Vulnerabilities > Pulsesecure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-12 | CVE-2019-11213 | Session Fixation vulnerability in multiple products In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. | 8.1 |
| 2018-12-21 | CVE-2018-20193 | Improper Privilege Management vulnerability in Pulsesecure Secure Access Series SSL VPN Sa-4000 4.2/5.1R5 Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). | 4.0 |
| 2018-12-20 | CVE-2018-20307 | Information Exposure vulnerability in Pulsesecure Virtual Traffic Manager 10.4R1/17.2R1 Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation. | 4.0 |
| 2018-12-20 | CVE-2018-20306 | Cross-site Scripting vulnerability in Pulsesecure Virtual Traffic Manager A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. | 3.5 |
| 2018-11-29 | CVE-2018-11002 | Incorrect Permission Assignment for Critical Resource vulnerability in Pulsesecure Pulse Secure Desktop Client Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. | 5.8 |
| 2018-10-19 | CVE-2018-18284 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | 8.6 |
| 2018-09-12 | CVE-2018-7572 | Improper Authentication vulnerability in Pulsesecure Pulse Secure Desktop Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. | 7.2 |
| 2018-09-06 | CVE-2018-6320 | Improper Input Validation vulnerability in multiple products A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation. | 9.8 |
| 2018-09-06 | CVE-2018-16261 | Improper Certificate Validation vulnerability in Pulsesecure Pulse Secure Desktop Client In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. | 4.6 |
| 2018-09-06 | CVE-2018-15865 | Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. | 4.6 |