Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-nhvj-h5wu-xfgy

Summary A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.

Aliases

alias	CVE-2019-3870

Fixed_packages

url	pkg:deb/debian/samba@2:4.9.5%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/samba@2:4.9.5%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.9.5%252Bdfsg-3%3Fdistro=trixie

url pkg:deb/debian/samba@2:4.13.13%2Bdfsg-1~deb11u6?distro=trixie

purl pkg:deb/debian/samba@2:4.13.13%2Bdfsg-1~deb11u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5tc4-e6tj-3qfa

vulnerability	VCID-7n9k-74nf-ayah

vulnerability	VCID-7rsk-suge-a7b4

vulnerability	VCID-8jp7-e281-tqha

vulnerability	VCID-8yq8-wp1b-p7gt

vulnerability	VCID-9cv8-xnmm-cyh8

vulnerability	VCID-9kyr-nxjs-xkaw

vulnerability	VCID-afjh-h9hy-u7dz

vulnerability	VCID-atg1-qx5q-hfdu

vulnerability	VCID-bkse-muh9-t7a8

vulnerability	VCID-e2b4-vjgq-sbdq

vulnerability	VCID-fb3p-pr3k-wbhj

vulnerability	VCID-fj5p-xkmp-vken

vulnerability	VCID-gec9-c1be-dkba

vulnerability	VCID-gx57-3mtp-hqdh

vulnerability	VCID-hxfw-6htj-wkhg

vulnerability	VCID-j1a6-7vhx-sbh7

vulnerability	VCID-j358-djx5-8qdw

vulnerability	VCID-mnnu-hrtz-uyeg

vulnerability	VCID-mtrk-m8jm-gyfg

vulnerability	VCID-t156-69p4-s7gu

vulnerability	VCID-usyw-3jt1-xyez

vulnerability	VCID-wc2t-bbf1-mua5

vulnerability	VCID-x9ky-gfg3-hfen

vulnerability	VCID-xmpf-4zxw-dybe

vulnerability	VCID-xt8n-4rnc-b7fs

vulnerability	VCID-zx6s-p6p1-z7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.13.13%252Bdfsg-1~deb11u6%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.17.12%2Bdfsg-0%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/samba@2:4.17.12%2Bdfsg-0%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.17.12%252Bdfsg-0%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.22.8%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/samba@2:4.22.8%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.22.8%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/samba@2:4.24.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/samba@2:4.24.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/samba@2:4.24.3%252Bdfsg-1%3Fdistro=trixie

Affected_packages

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3870.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3870.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3870

reference_id

reference_type

scores

value	0.0055
scoring_system	epss
scoring_elements	0.6834
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3870

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3870
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3870

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1689010
reference_id	1689010
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1689010

Weaknesses

cwe_id	276
name	Incorrect Default Permissions
description	During installation, installed file permissions are set to allow anyone to modify those files.

Exploits

Severity_range_score 6.1 - 6.1

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhvj-h5wu-xfgy

Vulnerability Instance