Skip to main content
CVE-2019-3621 MEDIUM This Month

Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Data Loss Prevention Endpoint
NVD
CVSS 3.0
6.2
EPSS
0.3%
CVE-2019-3486 MEDIUM This Month

Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Management Center
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-2343 MEDIUM This Month

Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kernel driver in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Msm8909W Firmware Msm8996au Firmware +34
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2330 MEDIUM PATCH This Month

improper input validation in allocation request for secure allocations can lead to page fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +35
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2241 MEDIUM This Month

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +28
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2240 MEDIUM This Month

While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +47
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2239 MEDIUM This Month

Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +47
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2237 MEDIUM This Month

Failure in taking appropriate action to handle the error case If keypad gpio deactivation fails leads to silent failure scenario and subsequent logic gets executed everytime in Snapdragon Auto,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +14
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2236 MEDIUM This Month

Null pointer dereference during secure application termination using specific application ids. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Ipq8074 Firmware Mdm9206 Firmware +36
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-4116 MEDIUM This Month

IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-4439 MEDIUM PATCH This Month

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Session Fixation IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
5.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy