Vulnerabilities > Pulsesecure > Pulse Connect Secure > 8.3r5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-27 | CVE-2021-22899 | Command Injection vulnerability in multiple products A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | 8.8 |
2021-05-27 | CVE-2021-22900 | Incorrect Resource Transfer Between Spheres vulnerability in multiple products A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | 7.2 |
2020-10-28 | CVE-2020-8262 | Cross-site Scripting vulnerability in multiple products A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. | 6.1 |
2020-10-28 | CVE-2020-8261 | Classic Buffer Overflow vulnerability in multiple products A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. | 4.3 |
2020-07-28 | CVE-2020-15408 | Missing Authorization vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. | 5.8 |
2020-04-06 | CVE-2020-11582 | Exposure of Resource to Wrong Sphere vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 3.3 |
2020-04-06 | CVE-2020-11581 | OS Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 9.3 |
2020-04-06 | CVE-2020-11580 | Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 6.4 |
2019-04-12 | CVE-2019-11213 | Session Fixation vulnerability in multiple products In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. | 8.1 |
2018-10-19 | CVE-2018-18284 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | 8.6 |