Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pulse_connect_secure
(Pulsesecure)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 62 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-08-28 | CVE-2018-15911 | In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-08-27 | CVE-2018-15909 | In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-08-27 | CVE-2018-15910 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation | 7.8 | ||
| 2018-09-05 | CVE-2018-16513 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. | Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure | 7.8 | ||
| 2018-10-19 | CVE-2018-18284 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.6 | ||
| 2020-04-06 | CVE-2020-11580 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. | Pulse_connect_secure, Pulse_policy_secure | 9.1 | ||
| 2020-04-06 | CVE-2020-11581 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used. | Pulse_connect_secure, Pulse_policy_secure | 8.1 | ||
| 2020-04-06 | CVE-2020-11582 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) | Pulse_connect_secure, Pulse_policy_secure | 8.8 | ||
| 2020-07-28 | CVE-2020-15408 | An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite. | Pulse_connect_secure, Pulse_secure_desktop_client | 4.6 | ||
| 2018-01-16 | CVE-2018-5299 | A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution. | Pulse_connect_secure, Pulse_policy_secure | 9.8 |