Search for vulnerabilities
Vulnerability details: VCID-cwk6-bkfs-aaaq
Vulnerability ID VCID-cwk6-bkfs-aaaq
Aliases CVE-2019-9636
Summary Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-172 Encoding Error
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9636.html
cvssv3.1 8.8 https://access.redhat.com/errata/RHBA-2019:0959
generic_textual HIGH https://access.redhat.com/errata/RHBA-2019:0959
rhas Important https://access.redhat.com/errata/RHSA-2019:0710
rhas Important https://access.redhat.com/errata/RHSA-2019:0765
rhas Important https://access.redhat.com/errata/RHSA-2019:0806
rhas Important https://access.redhat.com/errata/RHSA-2019:0902
rhas Important https://access.redhat.com/errata/RHSA-2019:0981
rhas Important https://access.redhat.com/errata/RHSA-2019:0997
rhas Important https://access.redhat.com/errata/RHSA-2019:1467
rhas Important https://access.redhat.com/errata/RHSA-2019:2980
rhas Important https://access.redhat.com/errata/RHSA-2019:3170
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9636.json
epss 0.01247 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01247 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01247 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01247 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01247 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01247 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01247 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01247 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01247 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.02351 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.02884 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.02884 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.02884 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.05634 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
epss 0.10248 https://api.first.org/data/v1/epss?cve=CVE-2019-9636
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636
cvssv3 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual Medium https://github.com/python/cpython/pull/12201
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2019-9636
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9636
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9636
generic_textual Medium https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
archlinux High https://security.archlinux.org/AVG-977
generic_textual Medium https://ubuntu.com/security/notices/USN-4127-1
generic_textual Medium https://ubuntu.com/security/notices/USN-4127-2
generic_textual Medium https://usn.ubuntu.com/usn/usn-4127-1
generic_textual Medium https://usn.ubuntu.com/usn/usn-4127-2
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpujan2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpujan2020.html
cvssv3.1 7.5 https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual HIGH https://www.oracle.com/security-alerts/cpujul2022.html
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9636.html
https://access.redhat.com/errata/RHBA-2019:0763
https://access.redhat.com/errata/RHBA-2019:0764
https://access.redhat.com/errata/RHBA-2019:0959
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9636.json
https://api.first.org/data/v1/epss?cve=CVE-2019-9636
https://bugs.python.org/issue36216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/python/cpython/pull/12201
https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
https://security.gentoo.org/glsa/202003-26
https://security.netapp.com/advisory/ntap-20190517-0001/
https://ubuntu.com/security/notices/USN-4127-1
https://ubuntu.com/security/notices/USN-4127-2
https://usn.ubuntu.com/4127-1/
https://usn.ubuntu.com/4127-2/
https://usn.ubuntu.com/usn/usn-4127-1
https://usn.ubuntu.com/usn/usn-4127-2
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
http://www.securityfocus.com/bid/107400
924072 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924072
ASA-201906-17 https://security.archlinux.org/ASA-201906-17
AVG-977 https://security.archlinux.org/AVG-977
cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:5.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2019-9636 https://nvd.nist.gov/vuln/detail/CVE-2019-9636
RHBA-2019:0764 https://bugzilla.redhat.com/show_bug.cgi?id=1688543
RHSA-2019:0710 https://access.redhat.com/errata/RHSA-2019:0710
RHSA-2019:0765 https://access.redhat.com/errata/RHSA-2019:0765
RHSA-2019:0806 https://access.redhat.com/errata/RHSA-2019:0806
RHSA-2019:0902 https://access.redhat.com/errata/RHSA-2019:0902
RHSA-2019:0981 https://access.redhat.com/errata/RHSA-2019:0981
RHSA-2019:0997 https://access.redhat.com/errata/RHSA-2019:0997
RHSA-2019:1467 https://access.redhat.com/errata/RHSA-2019:1467
RHSA-2019:2980 https://access.redhat.com/errata/RHSA-2019:2980
RHSA-2019:3170 https://access.redhat.com/errata/RHSA-2019:3170
USN-6891-1 https://usn.ubuntu.com/6891-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHBA-2019:0959
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9636.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-9636
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-9636
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-9636
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.oracle.com/security-alerts/cpujul2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.77466
EPSS Score 0.01247
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.