Vulnerabilities > Pulsesecure

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-22933 Path Traversal vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
network
low complexity
pulsesecure CWE-22
5.5
2021-08-16 CVE-2021-22934 Classic Buffer Overflow vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
network
low complexity
pulsesecure CWE-120
6.5
2021-08-16 CVE-2021-22935 Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
network
low complexity
pulsesecure CWE-77
6.5
2021-08-16 CVE-2021-22936 Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
4.3
2021-08-16 CVE-2021-22937 Unrestricted Upload of File with Dangerous Type vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
network
low complexity
pulsesecure CWE-434
6.5
2021-08-16 CVE-2021-22938 Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
network
low complexity
pulsesecure CWE-77
6.5
2021-05-27 CVE-2021-22894 Classic Buffer Overflow vulnerability in Pulsesecure Pulse Connect Secure 7.1/9.0/9.1
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
network
low complexity
pulsesecure CWE-120
critical
9.0
2021-05-27 CVE-2021-22899 Command Injection vulnerability in Pulsesecure Pulse Connect Secure
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
network
low complexity
pulsesecure CWE-77
6.5
2021-05-27 CVE-2021-22900 Code Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/9.0/9.1
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
network
low complexity
pulsesecure CWE-94
6.5
2021-05-27 CVE-2021-22908 Classic Buffer Overflow vulnerability in Pulsesecure Pulse Connect Secure 9.0/9.0Rx/9.1
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user.
network
low complexity
pulsesecure CWE-120
critical
9.0