Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Connect_secure
(Ivanti)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 78 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-06-19 | CVE-2019-11478 | Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. | Ubuntu_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Traffix_signaling_delivery_controller, Connect_secure, Linux_kernel, Pulse_policy_secure, Pulse_secure_virtual_application_delivery_controller, Enterprise_linux, Enterprise_linux_atomic_host, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_mrg | 7.5 | ||
2019-06-28 | CVE-2018-20809 | A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. | Connect_secure, Pulse_policy_secure | 7.5 | ||
2019-06-28 | CVE-2018-20807 | An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly. | Connect_secure | 6.1 | ||
2019-06-28 | CVE-2018-20808 | An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX. | Connect_secure | 6.1 | ||
2019-06-28 | CVE-2018-20810 | Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. | Connect_secure, Pulse_policy_secure | 9.8 | ||
2019-06-28 | CVE-2018-20811 | A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12. | Connect_secure | 5.3 | ||
2019-06-28 | CVE-2018-20813 | An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. | Connect_secure | 9.8 | ||
2019-06-28 | CVE-2018-20814 | An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX. | Connect_secure, Pulse_policy_secure | 6.1 |