CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8204
https://notcve.org/view.php?id=CVE-2020-8204
30 Jul 2020 — A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. Se presenta una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R5, en la Página PSAL • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8221
https://notcve.org/view.php?id=CVE-2020-8221
30 Jul 2020 — A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado leer archivos arbitrarios por medio de la interfaz web del administrador • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8217
https://notcve.org/view.php?id=CVE-2020-8217
30 Jul 2020 — A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R8, permitió a atacantes explotar en la URL usada por Citrix ICA • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 5%CPEs: 24EXPL: 2CVE-2020-8218 – Pulse Connect Secure Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-8218
30 Jul 2020 — A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. Se presenta una vulnerabilidad de inyección de código en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante diseñar un URI para llevar a cabo una ejecución de código arbitraria por medio de la interfaz web de administración A code injection vulnerability exists in Pulse Connect Secure that allows an attacke... • https://github.com/withdk/pulse-gosecure-rce-poc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-12880
https://notcve.org/view.php?id=CVE-2020-12880
27 Jul 2020 — An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.) Se detectó un problema en Pulse Policy Se... • https://kb.pulsesecure.net/?atype=sa •
CVSS: 7.5EPSS: 95%CPEs: 90EXPL: 0CVE-2019-11478 – SACK can cause extensive memory use via fragmented resend queue
https://notcve.org/view.php?id=CVE-2019-11478
17 Jun 2019 — Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. Jonathan Looney descubrió que la implementación de la cola de retransmisión de TCP en tcp_fr... • http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 96%CPEs: 91EXPL: 1CVE-2019-11477 – Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs
https://notcve.org/view.php?id=CVE-2019-11477
17 Jun 2019 — Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. Jonathan Looney detectó que el valor TCP_SKB_CB(skb)-mayor que tcp_gso_segs estuvo sujeto a un desbordamiento de ... • https://github.com/sasqwatch/cve-2019-11477-poc • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 97EXPL: 0CVE-2019-11509
https://notcve.org/view.php?id=CVE-2019-11509
03 Jun 2019 — In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance. En Pulse Secure Pulse Secure Connect (PCS) anterior de la versión 8.1R15.1, 8.2 anterior de la versión 8.2R12.1, 8.3 a... • https://kb.pulsesecure.net/?atype=sa •
CVSS: 8.3EPSS: 0%CPEs: 44EXPL: 0CVE-2019-11543
https://notcve.org/view.php?id=CVE-2019-11543
26 Apr 2019 — XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. Existe una vulnerabilidad Cross-site scripting (XSS), en la consola web de administración de Pulse Secure Pulse Connect Secure (PCS) versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, y versiones 8.1RX anteriores a 8.1R15.1; Pulse Policy Secur... • http://www.securityfocus.com/bid/108073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 97EXPL: 2CVE-2019-11542
https://notcve.org/view.php?id=CVE-2019-11542
26 Apr 2019 — In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow. En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX ant... • http://www.securityfocus.com/bid/108073 • CWE-787: Out-of-bounds Write •