Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pulsesecure vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2016-4791
The administrative user interface in Pulse Connect Secure (PCS) 8.2 prior to 8.2r1, 8.1 prior to 8.1r2, 8.0 prior to 8.0r9, and 7.4 prior to 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via ...
Pulsesecure Pulse Connect Secure 8.1r1.0
Ivanti Connect Secure 8.1
Ivanti Connect Secure 8.2
Ivanti Connect Secure 8.0
Pulsesecure Pulse Connect Secure 7.4
5.8
CVSSv2
CVE-2020-15408
An issue exists in Pulse Secure Pulse Connect Secure prior to 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Secure Desktop Client 9.1
5.8
CVSSv2
CVE-2018-11002
Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.
Pulsesecure Pulse Secure Desktop Client 5.3r3
Pulsesecure Pulse Secure Desktop Client 5.3r4.1
Pulsesecure Pulse Secure Desktop Client 5.3r1
Pulsesecure Pulse Secure Desktop Client 5.3r1.1
Pulsesecure Pulse Secure Desktop Client 5.3r2
Pulsesecure Pulse Secure Desktop Client 5.3r5
Pulsesecure Pulse Secure Desktop Client 5.3r5.2
Pulsesecure Pulse Secure Desktop Client 5.3r6
Pulsesecure Pulse Secure Desktop Client 5.3r4
Pulsesecure Pulse Secure Desktop Client 5.3r4.2
5.8
CVSSv2
CVE-2018-14366
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX prior to 8.1R13 and 8.3RX prior to 8.3R4 and Pulse Policy Secure up to and including 5.2RX prior to 5.2R10 and 5.4RX prior to 5.4R4 have an Open Redirect Vulnerability.
Pulsesecure Pulse Policy Secure 5.2r7.0
Pulsesecure Pulse Connect Secure 8.1r1.0
Pulsesecure Pulse Policy Secure 5.2r2.0
Pulsesecure Pulse Policy Secure 5.2r7.1
Pulsesecure Pulse Policy Secure 5.2r4.0
Pulsesecure Pulse Policy Secure 5.2r3.2
Pulsesecure Pulse Policy Secure 5.2r1.0
Pulsesecure Pulse Policy Secure 5.2r5.0
Pulsesecure Pulse Policy Secure 5.2r6.0
Pulsesecure Pulse Policy Secure 5.2r8.0
Pulsesecure Pulse Policy Secure 5.2r3.0
Pulsesecure Pulse Policy Secure 5.4r1
Pulsesecure Pulse Policy Secure 5.4r2
Pulsesecure Pulse Policy Secure 5.4r2.1
Pulsesecure Pulse Policy Secure 5.4r3
Pulsesecure Pulse Policy Secure 5.4rx
Pulsesecure Pulse Policy Secure 5.2r9.0
Pulsesecure Pulse Policy Secure 5.2r9.1
Pulsesecure Pulse Policy Secure 5.2rx
Pulsesecure Pulse Connect Secure 8.3rx
Pulsesecure Pulse Connect Secure 8.1rx
Ivanti Connect Secure 8.3
5.5
CVSSv2
CVE-2021-22933
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
5.5
CVSSv2
CVE-2020-8220
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated malicious user to perform command injection via the administrator web which can cause DOS.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
5.1
CVSSv2
CVE-2020-8241
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the malicious user to perform a MITM Attack if end users are convinced to connect to a malicious server.
Pulsesecure Pulse Secure Desktop Client
Pulsesecure Pulse Secure Desktop Client 9.1
2 Github repositories
5
CVSSv2
CVE-2021-31922
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager prior to 21.1 could allow an malicious user to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
Pulsesecure Virtual Traffic Manager 20.2
Pulsesecure Virtual Traffic Manager 20.3
Pulsesecure Virtual Traffic Manager 19.2
Pulsesecure Virtual Traffic Manager 20.1
Pulsesecure Virtual Traffic Manager 19.3
Pulsesecure Virtual Traffic Manager
Pulsesecure Virtual Traffic Manager 18.2
5
CVSSv2
CVE-2018-20809
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX prior to 8.3R5 and Pulse Policy Secure 5.4RX prior to 5.4R5. This is not applicable to PCS 8.1RX.
Pulsesecure Pulse Policy Secure 5.2
Pulsesecure Pulse Policy Secure 5.4
Pulsesecure Pulse Policy Secure 5.3
Pulsesecure Pulse Policy Secure 5.1
Pulsesecure Pulse Policy Secure 5.0
Pulsesecure Pulse Policy Secure 4.4
Ivanti Connect Secure 8.3
5
CVSSv2
CVE-2018-20812
An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints.
Pulsesecure Pulse Secure Desktop Client 4.0
Pulsesecure Pulse Secure Desktop Client 5.1
Pulsesecure Pulse Secure Desktop Client 5.1r
Pulsesecure Pulse Secure Desktop Client 5.3
Pulsesecure Pulse Secure Desktop Client 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »