Security Bulletin
Summary
Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed.
Vulnerability Details
CVEID: CVE-2023-6597
DESCRIPTION: Python could provide weaker than expected security, caused by an issue with tempfile.TemporaryDirectory fails removing dir in some edge cases related to symlinks. A local attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283230 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-33602
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory corruption by the Name Service Cache Daemon's (nscd) netgroup cache when the NSS callback fails to store all strings in the provided buffer. A local attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290169 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-4733
DESCRIPTION: Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function buflist_altfpos. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265227 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-3997
DESCRIPTION: systemd is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in the rm_rf_children() function in the systemd-tmpfiles command. By creating thousands of nested directories in /tmp and execute "systemd-tmpfiles --remove" as root at boot time, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216918 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-4752
DESCRIPTION: Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function ins_compl_get_exp. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265189 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-32487
DESCRIPTION: less could allow a remote attacker to execute arbitrary commands on the system. By using a newline character in the name of a file, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287666 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-1000383
DESCRIPTION: GNU Emacs could allow a local attacker to obtain sensitive information, caused by world readable files when creating a backup save file. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/134467 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2021-3903
DESCRIPTION: Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted input, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212524 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-33601
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory allocation failure when the Name Service Cache Daemon's (nscd) netgroup cache uses the xmalloc or xrealloc functions. A local attacker could exploit this vulnerability to terminate the daemon.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290170 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-4750
DESCRIPTION: Vim could allow a remote attacker to execute arbitrary code on the system, caused by heap-use-after-free in function bt_quickfix. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265193 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-4741
DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the SSL_free_buffers API function . By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292512 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-0413
DESCRIPTION: Vim could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in the skipwhite function. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218421 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-0391
DESCRIPTION: Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-crafted request using \r and \n characters in the URL path. An attacker could exploit this vulnerability to perform injection attack or launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219613 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2022-47007
DESCRIPTION: Binutils is vulnerable to a denial of service, caused by a memory leak in function stab_demangle_v3_arg in stabs.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264306 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-47011
DESCRIPTION: Binutils is vulnerable to a denial of service, caused by a memory leak in function parse_stab_struct_fields in stabs.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264309 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-44840
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow vulnerability in function find_section_in_set in file readelf.c.. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264304 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-32002
DESCRIPTION: MinGit software which is consumed by Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system, caused by a path traversal vulnerability. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290504 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2024-2398
DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially crafted PUSH_PROMISE frames with an excessive amount of headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-1674
DESCRIPTION: Vim is vulnerable to a denial of service, caused by a NULL pointer dereference in the vim_regexec_string function in regexp.c. By opening a specially-crafted file, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226481 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-33600
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference when the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290171 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-33599
DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests. By sending a subsequent client request, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290172 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-0450
DESCRIPTION: Python CPython is vulnerable to a denial of service, caused by improper input validation by the zipfile module. By persuading a victim to open a specially crafted ZIP file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286039 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35195
DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation vulnerability. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/291111 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N)
CVEID: CVE-2021-20197
DESCRIPTION: GNU binutils could allow a local authenticated attacker to bypass security restrictions, caused by an open race window flaw when writing output in the ar, objcopy, strip, ranlib utilities. By using a specially-crafted symlink, an attacker could exploit this vulnerability to allow the utilities to get the ownership of arbitrary files.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198863 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)
CVEID: CVE-2022-47008
DESCRIPTION: Binutils is vulnerable to a denial of service, caused by a memory leak in function make_tempdir, and make_tempname in bucomm.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264307 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-4603
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation by the EVP_PKEY_param_check() or EVP_PKEY_public_check() function. By parsing a specially crafted DSA public key or DSA parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290839 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-34397
DESCRIPTION: GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to signals from a trusted system service. By sending specially crafted D-Bus signals, an attacker could exploit this vulnerability perform unicast spoofing attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290032 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-2961
DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the ISO-2022-CN-EXT plugin. By sending specially crafted input, an attacker could exploit this vulnerability to overwrite critical data structures and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287843 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-3572
DESCRIPTION: pip package for python could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of Unicode separators in git references. By creating a specially crafted tag, an attacker could exploit this vulnerability to install a different revision on a repository.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208954 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2022-47010
DESCRIPTION: Binutils is vulnerable to a denial of service, caused by a memory leak in function pr_function_type in prdbg.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264308 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-34459
DESCRIPTION: GNOME libxml2 could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the formatting error messages with xmllint --htmlout. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290819 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-32021
DESCRIPTION: Git could allow a local authenticated attacker to bypass security restrictions, caused by a flaw when cloning local repository. By sending a specially crafted request, an attacker could exploit this vulnerability to hardlink arbitrary user-readable files into the new repository's "objects/" directory.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290725 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L)
