pulsesecure

Top products

The 15 most recently published vulnerabilities affecting pulsesecure.

• CVE-2022-21826Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leave...5.4Sep 30, 2022
• CVE-2021-44720In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targe...7.2Aug 11, 2022
• CVE-2021-22900​Уязвимость веб-интерфейса администратора VPN-шлюза корпоративных сетей Pulse Connect Secure, позволяющая нарушителю повысить свои привилегии7.2Dec 1, 2021
• CVE-2021-22899​Уязвимость компонента Resource Profiles VPN-шлюза корпоративных сетей Pulse Connect Secure, позволяющая нарушителю выполнить произвольный код8.8Dec 1, 2021
• CVE-2021-22965A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.7.5Nov 19, 2021
• CVE-2021-22937A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.7.2Aug 16, 2021
• CVE-2021-22936A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.6.1Aug 16, 2021
• CVE-2021-22935A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.7.2Aug 16, 2021
• CVE-2021-22934A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer over...7.2Aug 16, 2021
• CVE-2021-22938A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.7.2Aug 16, 2021
• CVE-2021-22933A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.6.5Aug 16, 2021
• CVE-2021-22900A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted arc...KEV7.2May 27, 2021
• CVE-2021-22894A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.KEV8.8May 27, 2021
• CVE-2021-22908A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. A...8.8May 27, 2021
• CVE-2021-31922An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolv...7.5May 14, 2021