Lucene search

K
ibmIBME503DF5F2F95C37408E2BCBBCE38A12F0831E28FE2B18A88EA14E320BB1F0CAE
HistoryMay 09, 2024 - 12:31 p.m.

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

2024-05-0912:31:16
www.ibm.com
16
ibm qradar siem
multiple vulnerabilities
fixed
oniguruma
denial of service
stack exhaustion
integer overflow
buffer overflow
code execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

EPSS

0.05

Percentile

92.9%

Summary

IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update.

Vulnerability Details

CVEID:CVE-2019-13224
**DESCRIPTION:**oniguruma is vulnerable to a denial of service, caused by a use-after-free in onig_new_deluxe() in regext.c. By persuading a victim to compile a specially crafted file and execute its object code, a remote attacker could exploit this vulnerability to achieve information disclosure, denial of service, or possibly code execution
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166875 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-16163
**DESCRIPTION:**oniguruma is vulnerable to a denial of service, caused by stack exhaustion in regcomp.c due to recursion in regparse.c. By persuading a victim to compile a specially crafted file and execute its object code, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166736 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-19012
**DESCRIPTION:**Oniguruma is vulnerable to a denial of service, caused by an integer overflow in the search_in_range function in regexec.c. By using a specially crafted regular expression, a local attacker could exploit this vulnerability to cause the application to crash or obtain sensitive information.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172008 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID:CVE-2019-19203
**DESCRIPTION:**Oniguruma is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the function gb18030_mbc_enc_len in file gb18030.c. By using a specially-crafted input, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172170 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-19204
**DESCRIPTION:**Oniguruma is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the function fetch_interval_quantifier in regparse.c. By using a specially-crafted input, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172169 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2018-19787
**DESCRIPTION:**lxml is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the lxml/html/clean.py script. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/153601 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-43818
**DESCRIPTION:**lxml could allow a remote attacker to bypass security restrictions, caused by a flaw in HTML Cleaner in lxml.html. By sending a specially-crafted script content, an attacker could exploit this vulnerability to allow crafted and SVG embedded scripts to pass through.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215122 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N)

CVEID:CVE-2014-3146
**DESCRIPTION:**lxml could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the clean_html() function. By sending a specially-crafted request, an attacker could exploit this vulnerability and perform unauthorized actions.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93080 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2020-27783
**DESCRIPTION:**Python LXML is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clean module. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192644 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2007-4559
**DESCRIPTION:**Python could allow a remote attacker to traverse directories on the system, caused by a vulnerability in the tarfile module. By persuading a victim to open a specially-crafted .TAR file containing “dot dot” sequences (/…/) in the filename, a remote attacker could exploit this vulnerability to overwrite arbitrary files on the system with the victim’s privileges.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/36366 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:C/A:N)

CVEID:CVE-2022-48560
**DESCRIPTION:**Python is vulnerable to a denial of service, caused by a use-after-free flaw in the heappushpop() function in the heapq module. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264844 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-48564
**DESCRIPTION:**Python is vulnerable to a denial of service, caused by a flaw in the read_ints function in plistlib.py. By persuading a victim to open a specially crafted Apple Property List file file, a remote attacker could exploit this vulnerability to cause CPU and RAM exhaustion, and results in a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264546 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-27043
**DESCRIPTION:**Python could allow a remote attacker to bypass security restrictions, caused by a parsing flaw in the email.utils.parsaddr() and email.utils.getaddresses() functions. By sending a specially-crafted e-mail addresses with a special character, an attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253191 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2021-43975
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c. By sending a specially-crafted length value using an emulate networking device, an attacker could exploit this vulnerability to execute arbitrary code or crash the system.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213673 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-28388
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free flaw in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223321 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-3545
**DESCRIPTION:**A use-after-free in the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec in Linux Kernel could allow a remote authenticated attacker from within the local network to cause an unknown impact.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238739 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2022-3594
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error in the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238748 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-36402
**DESCRIPTION:**Linux Kernel could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an integer overflow flaw in the vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in the GPU component. By persuading a victim to open a specially-crafted content, an authenticated attacker could exploit this vulnerability to gain elevated privileges and cause a denial of service condition.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236346 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H)

CVEID:CVE-2022-38096
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a NULL pointer dereference flaw in the vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component. By sending a specialy-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privilege to cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235788 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-38457
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the vmw_cmd_res_check function in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to cause a denial of service condition.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235641 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)

CVEID:CVE-2022-40133
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the vmw_execbuf_tie_context function in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to cause a denial of service condition.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235642 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)