CVEID: CVE-2024-2511
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote attacker could exploit this vulnerability to cause unbounded memory growth, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287215 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-2236
DESCRIPTION: GnuPG Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a timing-based side-channel flaw in the RSA implementation. By using Bleichenbacher-style attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285781 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-26461
DESCRIPTION: Kerberos 5 is vulnerable to a denial of service, caused by a memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284478 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26458
DESCRIPTION: Kerberos 5 is vulnerable to a denial of service, caused by a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284479 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-30205
DESCRIPTION: GNU Emacs could provide weaker than expected security, caused by an issue with contents of remote files to be trusted in Org mode. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286329 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-30204
DESCRIPTION: GNU Emacs could provide weaker than expected security, caused by an issue with LaTeX preview is enabled by default for e-mail attachments. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286328 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-32004
DESCRIPTION: MinGit software which is consumed by Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system, caused by a path traversal vulnerability. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290593 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2024-28182
DESCRIPTION: nghttp2 is vulnerable to a denial of service, caused by a memory exhaustion flaw due to flood of CONTINUATION frames in the HTTP/2 protocol stack. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause excessive CPU usage, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286963 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-32465
DESCRIPTION: Git could allow a physical attacker to bypass security restrictions, caused by a directory traversal flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass protections for cloning untrusted repositories.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290724 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2021-23336
DESCRIPTION: Python CPython could allow a remote attacker to bypass security restrictions, caused by a web cache poisoning flaw via urllib.parse.parse_qsl and urllib.parse.parse_qs. By sending a specially-crafted request parameter cloaking, an attacker could exploit this vulnerability to cause a difference in the interpretation of the request between the proxy and the server.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196808 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H)
CVEID: CVE-2024-0232
DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a heap use-after-free flaw in the jsonParseAddNodeArray() function in sqlite3.c. By persuading a victim to pass a specially crafted input to the application, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279519 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-30203
DESCRIPTION: GNU Emacs could provide weaker than expected security, caused by an issue with treating inline MIME contents as trusted. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286327 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-20697
DESCRIPTION: Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Libarchive component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/276196 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-32020
DESCRIPTION: Git could allow a local authenticated attacker to bypass security restrictions, caused by a flaw when cloning local repository. By sending a specially crafted request, an attacker could exploit this vulnerability to modify objects in the cloned repository.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290713 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L)
CVEID: CVE-2024-26462
DESCRIPTION: Kerberos 5 is vulnerable to a denial of service, caused by a memory leak in /krb5/src/kdc/ndr.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284476 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-37920
DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261639 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-2953
DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ber_memalloc_x() function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256751 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-24806
DESCRIPTION: libuv is vulnerable to server-side request forgery, caused by improper Domain lookup by the uv_getaddrinfo function in src/unix/getaddrinfo.c. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282753 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2021-4217
DESCRIPTION: Info-ZIP UnZip could allow a remote attacker to execute arbitrary code on the system, caused by a NULL pointer dereference flaw in the handling of Unicode strings. By persuading a victim to open a specially-crafted .zip file, an attacker could exploit this vulnerability to execute arbitrary code or cause the system to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234332 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-16163
DESCRIPTION: oniguruma is vulnerable to a denial of service, caused by stack exhaustion in regcomp.c due to recursion in regparse.c. By persuading a victim to compile a specially crafted file and execute its object code, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166736 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-47038
DESCRIPTION: Perl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined Unicode property. By persuading a victim to use specially crafted regular expression to compile, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272814 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-7008
DESCRIPTION: systemd is vulnerable to a man-in-the-middle attack, caused by a flaw with able to accept records of DNSSEC-signed domains even when they have no signature. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to manipulate records.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280246 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-2975
DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by AES-SIV cipher implementation. By sending a specially-crafted request using empty data entries as associated data, an attacker could exploit this vulnerability to bypass authentication validation.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260817 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2022-48554
DESCRIPTION: File is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the file_copystr function in funcs.c. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264341 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-6237
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function. By persuading a victim to sue a specially crafted RSA public keys for verification, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279450 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-5678
DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DH_generate_key() function to generate an X9.42 DH key. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270771 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-3817
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-0727
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280532 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-3446
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request using long DH keys or parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261026 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-6129
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the POLY1305 MAC (message authentication code) implementation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/278934 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-22365
DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by a flaw in pam_namespace.so. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279864 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
DESCRIPTION: Python could provide weaker than expected security, caused by an issue with tempfile.TemporaryDirectory fails removing dir in some edge cases related to symlinks. A local attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283230 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-33602
