Vulnerabilities > Pulsesecure > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-28 | CVE-2020-8250 | Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1 A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | 7.8 |
| 2020-10-28 | CVE-2020-8249 | Classic Buffer Overflow vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1 A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. | 7.8 |
| 2020-10-28 | CVE-2020-8248 | Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1 A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | 7.8 |
| 2020-10-28 | CVE-2020-8241 | Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1 A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. | 7.5 |
| 2020-10-28 | CVE-2020-8240 | Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. | 7.8 |
| 2020-10-27 | CVE-2020-15352 | XXE vulnerability in multiple products An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 7.2 |
| 2020-07-30 | CVE-2020-8219 | Incorrect Default Permissions vulnerability in multiple products An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. | 7.2 |
| 2020-07-30 | CVE-2020-8218 | Code Injection vulnerability in multiple products A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | 7.2 |
| 2020-07-30 | CVE-2020-8206 | Improper Authentication vulnerability in multiple products An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. | 8.1 |
| 2020-06-16 | CVE-2020-13162 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Pulsesecure products A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. | 7.0 |