Security Vulnerabilities - CVEs Published In May 2019
Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-05-30
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-05-30
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry.
CVSS Score
7.1
EPSS Score
0.005
Published
2019-05-30
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-05-30
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
CVSS Score
6.1
EPSS Score
0.022
Published
2019-05-30
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-05-30
An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.
CVSS Score
9.3
EPSS Score
0.001
Published
2019-05-30
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-05-30
A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-05-30
An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server.
CVSS Score
8.6
EPSS Score
0.002
Published
2019-05-30