Security Vulnerabilities - CVEs Published In April 2019
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.
CVSS Score
2.5
EPSS Score
0.002
Published
2019-04-09
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-04-09
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.
CVSS Score
7.5
EPSS Score
0.034
Published
2019-04-09
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.
CVSS Score
5.5
EPSS Score
0.005
Published
2019-04-09
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0879.
CVSS Score
7.8
EPSS Score
0.023
Published
2019-04-09
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877.
CVSS Score
7.8
EPSS Score
0.023
Published
2019-04-09
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
CVSS Score
4.5
EPSS Score
0.001
Published
2019-04-09
An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-04-09
A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-04-09
Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server.
CVSS Score
5.9
EPSS Score
0.018
Published
2019-04-09