VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-q58w-h5mb-aaaj

Essentials
Severities (122)
References (38)
Severity details (39)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-q58w-h5mb-aaaj
Aliases	CVE-2019-14235 GHSA-v9qg-3j8p-r63v PYSEC-2019-14 PYSEC-2019-84
Summary	An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-674	Uncontrolled Recursion
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400	Uncontrolled Resource Consumption

System	Score	Found at
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14235.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:1324
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4390
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json
epss	0.01220	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.01220	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.01244	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.01244	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03508	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.03985	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
epss	0.05336	https://api.first.org/data/v1/epss?cve=CVE-2019-14235
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1734422
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
cvssv3.1	3.7	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	MODERATE	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	Medium	https://docs.djangoproject.com/en/dev/releases/security/
cvssv3	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-v9qg-3j8p-r63v
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml
cvssv3.1	7.5	https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
generic_textual	HIGH	https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
cvssv3.1	7.5	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
generic_textual	HIGH	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2019-14235
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-14235
cvssv3.1	7.5	https://seclists.org/bugtraq/2019/Aug/15
generic_textual	HIGH	https://seclists.org/bugtraq/2019/Aug/15
archlinux	Medium	https://security.archlinux.org/AVG-1015
cvssv3.1	8.8	https://security.gentoo.org/glsa/202004-17
generic_textual	HIGH	https://security.gentoo.org/glsa/202004-17
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20190828-0002
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20190828-0002
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4084-1
cvssv3.1	7.5	https://www.debian.org/security/2019/dsa-4498
generic_textual	HIGH	https://www.debian.org/security/2019/dsa-4498
cvssv3.1	7.5	https://www.djangoproject.com/weblog/2019/aug/01/security-releases
generic_textual	HIGH	https://www.djangoproject.com/weblog/2019/aug/01/security-releases

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
		http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14235.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-14235
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
		https://docs.djangoproject.com/en/dev/releases/security
		https://docs.djangoproject.com/en/dev/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml
		https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
		https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
		https://seclists.org/bugtraq/2019/Aug/15
		https://security.gentoo.org/glsa/202004-17
		https://security.netapp.com/advisory/ntap-20190828-0002
		https://security.netapp.com/advisory/ntap-20190828-0002/
		https://ubuntu.com/security/notices/USN-4084-1
		https://www.debian.org/security/2019/dsa-4498
		https://www.djangoproject.com/weblog/2019/aug/01/security-releases
		https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
1734422		https://bugzilla.redhat.com/show_bug.cgi?id=1734422
934026		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
ASA-201908-2		https://security.archlinux.org/ASA-201908-2
AVG-1015		https://security.archlinux.org/AVG-1015
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
CVE-2019-14235		https://nvd.nist.gov/vuln/detail/CVE-2019-14235
GHSA-v9qg-3j8p-r63v		https://github.com/advisories/GHSA-v9qg-3j8p-r63v
RHSA-2020:1324		https://access.redhat.com/errata/RHSA-2020:1324
RHSA-2020:4390		https://access.redhat.com/errata/RHSA-2020:4390
USN-4084-1		https://usn.ubuntu.com/4084-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://docs.djangoproject.com/en/dev/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14235

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14235

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://seclists.org/bugtraq/2019/Aug/15

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202004-17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20190828-0002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2019/dsa-4498

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2019/aug/01/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.85061
EPSS Score	0.01220
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.