57 matches found
CVE-2021-22900
Pulse Connect Secure (PCS) before 9.1R11.4 is affected by CVE-2021-22900, which allows an authenticated administrator to write files via a malicious archive upload in the admin web interface due to an unrestricted upload vulnerability. The IVANTI advisory SA44784 consolidates multiple PCS CVEs an...
CVE-2018-15910
Artifex Ghostscript before 9.24 is affected by a type confusion in the LockDistillerParams parameter that can be triggered by crafted PostScript, potentially crashing the interpreter or enabling code execution. This CVE (CVE-2018-15910) is corroborated across multiple sources (vendor advisories a...
CVE-2018-18284
Ghostscript 9.25 and earlier is affected by CVE-2018-18284, where the sandbox protection can be bypassed via vectors involving the 1Policy operator. Affected component: Ghostscript interpreter; root cause: sandbox bypass in policy handling. Impact: sandbox escape via crafted PostScript; in the Ar...
CVE-2018-15909
CVE-2018-15909 affects Artifex Ghostscript 9.23 (pre-2018-08-24). A type confusion in the .shfill PostScript operator can be triggered by specially crafted PostScript data, allowing an attacker to crash the Ghostscript interpreter or potentially execute arbitrary code. The vulnerability is docume...
CVE-2018-15911
CVE-2018-15911 affects Artifex Ghostscript 9.23 prior to 2018-08-24. Attackers able to supply crafted PostScript can trigger uninitialized memory access in the aesdecode operator, potentially crashing the interpreter or executing code. Exploitation status is not detailed in the provided documents...
CVE-2020-15408
Pulse Connect Secure (PCS) before 9.1R8 is affected by CVE-2020-15408. An authenticated attacker can access the admin page console via the end-user web interface due to a rewrite. This is documented in multiple sources (NVD/NIST entry and Pulse advisory SA44516). The issue’s impact is limited to ...
CVE-2021-22937
CVE-2021-22937 affects Pulse Connect Secure (PCS) prior to version 9.1R12. An authenticated administrator could write arbitrary files by uploading a malicious archive via the administrator web interface, potentially enabling remote code execution with elevated privileges. Public advisories (Ivant...
CVE-2020-11580
CVE-2020-11580 affects Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06 where the tncc.jar applet on macOS/Linux/Solaris, under an enforced Host Checker policy, accepts arbitrary SSL certificates. This can enable a man-in-the-middle by bypassing certificate validation in the Host Checke...
CVE-2018-16513
CVE-2018-16513 affects Artifex Ghostscript prior to 9.24. A crafted PostScript file can trigger a type confusion in the setcolor function, potentially crashing the Ghostscript interpreter or causing unspecified other impact. Mitigation documented across multiple sources is to upgrade Ghostscript ...
CVE-2019-11213
CVE-2019-11213 affects Pulse Secure Pulse Desktop Client and Pulse Connect Secure (Network Connect). The issue is improper handling/storage of session cookies/tokens, enabling an attacker who already compromised the endpoint to replay/spoof sessions and gain unauthorized end-user access. Affected...
CVE-2021-22908
CVE-2021-22908 describes a buffer overflow in Pulse Connect Secure (PCS) related to Windows File Resource Profiles and SMB sharing. Reported as affecting PCS 9.X up to 9.1R2/3, with 9.1R3 enabling default-deny for SMB browsing; exploitation requires an authenticated user with privileges and could...
CVE-2020-12880
CVE-2020-12880 affects Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance prior to 9.1R8. By manipulating a kernel boot parameter, an insider can drop into a root shell in a pre-install phase where the appliance source code is accessible. Root access risk is limited to the...
CVE-2021-22938
Pulse Connect Secure (PCS) before version 9.1R12 is affected by CVE-2021-22938, a vulnerability where an authenticated administrator could perform command injection via an unsanitized parameter in the administrator web console. Red Hat and other sources confirm the issue and Pillar documentation ...
CVE-2019-11540
CVE-2019-11540 affects Pulse Secure products: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS). Affected versions include PCS 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1; PPS 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1. Description: an unauthenticated, remote attacker can perform a se...
CVE-2021-22934
Pulse Connect Secure (PCS) before version 9.1R12 is affected by a buffer overflow vulnerability that can be exploited by an authenticated administrator or a compromised PCS device in a load-balanced configuration via a maliciously crafted web request. The issue arises in the vulnerable handling o...
CVE-2021-22933
CVE-2021-22933 affects Pulse Connect Secure (PCS) prior to 9.1R12. An authenticated administrator can delete arbitrary files via a maliciously crafted web request due to a vulnerability in the PCS web interface. Public sources consistently describe the issue as an arbitrary file deletion with imp...
CVE-2019-11508
CVE-2019-11508 affects Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS) via the Pulse Secure vulnerability set. According to the connected sources, this CVE is a post‑auth issue in which an authenticated end-user can upload a malicious file to write arbitrary files to the local system on th...
