The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PCS

vulnerability bulletin CVE-2019-11213

Pulse Connect Secure, Pulse Secure Desktop: information disclosure via Session Cookies Reading

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Session Cookies Reading of Pulse Connect Secure and Pulse Secure Desktop, in order to obtain sensitive information.
Impacted products: Pulse Connect Secure, Pulse Secure Client.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 12/04/2019.
Revision date: 12/04/2019.
Identifiers: CVE-2019-11213, SA44114, VIGILANCE-VUL-29033, VU#192371.

Description of the vulnerability

An attacker can bypass access restrictions to data via Session Cookies Reading of Pulse Connect Secure and Pulse Secure Desktop, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-20807

Pulse Connect Secure: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Pulse Connect Secure, in order to run JavaScript code in the context of the web site.
Impacted products: Pulse Connect Secure.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 27/12/2018.
Identifiers: CVE-2018-20807, SA43730, VIGILANCE-VUL-28114.

Description of the vulnerability

The Pulse Connect Secure product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Pulse Connect Secure, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-18284

Ghostscript: code execution via 1Policy Operator

Synthesis of the vulnerability

An attacker can use a vulnerability via 1Policy Operator of Ghostscript, in order to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Pulse Connect Secure, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 22/10/2018.
Identifiers: bulletinjan2019, CVE-2018-18284, DLA-1552-1, DSA-4336-1, FEDORA-2019-077a3f23c0, FEDORA-2019-82acb29c1b, openSUSE-SU-2018:4138-1, openSUSE-SU-2018:4140-1, RHSA-2018:3834-01, SA44101, SUSE-SU-2018:4087-1, SUSE-SU-2018:4090-1, USN-3803-1, VIGILANCE-VUL-27597.

Description of the vulnerability

An attacker can use a vulnerability via 1Policy Operator of Ghostscript, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-16510 CVE-2018-16511 CVE-2018-16513

Ghostscript: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Ghostscript.
Impacted products: Debian, Fedora, openSUSE Leap, Pulse Connect Secure, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 10/09/2018.
Identifiers: CVE-2018-16510, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539, CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543, CVE-2018-16585, DLA-1504-1, DLA-1527-1, DLA-1527-2, DSA-4288-1, FEDORA-2018-28447b6f2e, FEDORA-2018-56221eb24b, FEDORA-2018-f1b1ed38b3, openSUSE-SU-2018:3036-1, openSUSE-SU-2018:3038-1, RHSA-2018:2918-01, RHSA-2018:3650-01, RHSA-2018:3834-01, RHSA-2019:0229-01, SA44101, SUSE-SU-2018:2975-1, SUSE-SU-2018:2976-1, SUSE-SU-2018:3330-1, USN-3768-1, USN-3773-1, VIGILANCE-VUL-27180.

Description of the vulnerability

An attacker can use several vulnerabilities of Ghostscript.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-15908 CVE-2018-15910 CVE-2018-15911

Ghostscript: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Ghostscript.
Impacted products: Debian, Fedora, openSUSE Leap, Pulse Connect Secure, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/09/2018.
Identifiers: CVE-2018-15908, CVE-2018-15910, CVE-2018-15911, DLA-1504-1, DSA-4288-1, FEDORA-2018-28447b6f2e, FEDORA-2018-56221eb24b, FEDORA-2018-f1b1ed38b3, openSUSE-SU-2018:3036-1, openSUSE-SU-2018:3038-1, RHSA-2018:2918-01, RHSA-2018:3650-01, RHSA-2018:3834-01, SA44101, SUSE-SU-2018:2975-1, SUSE-SU-2018:2976-1, SUSE-SU-2018:3330-1, USN-3768-1, VIGILANCE-VUL-27179.

Description of the vulnerability

An attacker can use several vulnerabilities of Ghostscript.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-14366 CVE-2018-20808 CVE-2018-20809

Pulse Connect Secure: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Pulse Connect Secure.
Impacted products: Pulse Connect Secure.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 05/09/2018.
Identifiers: CVE-2018-14366, CVE-2018-20808, CVE-2018-20809, CVE-2018-20810, CVE-2018-20811, CVE-2018-20812, CVE-2018-20813, CVE-2018-20814, CVE-2018-6320, SA43877, VIGILANCE-VUL-27152.

Description of the vulnerability

An attacker can use several vulnerabilities of Pulse Connect Secure.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-15909

Ghostscript: code execution via Shfill Operator

Synthesis of the vulnerability

An attacker can use a vulnerability via Shfill Operator of Ghostscript, in order to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Pulse Connect Secure, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 03/09/2018.
Identifiers: bulletinjan2019, CVE-2018-15909, DLA-1504-1, FEDORA-2018-07083800ac, FEDORA-2018-28447b6f2e, FEDORA-2018-56221eb24b, FEDORA-2018-f1b1ed38b3, openSUSE-SU-2018:3036-1, openSUSE-SU-2018:3038-1, RHSA-2018:3650-01, SA44101, SUSE-SU-2018:2975-1, SUSE-SU-2018:2976-1, USN-3768-1, VIGILANCE-VUL-27128.

Description of the vulnerability

An attacker can use a vulnerability via Shfill Operator of Ghostscript, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-9849

Pulse Secure Connect Secure: denial of service via Nested XML Entities

Synthesis of the vulnerability

An attacker can generate a fatal error via Nested XML Entities of Pulse Secure Connect Secure, in order to trigger a denial of service.
Impacted products: Pulse Connect Secure.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: CVE-2018-9849, SA43730, VIGILANCE-VUL-26086.

Description of the vulnerability

An attacker can generate a fatal error via Nested XML Entities of Pulse Secure Connect Secure, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-5299

Pulse Connect Secure: buffer overflow via Web Server

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Web Server of Pulse Connect Secure, in order to trigger a denial of service, and possibly to run code.
Impacted products: Pulse Connect Secure.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 17/01/2018.
Identifiers: CVE-2018-5299, SA43604, VIGILANCE-VUL-25094.

Description of the vulnerability

An attacker can generate a buffer overflow via Web Server of Pulse Connect Secure, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-17947

Pulse Connect Secure: Cross Site Scripting via custompage.cgi

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via custompage.cgi of Pulse Connect Secure, in order to run JavaScript code in the context of the web site.
Impacted products: Pulse Connect Secure.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 17/01/2018.
Identifiers: CVE-2017-17947, SA43018, VIGILANCE-VUL-25092.

Description of the vulnerability

The Pulse Connect Secure product offers a web service.

However, it does not filter received data via custompage.cgi before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via custompage.cgi of Pulse Connect Secure, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PCS: