Vulnerabilities > Pulsesecure > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-20306 | Cross-site Scripting vulnerability in Pulsesecure Virtual Traffic Manager 10.4/17.2/9.9 A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. | 5.4 |
| 2018-11-29 | CVE-2018-11002 | Incorrect Permission Assignment for Critical Resource vulnerability in Pulsesecure Pulse Secure Desktop Client Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. | 5.5 |
| 2018-09-12 | CVE-2018-7572 | Improper Authentication vulnerability in Pulsesecure Pulse Secure Desktop Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. | 6.8 |
| 2018-09-06 | CVE-2018-16261 | Improper Certificate Validation vulnerability in Pulsesecure Pulse Secure Desktop Client In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. | 6.8 |
| 2018-09-06 | CVE-2018-15749 | Use of Externally-Controlled Format String vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. | 5.5 |
| 2018-09-06 | CVE-2018-15726 | OS Command Injection vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. | 5.3 |
| 2018-09-06 | CVE-2018-14366 | Open Redirect vulnerability in multiple products download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. | 6.1 |
| 2018-05-10 | CVE-2018-9849 | Unspecified vulnerability in Pulsesecure Pulse Connect Secure Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document. | 5.5 |
| 2018-01-31 | CVE-2018-6374 | Improper Certificate Validation vulnerability in Pulsesecure Desktop Linux Client 5.2R9.2 The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. | 6.5 |
| 2018-01-16 | CVE-2017-17947 | Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. | 4.8 |