Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2024 and January 2025

Vulnerability Details

CVEID:   CVE-2023-48161
DESCRIPTION:   GifLib Project GifLib could allow a local attacker to obtain sensitive information, caused by a heap-based buffer overflow in the DumpSCreen2RGB function in gif2rgb.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE:   CWE-787: Out-of-bounds Write
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-21208
DESCRIPTION:   Vulnerability in Java SE (component: Networking). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS).
CWE:   CWE-203: Observable Discrepancy
CVSS Source:   Oracle
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-21210
DESCRIPTION:   Vulnerability in Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some accessible data.
CWE:   CWE-203: Observable Discrepancy
CVSS Source:   Oracle
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2024-21217
DESCRIPTION:   Vulnerability in Java SE (component: Serialization). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS).
CVSS Source:   Oracle
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-21235
DESCRIPTION:   Vulnerability in Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to accessible data as well as unauthorized read access to a subset of accessible data.
CVSS Source:   Oracle
CVSS Base score:   4.8
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2024-21536
DESCRIPTION:   http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By sending specially crafted requests to certain paths, a remote attacker could exploit this vulnerability to kill the Node.js process and crash the server.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38820
DESCRIPTION:   VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CWE:   CWE-178: Improper Handling of Case Sensitivity
CVSS Source:   IBM X-Force
CVSS Base score:   3.1
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2024-47554
DESCRIPTION:   Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-47764
DESCRIPTION:   jshttp cookie could allow a remote attacker to bypass security restrictions, caused by improper input validation by the cookie name, path, and domain. By sending a specially crafted request, an attacker could exploit this vulnerability to alter other fields of the cookie.
CWE:   CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2024-6119
DESCRIPTION:   OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks (e.g., TLS clients checking server certificates). By sending a specially crafted request, a remote attacker could exploit this vulnerability to read an invalid memory address resulting in abnormal termination of the application process.
CWE:   CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-52364
DESCRIPTION:   IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM
CVSS Base score:   5.4
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2024-47561
DESCRIPTION:   Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java SDK. By sending a specially crafted request using the "java-class" attribute, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE:   CWE-502: Deserialization of Untrusted Data
CVSS Source:   IBM X-Force
CVSS Base score:   8.8
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-45296
DESCRIPTION:   path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
CWE:   CWE-1333: Inefficient Regular Expression Complexity
CVSS Source:   CVE.org
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-45590
DESCRIPTION:   expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-405: Asymmetric Resource Consumption (Amplification)
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-30261
DESCRIPTION:   Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
CWE:   CWE-284: Improper Access Control
CVSS Source:   NVD
CVSS Base score:   3.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)

CVEID:   CVE-2024-30260
DESCRIPTION:   Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
CWE:   CWE-285: Improper Authorization
CVSS Source:   NVD
CVSS Base score:   4.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2023-50314
DESCRIPTION:   IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.
CWE:   CWE-295: Improper Certificate Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-1737
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an error when content is being added or updated in resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE). By processing queries, a remote attacker could exploit this vulnerability to cause the database to slow down.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-1975
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an error if a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache. By sending a stream of SIG(0) signed requests, a remote attacker could exploit this vulnerability to exhaust all available CPU resources.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-4076
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an error when serving both stale cache data and authoritative zone content. By sending queries, a remote attacker could exploit this vulnerability to cause an assertion failure.
CWE:   CWE-617: Reachable Assertion
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-21147
DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.
CWE:   CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source:   IBM X-Force
CVSS Base score:   7.4
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2024-21145
DESCRIPTION:   An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CVSS Source:   IBM X-Force
CVSS Base score:   4.8
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2024-21140
DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CWE:   CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source:   IBM X-Force
CVSS Base score:   4.8
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2024-21144
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Concurrency component could allow a remote attacker to cause low availability impact.
CVSS Source:   IBM X-Force
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-21138
DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause a low availability impact.
CVSS Source:   IBM X-Force
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-21131
DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact.
CVSS Source:   IBM X-Force
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2024-27267
DESCRIPTION:   The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.
CWE:   CWE-300: Channel Accessible by Non-Endpoint
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-48910
DESCRIPTION:   DOMPurify could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a prototype pollution. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE:   CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Source:   IBM X-Force
CVSS Base score:   9.1
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2024-30172
DESCRIPTION:   The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verification code. By persuading a victim to use a specially crafted signature and public key, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-30171
DESCRIPTION:   The Bouncy Castle Crypto Package For Java could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the RSA decryption (both PKCS#1v1.5 and OAEP) feature. By utilize timing side-channel attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE:   CWE-203: Observable Discrepancy
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-29857
DESCRIPTION:   The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafted F2m parameters, a remote attacker could exploit this vulnerability to cause excessive CPU consumption.
CWE:   CWE-125: Out-of-bounds Read
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-25062
DESCRIPTION:   An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
CWE:   CWE-416: Use After Free
CVSS Source:   NVD
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-2953
DESCRIPTION:   A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   NVD
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-28182
DESCRIPTION:   nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   security-advisories@github.com
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-45288
DESCRIPTION:   An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CWE:   CWE-202: Exposure of Sensitive Information Through Data Queries
CVSS Source:   CISA ADP
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-11053
DESCRIPTION:   When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.
CVSS Source:   CISA ADP
CVSS Base score:   3.4
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)

