CVSS: 4.3EPSS: 2%CPEs: 24EXPL: 0CVE-2020-8216
https://notcve.org/view.php?id=CVE-2020-8216
30 Jul 2020 — An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. Una vulnerabilidad de divulgación de información en la reunión de Pulse Connect Secure versiones anteriores a 9.1R8, permitió a usuarios finales autenticados encontrar detalles de la reunión, si conocen el ID de Reunión • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8217
https://notcve.org/view.php?id=CVE-2020-8217
30 Jul 2020 — A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R8, permitió a atacantes explotar en la URL usada por Citrix ICA • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 24EXPL: 0CVE-2020-8206
https://notcve.org/view.php?id=CVE-2020-8206
30 Jul 2020 — An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. Se presenta una vulnerabilidad de autenticación inapropiada en Pulse Connect Secure versiones anteriores a 9.1RB, que permite a un atacante con credenciales primarias de los usuarios omitir el TOTP de Google • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 91%CPEs: 24EXPL: 2CVE-2020-8218 – Pulse Connect Secure Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-8218
30 Jul 2020 — A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. Se presenta una vulnerabilidad de inyección de código en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante diseñar un URI para llevar a cabo una ejecución de código arbitraria por medio de la interfaz web de administración A code injection vulnerability exists in Pulse Connect Secure that allows an attacke... • https://github.com/withdk/pulse-gosecure-rce-poc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-12880
https://notcve.org/view.php?id=CVE-2020-12880
27 Jul 2020 — An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.) Se detectó un problema en Pulse Policy Se... • https://kb.pulsesecure.net/?atype=sa •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2020-11580
https://notcve.org/view.php?id=CVE-2020-11580
06 Apr 2020 — An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. Se detectó un problema en Pulse Secure Pulse Connect Secure (PCS) hasta el 06-04-2020. El applet en el archivo tncc.jar, ejecutado en clientes macOS, Linux y Solaris cuando se aplica una política Host Checker, acepta un certificado de tipo SSL arbitrario. • https://git.lsd.cat/g/pulse-host-checker-rce • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 9%CPEs: 97EXPL: 0CVE-2019-11509
https://notcve.org/view.php?id=CVE-2019-11509
03 Jun 2019 — In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance. En Pulse Secure Pulse Secure Connect (PCS) anterior de la versión 8.1R15.1, 8.2 anterior de la versión 8.2R12.1, 8.3 a... • https://kb.pulsesecure.net/?atype=sa •
CVSS: 8.0EPSS: 27%CPEs: 97EXPL: 2CVE-2019-11542
https://notcve.org/view.php?id=CVE-2019-11542
26 Apr 2019 — In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow. En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX ant... • http://www.securityfocus.com/bid/108073 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 93%CPEs: 97EXPL: 7CVE-2019-11539 – Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-11539
26 Apr 2019 — In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, versiones 8.2RX anterio... • https://packetstorm.news/files/id/155277 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 3%CPEs: 96EXPL: 0CVE-2018-20809
https://notcve.org/view.php?id=CVE-2018-20809
16 Mar 2019 — A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. Un mensaje manipulado puede provocar que el servidor web se bloquee con Pulse Secure Pulse Connect Secure (PCS) versión 8.3RX en versiones anteriores a 8.3R5 y Pulse Policy Secure versión 5.4RX versiones anteriores a 5.4R5. Esto no es aplicable a PCS versión 8.1RX. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-20: Improper Input Validation •