Pulse Connect Secure Security Vulnerabilities and Issues — Pulse Connect Secure CVE List

Lucene search

PulsesecurePulse Connect Secure

10 matches found

CVE•added 2018/08/27 5:29 p.m.•173 views

CVE-2018-15910

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

7.8CVSS6.7AI score0.04114EPSS

CVE•added 2018/08/27 5:29 p.m.•155 views

CVE-2018-15909

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

7.8CVSS6.6AI score0.02166EPSS

CVE•added 2018/08/28 4:29 a.m.•151 views

CVE-2018-15911

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.

7.8CVSS6.7AI score0.02285EPSS

CVE•added 2018/10/19 10:29 p.m.•149 views

CVE-2018-18284

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

8.6CVSS6.3AI score0.00467EPSS

CVE•added 2018/09/05 1:29 p.m.•96 views

CVE-2018-16513

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.

7.8CVSS8AI score0.00309EPSS

CVE•added 2018/01/16 9:29 p.m.•48 views

CVE-2017-17947

A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL par...

4.8CVSS4.8AI score0.0026EPSS

CVE•added 2018/01/16 10:29 p.m.•42 views

CVE-2018-5299

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.

9.8CVSS9.8AI score0.11904EPSS

CVE•added 2018/09/06 11:29 p.m.•42 views

CVE-2018-6320

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.

9.8CVSS9.3AI score0.05235EPSS

CVE•added 2018/05/10 2:29 p.m.•40 views

CVE-2018-9849

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.

5.5CVSS5.6AI score0.00213EPSS

CVE•added 2018/09/06 11:29 p.m.•38 views

CVE-2018-14366

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.

6.1CVSS6.2AI score0.001EPSS