Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5A3C57F5CC7FCCD3373ADD4B98739CBC1B71ED960A10E83DFC42368360D2F1D4
HistoryJul 31, 2024 - 7:41 p.m.

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

2024-07-3119:41:25
www.ibm.com
16
ibm cloud pak aiops
directory traversal
ldap injection
bluetooth vulnerability
denial of service
kernel vulnerability

CVSS2

4.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Summary

Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.1

Vulnerability Details

CVEID:CVE-2024-32465
**DESCRIPTION:**Git could allow a physical attacker to bypass security restrictions, caused by a directory traversal flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass protections for cloning untrusted repositories.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290724 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID:CVE-2023-25613
**DESCRIPTION:**Apache Kerby could allow a remote attacker to conduct an LDAP injection, caused by a flaw in LdapIdentityBackend. By sending a request with a specially-crafted request, an attacker could exploit this vulnerability to inject unsanitized content into the LDAP filter.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247897 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2024-32020
**DESCRIPTION:**Git could allow a local authenticated attacker to bypass security restrictions, caused by a flaw when cloning local repository. By sending a specially crafted request, an attacker could exploit this vulnerability to modify objects in the cloned repository.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290713 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L)

CVEID:CVE-2024-32021
**DESCRIPTION:**Git could allow a local authenticated attacker to bypass security restrictions, caused by a flaw when cloning local repository. By sending a specially crafted request, an attacker could exploit this vulnerability to hardlink arbitrary user-readable files into the new repository’s “objects/” directory.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290725 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L)

CVEID:CVE-2020-26555
**DESCRIPTION:**Bluetooth Core and Mesh Specifications could allow a remote attacker to bypass security restrictions, caused by an impersonation in the BR/EDR PIN Pairing procedure flaw. By spoofing the Bluetooth Device Address (BD_ADDR) of the device, an attacker could exploit this vulnerability to complete pairing with a known link key, encrypt communications with the vulnerable device, and access any profiles permitted.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202270 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2021-47069
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race conduction in a do_mq_timedreceive call. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286635 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-47310
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in tlan_remove_one. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297420 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-47311
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in emac_remove. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297421 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-47353
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in udf_symlink function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297425 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-47356
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker execute arbitrary code on the system, caused by a use-after-free in HFC_cleanup(). By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297426 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-5090
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by improper check in the svm_set_x2apic_msr_interception() function in KVM. By sending a specially crafted request, a local authetnicated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270787 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)

CVEID:CVE-2023-52615
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related to page fault dead lock on mmap-ed hwrng. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286032 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52626
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read in port timestamping napi_poll context. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297445 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2023-52667
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a double-free in fs_any_create_groups. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297446 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52835
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297455 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52881
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the failure to accept ACK of bytes we never sent. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294215 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26583
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition in the tls subsystem. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283879 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26585
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition when submitting thread in the tls subsystem. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283881 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26656
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free error. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297458 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26735
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free and NULL pointer dereference. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297460 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26801
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in hci_error_reset. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287146 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26804
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the failure to prevent perpetual headroom growth. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287143 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26826
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related to data re-injection from stale subflow. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297461 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26974
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition during AER recovery. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297470 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:CVE-2024-26982
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related to checking the inode number is not the invalid value of zero. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297467 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-27397
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the netfilter subsystem. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297497 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-27410
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw when change the mesh ID and change interface to mesh mode at the same time in the WiFi module. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297498 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35789
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when moving a station out of a VLAN and deleting the VLAN afterwards. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297499 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35835
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a double free flaw in arfs_create_groups. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297500 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35845
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by not terminate the string in iwl_fw_ini_debug_info_tlv. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297502 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35852
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak when canceling rehash work. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292634 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35855
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free during activity update. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292631 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35890
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a ownership transfer issue if packets are GROed with fraglist. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297504 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35958
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an incorrect descriptor free behavior. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297505 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35960
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by incorrectly referencing a just-added rule in the same flow handle. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297507 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-46909
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an oops when a PCI driver is loaded or bound after the kernel has initialized. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284595 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-46972
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a resource leak flaw. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285511 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-47073
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a oops flaw on rmmod dell_smbios. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286639 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-47236
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related to tx fixup skb leak. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297419 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-47456
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in peak_pci: peak_pci_remove(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297427 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-47495
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lack of a sanity check for maxpacket. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297428 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52464
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds string access. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284079 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52560
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak in damon_do_test_apply_three_regions(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297444 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-52669
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a buffer overread in CTR mode. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297447 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52675
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lack of a null pointer check in update_events_in_group(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297448 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52686
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lack of a null pointer check in opal_event_init(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297450 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52700
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a kernel warning when sending SYN message. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297451 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52703
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related to act_len in usb_bulk_msg error path. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297452 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-52781
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an iteration issue in ‘usb_get_bos_descriptor()’. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297453 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52813
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related to hungtask for PADATA_RESET. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297454 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52877
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in tcpm_pd_svdm(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294226 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52878
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related can_put_echo_skb(): don’t crash kernel if can_priv::echo_skb is accessed out of bounds. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294218 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26584
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw when setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on requests to the crypto API in the tls subsystem. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283880 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26675
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related to ppp_async: limit MRU to 64K. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297459 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26759
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition when skipping swapcache. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286874 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26859
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition during EEH error handling. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297464 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26906
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related to vsyscall page read for copy_from_kernel_nofault(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297465 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26907
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error related to fortifying source warning while accessing Eth segment. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297514 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-35838
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a sta-link leak due to removing the station without ever marking links valid in the WiFI module. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297501 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35853
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak during rehash. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292633 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35854
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free during rehash. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292632 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35888
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by not making sure erspan_base_hdr is present in skb linear part by the ip6erspan_rcv() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297503 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-35959
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw in the mlx5e_priv_init() cleanup flow. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297506 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-36004
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the use WQ_MEM_RECLAIM flag for workqueue. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/291015 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-36007
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related to mlxsw: spectrum_acl_tcam. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290954 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-32002
**DESCRIPTION:**MinGit software which is consumed by Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system, caused by a path traversal vulnerability. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290504 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2024-32004
**DESCRIPTION:**MinGit software which is consumed by Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system, caused by a path traversal vulnerability. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290593 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2024-36114
**DESCRIPTION:**airlift aircompressor could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read/write flaw in the decompressor implementations. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and crash the JVM.
CVSS Base score: 8.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292728 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)

