CVSS: 7.5EPSS: 3%CPEs: 14EXPL: 1CVE-2020-8241
https://notcve.org/view.php?id=CVE-2020-8241
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, podría permitir a un atacante llevar a cabo un ataque MITM si los usuarios finales con convencidos de conectarse a un servidor malicioso • https://github.com/withdk/pulse-secure-vpn-mitm-research •
CVSS: 4.9EPSS: 15%CPEs: 15EXPL: 0CVE-2020-8255
https://notcve.org/view.php?id=CVE-2020-8255
28 Oct 2020 — A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. Una vulnerabilidad en la interfaz web de administración Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a un atacante autenticado llevar a cabo una lectura de archivos arbitraria. La vulnerabilidad es corregida usando blacklisting de URL cifrada que impiden es... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8239
https://notcve.org/view.php?id=CVE-2020-8239
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, es vulnerable a un ataque de escalada de privilegios del registro del cliente. Esta corrección también requiere un Server Side Upgrade debido a Standalone Host Checker Client (Windows) y Windows... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •
CVSS: 8.8EPSS: 2%CPEs: 14EXPL: 1CVE-2020-8254
https://notcve.org/view.php?id=CVE-2020-8254
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, presenta una Ejecución de Código Remota (RCE) si usuarios pueden ser convencido... • https://github.com/mbadanoiu/CVE-2020-8254 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8240
https://notcve.org/view.php?id=CVE-2020-8240
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, permite que un usuario restringido en una máquina endpoint pueda usar privilegios de nivel system si el Embedded Brow... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2020-8250
https://notcve.org/view.php?id=CVE-2020-8250
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales escalar privilegios • https://github.com/mbadanoiu/CVE-2020-8250 •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8249
https://notcve.org/view.php?id=CVE-2020-8249
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales llevar a cabo un desbordamiento del búfer • https://github.com/mbadanoiu/CVE-2020-8249 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8248
https://notcve.org/view.php?id=CVE-2020-8248
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales escalar privilegios • https://github.com/mbadanoiu/CVE-2020-8248 •
CVSS: 3.8EPSS: 6%CPEs: 12EXPL: 0CVE-2020-8956
https://notcve.org/view.php?id=CVE-2020-8956
27 Oct 2020 — Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled. Pulse Secure Desktop Client versiones 9.0Rx anteriores a 9.0R5 y versiones 9.1Rx anteriores a 9.1R4 en Windows, revela unas contraseñas de unos usuarios si Save Settings está habilitado • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-521: Weak Password Requirements •
CVSS: 7.2EPSS: 7%CPEs: 27EXPL: 0CVE-2020-15352
https://notcve.org/view.php?id=CVE-2020-15352
27 Oct 2020 — An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Una vulnerabilidad de tipo XML external entity (XXE) en Pulse Connect Secure (PCS) versiones anteriores a 9.1R9 y Pulse Policy Secure (PPS) versiones anteriores a 9.1R9, permite a administradores autenticados remotos conducir ataques de tipo server-side req... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-611: Improper Restriction of XML External Entity Reference •