CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0CVE-2020-8255
https://notcve.org/view.php?id=CVE-2020-8255
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. Una vulnerabilidad en la interfaz web de administración Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a un atacante autenticado llevar a cabo una lectura de archivos arbitraria. La vulnerabilidad es corregida usando blacklisting de URL cifrada que impiden estos mensajes • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8239
https://notcve.org/view.php?id=CVE-2020-8239
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, es vulnerable a un ataque de escalada de privilegios del registro del cliente. Esta corrección también requiere un Server Side Upgrade debido a Standalone Host Checker Client (Windows) y Windows PDC • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8254
https://notcve.org/view.php?id=CVE-2020-8254
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, presenta una Ejecución de Código Remota (RCE) si usuarios pueden ser convencidos a conectarse a un servidor malicioso. Esta vulnerabilidad solo afecta a Windows PDC. Para mejorar la seguridad de las conexiones entre los clientes Pulse y Pulse Connect Secure, véase la(s) siguiente(s) recomendación(es): Deshabilite el certificado confiable dinámico para PDC • https://github.com/mbadanoiu/CVE-2020-8254 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8240
https://notcve.org/view.php?id=CVE-2020-8240
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, permite que un usuario restringido en una máquina endpoint pueda usar privilegios de nivel system si el Embedded Browser está configurado con Credential Provider. Esta vulnerabilidad solo afecta Windows PDC si el Embedded Browser está configurado con el Credential Provider • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2020-8250
https://notcve.org/view.php?id=CVE-2020-8250
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales escalar privilegios • https://github.com/mbadanoiu/CVE-2020-8250 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •