Pulsesecure Pulse_connect_secure
57 CVEs affecting Pulsesecure Pulse_connect_secure. Latest disclosed: 2022-09-30. Critical: 5, High: 27.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-4787 | Critical | 10.0 | 2016-05-26 | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authe… |
CVE-2019-11540 | Critical | 9.8 | 2019-04-26 | In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX befor… |
CVE-2018-6320 | Critical | 9.8 | 2018-09-06 | A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure… |
CVE-2018-5299 | Critical | 9.8 | 2018-01-16 | A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) befo… |
CVE-2020-11580 | Critical | 9.1 | 2020-04-06 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients wh… |
CVE-2021-22908 | High | 8.8 | 2021-05-27 | A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to exec… |
CVE-2020-11582 | High | 8.8 | 2020-04-06 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients wh… |
CVE-2017-11455 | High | 8.8 | 2017-08-29 | diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through… |
CVE-2017-11196 | High | 8.8 | 2017-07-12 | Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to log… |
CVE-2017-11193 | High | 8.8 | 2017-07-12 | Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, tracerout… |
CVE-2018-18284 | High | 8.6 | 2018-10-19 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. |
CVE-2016-4791 | High | 8.6 | 2016-05-26 | The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote adm… |
CVE-2020-8206 | High | 8.1 | 2020-07-30 | An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TO… |
CVE-2020-11581 | High | 8.1 | 2020-04-06 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients wh… |
CVE-2019-11213 | High | 8.1 | 2019-04-12 | In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthori… |
CVE-2018-16513 | High | 7.8 | 2018-09-05 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpre… |
CVE-2018-15911 | High | 7.8 | 2018-08-28 | In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to c… |
CVE-2018-15910 | High | 7.8 | 2018-08-27 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash… |
CVE-2018-15909 | High | 7.8 | 2018-08-27 | In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files t… |
CVE-2021-22965 | High | 7.5 | 2021-11-19 | A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is… |