How severe is CVE-2019-10638?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-10638?

This is classified as CWE-326, which is a common weakness in software security.

CVE-2019-10638

MEDIUM Year: 2019

CVSS v3 Score

6.5

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-326

View all →

Vulnerability Description

In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.

CVE-2015-5361

MEDIUM

CVSS:6.5(Medium)

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific...

CWE-3262015

CVE-2016-3019

MEDIUM

CVSS:6.5(Medium)

IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.

CWE-3262016

CVE-2017-3971

MEDIUM

CVSS:6.5(Medium)

Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyph...

CWE-3262017

CVE-2017-9645

MEDIUM

CVSS:6.5(Medium)

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 an...

CWE-3262017

CVE-2018-5461

MEDIUM

CVSS:6.5(Medium)

An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vuln...

CWE-3262018

CVE-2019-18241

MEDIUM

CVSS:6.5(Medium)

In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak cipher...

CWE-3262019

CVE-2019-10638

Vulnerability Description

Related Vulnerabilities

CVE-2015-5361

CVE-2016-3019

CVE-2017-3971

CVE-2017-9645

CVE-2018-5461

CVE-2019-18241