CVEID:CVE-2022-41858
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. By sending a specially-crafted request to simulate slip network card from user-space of linux, a remote attacker could exploit this vulnerability to cause the system to crash or obtain internal kernel information.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241807 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2022-45869
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition in the x86 KVM subsystem when nested virtualisation and the TDP MMU are enabled. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241399 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-45887
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak in drivers/media/usb/ttusb-dec/ttusb_dec.c By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240769 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-4744
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double-free flaw in the TUN/TAP device driver functionality. An attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252377 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-1382
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253367 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-2166
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in can protocol in net/can/af_can.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253491 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-2176
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds read flaw in the compare_netdev_and_ip function in drivers/infiniband/core/cma.c in RDMA. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253492 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-28772
**DESCRIPTION:**Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the seq_buf_putmem_hex function in lib/seq_buf.c. By sending a specially crafted request, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250942 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-30456
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by the lack of consistency checks for CR0 and CR4 in arch/x86/kvm/vmx/nested.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252441 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-31084
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called in drivers/media/dvb-core/dvb_frontend.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253581 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-33951
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a race condition in the handling of GEM objects. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information in the context of the kernel, or cause a denial of service condition.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255804 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)

CVEID:CVE-2023-33952
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double free in the handling of vmw_buffer_object objects. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute code in the context of the kernel.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255805 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2023-40283
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the l2cap_sock_release function in net/bluetooth/l2cap_sock.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/263389 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-45862
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver. By using a specially crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268714 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-4921
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: sch_qfq component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265977 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-51042
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a fence use-after-free flaw in the amdgpu_cs_wait_all_fences function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280863 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-51043
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free due to a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280864 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-5633
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the way memory objects were handled. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269432 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-6606
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the smbCalcSize function in fs/smb/client/netmisc.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to crash the system or obtain internal kernel information.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273675 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2023-6610
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the smb2_dump_detail function in fs/smb/client/smb2ops.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to crash the system or obtain internal kernel information.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273676 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2023-6817
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the nft_pipapo_walk function in the netfilter: nf_tables component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275424 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-6931
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in the Performance Events system component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275563 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-6932
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the ipv4: igmp component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275569 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-7192
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the AF_PACKET implementation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/278669 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)

