CVSS: 7.5EPSS: 0%CPEs: 96EXPL: 0CVE-2018-20809
https://notcve.org/view.php?id=CVE-2018-20809
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. Un mensaje manipulado puede provocar que el servidor web se bloquee con Pulse Secure Pulse Connect Secure (PCS) versión 8.3RX en versiones anteriores a 8.3R5 y Pulse Policy Secure versión 5.4RX versiones anteriores a 5.4R5. Esto no es aplicable a PCS versión 8.1RX. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20810
https://notcve.org/view.php?id=CVE-2018-20810
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. Los datos de sesión entre nodos del clúster durante la sincronización del clúster no están cifrados correctamente en Pulse Secure Pulse Connect Secure (PCS) 8.3RX antes de 8.3R2 y Pulse Policy Secure (PPS) 5.4RX antes de 5.4R2. Esto no es aplicable a PCS 8.1RX, PPS 5.2RX o dispositivos independientes. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2018-20811
https://notcve.org/view.php?id=CVE-2018-20811
A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12. Se ha encontrado un problema de servicio RPC oculto con Pulse Secure Pulse Connect Secure versión 8.3RX anteriores a la versión 8.3R2 y versión 8.1RX anteriores a la versión 8.1R12. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20813
https://notcve.org/view.php?id=CVE-2018-20813
An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. Se ha encontrado un problema de validación de entradas con login_meeting.cgi en Pulse Secure Pulse Connect Secure versión 8.3RX anteriores a la 8.3R2. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 0CVE-2018-14366
https://notcve.org/view.php?id=CVE-2018-14366
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. download.cgi en Pulse Secure Pulse Connect Secure, en versiones 8.1RX anteriores a la 8.1R13 y versiones 8.3RX anteriores a la 8.3R4; y Pulse Policy Secure hasta versiones 5.2RX anteriores a la 5.2R10 y versiones 5.4RX anteriores a la 5.4R4 tienen una vulnerabilidad de redirección abierta. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •