SB2024032727 - Multiple vulnerabilities in IBM Cloud Pak for AIOps
Published: March 27, 2024 Updated: March 7, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 85 secuirty vulnerabilities.
1) Improper Neutralization of HTTP Headers for Scripting Syntax (CVE-ID: CVE-2023-29406)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper input validation in HTTP/1 client when handling HTTP Host header. A remote non-authenticated attacker can send a specially crafted HTTP request with a maliciously crafted Host header and inject additional headers or entire requests.
Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.
2) Improper Certificate Validation (CVE-ID: CVE-2023-34410)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper validation of TLS certificate chain, where application does not always consider whether the root of a chain is a configured CA certificate. A remote attacker can perform MitM attack.
3) Out-of-bounds read (CVE-ID: CVE-2023-33285)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to buffer over-read via a crafted reply from a DNS server within the QDnsLookup() function in src/network/kernel/qdnslookup_unix.cpp. A remote attacker can perform a denial of service attack.
4) OS Command Injection (CVE-ID: CVE-2022-26945)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2022-29810)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to go-getter library can write SSH credentials into its log file. A local user with access to log files can read credentials in clear text, which may lead to privilege escalation or account takeover.
6) Input validation error (CVE-ID: CVE-2022-30323)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2022-30322)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2022-30321)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.
9) State Issues (CVE-ID: CVE-2023-27536)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to cURL will reuse a previously created connection even when the GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.
10) Resource exhaustion (CVE-ID: CVE-2023-45142)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect processing of HTTP header User-Agent and HTTP method. A remote attacker can send multiple requests with long randomly generated HTTP methods or/and User agents and consume memory resources, leading to a denial of service condition.11) Infinite loop (CVE-ID: CVE-2023-38197)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling recursive expansions. A remote attacker can consume all available system resources and cause denial of service conditions.
12) NULL pointer dereference (CVE-ID: CVE-2020-29652)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing an authentication request message for the “gssapi-with-mic” method. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
13) Infinite loop (CVE-ID: CVE-2021-33194)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop. A remote attacker can pass crafted ParseFragment input to the application, consume all available system resources and cause denial of service conditions.
14) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-41721)
The vulnerability allows a remote attacker to perform HTTP/2 request smuggling attacks.
The vulnerability exists due to improper validation of HTTP/2 requests when using MaxBytesHandler. A remote attacker can send a specially crafted HTTP/2 request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
15) Uncontrolled Recursion (CVE-ID: CVE-2021-31525)
The vulnerability allows a remote attacker to perform a DoS attack.
The vulnerability exists due to uncontrolled recursion when processing HTTP headers. A remote attacker can send a large header to ReadRequest or ReadResponse and perform a denial of service (DoS) attack.
16) Input validation error (CVE-ID: CVE-2021-44716)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
17) Input validation error (CVE-ID: CVE-2022-27664)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
18) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-41717)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
19) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29526)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.
20) Buffer overflow (CVE-ID: CVE-2023-37369)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing XML content in QXmlStreamReader. A remote attacker can pass specially crafted XML input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
21) Improper Authorization (CVE-ID: CVE-2023-3961)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when handling client pipe names. A remote attacker can provide a specially crafted pipe name containing directory traversal characters and force Samba to connect to Unix domain sockets outside of the private directory meant to restrict the services a client could connect to.The connection to Unix domain sockets is performed as root, which means that if client sends a pipe name that resolved to an external service using an existing Unix
domain socket, the client is able to connect to it without
any filesystem restrictions.
22) Resource exhaustion (CVE-ID: CVE-2022-32149)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.
23) Reachable Assertion (CVE-ID: CVE-2023-38472)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the avahi_rdata_parse() function. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
24) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-5072)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
25) Use-after-free (CVE-ID: CVE-2023-4806)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the getaddrinfo() function. A remote attacker can perform a denial of service (DoS) attack.
26) Inadequate Encryption Strength (CVE-ID: CVE-2022-2582)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. A remote user can gain unauthorized access to sensitive information on the system.
27) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-8912)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR.
28) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-8911)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
29) Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CVE-ID: CVE-2023-0842)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited. A remote unauthenticated attacker can edit or add new properties to an object to execute arbitrary code on the target system.
30) Input validation error (CVE-ID: CVE-2023-39323)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing line directives (e.g. "//line") in the code. A remote attacker can bypass restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build".
31) Reachable Assertion (CVE-ID: CVE-2023-38473)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the avahi_alternative_host_name() function. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
32) Reachable Assertion (CVE-ID: CVE-2023-38471)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the dbus_set_host_name() function. A local user can perform a denial of service (DoS) attack.
33) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-4091)
The vulnerability allows a remote user to truncate read-only files.
The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user can request read-only access to files and then truncate them to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes".
34) Reachable Assertion (CVE-ID: CVE-2023-38470)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the avahi_escape_label() function. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
35) Reachable Assertion (CVE-ID: CVE-2023-38469)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the avahi_dns_packet_append_record() function. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
36) Infinite loop (CVE-ID: CVE-2021-3468)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work() function. A local user can consume all available system resources and cause denial of service conditions.
37) Input validation error (CVE-ID: CVE-2023-34053)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Web Observations. A remote attacker can send specially crafted HTTP requests to the application and perform a denial of service (DoS) attack.
38) Session Fixation (CVE-ID: CVE-2022-25896)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the session is regenerated instead of being closed when a user logs in or logs out. A remote attacker can gain access to the session.
39) Path traversal (CVE-ID: CVE-2022-21221)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to insufficient sanitization of user-supplied passed via the ServeFile function. A remote attacker can use a backslash %5c character in the path and read contents of arbitrary files on the system.
40) Infinite loop (CVE-ID: CVE-2021-29482)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due the function readUvarint used to read the xz container format may not terminate a loop providing malicious input. A remote attacker can consume all available system resources and cause denial of service conditions.
41) Infinite loop (CVE-ID: CVE-2020-16845)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in "ReadUvarint" and "ReadVarint" in "encoding/binary". A remote attacker can consume all available system resources and cause denial of service conditions.
42) Resource management error (CVE-ID: CVE-2023-42669)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to inclusion of the "rpcecho" server into production build, which can call sleep() on AD DC. A remote user can request the server block using the "rpcecho" server and perform a denial of service (DoS) attack.
43) Out-of-bounds read (CVE-ID: CVE-2021-38561)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
44) Infinite loop (CVE-ID: CVE-2020-14040)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
45) Cross-site scripting (CVE-ID: CVE-2023-39318)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the html/template package when handling HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
46) Use-after-free (CVE-ID: CVE-2023-1192)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_is_status_io_timeout() function in Linux kernel. A local user can set environment variable to a specific value, trigger a use-after-free error and execute arbitrary code with elevated privileges.
47) Use-after-free (CVE-ID: CVE-2022-45919)
The vulnerability allows a local user to escalate privileges on the system.
48) Use-after-free (CVE-ID: CVE-2022-45884)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvbdev.c in Linux kernel related to dvb_register_device() function dynamically allocating fops. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
49) Resource management error (CVE-ID: CVE-2023-29469)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.
50) NULL pointer dereference (CVE-ID: CVE-2023-28484)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in xmlSchemaFixupComplexType. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
51) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-49082)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when processing HTTP request method. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
52) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-49081)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when processing HTTP version. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
53) Cross-site scripting (CVE-ID: CVE-2023-39319)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists within the html/template package caused by improperly applied rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
54) Resource exhaustion (CVE-ID: CVE-2014-9471)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
55) Use-after-free (CVE-ID: CVE-2023-2162)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.
56) Observable discrepancy (CVE-ID: CVE-2023-45287)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a timing discrepancy when handling RSA based TLS key exchanges. A remote attacker can perform a Marvin attack and gain access to sensitive information.
