Vulnerabilities > Pulsesecure > Pulse Connect Secure > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-04-06 CVE-2020-11580 Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
network
low complexity
pulsesecure CWE-295
critical
 9.1
9.1
2019-04-26 CVE-2019-11540 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
network
low complexity
pulsesecure ivanti
critical
 9.8
9.8
2018-09-06 CVE-2018-6320 Improper Input Validation vulnerability in multiple products
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.
network
low complexity
pulsesecure ivanti CWE-20
critical
 9.8
9.8
2018-01-16 CVE-2018-5299 Out-of-bounds Write vulnerability in Pulsesecure Pulse Connect Secure and Pulse Policy Secure
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
network
low complexity
pulsesecure CWE-787
critical
 9.8
9.8
2016-05-26 CVE-2016-4787 Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.
network
low complexity
ivanti pulsesecure
critical
 10.0
10