Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pulsesecure vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-8217
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed malicious users to exploit in the URL used for Citrix ICA.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
490
VMScore
CVE-2020-8220
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated malicious user to perform command injection via the administrator web which can cause DOS.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
356
VMScore
CVE-2020-8222
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
578
VMScore
CVE-2021-22899
A command injection vulnerability exists in Pulse Connect Secure prior to 9.1R11.4 allows a remote authenticated malicious user to perform remote code execution via Windows Resource Profiles Feature
Pulsesecure Pulse Connect Secure 9.0rx
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Ivanti Connect Secure 9.0
383
VMScore
CVE-2018-9849
Pulse Secure Pulse Connect Secure 8.1.x prior to 8.1R14, 8.2.x prior to 8.2R11, and 8.3.x prior to 8.3R5 do not properly process nested XML entities, which allows remote malicious users to cause a denial of service (memory consumption and memory errors) via a crafted XML document...
Pulsesecure Pulse Connect Secure
570
VMScore
CVE-2018-6374
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.
Pulsesecure Desktop Linux Client
312
VMScore
CVE-2017-17947
A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) prior to 8.0R17.0, 8.1.x prior to 8.1R13, 8.2.x prior to 8.2R9, and 8.3.x prior to 8.3R3 and Pulse Policy Secure (PPS) prior to 5.2R10, 5.3.x prior to 5.3R9, and 5.4.x prior t...
Pulsesecure Pulse Connect Secure
312
VMScore
CVE-2018-20306
A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated malicious user to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected...
Pulsesecure Virtual Traffic Manager
356
VMScore
CVE-2018-20193
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs becaus...
Pulsesecure Secure Access Series Ssl Vpn Sa-4000 4.2
Pulsesecure Secure Access Series Ssl Vpn Sa-4000 5.1r5
605
VMScore
CVE-2017-11196
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an malicious user to logout a user by making them visit a malicious web page.
Pulsesecure Pulse Connect Secure 8.3r1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »