CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8254
https://notcve.org/view.php?id=CVE-2020-8254
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, presenta una Ejecución de Código Remota (RCE) si usuarios pueden ser convencidos a conectarse a un servidor malicioso. Esta vulnerabilidad solo afecta a Windows PDC. Para mejorar la seguridad de las conexiones entre los clientes Pulse y Pulse Connect Secure, véase la(s) siguiente(s) recomendación(es): Deshabilite el certificado confiable dinámico para PDC • https://github.com/mbadanoiu/CVE-2020-8254 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8240
https://notcve.org/view.php?id=CVE-2020-8240
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, permite que un usuario restringido en una máquina endpoint pueda usar privilegios de nivel system si el Embedded Browser está configurado con Credential Provider. Esta vulnerabilidad solo afecta Windows PDC si el Embedded Browser está configurado con el Credential Provider • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2020-8250
https://notcve.org/view.php?id=CVE-2020-8250
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales escalar privilegios • https://github.com/mbadanoiu/CVE-2020-8250 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8249
https://notcve.org/view.php?id=CVE-2020-8249
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales llevar a cabo un desbordamiento del búfer • https://github.com/mbadanoiu/CVE-2020-8249 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8248
https://notcve.org/view.php?id=CVE-2020-8248
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales escalar privilegios • https://github.com/mbadanoiu/CVE-2020-8248 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •