Vulnerabilities > Pulsesecure > Pulse Secure Desktop Client > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-28 | CVE-2020-8263 | Cross-site Scripting vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1 A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. | 5.4 |
| 2020-10-28 | CVE-2020-8255 | Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1 A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. | 4.9 |
| 2020-07-28 | CVE-2020-15408 | Unspecified vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. | 4.6 |
| 2018-11-29 | CVE-2018-11002 | Incorrect Permission Assignment for Critical Resource vulnerability in Pulsesecure Pulse Secure Desktop Client Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. | 5.5 |
| 2018-09-06 | CVE-2018-16261 | Improper Certificate Validation vulnerability in Pulsesecure Pulse Secure Desktop Client In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. | 6.8 |
| 2018-09-06 | CVE-2018-15749 | Use of Externally-Controlled Format String vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. | 5.5 |
| 2018-09-06 | CVE-2018-15726 | OS Command Injection vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. | 5.3 |