CVSS: 10.0EPSS: 93%CPEs: 36EXPL: 4CVE-2021-22893 – Ivanti Pulse Connect Secure Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-22893
23 Apr 2021 — Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. Pulse Connect Secure versiones 9.0R3/9.1R1 y posteriores, es susceptible a una vulnerabilidad de omisión de autenticación expuesta por l... • https://github.com/Mad-robot/CVE-2021-22893 • CWE-287: Improper Authentication CWE-416: Use After Free •
CVSS: 8.8EPSS: 9%CPEs: 97EXPL: 0CVE-2019-11509
https://notcve.org/view.php?id=CVE-2019-11509
03 Jun 2019 — In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance. En Pulse Secure Pulse Secure Connect (PCS) anterior de la versión 8.1R15.1, 8.2 anterior de la versión 8.2R12.1, 8.3 a... • https://kb.pulsesecure.net/?atype=sa •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 2CVE-2019-11507
https://notcve.org/view.php?id=CVE-2019-11507
08 May 2019 — In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. En Pulse Secure Pulse Connect Secure (PCS) 8.3.x versiones anteriores a 8.3R7.1 y 9.0.x anteriores a 9.0R3, se ha encontrado un problema de XSS en la página Application Launcher. • http://www.securityfocus.com/bid/108073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 6%CPEs: 115EXPL: 2CVE-2019-11508
https://notcve.org/view.php?id=CVE-2019-11508
08 May 2019 — In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. En Pulse Secure Pulse Connect Connect (PCS) versión anterior a 8.1R15.1, versión 8.2 anterior a 8.2 R12.1, versión 8.3 anterior a 8.3R7.1 y versión 9.0 anteior a 9.0R3.4, un atacante identificado (por medio de la interfaz web de administrador) puede opera... • http://www.securityfocus.com/bid/108073 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 94%CPEs: 37EXPL: 16CVE-2019-11510 – Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2019-11510
08 May 2019 — In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . En Pulse Secure Pulse Connect Secure (PCS) versión 8.2 en versiones anteriores a la 8.2R12.1, versión 8.3 en versiones anteriores a la 8.3R7.1 y versión 9.0 en versiones anteriores a la 9.0R3.4, un atacante remoto no autenticado puede enviar una URI especialmente diseñado para reali... • https://packetstorm.news/files/id/154176 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 44EXPL: 0CVE-2019-11543
https://notcve.org/view.php?id=CVE-2019-11543
26 Apr 2019 — XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. Existe una vulnerabilidad Cross-site scripting (XSS), en la consola web de administración de Pulse Secure Pulse Connect Secure (PCS) versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, y versiones 8.1RX anteriores a 8.1R15.1; Pulse Policy Secur... • http://www.securityfocus.com/bid/108073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 27%CPEs: 97EXPL: 2CVE-2019-11542
https://notcve.org/view.php?id=CVE-2019-11542
26 Apr 2019 — In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow. En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX ant... • http://www.securityfocus.com/bid/108073 • CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 1%CPEs: 23EXPL: 0CVE-2019-11541
https://notcve.org/view.php?id=CVE-2019-11541
26 Apr 2019 — In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks. En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1 y versiones 8.2RX anteriores a 8.2R12.1, los usuarios que utilizan la autenticación SAML con la opción Reuse Existing NC (Pulse), pueden tener fugas de autenticación. • http://www.securityfocus.com/bid/108073 •
CVSS: 9.8EPSS: 22%CPEs: 26EXPL: 2CVE-2019-11540
https://notcve.org/view.php?id=CVE-2019-11540
26 Apr 2019 — In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack. En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4 y versiones 8.3RX anteriores a 8.3R7.1 y Pulse Policy Secure versiones 9.0RX anteriores a 9.0R3.2 y versiones 5.4RX anteriores a 5.4R7.1, un atacante remoto no autenticado puede llevar a cabo ... • http://www.securityfocus.com/bid/108073 •
CVSS: 8.0EPSS: 93%CPEs: 97EXPL: 7CVE-2019-11539 – Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-11539
26 Apr 2019 — In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, versiones 8.2RX anterio... • https://packetstorm.news/files/id/155277 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •