Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/samba@4.10.5-r0?arch=x86_64&distroversion=v3.13&reponame=main

Type apk

Namespace alpine

Name samba

Version 4.10.5-r0

Qualifiers

arch	x86_64
distroversion	v3.13
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.10.8-r0

Latest_non_vulnerable_version 4.13.17-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-emy1-4uv9-4kfn

vulnerability_id VCID-emy1-4uv9-4kfn

summary Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12436.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12436.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12436

reference_id

reference_type

scores

value	0.02349
scoring_system	epss
scoring_elements	0.8519
published_at	2026-06-04T12:55:00Z

value	0.02349
scoring_system	epss
scoring_elements	0.85215
published_at	2026-06-05T12:55:00Z

value	0.02349
scoring_system	epss
scoring_elements	0.85203
published_at	2026-06-08T12:55:00Z

value	0.02349
scoring_system	epss
scoring_elements	0.8522
published_at	2026-06-06T12:55:00Z

value	0.02349
scoring_system	epss
scoring_elements	0.85214
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12436

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1711837
reference_id	1711837
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1711837

reference_url	https://usn.ubuntu.com/4018-1/
reference_id	USN-4018-1
reference_type
scores
url	https://usn.ubuntu.com/4018-1/

fixed_packages

url	pkg:apk/alpine/samba@4.10.5-r0?arch=x86_64&distroversion=v3.13&reponame=main
purl	pkg:apk/alpine/samba@4.10.5-r0?arch=x86_64&distroversion=v3.13&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/samba@4.10.5-r0%3Farch=x86_64&distroversion=v3.13&reponame=main

aliases CVE-2019-12436

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emy1-4uv9-4kfn

url VCID-mktu-yt4c-tkfq

vulnerability_id VCID-mktu-yt4c-tkfq

summary Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12435.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12435.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12435

reference_id

reference_type

scores

value	0.03816
scoring_system	epss
scoring_elements	0.88321
published_at	2026-06-04T12:55:00Z

value	0.03816
scoring_system	epss
scoring_elements	0.88339
published_at	2026-06-05T12:55:00Z

value	0.03816
scoring_system	epss
scoring_elements	0.88341
published_at	2026-06-08T12:55:00Z

value	0.03816
scoring_system	epss
scoring_elements	0.8834
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12435

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1711816
reference_id	1711816
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1711816

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930748
reference_id	930748
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930748

reference_url	https://usn.ubuntu.com/4018-1/
reference_id	USN-4018-1
reference_type
scores
url	https://usn.ubuntu.com/4018-1/

fixed_packages

url	pkg:apk/alpine/samba@4.10.5-r0?arch=x86_64&distroversion=v3.13&reponame=main
purl	pkg:apk/alpine/samba@4.10.5-r0?arch=x86_64&distroversion=v3.13&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/samba@4.10.5-r0%3Farch=x86_64&distroversion=v3.13&reponame=main

aliases CVE-2019-12435

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mktu-yt4c-tkfq

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/samba@4.10.5-r0%3Farch=x86_64&distroversion=v3.13&reponame=main

Package Instance