IBM Support

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Security Bulletin


Summary

Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0

Vulnerability Details

CVEID:   CVE-2022-25857
DESCRIPTION:   Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234864 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-38749
DESCRIPTION:   SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235313 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-38750
DESCRIPTION:   SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235312 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-38751
DESCRIPTION:   SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235311 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-38752
DESCRIPTION:   SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235310 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-41854
DESCRIPTION:   snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240890 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-42003
DESCRIPTION:   FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237662 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-42004
DESCRIPTION:   FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237660 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-27983
DESCRIPTION:   Node.js is vulnerable to a denial of service, caused by an assertion failure in node::http2::Http2Session::~Http2Session(). By sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside, an attacker could exploit this vulnerability to cause the HTTP/2 server to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286865 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-46809
DESCRIPTION:   Node.js could allow a remote attacker to obtain sensitive information, caused by a vulnerability in the privateDecrypt() API of the crypto library. An attacker could exploit this vulnerability to conduct a covert timing side-channel during PKCS#1 v1.5 padding error handling and obtain significant timing differences in decryption for valid and invalid ciphertexts.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282990 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2024-27306
DESCRIPTION:   aio-libs aiohttp is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288185 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2024-30251
DESCRIPTION:   aio-libs aiohttp is vulnerable to a denial of service, caused by an infinite loop flaw. By sending specially crafted POST requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289755 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-1370
DESCRIPTION:   netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a stack exhaustion and crash the software.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249885 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-43788
DESCRIPTION:   X.Org libXpm could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds memory read flaw in the XpmCreateXpmImageFromBuffer() function. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267634 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:   CVE-2023-43789
DESCRIPTION:   X.Org libXpm could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds memory read flaw in the XPM. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267638 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:   CVE-2023-0475
DESCRIPTION:   HashiCorp go-getter is vulnerable to a denial of service, caused by improper handling of highly compressed data. By using a specially-crafted compressed archive, a local authenticated attacker could exploit this vulnerability to crash the go-getter library.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247782 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-22262
DESCRIPTION:   VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in UriComponentsBuilder. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287586 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)

CVEID:   CVE-2024-34447
DESCRIPTION:   The Bouncy Castle Crypto Package For Java could allow a remote attacker to bypass security restrictions, caused by a flaw when endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname. By sending a specially crafted request, an attacker could exploit this vulnerability to perform DNS poisoning attack.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289933 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2023-4408
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS messages. By flooding the target server with queries, a remote attacker could exploit this vulnerability to cause excessive CPU load.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282906 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-50387
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an error when processing responses coming from specially crafted DNSSEC-signed zones. By flooding the target server with queries, a remote attacker could exploit this vulnerability to cause CPU exhaustion on a DNSSEC-validating resolver.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281081 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-50868
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an error when preparing an NSEC3 closest encloser proof. By flooding the target resolver with queries, a remote attacker could exploit this vulnerability to cause CPU exhaustion on a DNSSEC-validating resolver.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282901 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-5517
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by a flaw in query-handling code. By querying RFC 1918 reverse zones, a remote attacker could exploit this vulnerability to trigger an assertion failure.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282905 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-5679
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an error when enabling both DNS64 and serve-stale. By querying a DNS64-enabled resolver for domain names triggering serve-stale, a remote attacker could exploit this vulnerability to trigger an assertion failure.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282904 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-6516
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an out-of-memory condition. By using specific recursive query patterns, a remote attacker could exploit this vulnerability to cause the amount of memory used by a named resolver to go well beyond the configured max-cache-size limit, leading to a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282902 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41723
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, a remote attacker could exploit this vulnerability to cause excessive CPU consumption, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-28176
DESCRIPTION:   Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a specially crafted request, a remote attacker could exploit this vulnerability to consume unreasonable amount of CPU time or memory, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285538 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-22025
DESCRIPTION:   Node.js is vulnerable to a denial of service, caused by a resource exhaustion flaw in fetch() brotli decoding . By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284417 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-27982
DESCRIPTION:   Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286863 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2021-37533
DESCRIPTION:   Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV response by default. By persuading a victim to connect to specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private network, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241253 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-34062
DESCRIPTION:   tqdm could allow a local authenticated attacker to execute arbitrary code on the system, caused by a CLI arguments injection . By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289932 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

