CVSS: 6.5EPSS: 5%CPEs: 24EXPL: 0CVE-2020-8220
https://notcve.org/view.php?id=CVE-2020-8220
30 Jul 2020 — A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. Se presenta una vulnerabilidad denegación de servicio en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado llevar a cabo una inyección de comandos por medio de la web del administrador que puede causar una DOS • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 2%CPEs: 24EXPL: 0CVE-2020-8221
https://notcve.org/view.php?id=CVE-2020-8221
30 Jul 2020 — A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado leer archivos arbitrarios por medio de la interfaz web del administrador • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-15408
https://notcve.org/view.php?id=CVE-2020-15408
28 Jul 2020 — An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite. Se detectó un problema en Pulse Secure Pulse Connect Secure versiones anteriores a 9.1R8. Un atacante autenticado puede acceder a la consola de la página admin por medio de la interfaz web del usuario final debido a una reescritura • https://kb.pulsesecure.net/?atype=sa •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-12880
https://notcve.org/view.php?id=CVE-2020-12880
27 Jul 2020 — An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.) Se detectó un problema en Pulse Policy Se... • https://kb.pulsesecure.net/?atype=sa •
CVSS: 7.0EPSS: 0%CPEs: 32EXPL: 3CVE-2020-13162 – Pulse Secure Client for Windows Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-13162
16 Jun 2020 — A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. Una vulnerabilidad de tipo time-of-check time-of-use en el archivo PulseSecureService.exe en Pulse Secure Client versiones anteriores a 9.1.6 hasta 5.3 R70 para Windows (que se ejecuta como NT AUTHORITY/SYSTEM), permite a los usuarios sin pr... • https://packetstorm.news/files/id/159065 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.3EPSS: 39%CPEs: 5EXPL: 1CVE-2020-11581
https://notcve.org/view.php?id=CVE-2020-11581
06 Apr 2020 — An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used. Se detectó un problema en Pulse Secure Pulse Connect Secure (PCS) hasta el 06-04-2020. El applet en el ar... • https://git.lsd.cat/g/pulse-host-checker-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-11582
https://notcve.org/view.php?id=CVE-2020-11582
06 Apr 2020 — An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) Se detect... • https://git.lsd.cat/g/pulse-host-checker-rce • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2020-11580
https://notcve.org/view.php?id=CVE-2020-11580
06 Apr 2020 — An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. Se detectó un problema en Pulse Secure Pulse Connect Secure (PCS) hasta el 06-04-2020. El applet en el archivo tncc.jar, ejecutado en clientes macOS, Linux y Solaris cuando se aplica una política Host Checker, acepta un certificado de tipo SSL arbitrario. • https://git.lsd.cat/g/pulse-host-checker-rce • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 29%CPEs: 90EXPL: 0CVE-2019-11478 – SACK can cause extensive memory use via fragmented resend queue
https://notcve.org/view.php?id=CVE-2019-11478
17 Jun 2019 — Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. Jonathan Looney descubrió que la implementación de la cola de retransmisión de TCP en tcp_fr... • http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 69%CPEs: 91EXPL: 1CVE-2019-11477 – Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs
https://notcve.org/view.php?id=CVE-2019-11477
17 Jun 2019 — Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. Jonathan Looney detectó que el valor TCP_SKB_CB(skb)-mayor que tcp_gso_segs estuvo sujeto a un desbordamiento de ... • https://github.com/sasqwatch/cve-2019-11477-poc • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •