CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8249
https://notcve.org/view.php?id=CVE-2020-8249
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales llevar a cabo un desbordamiento del búfer • https://github.com/mbadanoiu/CVE-2020-8249 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8248
https://notcve.org/view.php?id=CVE-2020-8248
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales escalar privilegios • https://github.com/mbadanoiu/CVE-2020-8248 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •
CVSS: 3.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-8956
https://notcve.org/view.php?id=CVE-2020-8956
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled. Pulse Secure Desktop Client versiones 9.0Rx anteriores a 9.0R5 y versiones 9.1Rx anteriores a 9.1R4 en Windows, revela unas contraseñas de unos usuarios si Save Settings está habilitado • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-521: Weak Password Requirements •
CVSS: 7.2EPSS: 0%CPEs: 27EXPL: 0CVE-2020-15352
https://notcve.org/view.php?id=CVE-2020-15352
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Una vulnerabilidad de tipo XML external entity (XXE) en Pulse Connect Secure (PCS) versiones anteriores a 9.1R9 y Pulse Policy Secure (PPS) versiones anteriores a 9.1R9, permite a administradores autenticados remotos conducir ataques de tipo server-side request forgery (SSRF) por medio de un DTD diseñado en una petición XML • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.2EPSS: 0%CPEs: 28EXPL: 0CVE-2020-8243 – Ivanti Pulse Connect Secure Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8243
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. Una vulnerabilidad en la interfaz de administración web en Pulse Connect Secure versiones anteriores a 9.1R8.2, podría permitir a un atacante autenticado cargar una plantilla personalizada para llevar a cabo una ejecución de código arbitrario Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 • CWE-94: Improper Control of Generation of Code ('Code Injection') •