CVEID:   CVE-2023-51714
DESCRIPTION:   Qt could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the HTTP2 implementation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/276121 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-25580
DESCRIPTION:   Qt is vulnerable to a denial of service, caused by a buffer overflow in gui/util/qktxhandler.cpp. By using a crafted KTX image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289605 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-2047
DESCRIPTION:   Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this vulnerability to the HttpClient and ProxyServlet/AsyncProxyServlet/AsyncMiddleManServlet wrongly interpreting an authority with no host as one with a host.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230668 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2024-5798
DESCRIPTION:   Hashicorp Vault and Vault Enterprise could allow a remote authenticated attacker to obtain sensitive information, caused by improper validating the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 2.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294831 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N)

CVEID:   CVE-2024-20926
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Scripting component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279716 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-22190
DESCRIPTION:   GitPython could allow a remote attacker to execute arbitrary code on the system, caused by an untrusted search path flaw. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279354 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-48624
DESCRIPTION:   less could allow a local attacker to execute arbitrary commands on the system, caused by a flaw with omitting shell_quote calls for LESSCLOSE in the close_altfile() function in filename.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the host operating system.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289398 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-40152
DESCRIPTION:   XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236355 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-5954
DESCRIPTION:   HashiCorp Vault and Vault Enterprise are vulnerable to a denial of service, caused by an unbounded consumption of memory flaw when triggering a policy check. By sending specially crafted inbound client requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271089 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-2048
DESCRIPTION:   HashiCorp Vault and Vault Enterprise could allow a remote attacker to bypass security restrictions, caused by improper validating the client certificates when configured with a non-CA certificate as trusted certificate. By using a specially crafted certificate, an attacker could exploit this vulnerability to bypass authentication.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285580 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-25629
DESCRIPTION:   C-ares is vulnerable to a denial of service, caused by an out-of-bounds read in ares__read_line(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283978 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-21011
DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288020 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-21068
DESCRIPTION:   An unspecified vulnerability in the Oracle Java SE, GraalVM for JDK and GraalVM related to Hotspot component could allow a remote authenticated attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288014 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2024-21085
DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288000 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-21094
DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287959 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2021-43565
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by an input validation flaw in golang.org/x/crypto's readCipherPacket() function. By sending an empty plaintext packet to a program linked with golang.org/x/crypto/ssh, a remote attacker could exploit this vulnerability to cause a panic.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219761 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2019-13631
DESCRIPTION:   Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by an an out-of-bounds write flaw in the parse_hid_report_descriptor function in drivers/input/tablet/gtco.c. By using a specially-crafted USB device to send an HID report, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163955 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2019-15505
DESCRIPTION:   Linux Kernel could allow a physical attacker to obtain sensitive information, caused by an out-of-bounds read flaw in technisat-usb2.c. By using a specially-crafted USB device, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition on the system.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165745 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2020-25656
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the vt_do_kdgkb_ioctl function. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189922 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-3753
DESCRIPTION:   Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in VT. By using a specially-crafted vc_visible_origin setting, an attacker could exploit this vulnerability to obtain sensitive information, or cause a denial of service condition.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208589 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2021-4204
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in the handling of eBPF programs. By executing a specially-crafted eBPF program, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute code in the context of the kernel.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217028 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2021-47013
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free flaw in the emac_mac_tx_buf_send function. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285974 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H)

CVEID:   CVE-2021-47153
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the interrupt handler (i801_isr). By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292333 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2022-0500
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write flaw in the BPF_BTF_LOAD function in the BPF subsystem. By executing a specially-crafted eBPF program, an authenticated attacker could exploit this vulnerability to gain elevated privileges or crash the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222612 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23222
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation by the bpf verifier in kernel/bpf/verifier.c. By executing a specially-crafted eBPF program with certain *_OR_NULL pointer types, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute code in the context of the kernel.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217304 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-3565
DESCRIPTION:   A use-after-free in the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth in Linux Kernel could allow a remote authenticated attacker from within the local network to cause an unknown impact.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238742 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2022-45934
DESCRIPTION:   An integer wraparound in the function l2cap_config_req in net/bluetooth/l2cap_core.c in Linux Kernel could allow a remote authenticated attacker from within the local network using L2CAP_CONF_REQ packets to cause an unknown impact.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240818 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2023-24023
DESCRIPTION:   Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification is vulnerable to a machine-in-the-middle attack. By sniffing the network traffic, a network adjacent attacker could exploit this vulnerability to launch a man-in-the-middle attack and force a short key length, leading to the discovery of the encryption key and potentially live injection.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272647 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2023-25775
DESCRIPTION:   Intel Ethernet Controller Remote Direct Memory Access (RDMA) driver for Linux could allow a remote attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262857 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2023-28464
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double free flaw in the hci_conn_cleanup function in the Bluetooth subsystem. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251275 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-31083
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO in the hci_uart_tty_ioctl function in drivers/bluetooth/hci_ldisc.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253580 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-3567
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free flaw in the vcs_read function in drivers/tty/vt/vc_screen.c in vc_screen. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain internal kernel information or cause the system to crash.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261504 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H)

