CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2022-35254
https://notcve.org/view.php?id=CVE-2022-35254
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. Un atacante no autenticado puede provocar una Denegación de Servicio (DoS) a los siguientes productos: Ivanti Connect Secure (ICS) en versiones anteriores a 9.1R14.3, 9.1R15.2, 9.1R16.2 y 22.2R4, Ivanti Policy Secure (IPS ) en versiones anteriores a 9.1R17 y 22.3R1, e Ivanti Neurons for Zero-Trust Access en versiones anteriores a 22.3R1. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2022-35258
https://notcve.org/view.php?id=CVE-2022-35258
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. Un atacante no autenticado puede provocar una Denegación de Servicio (DoS) a los siguientes productos: Ivanti Connect Secure (ICS) en versiones anteriores a 9.1R14.3, 9.1R15.2, 9.1R16.2 y 22.2R4, Ivanti Policy Secure (IPS ) en versiones anteriores a 9.1R17 y 22.3R1, e Ivanti Neurons for Zero-Trust Access en versiones anteriores a 22.3R1. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW • CWE-128: Wrap-around Error CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 97%CPEs: 91EXPL: 0CVE-2019-11477 – Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs
https://notcve.org/view.php?id=CVE-2019-11477
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. Jonathan Looney detectó que el valor TCP_SKB_CB(skb)-mayor que tcp_gso_segs estuvo sujeto a un desbordamiento de enteros en el kernel de Linux durante el manejo del Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podría usar esto para causar una denegación de servicio. • http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en http://www.openwall.com/lists/oss-security/2019/06/20/3 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss&# • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 96%CPEs: 90EXPL: 0CVE-2019-11478 – SACK can cause extensive memory use via fragmented resend queue
https://notcve.org/view.php?id=CVE-2019-11478
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. Jonathan Looney descubrió que la implementación de la cola de retransmisión de TCP en tcp_fragment en el kernel de Linux podría estar fragmentada cuando se manejan ciertas secuencias de Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podría usar esto para causar una denegación de servicio. • http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists& • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 4%CPEs: 115EXPL: 2CVE-2019-11508
https://notcve.org/view.php?id=CVE-2019-11508
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. En Pulse Secure Pulse Connect Connect (PCS) versión anterior a 8.1R15.1, versión 8.2 anterior a 8.2 R12.1, versión 8.3 anterior a 8.3R7.1 y versión 9.0 anteior a 9.0R3.4, un atacante identificado (por medio de la interfaz web de administrador) puede operar un salto de directorio para ejecutar código arbitrario en el dispositivo. • http://www.securityfocus.com/bid/108073 https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://www.kb.cert.org/vuls/id/927237 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •