Connect Secure

connect_secure

Vendor: Ivanti • 130 CVEs

CVEs (130)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-20814 2Ivanti Pulsesecure 2Connect Secure Pulse Policy Secure Nov 21, 2024 Jun 28, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.
CVE-2018-20813 1Ivanti 1Connect Secure Nov 21, 2024 Jun 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2.
CVE-2018-20811 1Ivanti 1Connect Secure Nov 21, 2024 Jun 28, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12.
CVE-2018-20810 2Ivanti Pulsesecure 2Connect Secure Pulse Policy Secure Nov 21, 2024 Jun 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not appl...Show more Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.Show less
CVE-2018-20809 2Ivanti Pulsesecure 2Connect Secure Pulse Policy Secure Nov 21, 2024 Jun 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
CVE-2018-20808 1Ivanti 1Connect Secure Nov 21, 2024 Jun 28, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
CVE-2018-20807 1Ivanti 1Connect Secure Nov 21, 2024 Jun 28, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.
CVE-2019-11478 6Canonical F5Ivanti+3 more 24Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+21 more Nov 21, 2024 Jun 19, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker c...Show more Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.Show less
CVE-2019-11477 6Canonical F5Ivanti+3 more 24Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+21 more Nov 21, 2024 Jun 19, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to caus...Show more Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.Show less
CVE-2019-11509 2Ivanti Pulsesecure 3Connect Secure Policy SecurePulse Policy Secure Nov 21, 2024 Jun 3, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 bef...Show more In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.Show less
CVE-2019-11510 1Ivanti 1Connect Secure Dec 18, 2025 May 8, 2019 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnera...Show more In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .Show less
CVE-2019-11508 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 May 8, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to exec...Show more In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.Show less
CVE-2019-11507 1Ivanti 1Connect Secure Nov 21, 2024 May 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.
CVE-2019-11543 2Ivanti Pulsesecure 3Connect Secure Pulse Connect SecurePulse Policy Secure Nov 21, 2024 Apr 26, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and...Show more XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.Show less
CVE-2019-11542 2Ivanti Pulsesecure 3Connect Secure Pulse Connect SecurePulse Policy Secure Nov 21, 2024 Apr 26, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX...Show more In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.Show less
CVE-2019-11541 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Apr 26, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication...Show more In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.Show less
CVE-2019-11540 2Ivanti Pulsesecure 3Connect Secure Pulse Connect SecurePulse Policy Secure Nov 21, 2024 Apr 26, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a...Show more In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.Show less
CVE-2019-11539 2Ivanti Pulsesecure 3Connect Secure Policy SecurePulse Policy Secure Nov 6, 2025 Apr 26, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX...Show more In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.Show less
CVE-2019-11538 1Ivanti 1Connect Secure Nov 21, 2024 Apr 26, 2019 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of ar...Show more In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.Show less
CVE-2019-11213 2Ivanti Pulsesecure 3Connect Secure Pulse Connect SecurePulse Secure Desktop Client Nov 21, 2024 Apr 12, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573....Show more In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.Show less

Previous 1 2 3 4 567 Next