CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8263
https://notcve.org/view.php?id=CVE-2020-8263
28 Oct 2020 — A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) por medio del archivo CGI • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 72%CPEs: 15EXPL: 2CVE-2020-8260 – Ivanti Pulse Connect Secure Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8260
28 Oct 2020 — A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. Una vulnerabilidad en la interfaz web de administración en Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a un atacante autenticado llevar a cabo una ejecución de código arbitraria usando una extracción gzip no controlada Pulse Connect Secure contains an unspecified vulnerability that allows an authenticat... • https://packetstorm.news/files/id/160619 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 3%CPEs: 14EXPL: 1CVE-2020-8241
https://notcve.org/view.php?id=CVE-2020-8241
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, podría permitir a un atacante llevar a cabo un ataque MITM si los usuarios finales con convencidos de conectarse a un servidor malicioso • https://github.com/withdk/pulse-secure-vpn-mitm-research •
CVSS: 4.9EPSS: 15%CPEs: 15EXPL: 0CVE-2020-8255
https://notcve.org/view.php?id=CVE-2020-8255
28 Oct 2020 — A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. Una vulnerabilidad en la interfaz web de administración Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a un atacante autenticado llevar a cabo una lectura de archivos arbitraria. La vulnerabilidad es corregida usando blacklisting de URL cifrada que impiden es... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8239
https://notcve.org/view.php?id=CVE-2020-8239
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, es vulnerable a un ataque de escalada de privilegios del registro del cliente. Esta corrección también requiere un Server Side Upgrade debido a Standalone Host Checker Client (Windows) y Windows... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •
CVSS: 8.8EPSS: 2%CPEs: 14EXPL: 1CVE-2020-8254
https://notcve.org/view.php?id=CVE-2020-8254
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, presenta una Ejecución de Código Remota (RCE) si usuarios pueden ser convencido... • https://github.com/mbadanoiu/CVE-2020-8254 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8240
https://notcve.org/view.php?id=CVE-2020-8240
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, permite que un usuario restringido en una máquina endpoint pueda usar privilegios de nivel system si el Embedded Brow... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2020-8250
https://notcve.org/view.php?id=CVE-2020-8250
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales escalar privilegios • https://github.com/mbadanoiu/CVE-2020-8250 •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8249
https://notcve.org/view.php?id=CVE-2020-8249
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales llevar a cabo un desbordamiento del búfer • https://github.com/mbadanoiu/CVE-2020-8249 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8248
https://notcve.org/view.php?id=CVE-2020-8248
28 Oct 2020 — A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Una vulnerabilidad en Pulse Secure Desktop Client (Linux) versiones anteriores a 9.1R9, podría permitir a atacantes locales escalar privilegios • https://github.com/mbadanoiu/CVE-2020-8248 •