CVEID:CVE-2024-6387
**DESCRIPTION:**OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with root privileges on glibc-based Linux systems.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296064 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-6409
**DESCRIPTION:**OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a race condition in the grace_alarm_handler() function, which improperly calls cleanup_exit() from within a signal handler. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297518 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H)

CVEID:CVE-2024-39936
**DESCRIPTION:**Qt could allow a remote attacker to obtain sensitive information, caused by an error in HTTP2. By sending multiple requests in-between the encrypted() signal and the abort() call, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 8.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297912 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2024-35235
**DESCRIPTION:**OpenPrinting CUPS could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw when starting the cupsd server with a Listen configuration item pointing to a symbolic link. An authenticated attacker could exploit this vulnerability to change permission of any user or system files to be world writable and execute arbitrary commands.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294443 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-26130
**DESCRIPTION:**cryptography is vulnerable to a denial of service, caused by a NULL pointer dereference in the pkcs12.serialize_key_and_certificates process. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283820 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-24762
**DESCRIPTION:**FastAPI is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Content-Type header. By sending a specially crafted regex input, a remote attacker could exploit this vulnerability to consume CPU resources and stall indefinitely.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281680 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for AIOps 4.1.0 - 4.6.0

Remediation/Fixes

IBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing Fix:

[https://www.ibm.com/docs/en/cloud-paks/cloud-pak-aiops/4.6.1?topic=support-security-bulletins-fixes](<https://www.ibm.com/docs/en/cloud-paks/cloud-pak-aiops/4.5.1?topic=support-security-bulletins-fixes>)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphere_automation_for_ibm_cloud_pak_for_watson_aiopsMatch4.6.1