CVEID:   CVE-2023-37453
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds flaw in the read_descriptors function in drivers/usb/core/sysfs.c in the USB subsystem. By using a specially crafted USB device, a physical attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259996 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-38409
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a flaw in the set_con2fb_map function in drivers/video/fbdev/core/fbcon.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261031 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-39189
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the nfnl_osf_add_callback function in the Netfilter subsystem. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268721 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L)

CVEID:   CVE-2023-39192
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the u32_match_it function in Netfilter Xtables. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267514 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)

CVEID:   CVE-2023-39193
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the match_flags function in Netfilter Xtables. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267515 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L)

CVEID:   CVE-2023-39198
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the QXL driver. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271585 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID:   CVE-2023-4133
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the cxgb4 driver. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262541 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-4244
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the netfilter: nf_tables component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265424 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-42754
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ipv4_send_dest_unreach function in net/ipv4/route.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267500 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-42755
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read in the rsvp traffic classifier. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the kernel to crash.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267185 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H)

CVEID:   CVE-2023-45863
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a race condition that results in a fill_kobj_path out-of-bounds write in lib/kobject.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268715 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-51779
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275908 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-51780
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the do_vcc_ioctl function in net/atm/ioctl.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. on the system.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275909 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-52340
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the ICMPv6 handling of "Packet Too Big". By sending a specially crafted IPV6 request, a remote attacker could exploit this vulnerability to consume available CPU resources.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285206 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52434
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds error in the smb2_parse_contexts() function. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283795 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2023-52439
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free memory flaw in the uio_open function. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283802 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-52489
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a race condition in accessing memory_section->usage. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292394 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52520
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a reference leak. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294106 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52528
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to uninit-value access in __smsc75xx_read_reg. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294107 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52574
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when team device type is changed. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292395 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52578
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to using DEV_STATS_INC(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294109 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52580
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an incorrect calculation of buffer size in ETH_P_1588 flow dissector. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292396 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-52581
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a memory leak when more than 255 elements expired. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause the system to crash.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292402 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-52598
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the incorrect handling of setting of fpc register. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294112 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2023-52606
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to size for vector operations. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285048 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52607
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in pgtable_cache_add. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285047 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52610
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an skb leak and crash on ooo frags. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294113 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2023-6240
DESCRIPTION:   Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a Marvin vulnerability side-channel leakage in the RSA decryption operation. By exploiting the side-channel leakage, an attacker could exploit this vulnerability to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283793 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)

CVEID:   CVE-2023-6622
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the nft_dynset_init() function in net/netfilter/nft_dynset.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273677 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-6915
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ida_free function in lib/idr.c. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279409 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-6932
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the ipv4: igmp component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275569 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-0841
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a NULL pointer dereference flaw in the hugetlbfs_fill_super function in the hugetlbfs (HugeTLB pages) functionality. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
CVSS Base score: 6.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281120 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2024-23307
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an integer overflow in the md, raid, raid5 modules. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281126 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-25742
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by improper input validation. By injecting a specially crafted virtual interrupt 29 (#VC), an attacker could exploit this vulnerability to make arbitrarily change the value stored in EAX while a SEV VM is running.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292405 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2024-25743
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by improper input validation. By injecting a specially crafted virtual interrupts 0 and 14, an attacker could exploit this vulnerability to make arbitrarily change the value stored in EAX while a SEV VM is running.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292411 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2024-25744
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in rch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. By sending a specially crafted request, an attacker could exploit this vulnerability to trigger int80 syscall handling at any given point.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283669 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:   CVE-2024-26593
DESCRIPTION:   Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read within i2c: i801. An attacker could exploit this vulnerability to obtain sensitive information and execute arbitrary code on the system.
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283948 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)