CVE-2020-11582
CVE-2020-11582 affects Pulse Secure Pulse Connect Secure (PCS) clients with Host Checker enabled. The tncc.jar applet on macOS, Linux and Solaris launches a local TCP server on a random port, reachable by local HTTP clients, with the server potentially processing commands (e.g., setcookie) releva...
CVE-2021-22935
Pulse Connect Secure (PCS) before version 9.1R12 is affected by CVE-2021-22935, where an authenticated administrator can perform command injection via an unsanitized web parameter. The vulnerability affects PCS web parameters and is documented across multiple sources (NVD entry and Red Hat adviso...
CVE-2020-8261
CVE-2020-8261: A vulnerability in Pulse Connect Secure / Pulse Policy Secure versions prior to 9.1R9 allows arbitrary cookie injection via the admin/web interfaces. Root cause details are not elaborated in the provided sources, but multiple advisories corroborate the issue. Affected products are ...
CVE-2019-11542
CVE-2019-11542 describes a stack buffer overflow in Pulse Connect Secure / Pulse Policy Secure triggered by an authenticated attacker via the admin web interface by sending a specially crafted message. The issue is one of a family of vulnerabilities disclosed in Pulse Secure advisories (SA44101) ...
CVE-2020-8256
CVE-2020-8256 is a vulnerability in the Pulse Connect Secure admin web interface prior to 9.1R8.2 that allows an authenticated attacker to read arbitrary files via XML External Entity (XXE) through Pulse Collaboration. The issue is confirmed across multiple sources (Red Hat advisory, Nessus plugi...
CVE-2021-22936
Pulse Connect Secure prior to version 9.1R12 contains a cross-site scripting (XSS) vulnerability that allows an attacker to run client-side scripts in the context of an authenticated administrator by supplying an unsanitized web parameter. Root cause: unsanitized input in the web parameter leads ...
CVE-2020-11581
Pulse Connect Secure (PCS) clients with Host Checker policy enabled on macOS, Linux, or Solaris are affected by CVE-2020-11581 due to an applet in tncc.jar that uses Runtime.getRuntime().exec(), enabling a MITM attacker to perform OS command injections via shell metacharacters in doCustomRemediat...
CVE-2021-44720
Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12 stores administrator passwords in the HTML source of the Maintenance > Push Configuration > Targets > Target Name screen (targets.cgi). This enables a read-only administrative user to escalate to a read-write administrative rol...
CVE-2017-11455
CVE-2017-11455 affects Pulse Connect Secure diag.cgi and Pulse Policy Secure diag.cgi, enabling remote attackers to hijack administrator authentication for requests to start tcpdump due to missing anti-CSRF tokens. Affected: Pulse Connect Secure versions 8.2R1–8.2R5 and 8.1R1–8.1R10; Pulse Policy...
CVE-2020-8262
CVE-2020-8262 affects Pulse Connect Secure and Pulse Policy Secure if running versions earlier than 9.1R9. The vulnerability allows Cross-Site Scripting (XSS) and Open Redirection via the authenticated user web interface. Public references in Red Hat advisory and Nessus entries confirm the issue ...
CVE-2021-22965
CVE-2021-22965 describes a DoS vulnerability in Pulse Connect Secure before 9.1R12.1. An unauthenticated administrator can trigger a denial of service by sending a malformed request to the device. Affected software is Pulse Connect Secure (PCS) prior to 9.1R12.1. The root cause relates to handlin...
CVE-2020-8238
CVE-2020-8238 affects Pulse Connect Secure and Pulse Policy Secure
CVE-2022-21826
Pulse Connect Secure (Pulse Secure) versions 9.115 and below are affected by a client-side HTTP request smuggling vulnerability. When handling a POST request, the application may ignore the Content-Length header and keep the POST body on the TCP/TLS socket, causing the body to prefix the next HTT...
CVE-2019-11543
CVE-2019-11543 is an XSS in the admin web console of Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS). Affected product lines include PCS: 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.1RX before 8.1R15.1; PPS: 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.2RX before 5.2R12.1...
CVE-2020-8206
CVE-2020-8206 affects Pulse Connect Secure and Pulse Policy Secure versions prior to 9.1RB, enabling an attacker who has a user’s primary credentials to bypass Google TOTP authentication. Multiple connected sources confirm the same core issue: improper authentication that directly bypasses TOTP. ...
CVE-2020-15352
CVE-2020-15352 is an XXE-based SSRF vulnerability in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) prior to 9.1R9. The issue arises from an XML External Entity in crafted XML requests that remote authenticated admins can abuse to reach server-side resources. Public sources in the conne...
