AnsweredAssumed Answered

Missing CVE Numbers

Question asked by Hans-Juergen Kreutzer on Oct 15, 2019
Latest reply on Oct 15, 2019 by Busby

Sometimes i see CVE new Numbers, but they are not in the vulnerabilty detecion adress sample

 

Multiple Vulnerabilities in HP Printers

Multiple vulnerabilities, ranging Cross-Site Scripting to buffer overflows, were found in several HP printers:

Multiple Buffer Overflows in IPP Service (CVE-2019-6327)
Buffer Overflow in Web Server (CVE-2019-6326)
Multiple Cross-Site Scripting Vulnerabilities (CVE-2019-6323, CVE-2019-6324)
Cross-Site Request Forgery Countermeasures Bypass (CVE-2019-6325)

 

Multiple Vulnerabilities in Ricoh Printers

Multiple vulnerabilities, ranging from information disclosure to remote code execution, were found in some Ricoh printers.
The vulnerability list below was found affecting to some Ricoh printers:

 

Multiple Vulnerabilities in for Chrome Browser

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

 

This update includes 8 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

 

[$20500][1005753] High CVE-2019-13693: Use-after-free in IndexedDB.

Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-09-19

[$TBD][1005251] High CVE-2019-13694: Use-after-free in WebRTC.

Reported by banananapenguin on 2019-09-18

[$15000][1004730] High CVE-2019-13695: Use-after-free in audio.

Reported by Man Yue Mo of Semmle Security Research Team on 2019-09-17

[$7500][1000635] High CVE-2019-13696: Use-after-free in V8.

Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-09-04

 

[$2000][990849] High CVE-2019-13697: Cross-origin size leak.

Reported by Luan Herrera @lbherrera_ on 2019-08-05

 

 

If have two question which cve numbers will be not supported by qualys, how i can find them

How fast after publishing cve numbers is the detection from qualys vm modul later ?

Outcomes