Page 3 of 27 results (0.004 seconds)

CVSS: 8.0EPSS: 94%CPEs: 97EXPL: 7

CVE-2019-11539 – Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability

https://notcve.org/view.php?id=CVE-2019-11539

26 Apr 2019 — In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, versiones 8.2RX anterio... • https://packetstorm.news/files/id/155277 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0

CVE-2018-20810

https://notcve.org/view.php?id=CVE-2018-20810

16 Mar 2019 — Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. Los datos de sesión entre nodos del clúster durante la sincronización del clúster no están cifrados correctamente en Pulse Secure Pulse Connect Secure (PCS) 8.3RX antes de 8.3R2 y Pulse Policy Secure (PPS) 5.4RX antes de 5.4R2. Esto no ... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-326: Inadequate Encryption Strength •

CVSS: 7.5EPSS: 2%CPEs: 96EXPL: 0

CVE-2018-20809

https://notcve.org/view.php?id=CVE-2018-20809

16 Mar 2019 — A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. Un mensaje manipulado puede provocar que el servidor web se bloquee con Pulse Secure Pulse Connect Secure (PCS) versión 8.3RX en versiones anteriores a 8.3R5 y Pulse Policy Secure versión 5.4RX versiones anteriores a 5.4R5. Esto no es aplicable a PCS versión 8.1RX. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2018-20814

https://notcve.org/view.php?id=CVE-2018-20814

16 Mar 2019 — An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX. Se ha encontrado un fallo de Cross-Site Scripting (XSS) con Psaldownload.cgi en Pulse Secure Pulse Connect Secure (PCS) versión 8.3R2 anteriores a la 8.3R2 y Pulse Policy Secure (PPS) versión 5.4RX anteriores a la versión 5.4R2. Esto no es aplicable a PC versión 8.1RX o PPS 5.2RX. • http://www.securityfocus.com/bid/109033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 0

CVE-2018-14366

https://notcve.org/view.php?id=CVE-2018-14366

06 Sep 2018 — download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. download.cgi en Pulse Secure Pulse Connect Secure, en versiones 8.1RX anteriores a la 8.1R13 y versiones 8.3RX anteriores a la 8.3R4; y Pulse Policy Secure hasta versiones 5.2RX anteriores a la 5.2R10 y versiones 5.4RX anteriores a la 5.4R4 tienen una vulnerabilidad de redirección abierta. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.8EPSS: 5%CPEs: 18EXPL: 0

CVE-2018-6320

https://notcve.org/view.php?id=CVE-2018-6320

06 Sep 2018 — A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation. Se ha descubierto una vulnerabilidad en login.cgi en Pulse Secure Pulse Connect Secure (PCS) en versiones 8.1RX anteriores a la 8.1R12 y versiones 8.3RX anteriores a la 8.3R2 y Pulse Policy Secure (PPS) en versiones 5... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 11%CPEs: 2EXPL: 0

CVE-2018-5299

https://notcve.org/view.php?id=CVE-2018-5299

16 Jan 2018 — A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution. Existe una vulnerabilidad de desbordamiento de búfer basado en pila en el servidor web en Pulse Secure Pulse Connect Secure (PCS) en versiones anteriores a la 8.3R4 y Pulse Policy Secure (PPS) en versiones anteriores a la 5.4R4 que conduce a la corrupción de memoria y a una pos... • http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604 • CWE-787: Out-of-bounds Write •