CVEID:   CVE-2024-45337
DESCRIPTION:   Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.
CVSS Source:   CISA
CVSS Base score:   9.1
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2024-39338
DESCRIPTION:   Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
CWE:   CWE-918: Server-Side Request Forgery (SSRF)
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-21538
DESCRIPTION:   Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
CWE:   CWE-1333: Inefficient Regular Expression Complexity
CVSS Source:   CVE.org
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-0450
DESCRIPTION:   Python CPython is vulnerable to a denial of service, caused by improper input validation by the zipfile module. By persuading a victim to open a specially crafted ZIP file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-405: Asymmetric Resource Consumption (Amplification)
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-47175
DESCRIPTION:   OpenPrinting libppd could allow a remote attacker to execute arbitrary command on the system, caused by the failure to validate or sanitize the IPP attributes when writing them to a temporary PPD file by the ppdCreatePPDFromIPP2 function in libppd. By sending a specially crafted request using IPP attribute, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   7.7
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)

CVEID:   CVE-2024-5535
DESCRIPTION:   OpenSSL is vulnerable to a denial of service, caused by a buffer over-read flaw in the SSL_select_next_proto API function when calling with an empty supported client protocols buffer. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a crash or memory contents to be sent to the peer.
CWE:   CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source:   IBM X-Force
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-7006
DESCRIPTION:   LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference flaw tif_dirinfo.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause application to crash.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-0833
DESCRIPTION:   Red Hat AMQ-Streams could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in OKHttp componen. By sending a specially crafted request, an attacker could exploit this vulnerability to access information outside of their regular permissions.
CWE:   CWE-209: Generation of Error Message Containing Sensitive Information
CVSS Source:   IBM X-Force
CVSS Base score:   6.2
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-7254
DESCRIPTION:   Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-40094
DESCRIPTION:   GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service. By using introspection queries, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-49348
DESCRIPTION:   IBM Business Automation Workflow allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.
CWE:   CWE-266: Incorrect Privilege Assignment
CVSS Source:   IBM
CVSS Base score:   4.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2024-28168
DESCRIPTION:   Apache XML Graphics FOP is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.
CWE:   CWE-611: Improper Restriction of XML External Entity Reference
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2024-47176
DESCRIPTION:   OpenPrinting cups-browsed could allow a remote attacker to obtain sensitive information, caused by the binding on UDP INADDR_ANY:631 and trusting any packet from any source by the cups-browsed service. By sending a Get-Printer-Attributes IPP request, an attacker could exploit this vulnerability to obtain sensitive information and execute arbitrary code on the system.
CWE:   CWE-1327: Binding to an Unrestricted IP Address
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-47076
DESCRIPTION:   OpenPrinting ibcupsfilters could allow a remote attacker to bypass security restrictions, caused by the failure to validate or sanitize the IPP attributes returned from an IPP server by the libcupsfilters component. By replacing the valid IPP URL with a malicious one, an attacker could exploit this vulnerability to add a malicious printer or directly hijack an existing printer.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   8.2
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)

CVEID:   CVE-2024-47177
DESCRIPTION:   OpenPrinting cups-filters could allow a local authenticated attacker to execute arbitrary commands on the system, caused by an error in cups-filter. By using the FoomaticRIPCommandLine entry in the PPD file, an attacker could exploit this vulnerability to inject and execute arbitrary commands on the system.
CWE:   CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   6.1
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L)

CVEID:   CVE-2021-43784
DESCRIPTION:   Open Container Initiative runc could allow a remote authenticated attacker to bypass security restrictions, caused by an integer overflow in netlink bytemsg length field. By sending a specially-crafted request, an attacker could exploit this vulnerability to override netlink-based container configuration to disable namespace protections entirely.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   IBM X-Force
CVSS Base score:   6
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)

CVEID:   CVE-2023-39325
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the net/http and x/net/http2 packages. By sending specially crafted requests using HTTP/2 client, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-3978
DESCRIPTION:   Golang html package is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM X-Force
CVSS Base score:   6.1
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2024-3154
DESCRIPTION:   CRI-O could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an arbitrary systemd property injection. By sending a specially crafted request using pod annotation, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CWE:   CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   7.2
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-21626
DESCRIPTION:   Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an internal file descriptor leak. By persuading a victim to use a specially crafted image, an attacker could exploit this vulnerability to perform container escape to access to the host filesystem.
CWE:   CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
CVSS Source:   IBM X-Force
CVSS Base score:   8.6
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID:   CVE-2023-48795
DESCRIPTION:   The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
CWE:   CWE-354: Improper Validation of Integrity Check Value
CVSS Source:   NVD
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2024-24557
DESCRIPTION:   Moby could provide weaker than expected security, caused by improper cache validation in the classic builder cache system. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to conduct a cache poisoning attack.
CWE:   CWE-345: Insufficient Verification of Data Authenticity
CVSS Source:   IBM X-Force
CVSS Base score:   6.9
CVSS Vector:   (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L)

CVEID:   CVE-2024-3727
DESCRIPTION:   A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
CWE:   CWE-354: Improper Validation of Integrity Check Value
CVSS Source:   IBM X-Force
CVSS Base score:   8.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID:   CVE-2023-44487
DESCRIPTION:   The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-24786
DESCRIPTION:   Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop flaw in the rotojson.Unmarshal function when unmarshaling certain forms of invalid JSON. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-15115
DESCRIPTION:   etcd-io etcd could allow a remote attacker to obtain sensitive information, caused by improper password length validation. By using brute-force attack techniques, an attacker could exploit this vulnerability to obtain user credentials, and use this information to launch further attacks against the affected system.
CWE:   CWE-521: Weak Password Requirements
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2015-5739
DESCRIPTION:   Go is vulnerable to HTTP request smuggling, caused by a flaw in net/http library in net/textproto/reader.go. By sending a specially-crafted HTTP request with a space instead of a hyphen, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CWE:   CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2016-5386
DESCRIPTION:   Google Go net/http package could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable. By using a specially-crafted Proxy header in a HTTP request, an attacker could exploit this vulnerability to redirect outbound HTTP traffic to arbitrary proxy server. This is also known as the "HTTPOXY" vulnerability.
CWE:   CWE-284: Improper Access Control
CVSS Source:   IBM X-Force
CVSS Base score:   8.1
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-45287
DESCRIPTION:   Golang Go could allow a remote attacker to obtain sensitive information, caused by a timing-side channel attack in the RSA based key exchange methods in crypto/tls. The removal of of PKCS#1 padding could allow a remote attacker to leak timing information, which in turn could be used to recover session key bits.
CWE:   CWE-203: Observable Discrepancy
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-43800
DESCRIPTION:   expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM X-Force
CVSS Base score:   5
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2022-24999
DESCRIPTION:   Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-34155
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in all Parse* functions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-1325: Improperly Controlled Sequential Memory Allocation
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-34156
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Decoder.Decode. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-1325: Improperly Controlled Sequential Memory Allocation
CVSS Source:   CISA ADP
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-34158
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Parse. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-674: Uncontrolled Recursion
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38428
DESCRIPTION:   GNU Wget could allow a remote authenticated attacker to bypass security restrictions, caused by the mishandling of semicolons in the userinfo subcomponent of a URI. By sending a specially crafted request, an attacker could exploit this vulnerability to perform unauthorized actions.
CWE:   CWE-436: Interpretation Conflict
CVSS Source:   IBM X-Force
CVSS Base score:   5.4
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2024-38816
DESCRIPTION:   Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firew…  is in use * the application runs on Tomcat or Jetty
CWE:   CWE-23: Relative Path Traversal
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-4067
DESCRIPTION:   Node.js micromatch module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in micromatch.braces() in index.js. By sending a specially crafted payload, a remote attacker could exploit this vulnerability to increase the consumption time until the application hangs or slows down.
CWE:   CWE-1333: Inefficient Regular Expression Complexity
CVSS Source:   CVE.org
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-43796
DESCRIPTION:   expressjs express is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM X-Force
CVSS Base score:   5
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2024-43799
DESCRIPTION:   pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM X-Force
CVSS Base score:   5
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2024-35255
DESCRIPTION:   Microsoft Azure Identity Libraries and Microsoft Authentication Library could allow a local authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to elevate privileges and read any file on the file system with SYSTEM access permissions.
CWE:   CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2023-31442
DESCRIPTION:   In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not validate (e.g., via TLS) the authenticity of the discovered service, this may result in exfiltration of application data (e.g., persistence events may be published to an unintended Kafka broker). If such validation is performed, then the poisoning constitutes a denial of access to the intended service. This affects Akka 2.5.14 through 2.8.0, and Akka Discovery through 2.8.0.
CVSS Source:   IBM X-Force
CVSS Base score:   5.6
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2024-39249
DESCRIPTION:   Async is vulnerable to a denial of service, caused by the ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. Note: This vulnerability is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.
CWE:   CWE-1333: Inefficient Regular Expression Complexity
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-38808
DESCRIPTION:   VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression Language (SpEL) expression, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   VMware
CVSS Base score:   4.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-52365
DESCRIPTION:   IBM Business Automation Workflow is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM
CVSS Base score:   6.4
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

