What are reserved CVE’s ?
Reserved CVE’s are NVD records for confirmed vulnerabilities with little to no information. In most cases there is no information available. ThreatWatch’s prediction model, “Coeus“ goes through all the related information about these CVE like attack vector type, social chatter and vendor advisories, and arrives at a CVSS vector and score for organizations to plan their patching and remediation efforts.
This information is extremely crucial for organizations that have their patching strategy based on CVSS base scoring system. Additionally we encourage organizations to take advantage of this further by sharing asset meta data with ThreatWatch ( via twigs ) to bring in the environmental factors in this prediction.
For full insights including affected products and more, sign-up and learn more at, https://threatwatch.io/ or drop us a email for getting your own dedicated sandbox instance of ThreatWatch.
Week’s Summary
| CVE | TWID | Rating | CVSS | Summary |
# Advisories |
| CVE-2019-7406 | T1212945 | Urgent | 10 | Reserved: TP-Link WiFi Extender Remote Code Execution (CVE-2019-7406) |
1 |
| CVE-2019-10164 | T1213102 | Urgent | 8.7 | Reserved: Alexander Lakhin discovered that PostgreSQL incorrectly handled |
2 |
| CVE-2019-10167 | T1213115 | Critical | 7.5 | Reserved: Important: virt:rhel security update |
4 |
| CVE-2019-10166 | T1213114 | Critical | 7.5 | Reserved: Important: virt:rhel security update |
4 |
| CVE-2019-10161 | T1213113 | Critical | 7.5 | Reserved: Important: virt:rhel security update |
6 |
| CVE-2019-10168 | T1213112 | Critical | 7.5 | Reserved: Important: virt:rhel security update |
4 |
| CVE-2019-11272 | T1212983 | Critical | 7.5 | Reserved: Pivotal-CVE-2019-11272: PlaintextPasswordEncoder authenticates encoded passwords that are null |
1 |
| CVE-2019-10135 | T1212970 | Critical | 7.5 | Reserved: CVE-2019-10135 osbs-client: Object injection through insecure use of yaml.load() function |
1 |
| CVE-2019-12292 | T1212776 | Critical | 7.5 | Reserved: Improper Access Control Vulnerability in AppDNA |
1 |
| CVE-2018-1858 | T1212942 | Critical | 6.8 | Reserved: API Connect V5 is vulnerable to CSRF attacks (CVE-2018-1858) |
1 |
| CVE-2019-11246 | T1213146 | Critical | 6.4 | Reserved: CVE-2019-11246 kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp` |
1 |
| CVE-2019-1877 | T1212897 | Critical | 6.4 | Reserved: Cisco Enterprise Chat and Email Attachment Download Vulnerability |
1 |
| CVE-2019-11708 | T1213109 | Severe | 5 | Reserved: Security vulnerabilities fixed in Thunderbird 60.7.2 |
6 |
| CVE-2019-12871 | T1212987 | Severe | 5 | Reserved: PHOENIX CONTACT Automation Worx Software Suite |
4 |
| CVE-2019-12869 | T1212986 | Severe | 5 | Reserved: PHOENIX CONTACT Automation Worx Software Suite |
2 |
| CVE-2019-12870 | T1212985 | Severe | 5 | Reserved: PHOENIX CONTACT Automation Worx Software Suite |
2 |
| CVE-2019-10171 | T1212972 | Severe | 5 | Reserved: CVE-2019-10171 389-ds-base: Insufficient fix for CVE-2018-14648 denial of service in RHEL-7.5 |
1 |
| CVE-2018-2011 | T1212940 | Severe | 5 | Reserved: API Connect V2018 is impacted by software stack information leak (CVE-2018-2011) |
1 |
| CVE-2018-2013 | T1212938 | Severe | 5 | Reserved: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013) |
1 |
| CVE-2019-4377 | T1212933 | Severe | 5 | Reserved: Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4377) |
1 |
| CVE-2019-4382 | T1212931 | Severe | 5 | Reserved: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382) |
1 |
| CVE-2019-5599 | T1212635 | Severe | 5 | Reserved: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues |
2 |
| CVE-2019-12323 | T1212844 | Severe | 4.9 | Reserved: CVE-2019-12323 / HC10 HC.Server Service 10.14 / Remote Invalid Pointer Write |
1 |
| CVE-2019-12280 | T1213190 | Severe | 4.4 | Reserved: PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path |
1 |
| CVE-2019-11707 | T1212915 | Severe | 4.3 | Reserved: A type confusion bug was discovered in Firefox. If a user were tricked in |
10 |
| CVE-2019-1105 | T1212989 | Medium | 3.5 | Reserved: Outlook for Android Spoofing Vulnerability |
1 |
| CVE-2019-6471 | T1212974 | Medium | 2.6 | Reserved: CVE-2019-6471 bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure |
3 |
