Pulsesecure

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-11195 1Pulsesecure 1Pulse Connect Secure May 13, 2026 Jul 12, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simpl...Show more Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this.Show less
CVE-2017-11194 1Pulsesecure 1Pulse Connect Secure May 13, 2026 Jul 12, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly saniti...Show more Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc.Show less
CVE-2017-11193 1Pulsesecure 1Pulse Connect Secure May 13, 2026 Jul 12, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have...Show more Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.Show less
CVE-2016-2408 1Pulsesecure 4Odyssey Access Client Pulse Secure DesktopPulse Secure Security+1 more May 6, 2026 Aug 2, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors.
CVE-2016-4791 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure May 6, 2026 May 26, 2016 N/A· v4 8.6 HIGH· v3 6.4 MEDIUM· v2 The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and con...Show more The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.Show less
CVE-2016-4790 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure May 6, 2026 May 26, 2016 N/A· v4 5.5 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject...Show more Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2016-4789 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure May 6, 2026 May 26, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13....Show more Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2016-4788 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure May 6, 2026 May 26, 2016 N/A· v4 5.8 MEDIUM· v3 5.0 MEDIUM· v2 Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.
CVE-2016-4787 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure May 6, 2026 May 26, 2016 N/A· v4 10.0 CRITICAL· v3 6.4 MEDIUM· v2 Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vecto...Show more Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.Show less
CVE-2016-4786 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure May 6, 2026 May 26, 2016 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2016-3985 1Pulsesecure 1Pulse Connect Secure May 6, 2026 Apr 12, 2016 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspec...Show more The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors.Show less
CVE-2016-0799 2Openssl Pulsesecure 3Client OpensslSteel Belted Radius May 6, 2026 Mar 3, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bou...Show more The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.Show less
CVE-2016-0800 2Openssl Pulsesecure 3Client OpensslSteel Belted Radius May 6, 2026 Mar 1, 2016 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, wh...Show more The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.Show less

Previous 1 2 3 45