Vulnerabilities > Pulsesecure > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-29 | CVE-2018-11002 | Incorrect Permission Assignment for Critical Resource vulnerability in Pulsesecure Pulse Secure Desktop Client Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. | 5.8 |
| 2018-09-06 | CVE-2018-16261 | Improper Certificate Validation vulnerability in Pulsesecure Pulse Secure Desktop Client In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. | 4.6 |
| 2018-09-06 | CVE-2018-15865 | Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. | 4.6 |
| 2018-09-06 | CVE-2018-15726 | OS Command Injection vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. | 4.6 |
| 2018-09-06 | CVE-2018-14366 | Open Redirect vulnerability in multiple products download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. | 6.1 |
| 2018-05-10 | CVE-2018-9849 | Unspecified vulnerability in Pulsesecure Pulse Connect Secure Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document. network pulsesecure | 4.3 |
| 2018-01-31 | CVE-2018-6374 | Improper Certificate Validation vulnerability in Pulsesecure Desktop Linux Client The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. | 6.4 |
| 2017-09-30 | CVE-2017-14935 | Improper Input Validation vulnerability in Pulsesecure Pulse ONE On-Premise 2.0.1649 Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. | 5.0 |
| 2017-07-12 | CVE-2017-11196 | Cross-Site Request Forgery (CSRF) vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0 Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. | 6.8 |
| 2017-07-12 | CVE-2017-11195 | Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0 Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. | 4.3 |