CVEID:CVE-2024-0565
**DESCRIPTION:**Linux Kernel could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds memory read due to an integer underflow on the memcpy length. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-0646
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds memory write flaw in the Transport Layer Security functionality. A local attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279830 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-1086
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by use-after-free flaw in the nft_verdict_init() function in the Netfilter subsystem. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281122 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-48624
**DESCRIPTION:**less could allow a local attacker to execute arbitrary commands on the system, caused by a flaw with omitting shell_quote calls for LESSCLOSE in the close_altfile() function in filename.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the host operating system.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289398 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-50387
**DESCRIPTION:**Microsoft Windows is vulnerable to a denial of service, caused by improper restriction of DNSSEC verification complexity. By conducting an attack leveraging a highly complex DNSSEC verification framework, a remote attacker could exploit this vulnerability to exhaust CPU resources and stall DNS resolvers, resulting in a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281081 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-50868
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by an error when preparing an NSEC3 closest encloser proof. By flooding the target resolver with queries, a remote attacker could exploit this vulnerability to cause CPU exhaustion on a DNSSEC-validating resolver.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282901 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-3138
**DESCRIPTION:**X.Org libX11 is vulnerable to a denial of service, caused by a buffer overflow in the functions in src/InitExt.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258165 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-43618
**DESCRIPTION:**GNU Multiple Precision Arithmetic Library (GMP) is vulnerable to a denial of service, caused by an mpz/inp_raw.c integer overflow and resultant buffer overflow. By sending specially crafted input, a remote attacker could exploit this vulnerability to cause a segmentation fault on 32-bit platforms.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213467 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-27269
**DESCRIPTION:**IBM QRadar SIEM could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284575 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2023-28322
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST… By sending a specially crafted request, an attacker could exploit this vulnerability to cause application to misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255626 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-46218
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a mixed case flaw when curl is built without PSL support. By sending a specially crafted request, an attacker could exploit this vulnerability to allow a HTTP server to set “super cookies” in curl.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273320 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2023-38546
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the curl_easy_duphandle function if a transfer has cookies enabled when the handle is duplicated. By sending a specially crafted request, an attacker could exploit this vulnerability to insert cookies at will into a running program.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-1786
**DESCRIPTION:**Canonical cloud-init could allow a local authenticated attacker to obtain sensitive information, caused by the storage of sensitive data in the log files. By gaining access to the log files, an attacker could exploit this vulnerability to obtain hashed passwords information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253877 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-33631
**DESCRIPTION:**openEuler is vulnerable to a denial of service, caused by an integer overflow. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280351 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-6546
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the GSM 0710 tty multiplexor. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275779 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-45884
**DESCRIPTION:**A use-after-free in drivers/media/dvb-core/dvbdev.c in Linux Kernel could allow a local authenticated attacker to cause an unknown impact.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240765 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-45919
**DESCRIPTION:**A use-after-free in the function drivers/media/dvb-core/dvb_ca_en50221.c in Linux Kernel could allow a remote authenticated attacker from within the local network to cause an unknown impact.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240819 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2023-1192
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the smb2_is_status_io_timeout() function in CIFS . By sending a specially crafted system call, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270454 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-2163
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect verifier pruning in BPF subsystem. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266812 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2023-3812
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds memory access flaw in the TUN/TAP device driver function when napi frags is enabled. By generating a specially crafted packet, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261506 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-5178
**DESCRIPTION:**Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the nvmet_tcp_free_crypto function in the NVMe-oF/TCP subsystem. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-20569
**DESCRIPTION:**Multiple AMD CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a side channel vulnerability. By sending a specially crafted request to influence the return address prediction, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262744 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-2162
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by a use-after-free flaw in the iscsi_sw_tcp_session_create function in drivers/scsi/iscsi_tcp.c in the SCSI sub-component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain kernel internal information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253490 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-42753
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer underflow due to an array indexing issue in the netfilter ipset subsystem. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266809 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-4622
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the af_unix component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265425 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-45871
**DESCRIPTION:**Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268717 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-6536
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the NVMe driver. By sending specially crafted TCP packages when using NVMe over TCP, a remote authenticated attacker could exploit this vulnerability to cause kernel panic, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283791 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-6535
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the NVMe driver. By sending specially crafted TCP packages when using NVMe over TCP, a remote authenticated attacker could exploit this vulnerability to cause kernel panic, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283790 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-5717
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in the Performance Events (perf) component. By sending a specially crafted request using the perf_read_group() function, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269599 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-4623
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: sch_hfsc (HFSC qdisc traffic control) component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265426 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-46813
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269812 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-1838
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free flaw in the vhost_net_set_backend function in drivers/vhost/net.c in the virtio network subcomponent. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause the system to crash.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252288 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2023-6356
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the NVMe driver. By sending specially crafted TCP packages when using NVMe over TCP, a remote authenticated attacker could exploit this vulnerability to cause kernel panic, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283792 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-1073
**DESCRIPTION:**Linux Kernel could allow a physical authenticated attacker to gain elevated privileges on the system, caused by a memory corruption flaw in the human interface device (HID) subsystem. By using a specially crafted USB device , an attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251322 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-3640
**DESCRIPTION:**A use-after-free in the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth in Linux Kernel could allow a remote authenticated attacker from within the local network to cause an unknown impact.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239448 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2022-40982
**DESCRIPTION:**Multiple Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the microarchitectural state after transient execution in certain vector execution units. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262789 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2022-42895
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by an infoleak vulnerability in the net/bluetooth/l2cap_core.c’s l2cap_parse_conf_req function. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240821 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-0458
**DESCRIPTION:**Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by a speculative pointer dereference in the do_prlimit() function. An attacker could exploit this vulnerability to leak the contents and obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253874 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-0590
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in qdisc_graft in net/sched/sch_api.c. An attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250827 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-0597
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by a memory leak in the cpu_entry_area mapping of X86 CPU data to memory. An attacker could exploit this vulnerability to gain access to some important data with expected location in memory.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248430 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-1074
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak flaw in the Stream Control Transmission Protocol. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to starve resources, and results in a denial of service condition.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251324 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-1075
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper checking for list emptiness by the tls_is_tx_ready() function. By sending a specially crafted request to access a type confused entry to the list_head, an attacker could exploit this vulnerability to obtain the last byte of the confused field that overlaps with rec->tx_ready, and use this information to launch further attacks against the affected system.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248805 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-1079
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw flaw in the asus_kbd_backlight_set function. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248808 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-1118
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in drivers/media/rc/ene_ir.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the kernel to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248967 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-1206
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw in the IPv6 connection lookup table. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the CPU usage to increase, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259617 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-1252
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the Ext4 File System. An attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250826 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-1855
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the xgene-hwmon driver. A local attacker could exploit this vulnerability to cause the system to crash or obtain kernel memory.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252143 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2023-1989
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in btsdio_remove function in drivers\bluetooth\btsdio.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252734 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-1998
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the spectre_v2_user_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Spectre Mitigation component . By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253511 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2023-23455
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a type confusion flaw in the atm_tc_enqueue function in net/sched/sch_atm.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244599 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-2513
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the ext4 filesystem when handling extra inode size for extended attributes. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254670 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-26545
**DESCRIPTION:**A double free in net/mpls/af_mpls.c upon an allocation failure during the renaming of a device in Linux Kernel could allow a remote authenticated attacker from within the local network to cause an unknown impact.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248485 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2023-28328
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the az6027 driver in drivers/media/usb/dev-usb/az6027.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253366 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-3141
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in r592_remove in drivers/memstick/host/r592.c in media access. An attacker could exploit this vulnerability to crash the system at device disconnect and possibly leak kernel information.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257733 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)

