Lucene search
+L

531 matches found

Github Security Blog
Github Security Blog
added 2021/02/11 9:36 p.m.54 views

Token verification bug in next-auth

Impact Implementations using the Prisma database adapter with the Email provider are impacted. Implementations using the Prisma database adapter that are not using the Email provider are not impacted. Implementations using the default database adapter TypeORM with the Email provider are not...

6.1CVSS0.9AI score0.01667EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2021/02/10 6:15 p.m.17 views

CVE-2021-3033

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...

9.8CVSS0.01211EPSS
Exploits0References1
OSV
OSV
added 2021/02/10 6:15 p.m.6 views

CVE-2021-3033

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...

9.8CVSS7.3AI score0.01211EPSS
Exploits0References1
Prion
Prion
added 2021/02/10 6:15 p.m.12 views

Design/Logic Flaw

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...

7.5CVSS9.5AI score0.01211EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/10 5:35 p.m.31 views

CVE-2021-3033 Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...

9.1CVSS9.8AI score0.01211EPSS
Exploits0References1
CVE
CVE
added 2021/02/10 5:35 p.m.63 views

CVE-2021-3033

CVE-2021-3033 describes an improper verification of cryptographic signature in Palo Alto Networks Prisma Cloud Compute console that allows bypassing signature validation during SAML authentication, enabling login as any authorized user. Affected on-prem Prisma Cloud Compute versions 19.11, 20.04,...

9.8CVSS9.7AI score0.01211EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2021/02/10 5:0 p.m.153 views

Informational: Impact of Sudo Vulnerability CVE-2021-3156

Palo Alto Networks Product Security Assurance team has evaluated the Sudo software vulnerability CVE-2021-3156. PAN-OS software, Prisma Cloud compute, and Prisma SD-WAN CloudGenix devices do not include the Sudo program and, therefore, no scenarios required for successful exploitation exist in...

7.8CVSS8AI score0.99295EPSS
Exploits81References2
Palo Alto Networks
Palo Alto Networks
added 2021/02/10 5:0 p.m.58 views

Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...

9.8CVSS2.8AI score0.01211EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/10 12:0 a.m.11 views

Prisma Cloud Compute Data Forgery Issue Vulnerability

A data forgery issue vulnerability exists in Prisma Cloud Compute that arises from a network system or product that does not adequately validate the origin or authenticity of data. An attacker could exploit the falsified data to conduct an attack...

9.8CVSS7.3AI score0.01211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/07/09 12:0 a.m.37 views

Palo Alto Networks PAN-OS 8.x < 8.1.15 / 9.0.x < 9.0.9 / 9.1.x < 9.1.3 TLS 1.0 Usage Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.x prior to 8.1.15 or 9.0.x prior to 9.0.9 or 9.1.x prior to 9.1.3. It is, therefore, affected by a TLS 1.0 usage vulnerability. Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, whi...

5.8CVSS5.3AI score0.00421EPSS
Exploits0References3
NVD
NVD
added 2020/07/08 5:15 p.m.30 views

CVE-2020-2034

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

9.3CVSS0.06592EPSS
Exploits1References1
NVD
NVD
added 2020/07/08 5:15 p.m.20 views

CVE-2020-2030

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue doe...

9CVSS0.0253EPSS
Exploits0References1
Prion
Prion
added 2020/07/08 5:15 p.m.16 views

Design/Logic Flaw

Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitati...

5.8CVSS5AI score0.00421EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/07/08 5:15 p.m.31 views

Command injection

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

9.3CVSS9.3AI score0.06592EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/07/08 5:15 p.m.17 views

Command injection

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue doe...

9CVSS7.5AI score0.0253EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/08 4:35 p.m.38 views

CVE-2020-2034 PAN-OS: OS command injection vulnerability in GlobalProtect portal

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

8.1CVSS9.2AI score0.06592EPSS
Exploits1References1
CVE
CVE
added 2020/07/08 4:35 p.m.63 views

CVE-2020-1982

CVE-2020-1982 is a PAN-OS TLS 1.0 usage issue affecting PAN-OS 8.x (before 8.1.15), 9.0.x (before 9.0.9), and 9.1.x (before 9.1.3). The vulnerability involves certain PAN-OS to cloud-delivered services communications (Cortex Data Lake, Customer Support Portal, Prisma Access) using TLS 1.0. The re...

5.8CVSS5AI score0.00421EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/07/08 12:0 a.m.147 views

CVE-2020-2034 — PAN-OS: OS command injection vulnerability in GlobalProtect portal

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

10CVSS9.3AI score0.06592EPSS
In wildExploits2References2
The Coalfire Blog
The Coalfire Blog
added 2019/10/18 4:34 p.m.11 views

New News About the HITRUST Scoring Rubric and PRISMA Model

This is a high-level overview of the most significant changes about the updated HITRUST scoring rubric and PRISMA model that will affect all organizations using the HITRUST framework. It contains tips and guidance for how to prepare for upcoming HITRUST assessments. If you need a deeper dive into...

1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/10/16 2:10 a.m.10 views

cov.prisma-college.nl XSS vulnerability

Open Bug Bounty ID: OBB-686490 Description| Value ---|--- Affected Website:| cov.prisma-college.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

0.1AI score
Exploits0
Rows per page
Query Builder