Vulnerability CVE-2019-10136

Vulnerability Name:

CVE-2019-10136 (CCN-166245)

Assigned:

2019-07-02

Published:

2019-07-02

Updated:

2023-02-12

Summary:

CVSS v3 Severity:

4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2019-10136

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 1708696
(CVE-2019-10136) - CVE-2019-10136 spacewalk: Insecure computation of authentication signatures during user authentication

Source: secalert@redhat.com
Type: Issue Tracking, Vendor Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
spacewalkproxy-cve201910136-sec-bypass(166245)

Source: CCN
Type: spacewalk GIT Repository
spacewalk

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:51972	P	Security update for containerd (Important)	2022-12-13
oval:org.opensuse.security:def:3263	P	libsystemd0-228-155.21 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3527	P	ipsec-tools-0.8.0-19.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3275	P	libvdpau1-1.1.1-6.73 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3539	P	kernel-firmware-20190618-5.11.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2887	P	chrony-4.1-150400.19.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2873	P	axis-1.4-11.65 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2889	P	clamav-0.103.5-3.35.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2879	P	blas-devel-3.5.0-4.6.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:201910136	V	CVE-2019-10136	2022-05-22
oval:org.opensuse.security:def:51708	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:32219	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:32208	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:51646	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:72023	P	perl-DBD-mysql-4.046-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:32126	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:51910	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:32115	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:29351	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:32276	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:32265	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:49461	P	Security update for nodejs12 (Important)	2021-02-26
oval:org.opensuse.security:def:29304	P	Security update for openssl (Important)	2020-12-11
oval:org.opensuse.security:def:49051	P	python3-requests-2.7.0-2.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2544	P	libpskc-devel-2.6.2-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2556	P	xorg-x11-server-wayland-1.20.3-20.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49052	P	python3-urllib3-1.22-3.17.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72139	P	ibus-chewing-1.4.14-1.47 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2538	P	libmwaw-0_3-3-0.3.15-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2534	P	kernel-default-extra-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2585	P	Security update for c-ares (Moderate)	2020-12-02
oval:org.opensuse.security:def:2802	P	Security update for python (Moderate)	2020-12-02
oval:org.opensuse.security:def:2840	P	Security update for cairo (Moderate)	2020-12-02
oval:org.opensuse.security:def:2798	P	Security update for evince (Important)	2020-12-02
oval:org.opensuse.security:def:2609	P	Security update for podman, slirp4netns and libcontainers-common (Moderate)	2020-12-02
oval:org.opensuse.security:def:2808	P	Security update for SDL2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:2849	P	Security update for python (Moderate)	2020-12-02
oval:org.opensuse.security:def:2625	P	Security update for runc (Moderate)	2020-12-02
oval:org.opensuse.security:def:2570	P	Security update for ucode-intel (Moderate)	2020-12-02
oval:org.opensuse.security:def:2615	P	Security update for slirp4netns (Important)	2020-12-02
oval:org.opensuse.security:def:2820	P	Security update for MozillaFirefox (Important)	2020-12-02
oval:org.opensuse.security:def:2576	P	Security update for ucode-intel (Moderate)	2020-12-02
oval:org.opensuse.security:def:2623	P	Security update for docker-runc (Moderate)	2020-12-02
oval:org.opensuse.security:def:2834	P	Security update for MozillaFirefox (Important)	2020-12-02
oval:org.opensuse.security:def:49070	P	coreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49646	P	libQt5OpenGLExtensions-devel-static on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50201	P	libpurple on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65991	P	Security update for nmap (Important)	2020-12-01
oval:org.opensuse.security:def:49316	P	python3-python3-saml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49812	P	zlib-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50395	P	Security update for libtasn1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28172	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28518	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32718	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28099	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:28476	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:32685	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32652	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29340	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:31898	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:32564	P	libpython2_6-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32519	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28677	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:68786	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:49197	P	libmpg123-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49803	P	perl-PerlMagick on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28622	P	Security update for xorg-x11-libxcb	2020-12-01
oval:org.opensuse.security:def:33395	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:49334	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49910	P	python3-keystoneclient on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50465	P	Security update for python-numpy (Moderate)	2020-12-01
oval:org.opensuse.security:def:65993	P	Security update for python-ecdsa (Moderate)	2020-12-01
oval:org.opensuse.security:def:27896	P	Security update for tidy (Low)	2020-12-01
oval:org.opensuse.security:def:28229	P	Security update for libtirpc, rpcbind (Important)	2020-12-01
oval:org.opensuse.security:def:28567	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:49315	P	python3-pip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28183	P	Security update for various KMPs (Moderate)	2020-12-01
oval:org.opensuse.security:def:28529	P	Security update for Mesa	2020-12-01
oval:org.opensuse.security:def:32729	P	librpcsecgss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27884	P	Security update for rubygem-i18n-0_6	2020-12-01
oval:org.opensuse.security:def:50297	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:65439	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32663	P	foomatic-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31909	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32613	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31908	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32575	P	log4net on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31897	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:49402	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50041	P	vsftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50067	P	libct4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28633	P	Security update for acroread	2020-12-01
oval:org.opensuse.security:def:33406	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:27960	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28313	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:28606	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:68683	P	Security update for ldns (Moderate)	2020-12-01
oval:org.opensuse.security:def:27906	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:28240	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:28578	P	Security update for pixman	2020-12-01
oval:org.opensuse.security:def:33356	P	Security update for openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:27885	P	Security update for rubygem-mail-2_3	2020-12-01
oval:org.opensuse.security:def:50370	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27894	P	Security update for struts	2020-12-01
oval:org.opensuse.security:def:50561	P	Security update for wget (Important)	2020-12-01
oval:org.opensuse.security:def:66083	P	Security update for SUSE Manager Server 4.0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31983	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32352	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:50266	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:31919	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:32624	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65349	P	Security update for graphviz (Moderate)	2020-12-01
oval:org.opensuse.security:def:49548	P	libgme-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50131	P	nodejs12 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29315	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31907	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49666	P	libgxps-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50305	P	Security update for pango (Moderate)	2020-12-01
oval:org.opensuse.security:def:28088	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:28465	P	Security update for xorg-x11-libXdmcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32674	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27970	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28324	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28617	P	Security update for xorg-x11-libXfixes	2020-12-01
oval:org.opensuse.security:def:33367	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:27895	P	Security update for subversion	2020-12-01
oval:org.opensuse.security:def:50634	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:32508	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28666	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:66085	P	Security update for SUSE Manager Server 4.0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31993	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32363	P	Security update for sudo (Moderate)	2020-12-01
oval:org.opensuse.security:def:50530	P	Security update for amavisd-new (Moderate)	2020-12-01
oval:org.opensuse.security:def:104460	P	Security update for SUSE Manager Client Tools (Moderate)	2019-09-06
oval:org.opensuse.security:def:97770	P	Security update for SUSE Manager Client Tools (Moderate)	2019-09-06
oval:org.opensuse.security:def:90805	P	Security update for SUSE Manager Client Tools (Moderate)	2019-09-06
oval:org.opensuse.security:def:91678	P	Security update for SUSE Manager Server 4.0 (Moderate)	2019-07-09
oval:org.opensuse.security:def:91680	P	Security update for SUSE Manager Server 4.0 (Moderate)	2019-07-09

BACK