Filtered by vendor Pulsesecure
Subscribe
Total
97 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8217 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-02-27 | 3.5 LOW | 5.4 MEDIUM |
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. | |||||
CVE-2016-4787 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 6.4 MEDIUM | 10.0 CRITICAL |
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. | |||||
CVE-2016-4788 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 5.0 MEDIUM | 5.8 MEDIUM |
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | |||||
CVE-2020-8238 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). | |||||
CVE-2019-11543 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. | |||||
CVE-2019-11539 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-02-27 | 6.5 MEDIUM | 7.2 HIGH |
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | |||||
CVE-2019-11541 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 5.0 MEDIUM | 7.5 HIGH |
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks. | |||||
CVE-2020-12880 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-02-27 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.) | |||||
CVE-2021-22935 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. | |||||
CVE-2019-11540 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-02-27 | 7.5 HIGH | 9.8 CRITICAL |
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack. | |||||
CVE-2021-22936 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. | |||||
CVE-2021-31922 | 1 Pulsesecure | 1 Virtual Traffic Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. | |||||
CVE-2020-8260 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | |||||
CVE-2020-8249 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. | |||||
CVE-2020-8240 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider. | |||||
CVE-2020-8250 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | |||||
CVE-2020-8241 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-02-04 | 5.1 MEDIUM | 7.5 HIGH |
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. | |||||
CVE-2020-8263 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. | |||||
CVE-2021-22887 | 2 Pulsesecure, Supermicro | 24 Psa-5000, Psa-5000 Firmware, Psa-7000 and 21 more | 2024-02-04 | 2.1 LOW | 2.3 LOW |
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device. | |||||
CVE-2020-8255 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. |