Vulnerabilities > Pulsesecure > Pulse Connect Secure > 8.2r12.0

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-22899 Command Injection vulnerability in multiple products
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
network
low complexity
pulsesecure ivanti CWE-77
8.8
8.8
2021-05-27 CVE-2021-22900 Incorrect Resource Transfer Between Spheres vulnerability in multiple products
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
network
low complexity
pulsesecure ivanti CWE-669
7.2
7.2
2020-10-28 CVE-2020-8262 Cross-site Scripting vulnerability in multiple products
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
network
low complexity
pulsesecure ivanti CWE-79
6.1
6.1
2020-10-28 CVE-2020-8261 Classic Buffer Overflow vulnerability in multiple products
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
network
low complexity
pulsesecure ivanti CWE-120
4.3
4.3
2020-07-28 CVE-2020-15408 Missing Authorization vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. 		5.8
5.8
2020-04-06 CVE-2020-11582 Exposure of Resource to Wrong Sphere vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
low complexity
pulsesecure CWE-668
3.3
3.3
2020-04-06 CVE-2020-11581 OS Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
network
pulsesecure CWE-78
critical
 9.3
9.3
2020-04-06 CVE-2020-11580 Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
network
low complexity
pulsesecure CWE-295
6.4
6.4
2018-10-19 CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
local
low complexity
artifex debian canonical redhat pulsesecure
8.6
8.6
2018-09-05 CVE-2018-16513 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
local
low complexity
artifex debian canonical pulsesecure CWE-704
7.8
7.8