VYPR

Vendor CVEs

Pulsesecure

All CVEs

124 total · sorted by risk
  • CVE-2024-37885Jun 14, 2024
    risk 0.00cvss epss 0.00

    The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is…

  • CVE-2023-34298May 3, 2024
    risk 0.00cvss epss 0.01

    Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged…

  • CVE-2024-27242Apr 9, 2024
    risk 0.00cvss epss 0.00

    Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.

  • CVE-2023-39209Aug 8, 2023
    risk 0.00cvss epss 0.01

    Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.

  • CVE-2023-34116Jul 11, 2023
    risk 0.00cvss epss 0.01

    Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.

  • CVE-2023-29000Apr 4, 2023
    risk 0.00cvss epss 0.00

    The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop…

  • CVE-2023-28998Apr 4, 2023
    risk 0.00cvss epss 0.01

    The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder…

  • CVE-2023-28997Apr 4, 2023
    risk 0.00cvss epss 0.01

    The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud…

  • CVE-2023-23942Feb 6, 2023
    risk 0.00cvss epss 0.01

    The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client.…

  • CVE-2022-41882Nov 11, 2022
    risk 0.00cvss epss 0.00

    The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default…

  • CVE-2022-21826Sep 30, 2022
    risk 0.00cvss epss 0.45

    Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP…

  • CVE-2021-44720Aug 11, 2022
    risk 0.00cvss epss 0.02

    In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write…

  • CVE-2021-37617Aug 18, 2021
    risk 0.00cvss epss 0.00

    The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the…

  • CVE-2021-32728Aug 18, 2021
    risk 0.00cvss epss 0.01

    The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to…

  • CVE-2021-22936Aug 16, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

  • CVE-2021-22935Aug 16, 2021
    risk 0.00cvss epss 0.02

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

  • CVE-2021-22934Aug 16, 2021
    risk 0.00cvss epss 0.05

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.

  • CVE-2021-22938Aug 16, 2021
    risk 0.00cvss epss 0.02

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

  • CVE-2021-22895Jun 11, 2021
    risk 0.00cvss epss 0.01

    Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.

  • CVE-2021-22879Apr 14, 2021
    risk 0.00cvss epss 0.05

    Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.

  • CVE-2021-22887Mar 16, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit…

  • CVE-2020-8263Oct 28, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

  • CVE-2020-8262Oct 28, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

  • CVE-2020-8261Oct 28, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.

  • CVE-2020-8241Oct 28, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.

  • CVE-2020-8239Oct 28, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.

  • CVE-2020-8254Oct 28, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect…

  • CVE-2020-8240Oct 28, 2020
    risk 0.00cvss epss 0.00

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is…

  • CVE-2020-8250Oct 28, 2020
    risk 0.00cvss epss 0.00

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

  • CVE-2020-8249Oct 28, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.

  • CVE-2020-8248Oct 28, 2020
    risk 0.00cvss epss 0.00

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

  • CVE-2020-8256Sep 29, 2020
    risk 0.00cvss epss 0.03

    A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.

  • CVE-2020-8238Sep 29, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).

  • CVE-2020-8225Sep 18, 2020
    risk 0.00cvss epss 0.01

    A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.

  • CVE-2020-8189Aug 21, 2020
    risk 0.00cvss epss 0.01

    A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.

  • CVE-2020-8227Aug 21, 2020
    risk 0.00cvss epss 0.22

    Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

  • CVE-2020-8230Aug 17, 2020
    risk 0.00cvss epss 0.00

    A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.

  • CVE-2020-8224Aug 10, 2020
    risk 0.00cvss epss 0.01

    A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.

  • CVE-2020-8229Aug 10, 2020
    risk 0.00cvss epss 0.00

    A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.

  • CVE-2020-8221Jul 30, 2020
    risk 0.00cvss epss 0.02

    A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.

  • CVE-2020-8219Jul 30, 2020
    risk 0.00cvss epss 0.02

    An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.

  • CVE-2020-8216Jul 30, 2020
    risk 0.00cvss epss 0.02

    An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.

  • CVE-2020-8206Jul 30, 2020
    risk 0.00cvss epss 0.03

    An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.

  • CVE-2020-8204Jul 30, 2020
    risk 0.00cvss epss 0.02

    A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.

  • CVE-2020-8222Jul 30, 2020
    risk 0.00cvss epss 0.02

    A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.

  • CVE-2020-8220Jul 30, 2020
    risk 0.00cvss epss 0.02

    A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.

  • CVE-2020-8217Jul 30, 2020
    risk 0.00cvss epss 0.01

    A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.

  • CVE-2020-15408Jul 28, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.

  • CVE-2020-12880Jul 27, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the…

  • CVE-2020-13162Jun 16, 2020
    risk 0.00cvss epss 0.01

    A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.