57) Inefficient Algorithmic Complexity (CVE-ID: CVE-2023-46136)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to high resource usage when parsing multipart/form-data. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
58) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-47627)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when AIOHTTP_NO_EXTENSIONS is enabled. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
59) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2024-21647)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when parsing chunked transfer encoding bodies. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
60) Division by zero (CVE-ID: CVE-2023-32573)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error in src/svg/qsvghandler.cpp. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
61) Integer overflow (CVE-ID: CVE-2022-48468)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within parse_required_member() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
62) Resource exhaustion (CVE-ID: CVE-2023-6481)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in logback receiver component. A remote attacker can send send poisoned data, trigger resource exhaustion and perform a denial of service (DoS) attack.
63) Information disclosure (CVE-ID: CVE-2023-20569)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a side channel issue in AMD CPUs. A remote user can influence the return address prediction and gain unauthorized access to sensitive information on the system.
64) Out-of-bounds write (CVE-ID: CVE-2023-2163)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in BPF verifier caused by improper marking of
registers for precision tracking in certain situations. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
65) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.
66) Use-after-free (CVE-ID: CVE-2023-34241)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in cupsdAcceptClient(). A remote attacker can cause a denial of service condition on the target system.
67) Buffer overflow (CVE-ID: CVE-2023-29491)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.
68) Input validation error (CVE-ID: CVE-2023-1981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can initiate a DBUS call to the daemon and perform a denial of service (DoS) attack.
69) Information disclosure (CVE-ID: CVE-2023-32681)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.
70) Integer overflow (CVE-ID: CVE-2023-5869)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in array modification. A remote user can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
71) Improper Certificate Validation (CVE-ID: CVE-2023-31486)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to missing verification of the TLS certificate. A remote attacker can perform MitM attack and trick the application into downloading a malicious file.72) Out-of-bounds write (CVE-ID: CVE-2023-3138)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within src/InitExt.c in libX11. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
73) OS Command Injection (CVE-ID: CVE-2022-48339)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the hfy-istext-command() function when parsing the "file" and "srcdir" parameters, if a file name or directory name contains shell metacharacter. A remote attacker can execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
74) OS Command Injection (CVE-ID: CVE-2022-48337)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when parsing name of a source-code file in lib-src/etags.c. A remote attacker can trick the victim use the "etags -u *" command on the directory with attacker controlled content and execute arbitrary OS commands on the target system.
75) Heap-based buffer overflow (CVE-ID: CVE-2023-32324)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the format_log_line() function cups/string.c when the "loglevel" is set to "DEBUG". A remote attacker can pass specially crafted data to the daemon, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
76) Out-of-bounds write (CVE-ID: CVE-2023-3812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the TUN/TAP device driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
77) Resource exhaustion (CVE-ID: CVE-2022-3094)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling DNS updates. A remote attacker can trigger resource exhaustion by sending a flood of dynamic DNS updates.
78) Buffer overflow (CVE-ID: CVE-2023-4911)
The vulnerability allows a local user to escalate privileges on the system.
79) Path traversal (CVE-ID: CVE-2021-20218)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to malicious pod/container can cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
80) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-30630)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions when executing the command with the "--dump-bin" option. A local user can overwrite arbitrary files on the system and escalate privileges.
81) Improper Certificate Validation (CVE-ID: CVE-2023-29409)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to verifying certificate chains containing large RSA keys is slow. A remote attacker can cause a client/server to expend significant CPU time verifying signatures.
82) Use-after-free (CVE-ID: CVE-2023-5633)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error when running inside a VMware guest with 3D acceleration enabled. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
83) Use-after-free (CVE-ID: CVE-2023-5178)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
84) Use-after-free (CVE-ID: CVE-2023-4622)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unix_stream_sendpage() function in af_unix component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
85) Out-of-bounds write (CVE-ID: CVE-2023-42753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.