U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*
  • CPE Name Search: true
There are 9 matching records.
Displaying matches 1 through 9.
Vuln ID Summary CVSS Severity
CVE-2020-8263

A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

Published: October 28, 2020; 9:15:13 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0: 3.5 LOW
CVE-2020-8260

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

Published: October 28, 2020; 9:15:13 AM -0400 		V3.1: 7.2 HIGH
 V2.0: 6.5 MEDIUM
CVE-2020-8255

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.

Published: October 28, 2020; 9:15:12 AM -0400 		V3.1: 4.9 MEDIUM
 V2.0: 4.0 MEDIUM
CVE-2020-8250

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

Published: October 28, 2020; 9:15:12 AM -0400 		V3.1: 7.8 HIGH
 V2.0: 4.6 MEDIUM
CVE-2020-8249

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.

Published: October 28, 2020; 9:15:12 AM -0400 		V3.1: 7.8 HIGH
 V2.0: 4.6 MEDIUM
CVE-2020-8248

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

Published: October 28, 2020; 9:15:12 AM -0400 		V3.1: 7.8 HIGH
 V2.0: 4.6 MEDIUM
CVE-2020-8241

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.

Published: October 28, 2020; 9:15:12 AM -0400 		V3.1: 7.5 HIGH
 V2.0: 5.1 MEDIUM
CVE-2020-8239

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.

Published: October 28, 2020; 9:15:12 AM -0400 		V3.1: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2020-15408

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.

Published: July 28, 2020; 11:15:11 AM -0400 		V3.1: 4.6 MEDIUM
 V2.0: 5.8 MEDIUM