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory corruption by the Name Service Cache Daemon's (nscd) netgroup cache when the NSS callback fails to store all strings in the provided buffer. A local attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290169 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-4733
DESCRIPTION: Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function buflist_altfpos. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265227 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-3997
DESCRIPTION: systemd is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in the rm_rf_children() function in the systemd-tmpfiles command. By creating thousands of nested directories in /tmp and execute "systemd-tmpfiles --remove" as root at boot time, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216918 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-4752
DESCRIPTION: Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function ins_compl_get_exp. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265189 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-32487
DESCRIPTION: less could allow a remote attacker to execute arbitrary commands on the system. By using a newline character in the name of a file, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287666 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-1000383
DESCRIPTION: GNU Emacs could allow a local attacker to obtain sensitive information, caused by world readable files when creating a backup save file. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/134467 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2021-3903
DESCRIPTION: Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted input, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212524 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-33601
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory allocation failure when the Name Service Cache Daemon's (nscd) netgroup cache uses the xmalloc or xrealloc functions. A local attacker could exploit this vulnerability to terminate the daemon.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290170 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-4750
DESCRIPTION: Vim could allow a remote attacker to execute arbitrary code on the system, caused by heap-use-after-free in function bt_quickfix. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265193 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-4741
DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the SSL_free_buffers API function . By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292512 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-0413
DESCRIPTION: Vim could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in the skipwhite function. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218421 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-0391
DESCRIPTION: Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-crafted request using \r and \n characters in the URL path. An attacker could exploit this vulnerability to perform injection attack or launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219613 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2022-47007
DESCRIPTION: Binutils is vulnerable to a denial of service, caused by a memory leak in function stab_demangle_v3_arg in stabs.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264306 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-47011
DESCRIPTION: Binutils is vulnerable to a denial of service, caused by a memory leak in function parse_stab_struct_fields in stabs.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264309 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-44840
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow vulnerability in function find_section_in_set in file readelf.c.. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264304 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-32002
DESCRIPTION: MinGit software which is consumed by Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system, caused by a path traversal vulnerability. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290504 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2024-2398
DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially crafted PUSH_PROMISE frames with an excessive amount of headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-1674
DESCRIPTION: Vim is vulnerable to a denial of service, caused by a NULL pointer dereference in the vim_regexec_string function in regexp.c. By opening a specially-crafted file, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226481 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-33600
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference when the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290171 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-33599
DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests. By sending a subsequent client request, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290172 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-0450
DESCRIPTION: Python CPython is vulnerable to a denial of service, caused by improper input validation by the zipfile module. By persuading a victim to open a specially crafted ZIP file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286039 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-35195
DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation vulnerability. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/291111 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N)
CVEID: CVE-2021-20197
DESCRIPTION: GNU binutils could allow a local authenticated attacker to bypass security restrictions, caused by an open race window flaw when writing output in the ar, objcopy, strip, ranlib utilities. By using a specially-crafted symlink, an attacker could exploit this vulnerability to allow the utilities to get the ownership of arbitrary files.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198863 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)
CVEID: CVE-2022-47008
DESCRIPTION: Binutils is vulnerable to a denial of service, caused by a memory leak in function make_tempdir, and make_tempname in bucomm.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264307 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-4603
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation by the EVP_PKEY_param_check() or EVP_PKEY_public_check() function. By parsing a specially crafted DSA public key or DSA parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290839 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-34397
DESCRIPTION: GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to signals from a trusted system service. By sending specially crafted D-Bus signals, an attacker could exploit this vulnerability perform unicast spoofing attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290032 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-2961
DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the ISO-2022-CN-EXT plugin. By sending specially crafted input, an attacker could exploit this vulnerability to overwrite critical data structures and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287843 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-3572
DESCRIPTION: pip package for python could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of Unicode separators in git references. By creating a specially crafted tag, an attacker could exploit this vulnerability to install a different revision on a repository.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208954 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2022-47010
DESCRIPTION: Binutils is vulnerable to a denial of service, caused by a memory leak in function pr_function_type in prdbg.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264308 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-34459
DESCRIPTION: GNOME libxml2 could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the formatting error messages with xmllint --htmlout. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290819 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-32021
DESCRIPTION: Git could allow a local authenticated attacker to bypass security restrictions, caused by a flaw when cloning local repository. By sending a specially crafted request, an attacker could exploit this vulnerability to hardlink arbitrary user-readable files into the new repository's "objects/" directory.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290725 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L)
CVEID: CVE-2024-2511
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote attacker could exploit this vulnerability to cause unbounded memory growth, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287215 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-2236
