Search
Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11478 | 5 Canonical, F5, Linux and 2 more | 24 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 21 more | 2023-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. | |||||
| CVE-2019-11477 | 5 Canonical, F5, Linux and 2 more | 24 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 21 more | 2023-08-16 | 7.8 HIGH | 7.5 HIGH |
| Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. | |||||
| CVE-2020-8218 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2022-06-04 | 6.5 MEDIUM | 7.2 HIGH |
| A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | |||||
| CVE-2021-22965 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-11-23 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. | |||||
| CVE-2020-11581 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2021-09-16 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used. | |||||
| CVE-2020-11582 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2021-09-16 | 3.3 LOW | 8.8 HIGH |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) | |||||
| CVE-2021-22938 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. | |||||
| CVE-2021-22937 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. | |||||
| CVE-2021-22935 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. | |||||
| CVE-2021-22934 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request. | |||||
| CVE-2021-22908 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-06-08 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default. | |||||
| CVE-2021-22900 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-06-04 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | |||||
| CVE-2021-22894 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-06-04 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | |||||
| CVE-2021-22899 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-06-04 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | |||||
| CVE-2019-11539 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2021-04-06 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | |||||
| CVE-2020-15352 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-11-02 | 6.5 MEDIUM | 7.2 HIGH |
| An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | |||||
| CVE-2020-8243 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-10-07 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | |||||
| CVE-2019-11541 | 1 Pulsesecure | 1 Pulse Connect Secure | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks. | |||||
| CVE-2018-15911 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | |||||
| CVE-2019-11509 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance. | |||||
| CVE-2019-11538 | 1 Pulsesecure | 1 Pulse Connect Secure | 2020-08-24 | 4.0 MEDIUM | 7.7 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device. | |||||
| CVE-2019-11542 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow. | |||||
| CVE-2020-8206 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-08-20 | 6.8 MEDIUM | 8.1 HIGH |
| An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. | |||||
| CVE-2020-8219 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-08-05 | 4.0 MEDIUM | 7.2 HIGH |
| An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. | |||||
| CVE-2016-4791 | 1 Pulsesecure | 1 Pulse Connect Secure | 2020-04-29 | 6.4 MEDIUM | 8.6 HIGH |
| The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2016-4786 | 1 Pulsesecure | 1 Pulse Connect Secure | 2020-04-29 | 7.8 HIGH | 7.5 HIGH |
| Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | |||||
| CVE-2019-11213 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Secure Desktop Client | 2020-04-29 | 6.8 MEDIUM | 8.1 HIGH |
| In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3. | |||||
| CVE-2017-11455 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-04-29 | 6.8 MEDIUM | 8.8 HIGH |
| diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | |||||
| CVE-2018-18284 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2019-11-05 | 6.8 MEDIUM | 8.6 HIGH |
| Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | |||||
| CVE-2018-16513 | 4 Artifex, Canonical, Debian and 1 more | 5 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 2 more | 2019-11-05 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. | |||||
| CVE-2018-15910 | 5 Artifex, Canonical, Debian and 2 more | 9 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 6 more | 2019-11-05 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | |||||
| CVE-2018-15909 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2019-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | |||||
| CVE-2019-11508 | 1 Pulsesecure | 1 Pulse Connect Secure | 2019-08-09 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. | |||||
| CVE-2018-20809 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2019-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. | |||||
| CVE-2017-11193 | 1 Pulsesecure | 1 Pulse Connect Secure | 2017-07-20 | 6.8 MEDIUM | 8.8 HIGH |
| Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page. | |||||
| CVE-2017-11196 | 1 Pulsesecure | 1 Pulse Connect Secure | 2017-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page. | |||||