CVE-2019-1573

LOW Year: 2019
CVSS v3 Score
2.5
Low
CVSS v2 Score
1.9
Low
Weakness Type
CWE-226
View all →

Vulnerability Description

GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.

Related Vulnerabilities

CVE-2024-7883

LOW
CVSS:3.7(Low)

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns ...

CWE-2262024

CVE-2022-39393

HIGH
CVSS:8.6(High)

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused ...

CWE-2262022

CVE-2018-7166

HIGH
CVSS:7.5(High)

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or...

CWE-2262018

CVE-2024-38275

HIGH
CVSS:7.5(High)

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

CWE-2262024

CVE-2023-41138

MEDIUM
CVSS:6.7(Medium)

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.

CWE-2262023

CVE-2024-32036

MEDIUM
CVSS:6.5(Medium)

ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file...

CWE-2262024