Pulsesecure

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-21826 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Sep 30, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the...Show more Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.Show less
CVE-2021-44720 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-o...Show more In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.Show less
CVE-2021-22965 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Nov 19, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.
CVE-2021-22938 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
CVE-2021-22937 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
CVE-2021-22936 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
CVE-2021-22935 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
CVE-2021-22934 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious cr...Show more A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.Show less
CVE-2021-22933 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
CVE-2021-22908 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 May 27, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, thi...Show more A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.Show less
CVE-2021-22900 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Dec 18, 2025 May 27, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the admi...Show more A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.Show less
CVE-2021-31922 1Pulsesecure 1Virtual Traffic Manager Nov 21, 2024 May 14, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20....Show more An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.Show less
CVE-2021-22887 2Pulsesecure Supermicro 11Psa 5000 Firmware Psa 7000 FirmwareX10sl7 F Firmware+8 more Nov 21, 2024 Mar 16, 2021 N/A· v4 2.3 LOW· v3 2.1 LOW· v2 A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Befor...Show more A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.Show less
CVE-2020-8263 1Pulsesecure 1Pulse Secure Desktop Client Nov 21, 2024 Oct 28, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
CVE-2020-8262 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Oct 28, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
CVE-2020-8261 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Oct 28, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
CVE-2020-8255 1Pulsesecure 1Pulse Secure Desktop Client Nov 21, 2024 Oct 28, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents the...Show more A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.Show less
CVE-2020-8254 1Pulsesecure 1Pulse Secure Desktop Client Nov 21, 2024 Oct 28, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security o...Show more A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.Show less
CVE-2020-8250 1Pulsesecure 1Pulse Secure Desktop Client Nov 21, 2024 Oct 28, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
CVE-2020-8249 1Pulsesecure 1Pulse Secure Desktop Client Nov 21, 2024 Oct 28, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.

12 3 4 5 Next