CVE-2020-8221
CVE-2020-8221 describes a path traversal weakness in Pulse Connect Secure prior to 9.1R8 that allows an authenticated attacker to read arbitrary files via the administrator web interface. The issue is tied to the Pulse Connect Secure/Policy Secure family (PCS/PPS) with the
CVE-2017-17947
CVE-2017-17947 is a cross-site scripting vulnerability in Pulse Secure’s Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) affecting custompage.cgi. The issue arises from one unsanitized URL parameter, enabling injected script when the attacker is authenticated as an administrator; it does...
CVE-2020-8217
Pulse Connect Secure versions prior to 9.1R8 are affected by a cross-site scripting (XSS) vulnerability in the URL used for Citrix ICA. The root cause is insufficient validation/cleaning of client data in the web application, allowing attacker-controlled input to execute client-side code. Impact ...
CVE-2019-11541
Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) are affected by CVE-2019-11541 in the Reuse Existing NC (Pulse) Session option for SAML authentication, which may cause authentication leaks. Affected versions are PCS 9.0RX before 9.0R3.4, PCS 8.3RX before 8.3R7.1, and PCS 8.2RX before 8.2...
CVE-2017-11195
Pulse Connect Secure 8.3R1 is affected by a reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is echoed inside an IFRAME when it contains two quotes, with sanitization preventing simple quote closure but allowing javascript: or data: schemes to be abused. Affected component: launchHel...
CVE-2020-8216
CVE-2020-8216 describes an information-disclosure vulnerability in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) prior to version 9.1R8, where an authenticated end-user can reveal meeting details if they know the Meeting ID. Public sources in the provided documents confirm the affected...
CVE-2020-8220
Pulse Connect Secure prior to 9.1R8 is affected by CVE-2020-8220: an authenticated attacker can use the administrator web interface to perform command injection, causing a denial of service. The Red Hat/IVANTI/Nessus entries confirm the issue and point to upgrading to 9.1R8 as the remediation."
CVE-2020-8219
Pulse Connect Secure (PCS) and Pulse Policy Secure versions prior to 9.1R8 are affected by CVE-2020-8219 due to an insufficient permission check that allows an attacker to change the password of a full administrator. Impact is limited to unauthorized password change of admin accounts; no exploit ...
CVE-2017-11196
Pulse Connect Secure 8.3R1 is affected by a Cross-Site Request Forgery in logout.cgi. The admin panel logout is not protected by CSRF tokens, allowing an attacker to log out a user by enticing them to visit a malicious page. Connected documents confirm the issue and note remediation through softw...
CVE-2018-6320
CVE-2018-6320 affects Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) where login.cgi improperly validates the http(s) Host header. Affected versions: PCS 8.1RX pre-8.1R12 and 8.3RX pre-8.3R2; PPS 5.2RX pre-5.2R9 and 5.4RX pre-5.4R2. The issue arises from trusting the Host header receive...
CVE-2016-4791
The vulnerability CVE-2016-4791 affects Pulse Connect Secure (PCS) administrative UI, enabling remote administrators to enumerate/read files and perform server-side request forgery (SSRF) via unspecified vectors. Affected versions include 7.4 before 7.4r13.4; 8.0 before 8.0r9; 8.1 before 8.1r2; a...
CVE-2017-11193
Pulse Connect Secure 8.3R1 is affected by a CSRF vulnerability in diag.cgi. The diag.cgi panel can execute commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe, and these functions lack CSRF protections. An attacker can entice an administrator to visit a malicious p...
CVE-2017-11194
Pulse Connect Secure 8.3R1 is affected by CVE-2017-11194: a reflected XSS in adminservercacertdetails.cgi where the certid parameter is reflected without proper sanitization, enabling crafted payloads that can inject HTML/tags and may lead to command-like actions in the user’s browser. The issue ...
CVE-2018-5299
CVE-2018-5299 is a stack-based buffer overflow in the web server of Pulse Secure Pulse Connect Secure (PCS) prior to 8.3R4 and Pulse Policy Secure (PPS) prior to 5.4R4, leading to memory corruption and potential remote code execution. Public sources (NVD/CNVD/PRION/CVE List) confirm a network-vec...
CVE-2020-8222
CVE-2020-8222 describes a path-traversal vulnerability in Pulse Connect Secure versions older than 9.1R8. An authenticated attacker, using the administrator web interface (via Meeting), can read arbitrary files due to the underlying file-reading weakness. Connected sources (Red Hat advisory, Ness...
CVE-2018-9849
CVE-2018-9849 affects Pulse Connect Secure (PCS) 8.1.x prior to 8.1R14, 8.2.x prior to 8.2R11, and 8.3.x prior to 8.3R5. The root cause is improper processing of nested XML entities in crafted XML documents, leading to denial of service via memory consumption/memory errors. Public sources (NVD en...
CVE-2018-14366
CVE-2018-14366 is an Open Redirect vulnerability affecting Pulse Connect Secure and Pulse Policy Secure. The issue resides in download.cgi and can be triggered on Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4, and on Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX befo...