Filtered by vendor Pulsesecure
Subscribe
Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8248 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | |||||
| CVE-2020-8239 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. | |||||
| CVE-2020-8260 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | |||||
| CVE-2020-8255 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. | |||||
| CVE-2020-13162 | 1 Pulsesecure | 2 Pulse Secure Desktop Client, Pulse Secure Installer Service | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
| A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. | |||||
| CVE-2020-15408 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Secure Desktop Client | 2023-12-10 | 5.8 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite. | |||||
| CVE-2020-11581 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used. | |||||
| CVE-2020-11582 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) | |||||
| CVE-2020-11580 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. | |||||
| CVE-2018-20812 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints. | |||||
| CVE-2018-16513 | 4 Artifex, Canonical, Debian and 1 more | 5 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 2 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. | |||||
| CVE-2018-15749 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. | |||||
| CVE-2018-15910 | 5 Artifex, Canonical, Debian and 2 more | 9 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 6 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | |||||
| CVE-2018-15911 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | |||||
| CVE-2018-18284 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2023-12-10 | 6.8 MEDIUM | 8.6 HIGH |
| Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | |||||
| CVE-2018-20306 | 1 Pulsesecure | 1 Virtual Traffic Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1. | |||||
| CVE-2018-7572 | 1 Pulsesecure | 1 Pulse Secure Desktop | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
| Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs. | |||||
| CVE-2018-20193 | 1 Pulsesecure | 1 Secure Access Series Ssl Vpn Sa-4000 | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes. | |||||
| CVE-2018-15865 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. | |||||
| CVE-2018-15726 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
| The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. | |||||