DESCRIPTION: GnuPG Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a timing-based side-channel flaw in the RSA implementation. By using Bleichenbacher-style attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285781 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-26461
DESCRIPTION: Kerberos 5 is vulnerable to a denial of service, caused by a memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284478 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26458
DESCRIPTION: Kerberos 5 is vulnerable to a denial of service, caused by a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284479 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-30205
DESCRIPTION: GNU Emacs could provide weaker than expected security, caused by an issue with contents of remote files to be trusted in Org mode. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286329 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-30204
DESCRIPTION: GNU Emacs could provide weaker than expected security, caused by an issue with LaTeX preview is enabled by default for e-mail attachments. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286328 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-32004
DESCRIPTION: MinGit software which is consumed by Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system, caused by a path traversal vulnerability. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290593 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2024-28182
DESCRIPTION: nghttp2 is vulnerable to a denial of service, caused by a memory exhaustion flaw due to flood of CONTINUATION frames in the HTTP/2 protocol stack. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause excessive CPU usage, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286963 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-32465
DESCRIPTION: Git could allow a physical attacker to bypass security restrictions, caused by a directory traversal flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass protections for cloning untrusted repositories.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290724 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2021-23336
DESCRIPTION: Python CPython could allow a remote attacker to bypass security restrictions, caused by a web cache poisoning flaw via urllib.parse.parse_qsl and urllib.parse.parse_qs. By sending a specially-crafted request parameter cloaking, an attacker could exploit this vulnerability to cause a difference in the interpretation of the request between the proxy and the server.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196808 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H)
CVEID: CVE-2024-0232
DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a heap use-after-free flaw in the jsonParseAddNodeArray() function in sqlite3.c. By persuading a victim to pass a specially crafted input to the application, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279519 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-30203
DESCRIPTION: GNU Emacs could provide weaker than expected security, caused by an issue with treating inline MIME contents as trusted. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286327 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-20697
DESCRIPTION: Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Libarchive component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/276196 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-32020
DESCRIPTION: Git could allow a local authenticated attacker to bypass security restrictions, caused by a flaw when cloning local repository. By sending a specially crafted request, an attacker could exploit this vulnerability to modify objects in the cloned repository.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290713 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L)
CVEID: CVE-2024-26462
DESCRIPTION: Kerberos 5 is vulnerable to a denial of service, caused by a memory leak in /krb5/src/kdc/ndr.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284476 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-37920
DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261639 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-2953
DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ber_memalloc_x() function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256751 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-24806
DESCRIPTION: libuv is vulnerable to server-side request forgery, caused by improper Domain lookup by the uv_getaddrinfo function in src/unix/getaddrinfo.c. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282753 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2021-4217
DESCRIPTION: Info-ZIP UnZip could allow a remote attacker to execute arbitrary code on the system, caused by a NULL pointer dereference flaw in the handling of Unicode strings. By persuading a victim to open a specially-crafted .zip file, an attacker could exploit this vulnerability to execute arbitrary code or cause the system to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234332 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-16163
DESCRIPTION: oniguruma is vulnerable to a denial of service, caused by stack exhaustion in regcomp.c due to recursion in regparse.c. By persuading a victim to compile a specially crafted file and execute its object code, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166736 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-47038
DESCRIPTION: Perl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined Unicode property. By persuading a victim to use specially crafted regular expression to compile, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272814 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-7008
DESCRIPTION: systemd is vulnerable to a man-in-the-middle attack, caused by a flaw with able to accept records of DNSSEC-signed domains even when they have no signature. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to manipulate records.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280246 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-2975
DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by AES-SIV cipher implementation. By sending a specially-crafted request using empty data entries as associated data, an attacker could exploit this vulnerability to bypass authentication validation.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260817 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2022-48554
DESCRIPTION: File is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the file_copystr function in funcs.c. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264341 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-6237
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function. By persuading a victim to sue a specially crafted RSA public keys for verification, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279450 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-5678
DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DH_generate_key() function to generate an X9.42 DH key. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270771 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-3817
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-0727
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280532 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-3446
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request using long DH keys or parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261026 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-6129
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the POLY1305 MAC (message authentication code) implementation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/278934 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-22365
DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by a flaw in pam_namespace.so. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279864 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
| Voice Gateway | 1.0.7 |
| Voice Gateway | 1.0.6 |
| Voice Gateway | 1.0.2.4 |
| Voice Gateway | 1.0.4 |
| Voice Gateway | 1.0.7.1 |
| Voice Gateway | 1.0.2 |
| Voice Gateway | 1.0.8 |
| Voice Gateway | 1.0.5 |
| Voice Gateway | 1.0.3 |
Remediation/Fixes
IBM strongly suggests upgrading to the following IBM Voice Gateway 1.0.8.x images:
ibmcom/voice-gateway-stt-adapter:1.0.8.12
ibmcom/voice-gateway-tts-adapter:1.0.8.12
The above images can be found at the below links:
https://hub.docker.com/r/ibmcom/voice-gateway-stt-adapter/tags
https://hub.docker.com/r/ibmcom/voice-gateway-tts-adapter/tags
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Off
Acknowledgement
Change History
11 Jul 2024: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS4U29","label":"IBM Voice Gateway"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}}]
Was this topic helpful?
Document Information
Modified date:
14 April 2025
Initial Publish date:
11 July 2024
UID
ibm17160029