Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pulse_secure_desktop_client
(Pulsesecure)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-16 | CVE-2020-13162 | A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. | Pulse_secure_desktop_client, Pulse_secure_installer_service | 7.0 | ||
| 2020-07-28 | CVE-2020-15408 | An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite. | Pulse_connect_secure, Pulse_secure_desktop_client | 4.6 | ||
| 2020-10-28 | CVE-2020-8239 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. | Pulse_secure_desktop_client | 9.8 | ||
| 2020-10-28 | CVE-2020-8240 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider. | Pulse_secure_desktop_client | 7.8 | ||
| 2020-10-28 | CVE-2020-8241 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. | Pulse_secure_desktop_client | 7.5 | ||
| 2020-10-28 | CVE-2020-8248 | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | Pulse_secure_desktop_client | 7.8 | ||
| 2020-10-28 | CVE-2020-8250 | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | Pulse_secure_desktop_client | 7.8 | ||
| 2020-10-28 | CVE-2020-8249 | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. | Pulse_secure_desktop_client | 7.8 | ||
| 2020-10-28 | CVE-2020-8254 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. | Pulse_secure_desktop_client | 8.8 | ||
| 2020-10-28 | CVE-2020-8255 | A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. | Pulse_secure_desktop_client | 4.9 |