2021/06/09 4:0 p.m.67 views

Prisma Cloud Compute: User role authorization secret for Console leaked through log file export

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...

3.8CVSS3AI score0.00537EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2021/06/09 4:0 p.m.57 views

Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted. Work around: Do not run Checkov on...

7.2CVSS6AI score0.01295EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/09 12:0 a.m.7 views

Palo Alto Networks Prisma Cloud 日志信息泄露漏洞

Palo Alto Networks Prisma Cloud is a comprehensive cloud-native security platform from US-based Palo Alto Networks, Inc. provides cloud security services. Palo Alto Networks Prisma Cloud Compute suffers from a log information disclosure vulnerability that originates when a secret used to authoriz...

5.5CVSS5.3AI score0.00537EPSS
Exploits0References3
NVD
NVD
added 2021/04/29 5:15 p.m.22 views

CVE-2021-21415

Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...

7.8CVSS0.02098EPSS
Exploits0References4
OSV
OSV
added 2021/04/29 5:15 p.m.19 views

CVE-2021-21415

Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...

7.8CVSS7.5AI score
Exploits0References4
Prion
Prion
added 2021/04/29 5:15 p.m.17 views

Remote code execution

Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...

6.8CVSS7.8AI score0.02098EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/04/29 4:50 p.m.38 views

CVE-2021-21415 Visual Studio Code Prisma Extension Remote Code Execution Vulnerability

Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...

7.8CVSS8.1AI score0.02098EPSS
Exploits0References4
CVE
CVE
added 2021/04/29 4:50 p.m.50 views

CVE-2021-21415

CVE-2021-21415 concerns the Prisma VS Code extension for Prisma schema files. The vulnerability allows remote code execution when a user has a custom binary path for the Prisma format binary (for example via .vscode/settings.json with prismaFmtBinPath). This binary is executed during auto-formatt...

7.8CVSS7.9AI score0.02098EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/04/29 1:15 a.m.27 views

CVE-2021-21414

Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable...

7.7CVSS0.02073EPSS
Exploits0References3
OSV
OSV
added 2021/04/29 1:15 a.m.13 views

CVE-2021-21414

Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable...

7.2CVSS7.7AI score
Exploits0References3
Prion
Prion
added 2021/04/29 1:15 a.m.19 views

Remote code execution

Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable...

6.5CVSS7.4AI score0.02073EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/04/29 12:45 a.m.20 views

CVE-2021-21414 Command injection vulnerability in @prisma/sdk in getPackedPackage function

Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable...

7.7CVSS8.2AI score0.02073EPSS
Exploits0References3
CVE
CVE
added 2021/04/29 12:45 a.m.87 views

CVE-2021-21414

The CVE-2021-21414 entry concerns Prisma’s @prisma/sdk, specifically the getPackedPackage function, where untrusted input could lead to OS command injection and remote code execution. The vulnerability was identified across multiple records and is mitigated by patches in @prisma/sdk version 2.20....

7.7CVSS7.4AI score0.02073EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.4 views

Prisma VS Code extension 安全漏洞

Prisma VS Code extension is a code extension that can perform syntax highlighting, formatting, renaming, quick fixes, etc. for prisma files. A security vulnerability exists in Prisma VS Code extension, which can be exploited for remote code execution...

7.8CVSS7.9AI score0.02098EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/04/29 12:0 a.m.4 views

PT-2021-14490 · Prisma · Prisma Vs Code

Name of the Vulnerable Software and Affected Versions: Prisma VS Code versions prior to 2.20.0 Description: This issue is a Remote Code Execution vulnerability. It affects the Prisma VS Code extension when a custom binary path for the Prisma format binary is set in VS Code Settings, for example,...

7.8CVSS7.7AI score0.02098EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/04/28 12:0 a.m.5 views

Prisma 操作系统命令注入漏洞

Prism is an application from the US-based individual developers of Prism. It is a lightweight, extensible syntax highlighting tool. Prisma suffers from an operating system command injection vulnerability that can be exploited by an attacker to cause remote code execution...

7.7CVSS6.4AI score0.02073EPSS
Exploits0References4
NVD
NVD
added 2021/04/20 4:15 a.m.29 views

CVE-2021-3035

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted...

7.2CVSS0.01295EPSS
Exploits0References1
Rows per page
Query Builder