CVE-2018-18284 – ghostscript: 1Policy operator allows a sandbox protection bypass
https://notcve.org/view.php?id=CVE-2018-18284
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Artifex Ghostscript 9.25 y anteriores permite que los atacantes omitan un mecanismo de protección de sandbox mediante vectores relacionados con el operador 1Policy. • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b http://www.openwall.com/lists/oss-security/2018/10/16/2 http://www.securityfocus.com/bid/107451 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1696 https://bugs.ghostscript.com/show_bug.cgi?id=699963 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html https: •
CVE-2018-7572
https://notcve.org/view.php?id=CVE-2018-7572
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs. Pulse Secure Client 9.0R1 y versiones 5.3RX anteriores a la 5.3R5, al configurarse para autenticar a usuarios VPN durante el inicio de sesión en Windows, puede permitir que los atacantes omitan la autenticación de Windows y ejecuten comandos en el sistema con los privilegios de Pulse Secure Client. El atacante debe interrumpir la red del cliente y desencadenar una conexión a un servidor proxy manipulado con un certificado SSL no válido que permite el acceso certification-manager. Esto conduce a la capacidad de navegar por archivos locales y ejecutar programas locales. • https://www.mdsec.co.uk/2018/09/advisory-cve-2018-7572-pulse-secure-client-authentication-bypass • CWE-287: Improper Authentication •
CVE-2018-15865
https://notcve.org/view.php?id=CVE-2018-15865
The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. Pulse Secure Desktop (macOS) tiene una vulnerabilidad de escalada de privilegios. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 •
CVE-2018-15749
https://notcve.org/view.php?id=CVE-2018-15749
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. Pulse Secure Desktop (macOS), en versiones 5.3RX anteriores a la 5.3R5 y versión 9.0R1, tiene una vulnerabilidad de cadena de formato. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-134: Use of Externally-Controlled Format String •
CVE-2018-14366
https://notcve.org/view.php?id=CVE-2018-14366
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. download.cgi en Pulse Secure Pulse Connect Secure, en versiones 8.1RX anteriores a la 8.1R13 y versiones 8.3RX anteriores a la 8.3R4; y Pulse Policy Secure hasta versiones 5.2RX anteriores a la 5.2R10 y versiones 5.4RX anteriores a la 5.4R4 tienen una vulnerabilidad de redirección abierta. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •