VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-sy9d-ubrb-aaak

Essentials
Severities (132)
References (30)
Severity details (43)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-sy9d-ubrb-aaak
Aliases	CVE-2019-12855 GHSA-65rm-h285-5cc5 PYSEC-2019-129 PYSEC-2019-59
Summary	In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-295	Improper Certificate Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.4	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
generic_textual	CRITICAL	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
cvssv3.1	7.4	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
generic_textual	CRITICAL	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
generic_textual	Low	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12855.html
cvssv3	7.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12855.json
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00386	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00635	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00635	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00635	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.00823	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
epss	0.01835	https://api.first.org/data/v1/epss?cve=CVE-2019-12855
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1728206
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12855
cvssv3	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.4	https://github.com/advisories/GHSA-65rm-h285-5cc5
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-65rm-h285-5cc5
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-65rm-h285-5cc5
generic_textual	CRITICAL	https://github.com/advisories/GHSA-65rm-h285-5cc5
cvssv3.1	7.4	https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yaml
generic_textual	CRITICAL	https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yaml
cvssv3.1	6.1	https://github.com/twisted/twisted
cvssv3.1	7.4	https://github.com/twisted/twisted
generic_textual	CRITICAL	https://github.com/twisted/twisted
generic_textual	MODERATE	https://github.com/twisted/twisted
cvssv3.1	7.4	https://github.com/twisted/twisted/pull/1147
generic_textual	CRITICAL	https://github.com/twisted/twisted/pull/1147
generic_textual	HIGH	https://github.com/twisted/twisted/pull/1147
cvssv3.1	7.4	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
cvssv3.1	7.4	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
cvssv2	5.8	https://nvd.nist.gov/vuln/detail/CVE-2019-12855
cvssv3	7.4	https://nvd.nist.gov/vuln/detail/CVE-2019-12855
cvssv3.1	7.4	https://nvd.nist.gov/vuln/detail/CVE-2019-12855
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2019-12855
cvssv3.1	7.4	https://twistedmatrix.com/trac/ticket/9561
generic_textual	CRITICAL	https://twistedmatrix.com/trac/ticket/9561
generic_textual	HIGH	https://twistedmatrix.com/trac/ticket/9561
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4308-1
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4308-2
cvssv3.1	7.4	https://usn.ubuntu.com/4308-1
generic_textual	CRITICAL	https://usn.ubuntu.com/4308-1
cvssv3.1	7.4	https://usn.ubuntu.com/4308-2
generic_textual	CRITICAL	https://usn.ubuntu.com/4308-2
generic_textual	Medium	https://usn.ubuntu.com/usn/usn-4308-1
generic_textual	Medium	https://usn.ubuntu.com/usn/usn-4308-2
cvssv3.1	7.4	https://www.oracle.com/security-alerts/cpuapr2020.html
cvssv3.1	9.8	https://www.oracle.com/security-alerts/cpuapr2020.html
generic_textual	CRITICAL	https://www.oracle.com/security-alerts/cpuapr2020.html

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
		http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12855.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12855.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-12855
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12855
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yaml
		https://github.com/twisted/twisted
		https://github.com/twisted/twisted/pull/1147
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
		https://twistedmatrix.com/trac/ticket/9561
		https://ubuntu.com/security/notices/USN-4308-1
		https://ubuntu.com/security/notices/USN-4308-2
		https://usn.ubuntu.com/4308-1
		https://usn.ubuntu.com/4308-1/
		https://usn.ubuntu.com/4308-2
		https://usn.ubuntu.com/4308-2/
		https://usn.ubuntu.com/usn/usn-4308-1
		https://usn.ubuntu.com/usn/usn-4308-2
		https://www.oracle.com/security-alerts/cpuapr2020.html
1728206		https://bugzilla.redhat.com/show_bug.cgi?id=1728206
930626		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930626
cpe:2.3:a:twistedmatrix:twisted::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twistedmatrix:twisted::::::::
cpe:2.3:a:twisted:twisted::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted::::::::
CVE-2019-12855		https://nvd.nist.gov/vuln/detail/CVE-2019-12855
GHSA-65rm-h285-5cc5		https://github.com/advisories/GHSA-65rm-h285-5cc5

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12855.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/advisories/GHSA-65rm-h285-5cc5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/twisted/twisted

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/twisted/twisted

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/twisted/twisted/pull/1147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-12855

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-12855

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-12855

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://twistedmatrix.com/trac/ticket/9561

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://usn.ubuntu.com/4308-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://usn.ubuntu.com/4308-2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://www.oracle.com/security-alerts/cpuapr2020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuapr2020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.72743
EPSS Score	0.00383
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.