CVSS: 7.2EPSS: 2%CPEs: 41EXPL: 0CVE-2021-22900 – Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2021-22900
27 May 2021 — A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. Una vulnerabilidad permitió múltiples cargas sin restricciones en Pulse Connect Secure versiones anteriores a 9.1R11.4, que podrían conllevar a un administrador autenticado llevar a cabo una escritura de archivo por medio de una carga de archivo diseñada con fines ma... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 10.0EPSS: 41%CPEs: 42EXPL: 0CVE-2021-22899 – Ivanti Pulse Connect Secure Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-22899
27 May 2021 — A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature Se presenta una vulnerabilidad de inyección de comandos en Pulse Connect Secure antes de 9.1R11.4 que permite a un atacante autenticado remoto llevar a cabo una ejecución de código remota por medio de Windows Resource Profiles Feature Ivanti Pulse Connect Secure contains a command injection vulnerability that allows rem... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 49%CPEs: 41EXPL: 0CVE-2021-22894 – Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-22894
27 May 2021 — A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Se presenta una vulnerabilidad de Desbordamiento del Búfer en Pulse Connect Secure versiones anteriores a 9.1R11.4, permite a un atacante autenticado remoto ejecutar código arbitrario como usuario root por medio de una sala de reuniones diseñada con fines maliciosos Ivanti Pulse Connect Secure Collaboration Suit... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 34%CPEs: 26EXPL: 0CVE-2021-22908
https://notcve.org/view.php?id=CVE-2021-22908
27 May 2021 — A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default. Se presenta una vulnerabilidad de Desbordamiento del Búfer en Windows File Resource Profiles versión 9.X, que permite a un usuario autenticado remoto con privilegios para explorar recursos compartidos SMB ejecutar código arbitrario como usuario root.&#... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2021-31922
https://notcve.org/view.php?id=CVE-2021-31922
14 May 2021 — An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. Una vulnerabilidad de contrabando de solicitudes HTTP en Pulse Secure Virtual Traffic Manager antes de la versión 21.1 podría permitir a un atacante contrabandear una solicitud HTTP a través de un encabezado HTTP/2. Esta vulnerabilidad está resuelta en 21.1, ... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44790 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 2.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-22887
https://notcve.org/view.php?id=CVE-2021-22887
16 Mar 2021 — A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device. Una vulnerabilidad en el BIOS de los modelos Pulse Secure (hardware de la serie PSA) PSA5000 y PSA7000, podría permitir a un atacante comprometer el firmware del BIOS. Esta vulnerabilidad solo puede ser explotada como ... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712 • CWE-506: Embedded Malicious Code •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8263
https://notcve.org/view.php?id=CVE-2020-8263
28 Oct 2020 — A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) por medio del archivo CGI • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2020-8262
https://notcve.org/view.php?id=CVE-2020-8262
28 Oct 2020 — A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones por debajo de 9.1R9, podría permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) y Redireccionamiento Abierto para la interfaz de usuario web autenticada • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2020-8261
https://notcve.org/view.php?id=CVE-2020-8261
28 Oct 2020 — A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones anteriores a 9.1R9, es vulnerable a una inyección de cookies arbitraria • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 72%CPEs: 15EXPL: 2CVE-2020-8260 – Ivanti Pulse Connect Secure Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8260
28 Oct 2020 — A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. Una vulnerabilidad en la interfaz web de administración en Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a un atacante autenticado llevar a cabo una ejecución de código arbitraria usando una extracción gzip no controlada Pulse Connect Secure contains an unspecified vulnerability that allows an authenticat... • https://packetstorm.news/files/id/160619 • CWE-434: Unrestricted Upload of File with Dangerous Type •