Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/samba@4.11.3-r0?arch=x86&distroversion=v3.23&reponame=main
Typeapk
Namespacealpine
Namesamba
Version4.11.3-r0
Qualifiers
arch x86
distroversion v3.23
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.11.5-r0
Latest_non_vulnerable_version4.22.10-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-r3n1-q8uv-cfbb
vulnerability_id VCID-r3n1-q8uv-cfbb
summary All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14870.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14870.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14870
reference_id
reference_type
scores
0
value 0.04669
scoring_system epss
scoring_elements 0.89506
published_at 2026-06-04T12:55:00Z
1
value 0.04669
scoring_system epss
scoring_elements 0.89525
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14870
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14870
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14870
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1778589
reference_id 1778589
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1778589
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946786
reference_id 946786
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946786
6
reference_url https://security.gentoo.org/glsa/202003-52
reference_id GLSA-202003-52
reference_type
scores
url https://security.gentoo.org/glsa/202003-52
7
reference_url https://security.gentoo.org/glsa/202310-06
reference_id GLSA-202310-06
reference_type
scores
url https://security.gentoo.org/glsa/202310-06
fixed_packages
0
url pkg:apk/alpine/samba@4.11.3-r0?arch=x86&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/samba@4.11.3-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/samba@4.11.3-r0%3Farch=x86&distroversion=v3.23&reponame=main
aliases CVE-2019-14870
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r3n1-q8uv-cfbb
1
url VCID-ytdy-akzb-a7e1
vulnerability_id VCID-ytdy-akzb-a7e1
summary All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14861.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14861.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14861
reference_id
reference_type
scores
0
value 0.04997
scoring_system epss
scoring_elements 0.89897
published_at 2026-06-05T12:55:00Z
1
value 0.04997
scoring_system epss
scoring_elements 0.89881
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14861
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14861
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14861
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1778586
reference_id 1778586
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1778586
4
reference_url http://www.openwall.com/lists/oss-security/2024/06/24/3
reference_id 3
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url http://www.openwall.com/lists/oss-security/2024/06/24/3
5
reference_url https://usn.ubuntu.com/4217-1/
reference_id 4217-1
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url https://usn.ubuntu.com/4217-1/
6
reference_url https://usn.ubuntu.com/4217-2/
reference_id 4217-2
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url https://usn.ubuntu.com/4217-2/
7
reference_url https://www.samba.org/samba/security/CVE-2019-14861.html
reference_id CVE-2019-14861.html
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url https://www.samba.org/samba/security/CVE-2019-14861.html
8
reference_url https://security.gentoo.org/glsa/202003-52
reference_id GLSA-202003-52
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url https://security.gentoo.org/glsa/202003-52
9
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
reference_id msg00023.html
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
10
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html
11
reference_url https://security.netapp.com/advisory/ntap-20191210-0002/
reference_id ntap-20191210-0002
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url https://security.netapp.com/advisory/ntap-20191210-0002/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/
reference_id PJH3ROOFYMOATD2UEPC47P5RPBDTY77E
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
reference_id show_bug.cgi?id=CVE-2019-14861
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
14
reference_url https://www.synology.com/security/advisory/Synology_SA_19_40
reference_id Synology_SA_19_40
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url https://www.synology.com/security/advisory/Synology_SA_19_40
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/
reference_id WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T15:36:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/
fixed_packages
0
url pkg:apk/alpine/samba@4.11.3-r0?arch=x86&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/samba@4.11.3-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/samba@4.11.3-r0%3Farch=x86&distroversion=v3.23&reponame=main
aliases CVE-2019-14861
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytdy-akzb-a7e1
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/samba@4.11.3-r0%3Farch=x86&distroversion=v3.23&reponame=main