CVEID:   CVE-2024-26602
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to sched/membarrier: reducing the ability to hammer on sys_membarrier. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283996 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26609
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free error related to rejecting QUEUE/DROP verdict parameters. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284756 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26610
DESCRIPTION:   Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption error. A local attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284755 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-26615
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by illegal rmb_desc access in SMC-D connection dump. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284751 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26659
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the improper handling of isoc Babble and Buffer Overrun events. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294114 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2024-26664
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds memory access. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294115 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2024-26671
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a race condition in the blk_mq_mark_tag_wait() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292412 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26743
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to qedr_create_user_qp error flow. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294118 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26744
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to supporting specifying the srpt_service_guid parameter. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294119 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26779
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a race condition on enabling fast-xmit. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294251 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26919
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a debugfs directory leak. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294124 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26933
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a deadlock in port "disable" sysfs attribute. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294125 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26934
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a deadlock in usb_deauthorize_interface(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294126 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26964
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error handling in xhci_map_urb_for_dma. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294127 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26973
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an uninitialized field in nostale filehandles. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294128 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26993
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a reference leak in sysfs_break_active_protection(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294129 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-27014
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a deadlock issue while disabling aRFS. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294104 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-27048
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when handle pmk_op allocation failure. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294103 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-27052
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw due to workqueue might still be running, when the driver is stopped. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294102 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-27056
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a flaw when no packets have been send on TID 0. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294101 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-27059
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a divide by zero flaw in the isd200_ata_command function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294100 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25193
DESCRIPTION:   Harfbuzz is vulnerable to a denial of service, caused by an error in hb-ot-layout-gsubgpos.hh. By using consecutive marks during the process of looking back for base glyphs when attaching marks, a remote attacker could exploit this vulnerability to trigger O(n^2) growth and cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246411 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-3138
DESCRIPTION:   X.Org libX11 is vulnerable to a denial of service, caused by a buffer overflow in the functions in src/InitExt.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258165 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-43785
DESCRIPTION:   X.Org libX11 could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds memory access flaw in the _XkbReadKeySyms() function. By persuading a victim to connect to a specially crafted server, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267629 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:   CVE-2023-43786
DESCRIPTION:   X.Org libX11 is vulnerable to a denial of service, caused by a stack exhaustion from infinite recursion in the PutSubImage() function. By persuading a victim to open a specially crafted content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267632 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-43787
DESCRIPTION:   X.Org libX11 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the XCreateImage() function. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267633 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-52425
DESCRIPTION:   libexpat is vulnerable to a denial of service, caused by improper system resource allocation. By sending a specially crafted request using an overly large token, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281438 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-34069
DESCRIPTION:   Pallets Werkzeug could allow a remote attacker to execute arbitrary code on the system, caused by improper usage of a pathname and improper CSRF protection in the debugger. By persuading a victim to interact with a domain and subdomain they control, enter the debugger PIN and guess a URL in the developer's application that will trigger the debugger, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290009 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2021-34538
DESCRIPTION:   Apache Hive could allow a remote attacker to bypass security restrictions, caused by improper authorization validation by the CREATE and DROP function operations. By sending a specially-crafted request, an attacker could exploit this vulnerability to drop and recreate UDFs and pointing them to malicious jars.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2024-21503
DESCRIPTION:   Python Software Foundation Black is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the lines_with_leading_tabs_expanded function in the strings.py. By sending a specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286518 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-27280
DESCRIPTION:   Ruby StringIO gem could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the ungetbyte and ungetc methods. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain memory value information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286620 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-27281
DESCRIPTION:   Ruby RDoc gem could allow a remote attacker to execute arbitrary code on the system, caused by an object injection flaw when parsing .rdoc_options as a YAML file. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286621 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2019-25162
DESCRIPTION:   Linux Kernel s vulnerable to a denial of service, caused by a use-after-free flaw in the i2c driver module. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284558 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-36777
DESCRIPTION:   Linux Kernel s vulnerable to a denial of service, caused by a memory leak flaw in the dvb_media_device_free() function. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284561 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-46934
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by improper validating user data in compat ioctl. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284749 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-47118
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when initializing cad_pid. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289503 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-47171
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a memory leak in smsc75xx_bind. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294098 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-47185
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a softlockup issue in flush_to_ldisc. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294099 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-1513
DESCRIPTION:   Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw when calling the KVM_GET_DEBUGREGS ioctl in the KVM module. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251403 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2023-39194
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the processing of state filters in XFRM. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267516 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)

