How severe is CVE-2019-10160?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-10160?

This is classified as CWE-172, which is a common weakness in software security.

CVE-2019-10160

CRITICAL Year: 2019

CVSS v3 Score

9.8

Critical

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-172

View all →

Vulnerability Description

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.

CVE-2016-6691

CRITICAL

CVSS:9.8(Critical)

service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly hav...

CWE-1722016

CVE-2016-6691

CRITICAL

CVSS:9.8(Critical)

CWE-1722016

CVE-2019-12677

HIGH

CVSS:7.7(High)

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condi...

CWE-1722019

CVE-2025-27110

HIGH

CVSS:7.5(High)

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processi...

CWE-1722025

CVE-2016-3827

MEDIUM

CVSS:5.5(Medium)

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or re...

CWE-1722016

CVE-2016-3828

MEDIUM

CVSS:5.5(Medium)

decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a ...

CWE-1722016

CVE-2019-10160

Vulnerability Description

Related Vulnerabilities

CVE-2016-6691

CVE-2016-6691

CVE-2019-12677

CVE-2025-27110

CVE-2016-3827

CVE-2016-3828