CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2021-22936
https://notcve.org/view.php?id=CVE-2021-22936
16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un actor de amenazas llevar a cabo un ataque de tipo cross-site script contra un administrador autenticado por medio de un parámetro web no digitalizado. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 6%CPEs: 13EXPL: 0CVE-2021-22935
https://notcve.org/view.php?id=CVE-2021-22935
16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un administrador autenticado llevar a cabo una inyección de comandos por medio de un parámetro web no saneado. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 4%CPEs: 13EXPL: 0CVE-2021-22934
https://notcve.org/view.php?id=CVE-2021-22934
16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un administrador autenticado o a un dispositivo Pulse Connect Secure comprometido en una configuración de carga equilibrada llevar a cabo un desbordamiento del búfer por medio de u... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 6%CPEs: 13EXPL: 0CVE-2021-22938
https://notcve.org/view.php?id=CVE-2021-22938
16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podía permitir a un administrador autenticado llevar a cabo una inyección de comandos por medio de un parámetro web no saneado en la consola web del administrador. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 6%CPEs: 13EXPL: 0CVE-2021-22933
https://notcve.org/view.php?id=CVE-2021-22933
16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un administrador autenticado llevar a cabo una eliminación de archivos arbitraria por medio de una petición web maliciosamente diseñada. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 2%CPEs: 41EXPL: 0CVE-2021-22900 – Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2021-22900
27 May 2021 — A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. Una vulnerabilidad permitió múltiples cargas sin restricciones en Pulse Connect Secure versiones anteriores a 9.1R11.4, que podrían conllevar a un administrador autenticado llevar a cabo una escritura de archivo por medio de una carga de archivo diseñada con fines ma... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 10.0EPSS: 41%CPEs: 42EXPL: 0CVE-2021-22899 – Ivanti Pulse Connect Secure Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-22899
27 May 2021 — A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature Se presenta una vulnerabilidad de inyección de comandos en Pulse Connect Secure antes de 9.1R11.4 que permite a un atacante autenticado remoto llevar a cabo una ejecución de código remota por medio de Windows Resource Profiles Feature Ivanti Pulse Connect Secure contains a command injection vulnerability that allows rem... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 49%CPEs: 41EXPL: 0CVE-2021-22894 – Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-22894
27 May 2021 — A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Se presenta una vulnerabilidad de Desbordamiento del Búfer en Pulse Connect Secure versiones anteriores a 9.1R11.4, permite a un atacante autenticado remoto ejecutar código arbitrario como usuario root por medio de una sala de reuniones diseñada con fines maliciosos Ivanti Pulse Connect Secure Collaboration Suit... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 34%CPEs: 26EXPL: 0CVE-2021-22908
https://notcve.org/view.php?id=CVE-2021-22908
27 May 2021 — A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default. Se presenta una vulnerabilidad de Desbordamiento del Búfer en Windows File Resource Profiles versión 9.X, que permite a un usuario autenticado remoto con privilegios para explorar recursos compartidos SMB ejecutar código arbitrario como usuario root.&#... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 93%CPEs: 36EXPL: 4CVE-2021-22893 – Ivanti Pulse Connect Secure Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-22893
23 Apr 2021 — Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. Pulse Connect Secure versiones 9.0R3/9.1R1 y posteriores, es susceptible a una vulnerabilidad de omisión de autenticación expuesta por l... • https://github.com/Mad-robot/CVE-2021-22893 • CWE-287: Improper Authentication CWE-416: Use After Free •