CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8263
https://notcve.org/view.php?id=CVE-2020-8263
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) por medio del archivo CGI • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 3%CPEs: 15EXPL: 2CVE-2020-8260 – Ivanti Pulse Connect Secure Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8260
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. Una vulnerabilidad en la interfaz web de administración en Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a un atacante autenticado llevar a cabo una ejecución de código arbitraria usando una extracción gzip no controlada Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction. • http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 https://gist.github.com/rxwx/03a036d8982c9a3cead0c053cf334605 https://research.nccgroup.com/2020/10/26/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-gzip-extraction-cve-2020-8260 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/pulse_secure_gzip_rce.rb • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8241
https://notcve.org/view.php?id=CVE-2020-8241
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, podría permitir a un atacante llevar a cabo un ataque MITM si los usuarios finales con convencidos de conectarse a un servidor malicioso • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •
CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0CVE-2020-8255
https://notcve.org/view.php?id=CVE-2020-8255
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. Una vulnerabilidad en la interfaz web de administración Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a un atacante autenticado llevar a cabo una lectura de archivos arbitraria. La vulnerabilidad es corregida usando blacklisting de URL cifrada que impiden estos mensajes • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8239
https://notcve.org/view.php?id=CVE-2020-8239
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, es vulnerable a un ataque de escalada de privilegios del registro del cliente. Esta corrección también requiere un Server Side Upgrade debido a Standalone Host Checker Client (Windows) y Windows PDC • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •