Pulsesecure Pulse Secure Desktop Client — known CVE vulnerabilities
Every CVE whose affected-product data names Pulsesecure Pulse Secure Desktop Client, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2020-8239 — CVSS 9.8 (critical): A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also…
CVE-2020-8254 — CVSS 8.8 (high): A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a…
CVE-2019-11213 — CVSS 8.1 (high): In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a…
CVE-2020-8248 — CVSS 7.8 (high): A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
CVE-2020-8249 — CVSS 7.8 (high): A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.
CVE-2020-8250 — CVSS 7.8 (high): A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
CVE-2020-8240 — CVSS 7.8 (high): A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges…
CVE-2020-8241 — CVSS 7.5 (high): A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to…
CVE-2018-20812 — CVSS 7.5 (high): An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists…
CVE-2020-13162 — CVSS 7.0 (high): A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for…
CVE-2018-16261 — CVSS 6.8 (medium): In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate…
CVE-2018-11002 — CVSS 5.5 (medium): Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.
CVE-2020-8263 — CVSS 5.4 (medium): A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site…
CVE-2018-15726 — CVSS 5.3 (medium): The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.
CVE-2020-8255 — CVSS 4.9 (medium): A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file…
CVE-2020-15408 — CVSS 3.7 (low): An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via…