Related

osv 28
redhat 19
nessus 61
oraclelinux 4
rocky 7
almalinux 4
ibm 5
openvas 21
kaspersky 2
ubuntu 3
mageia 1
slackware 1
cloudfoundry 1
fedora 3
redos 1
photon 2
amazon 2
nvd 3
vulnrichment 4
debiancve 5
redhatcve 2
trendmicroblog 1
thn 1
ubuntucve 4
cve 4
cvelist 5
alpinelinux 1
prion 1
cbl_mariner 2
qt 1
osv
osv
Important: kernel security and bug fix update
2024-07-02 00:00:00
Important: kernel security and bug fix update
2024-07-15 12:17:38
Important: kernel-rt security and bug fix update
2024-07-08 00:00:00
redhat
redhat
(RHSA-2024:4211) Important: kernel security and bug fix update
2024-07-02 00:08:42
(RHSA-2024:4352) Important: kernel-rt security and bug fix update
2024-07-08 01:54:26
(RHSA-2024:4336) Moderate: security update Logging for Red Hat OpenShift - 5.6.21
2024-07-24 05:37:51
nessus
nessus
Rocky Linux 8 : kernel (RLSA-2024:4211)
2024-07-15 00:00:00
Oracle Linux 8 : kernel (ELSA-2024-4211)
2024-07-03 00:00:00
AlmaLinux 8 : kernel (ALSA-2024:4211)
2024-07-02 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2024-07-02 00:00:00
git security update
2024-06-25 00:00:00
git security update
2024-06-25 00:00:00
rocky
rocky
kernel security and bug fix update
2024-07-15 12:20:09
kernel security and bug fix update
2024-07-15 12:17:38
kernel-rt security and bug fix update
2024-07-15 12:17:54
almalinux
almalinux
Important: kernel-rt security and bug fix update
2024-07-08 00:00:00
Important: kernel security and bug fix update
2024-07-02 00:00:00
Important: git security update
2024-06-25 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-08-22 09:25:46
Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF002
2024-09-05 20:05:41
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2024.
2024-08-08 17:17:47
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1807-1)
2024-05-30 00:00:00
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2024-2365)
2024-09-12 00:00:00
Slackware: Security Advisory (SSA:2024-136-02)
2024-05-16 00:00:00
kaspersky
kaspersky
KLA67449 Multiple vulnerabilities in Git for Windows
2024-05-14 00:00:00
KLA67403 Multiple vulnerabilities in Microsoft Developer Tools
2024-05-14 00:00:00
ubuntu
ubuntu
Git vulnerabilities
2024-05-28 00:00:00
Linux kernel vulnerabilities
2024-07-30 00:00:00
Linux kernel vulnerabilities
2024-07-29 00:00:00
mageia
mageia
Updated git packages fix security vulnerabilities
2024-06-03 21:30:48
slackware
slackware
[slackware-security] git
2024-05-16 02:33:18
cloudfoundry
cloudfoundry
USN-6793-1: Git vulnerabilities | Cloud Foundry
2024-07-25 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: git-2.45.1-1.fc40
2024-05-17 01:09:13
[SECURITY] Fedora 38 Update: kernel-6.7.6-100.fc38
2024-02-28 01:41:53
[SECURITY] Fedora 39 Update: qt6-qtbase-6.6.2-2.fc39
2024-07-19 02:21:59
redos
redos
ROS-20240527-04
2024-05-27 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-4.0-0611
2024-05-15 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0271
2024-05-15 00:00:00
amazon
amazon
Important: git
2024-05-23 21:37:00
Important: git
2024-05-23 22:04:00
nvd
nvd
CVE-2024-32465
2024-05-14 20:15:14
CVE-2024-36114
2024-05-29 21:15:49
CVE-2021-46972
2024-02-27 19:04:07
vulnrichment
vulnrichment
CVE-2024-32465 Git's protections for cloning untrusted repositories can be bypassed
2024-05-14 19:18:33
CVE-2023-52560 mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
2024-03-02 21:59:34
CVE-2021-46972 ovl: fix leaked dentry
2024-02-27 18:47:07
debiancve
debiancve
CVE-2024-32465
2024-05-14 20:15:14
CVE-2024-24762
2024-02-05 15:15:09
CVE-2021-46972
2024-02-27 19:04:07
redhatcve
redhatcve
CVE-2024-32465
2024-05-14 23:56:59
CVE-2024-6409
2024-07-08 17:56:18
trendmicroblog
trendmicroblog
The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409
2024-07-17 00:00:00
thn
thn
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
2024-07-10 03:26:00
ubuntucve
ubuntucve
CVE-2024-32465
2024-05-14 00:00:00
CVE-2023-52700
2024-05-21 00:00:00
CVE-2021-46909
2024-02-27 00:00:00
cve
cve
CVE-2024-32465
2024-05-14 20:15:14
CVE-2023-52560
2024-03-02 22:15:48
CVE-2021-46909
2024-02-27 07:15:07
cvelist
cvelist
CVE-2024-32465 Git's protections for cloning untrusted repositories can be bypassed
2024-05-14 19:18:33
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
2024-05-29 20:24:53
CVE-2021-47356 mISDN: fix possible use-after-free in HFC_cleanup()
2024-05-21 14:35:59
alpinelinux
alpinelinux
CVE-2024-32465
2024-05-14 20:15:14
prion
prion
Design/Logic Flaw
2024-03-02 22:15:00
cbl_mariner
cbl_mariner
CVE-2024-39936 affecting package qtbase for versions less than 6.6.2-1
2024-07-24 00:12:29
CVE-2024-39936 affecting package qt5-qtbase for versions less than 5.12.11-13
2024-08-18 14:44:42
qt
qt
Security advisory: Recently discovered HTTP2 handling issue impacts Qt
2024-07-17 00:00:00

CVSS2

4.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON
Related for 5A3C57F5CC7FCCD3373ADD4B98739CBC1B71ED960A10E83DFC42368360D2F1D4
osv28redhat19nessus61oraclelinux4rocky7almalinux4ibm5openvas21kaspersky2ubuntu3mageia1slackware1cloudfoundry1fedora3redos1photon2amazon2nvd3vulnrichment4debiancve5redhatcve2trendmicroblog1thn1ubuntucve4cve4cvelist5alpinelinux1prion1cbl_mariner2qt1