CVE-2020-8219
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
Source: CVE-2020-8219
[월:] 2020년 07월
CVE-2020-8192
CVE-2020-8192
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
Source: CVE-2020-8192
CVE-2020-8202
CVE-2020-8202
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
Source: CVE-2020-8202
CVE-2020-8204
CVE-2020-8204
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
Source: CVE-2020-8204
CVE-2020-8206
CVE-2020-8206
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
Source: CVE-2020-8206
CVE-2020-8213
CVE-2020-8213
An information exposure vulnerability exists in UniFi Protect v1.13.3 and prior that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing.
Source: CVE-2020-8213
CVE-2020-8216
CVE-2020-8216
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.
Source: CVE-2020-8216
CVE-2020-8217
CVE-2020-8217
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.
Source: CVE-2020-8217
CVE-2020-8218
CVE-2020-8218
A code injection vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
Source: CVE-2020-8218
CVE-2020-8220
CVE-2020-8220
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
Source: CVE-2020-8220