CVEID:   CVE-2023-50387
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an error when processing responses coming from specially crafted DNSSEC-signed zones. By flooding the target server with queries, a remote attacker could exploit this vulnerability to cause CPU exhaustion on a DNSSEC-validating resolver.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-37370
DESCRIPTION:   MIT Kerberos 5 (aka krb5) could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request to modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, an attacker could exploit this vulnerability to cause the unwrapped token to appear truncated to the application.
CVSS Source:   IBM X-Force
CVSS Base score:   7.4
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)

CVEID:   CVE-2023-41105
DESCRIPTION:   Python could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with os.path.normpath truncates input on null bytes. By sending a specially crafted request, an attacker could exploit this vulnerability to allow wrong files or directories being used,.
CWE:   CWE-426: Untrusted Search Path
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2024-24791
DESCRIPTION:   Go net/http package is vulnerable to a denial of service, caused by improper 100-continue header handling. By sending "Expect: 100-continue" requests, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-24788
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by a high cpu usage in extractExtendedRCode function in the net module. By sending a specially crafted DNS message in response to a query, a remote attacker could exploit this vulnerability to cause an infinite loop.
CWE:   CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2023-24329
DESCRIPTION:   Python could allow a remote attacker to bypass security restrictions, caused by a flaw in the urllib.parse component. By sending a specially-crafted request using URL starts with blank characters, an attacker could exploit this vulnerability to bypass blocklisting methods.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2023-50868
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an error when preparing an NSEC3 closest encloser proof. By flooding the target resolver with queries, a remote attacker could exploit this vulnerability to cause CPU exhaustion on a DNSSEC-validating resolver.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-0727
DESCRIPTION:   OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could exploit this vulnerability to cause the application to crash.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   3.1
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-37371
DESCRIPTION:   MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by an invalid memory reads during GSS message token handling. By sending specially crafted message tokens, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-0760
DESCRIPTION:   ISC BIND is vulnerable to a denial of service. By sending a flood of DNS messages over TCP, a remote attacker could exploit this vulnerability to cause the server to become unstable.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

IBM X-Force ID:   350772
DESCRIPTION:   OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer dereference in the ber_memalloc_x() function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

IBM X-Force ID:   350771
DESCRIPTION:   GNOME libxml2 is vulnerable to a denial of service, caused by a use-after-free in xmlValidatePopElement(). By using XMLReader API, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

IBM X-Force ID:   271691
DESCRIPTION:   GO docker module could allow a local authenticated attacker to obtain sensitive information, caused by the default access to /sys/devices/virtual/powercap. An attacker could exploit this vulnerability using a power-based side-channel attack to infer data and extract cryptographic keys. Note: This vulnerability is known as the Platypus attack.
CWE:   CWE-281: Improper Preservation of Permissions
CVSS Source:   IBM X-Force
CVSS Base score:   6.3
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)

IBM X-Force ID:   255317
DESCRIPTION:   Logrus is vulnerable to a denial of service, caused by a flaw in the bufio.Scanner log writer. By logging more than 64kb of data in a single entry without newlines, a local attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   6.2
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

IBM X-Force ID:   350769
DESCRIPTION:   etcd-io etcd could allow a remote attacker to obtain sensitive information, caused by the storing of user credentials in WAL logs. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain the login and password.
CWE:   CWE-256: Plaintext Storage of a Password
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

IBM X-Force ID:   350770
DESCRIPTION:   etcd-io etcd is vulnerable to a denial of service, caused by an error when attempting to perform service discovery. By providing a cluster size as a negative value, a remote attacker could exploit this vulnerability to cause the application to panic.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

IBM X-Force ID:   168617
DESCRIPTION:   Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in `kubectl cp` that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree.
CWE:   CWE-59: Improper Link Resolution Before File Access ('Link Following')
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

IBM X-Force ID:   386108
DESCRIPTION:   axios is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the format method. By sending a specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-1333: Inefficient Regular Expression Complexity
CVSS Source:   huntr
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)