Patching for Windows Mac Linux
CVE Vulnerabilities for Pulse Secure
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2020‑8217 | 2020‑07‑30 13:15:12 | MEDIUM (5) | A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. | 2 | 3 | NETWORK |
| CVE‑2020‑8206 | 2020‑07‑30 13:15:12 | HIGH (8) | An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. | 2 | 6 | NETWORK |
| CVE‑2020‑11582 | 2020‑04‑06 21:15:14 | HIGH (9) | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) | 3 | 6 | ADJACENT_NETWORK |
| CVE‑2020‑11581 | 2020‑04‑06 21:15:14 | HIGH (8) | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used. | 2 | 6 | NETWORK |
| CVE‑2020‑11580 | 2020‑04‑06 21:15:14 | CRITICAL (9) | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. | 4 | 5 | NETWORK |
| CVE‑2016‑0800 | 2016‑03‑01 20:59:00 | MEDIUM (4) | The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | 0 | 0 | NETWORK |
| CVE‑2016‑0799 | 2016‑03‑03 20:59:04 | HIGH (10) | The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. | 0 | 0 | NETWORK |
Deep Windows, Mac, and Linux OS patching
Stay out of the "Negligent MSP" label because Lavawall® covers:- 30-312 times as many applications as popular RMMs.
- "optional" Windows patches, including firmware and drivers
- Mac OS and application patches
- Linux Kernel, OS, and package patches for more distribution types than we want to admit exist
Windows Mac Linux
What applications does Lavawall® monitor?
Lavawall monitors patches for over 7,500 applications. This is a summary of the most popular applications.Click here for the full list.
Click the applications below for the current version and known vulnerabilities.
Logos are property of their respective trademark holders and are not affiliated with ThreeShield or Lavawall. We have not audited the security of most of the listed tools.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.