CVEID:   CVE-2023-52445
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free on context disconnection. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284104 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52448
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in gfs2_rgrp_dump. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284101 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52477
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when usb_get_bos_descriptor() fails. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292452 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52513
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to the handling of a connection failure. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294105 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52565
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read. By sending a specially crafted request, n attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294108 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2023-52594
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an array-index-out-of-bounds read in ath9k_htc_txstatus(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294110 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52595
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to the restart beacon queue when hardware reset. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294111 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52620
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a resource injection flaw in timeout parameter in nf_tables. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292403 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-6121
DESCRIPTION:   Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the NVMe-oF/TCP subsystem. By sending a specially crafted TCP packet, an attacker could exploit this vulnerability to obtain kmalloc data information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271841 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2023-6176
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the API for the cryptographic algorithm scatterwalk function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash or gain elevated privileges.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271842 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-0340
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the vhost_new_msg function in drivers/vhost/vhost.c. By reading the /dev/vhost-net device file, an attacker could exploit this vulnerability to obtain kernel memory information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279410 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-26603
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the reliance of userspace for info to fault in xsave buffer. A local attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283995 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26642
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to anonymous set with timeout flag. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286314 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26643
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to page fault dead lock on mmap-ed hwrng. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286313 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26693
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a crash when we run out of stations. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294116 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26694
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a double-free error. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294117 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26872
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to registering event handler when srpt device is not fully setup. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294120 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26892
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in free_irq(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294121 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26897
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the failure to delay all of ath9k_wmi_event_tasklet() until init is complete. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294122 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26901
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the failure to use kzalloc() to fix kernel-infoleak. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294123 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-31484
DESCRIPTION:   CPAN.pm is vulnerable to a man-in-the-middle attack, caused by improper validation of TLS certificates when downloading distributions over HTTPS. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253974 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2024-20952
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279685 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2024-20918
DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279718 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2023-4043
DESCRIPTION:   Eclipse Parsson is vulnerable to a denial of service, caused by a flaw when processing a large value in BigDecimal. By sending a specially crafted input using Json.createArrayBuilder().add(data), a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270528 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-23944
DESCRIPTION:   Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling. By attaching a persistent watcher to a parent, an attacker could exploit this vulnerability to obtain information of the full path of znodes, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285579 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2021-31684
DESCRIPTION:   netplex JSON Smart is vulnerable to a denial of service, caused by a flaw in the indexOf function of JSONParserByteArray. By sending a specially-crafted web request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202818 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-21012
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Networking component could allow a remote attacker to cause high integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288019 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2024-2660
DESCRIPTION:   HashiCorp Vault and Vault Enterprise could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of OCSP responses when one or more OCSP sources were configured. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication validation.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289863 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2020-15778
DESCRIPTION:   OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the remote function in scp.c. By opening a specially crafted file containing backtick characters in the destination argument, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185805 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-3817
DESCRIPTION:   HashiCorp go-getter could allow a remote attacker to execute arbitrary code on the system, caused by an argument injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288028 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-6337
DESCRIPTION:   HashiCorp Vault and Vault Enterprise are vulnerable to a denial of service, caused by improper input validation. By sending specially crafted unauthenticated and authenticated HTTP requests, a remote attacker could exploit this vulnerability to cause a memory exhaustion, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273671 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-27304
DESCRIPTION:   pgx is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285113 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-2048
DESCRIPTION:   Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the error handling of an invalid HTTP/2 request. By sending specially-crafted HTTP/2 requests, a remote attacker could exploit this vulnerability to cause the server to become unresponsive, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230670 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-21892
DESCRIPTION:   Node.js could allow a local authenticated attacker to gain elevated privileges on the system, caused by a bug in the implementation of the exception of CAP_NET_BIND_SERVICE. An attacker could exploit this vulnerability to inject code that inherits the process's elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282986 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

 

Affected Product(s)Version(s)
IBM Cloud Pak for AIOps4.1.0 - 4.5.1

 

 

 

Remediation/Fixes

IBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing Fix:

https://www.ibm.com/docs/en/cloud-paks/cloud-pak-aiops/4.6.0?topic=support-security-bulletins-fixes

 

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

Change History

26 Jun 2024: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

Document Location

Worldwide

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSE9G0Q","label":"IBM Cloud Pak for AIOps"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"4.6.0","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]

Document Information

Modified date:
26 June 2024

UID

ibm17158858