Vulnerabilities > Pulsesecure

DATE CVE VULNERABILITY TITLE RISK
2020-10-28 CVE-2020-8263 Cross-Site Scripting vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
3.5
2020-10-28 CVE-2020-8262 Cross-Site Scripting vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
4.3
2020-10-28 CVE-2020-8261 Classic Buffer Overflow vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
4.3
2020-10-28 CVE-2020-8260 Unrestricted Upload of File With Dangerous Type vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
network
low complexity
pulsesecure CWE-434
6.5
2020-10-28 CVE-2020-8255 Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.
network
low complexity
pulsesecure
4.0
2020-10-28 CVE-2020-8254 Path Traversal vulnerability in Pulsesecure Pulse Secure Desktop Client
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server.
6.8
2020-10-28 CVE-2020-8250 Improper Privilege Management vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
local
low complexity
pulsesecure CWE-269
4.6
2020-10-28 CVE-2020-8249 Classic Buffer Overflow vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.
local
low complexity
pulsesecure CWE-120
4.6
2020-10-28 CVE-2020-8248 Improper Privilege Management vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
local
low complexity
pulsesecure CWE-269
4.6
2020-10-28 CVE-2020-8241 Improper Certificate Validation vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.
network
high complexity
pulsesecure CWE-295
5.1