CVEID:CVE-2023-31436
**DESCRIPTION:**An out-of-bounds write in qfq_change_class in net/sched/sch_qfq.c in Linux Kernel could allow a local attacker to cause an unknown impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253946 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2023-3161
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a shift-out-of-bounds flaw in the fbcon_set_font() function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257884 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-3212
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by NULL pointer dereference issue in the gfs2 file system. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258885 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-3268
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds memory access flaw in the relay_file_read_start_pos function in kernel/relay.c in the relayfs. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash or obtain sensitive information.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258287 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2023-33203
**DESCRIPTION:**Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a race condition in drivers/net/ethernet/qualcomm/emac/emac.c. By unplugging an EMAC-based device, an attacker could exploit this vulnerability to trigger a use-after-free and execute arbitrary code on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255879 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-35823
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the saa7134_finidev function in drivers/media/pci/saa7134/saa7134-core.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258285 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-35824
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the dm1105_remove function in drivers/media/pci/dm1105/dm1105.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258284 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-3609
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: cls_u32 component. By sending a specially crafted request using the reference counter, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261407 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-3611
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write flaw in the net/sched: sch_qfq component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261424 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-3772
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the kernel to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261635 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-4128
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in net/sched/cls_fw.c in classifiers. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/263234 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-4132
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the siano smsusb module. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262540 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-4155
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition in KVM AMD Secure Encrypted Virtualization (SEV). By sending a specially crafted request using the VMGEXIT handler recursively, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266090 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H)

CVEID:CVE-2023-4206
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: cls_route component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265421 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-4732
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h in the memory management subsytem. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267576 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-4207
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: cls_fw component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265422 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-4208
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: cls_u32 component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265423 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-52425
**DESCRIPTION:**libexpat is vulnerable to a denial of service, caused by improper system resource allocation. By sending a specially crafted request using an overly large token, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281438 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-1488
**DESCRIPTION:**Unbound could allow a local attacker to bypass security restrictions, caused by incorrect default permissions. By sending a specially crafted request over port 8953 leveraging a process outside of the unbound group, an attacker could exploit this vulnerability to modify the unbound runtime configuration, allowing the attacker to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
CVSS Base score: 8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283575 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)

CVEID:CVE-2019-8675
**DESCRIPTION:**Apple CUPS is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the libcups’s asn1_get_type function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181865 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2019-8696
**DESCRIPTION:**Apple CUPS is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the libcups’s asn1_get_packed function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181866 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2020-3898
**DESCRIPTION:**Apple CUPS is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the libcups’s ppdFindOption() function in ppd-mark.c. By persuading a victim to open a specially crafted ppd file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181867 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:CVE-2023-32324
**DESCRIPTION:**OpenPrinting CUPS is vulnerable to a denial of service, caused by improper bounds checking in cupsd when parsing raw files. By persuading a victim to open a specially crafted raw file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256786 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-34241
**DESCRIPTION:**Apple CUPS is vulnerable to a denial of service, caused by a use-after-free in cupsdAcceptClient(). By reading the log, a local attacker could exploit this vulnerability to exfiltrate private keys and info from a privileged cups daemon or cause the application to crash.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258674 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2020-10001
**DESCRIPTION:**Apple macOS could allow a remote attacker to obtain sensitive information, caused by improper input validation by the CUPS component. By persuading a victim to open a specially-crafted application, an attacker could exploit this vulnerability to obtain restricted memory information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199353 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-26691
**DESCRIPTION:**Apple macOS Monterey and macOS Big Sur could allow a local authenticated attacker to gain elevated privileges on the system, caused by a logic issue in the CUPS component. By using a specially-crafted application, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227437 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-32360
**DESCRIPTION:**Apple macOS Big Sur could allow a local attacker to obtain sensitive information, caused by an authentication issue in the CUPS component. An attacker could exploit this vulnerability to obtain recently printed documents and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255788 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM QRadar SIEM 7.5 - 7.5.0 UP8 IF01

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Version Fix
IBM QRadar SIEM 7.5.0 7.5.0 UP8 IF02

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmibm_qradar_siemMatch7.5

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

EPSS

0.05

Percentile

92.9%

Related for E503DF5F2F95C37408E2BCBBCE38A12F0831E28FE2B18A88EA14E320BB1F0CAE