Weekly Reserved CVE Actionable Insights ( June 23rd 2019 )

by Paresh Borkar

What are reserved CVE’s ?

Reserved CVE’s are NVD records for confirmed vulnerabilities with little to no information. In most cases there is no information available. ThreatWatch’s prediction model, “Coeus“ goes through all the related information about these CVE like attack vector type, social chatter and vendor advisories, and arrives at a CVSS vector and score for organizations to plan their patching and remediation efforts.

This information is extremely crucial for organizations that have their patching strategy based on CVSS base scoring system. Additionally we encourage organizations to take advantage of this further by sharing asset meta data with ThreatWatch ( via twigs ) to bring in the environmental factors in this prediction.

For full insights including affected products and more, sign-up and learn more at, https://threatwatch.io/ or drop us a email for getting your own dedicated sandbox instance of ThreatWatch.

 

Week’s Summary

CVE TWID Rating CVSS Summary

# Advisories

CVE-2019-7406 T1212945 Urgent 10 Reserved: TP-Link WiFi Extender Remote Code Execution (CVE-2019-7406)

1

CVE-2019-10164 T1213102 Urgent 8.7 Reserved: Alexander Lakhin discovered that PostgreSQL incorrectly handled

2

CVE-2019-10167 T1213115 Critical 7.5 Reserved: Important: virt:rhel security update

4

CVE-2019-10166 T1213114 Critical 7.5 Reserved: Important: virt:rhel security update

4

CVE-2019-10161 T1213113 Critical 7.5 Reserved: Important: virt:rhel security update

6

CVE-2019-10168 T1213112 Critical 7.5 Reserved: Important: virt:rhel security update

4

CVE-2019-11272 T1212983 Critical 7.5 Reserved: Pivotal-CVE-2019-11272: PlaintextPasswordEncoder authenticates encoded passwords that are null

1

CVE-2019-10135 T1212970 Critical 7.5 Reserved: CVE-2019-10135 osbs-client: Object injection through insecure use of yaml.load() function

1

CVE-2019-12292 T1212776 Critical 7.5 Reserved: Improper Access Control Vulnerability in AppDNA

1

CVE-2018-1858 T1212942 Critical 6.8 Reserved: API Connect V5 is vulnerable to CSRF attacks (CVE-2018-1858)

1

CVE-2019-11246 T1213146 Critical 6.4 Reserved: CVE-2019-11246 kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp`

1

CVE-2019-1877 T1212897 Critical 6.4 Reserved: Cisco Enterprise Chat and Email Attachment Download Vulnerability

1

CVE-2019-11708 T1213109 Severe 5 Reserved: Security vulnerabilities fixed in Thunderbird 60.7.2

6

CVE-2019-12871 T1212987 Severe 5 Reserved: PHOENIX CONTACT Automation Worx Software Suite

4

CVE-2019-12869 T1212986 Severe 5 Reserved: PHOENIX CONTACT Automation Worx Software Suite

2

CVE-2019-12870 T1212985 Severe 5 Reserved: PHOENIX CONTACT Automation Worx Software Suite

2

CVE-2019-10171 T1212972 Severe 5 Reserved: CVE-2019-10171 389-ds-base: Insufficient fix for CVE-2018-14648 denial of service in RHEL-7.5

1

CVE-2018-2011 T1212940 Severe 5 Reserved: API Connect V2018 is impacted by software stack information leak (CVE-2018-2011)

1

CVE-2018-2013 T1212938 Severe 5 Reserved: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013)

1

CVE-2019-4377 T1212933 Severe 5 Reserved: Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4377)

1

CVE-2019-4382 T1212931 Severe 5 Reserved: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382)

1

CVE-2019-5599 T1212635 Severe 5 Reserved: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues

2

CVE-2019-12323 T1212844 Severe 4.9 Reserved: CVE-2019-12323 / HC10 HC.Server Service 10.14 / Remote Invalid Pointer Write

1

CVE-2019-12280 T1213190 Severe 4.4 Reserved: PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path

1

CVE-2019-11707 T1212915 Severe 4.3 Reserved: A type confusion bug was discovered in Firefox. If a user were tricked in

10

CVE-2019-1105 T1212989 Medium 3.5 Reserved: Outlook for Android Spoofing Vulnerability

1

CVE-2019-6471 T1212974 Medium 2.6 Reserved: CVE-2019-6471 bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure

3

Leave a Reply

Your email address will not be published. Required fields are marked *