RSS   Podatności dla 'Pulse connect secure'   RSS

2021-11-19
 
CVE-2021-22965

CWE-400
 

 
A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.

 
2021-08-16
 
CVE-2021-22933

CWE-22
 

 
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.

 
 
CVE-2021-22934

CWE-120
 

 
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.

 
 
CVE-2021-22935

CWE-77
 

 
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

 
 
CVE-2021-22936

CWE-79
 

 
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

 
 
CVE-2021-22937

CWE-434
 

 
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

 
 
CVE-2021-22938

CWE-77
 

 
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

 
2021-05-27
 
CVE-2021-22894

CWE-120
 

 
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

 
 
CVE-2021-22899

CWE-77
 

 
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

 
 
CVE-2021-22900

CWE-94
 

 
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

 


Copyright 2024, cxsecurity.com

 

Back to Top