Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-53382
Vulnerability from cvelistv5
Published
2025-03-03 00:00
Modified
2025-03-03 21:53
Severity ?
EPSS score ?
Summary
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53382", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-03T21:52:57.337439Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-03T21:53:33.210Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Prism", vendor: "PrismJS", versions: [ { lessThanOrEqual: "1.29.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:prismjs:prism:*:*:*:*:*:*:*:*", versionEndIncluding: "1.29.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-03T06:36:55.825Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660", }, { url: "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259", }, ], x_generator: { engine: "enrichogram 0.0.1", }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-53382", datePublished: "2025-03-03T00:00:00.000Z", dateReserved: "2024-11-20T00:00:00.000Z", dateUpdated: "2025-03-03T21:53:33.210Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-53382\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-03-03T07:15:33.397\",\"lastModified\":\"2025-03-03T22:15:35.637\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.\"},{\"lang\":\"es\",\"value\":\"Prism (también conocido como PrismJS) hasta la versión 1.29.0 permite el DOM Clobbering (con el consiguiente XSS para entradas no confiables que contienen HTML pero no contienen directamente JavaScript), porque la búsqueda de document.currentScript puede ser ocultada por elementos HTML inyectados por un atacante.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}", vulnrichment: { containers: "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unknown\", \"product\": \"Prism\", \"vendor\": \"PrismJS\", \"versions\": [{\"lessThanOrEqual\": \"1.29.0\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.\"}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code ('Code Injection')\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-03-03T06:36:55.825Z\"}, \"references\": [{\"url\": \"https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660\"}, {\"url\": \"https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N\"}}], \"cpeApplicability\": [{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:prismjs:prism:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.29.0\"}]}]}]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-53382\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-03T21:52:57.337439Z\"}}}], \"references\": [{\"url\": \"https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-03T21:53:13.145Z\"}}]}", cveMetadata: "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2024-53382\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"assignerShortName\": \"mitre\", \"dateUpdated\": \"2025-03-03T21:53:33.210Z\", \"dateReserved\": \"2024-11-20T00:00:00.000Z\", \"datePublished\": \"2025-03-03T00:00:00.000Z\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
ncsc-2025-0123
Vulnerability from csaf_ncscnl
Published
2025-04-16 08:37
Modified
2025-04-16 08:37
Summary
Kwetsbaarheden verholpen in Oracle Database Producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores variërend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-385
Covert Timing Channel
CWE-347
Improper Verification of Cryptographic Signature
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-400
Uncontrolled Resource Consumption
CWE-502
Deserialization of Untrusted Data
CWE-918
Server-Side Request Forgery (SSRF)
CWE-787
Out-of-bounds Write
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-44
Path Equivalence: 'file.name' (Internal Dot)
CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-755
Improper Handling of Exceptional Conditions
CWE-178
Improper Handling of Case Sensitivity
CWE-193
Off-by-one Error
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-523
Unprotected Transport of Credentials
CWE-190
Integer Overflow or Wraparound
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-285
Improper Authorization
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-284
Improper Access Control
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476
NULL Pointer Dereference
CWE-459
Incomplete Cleanup
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-269
Improper Privilege Management
CWE-287
Improper Authentication
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores variërend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Covert Timing Channel", title: "CWE-385", }, { category: "general", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "Improper Validation of Syntactic Correctness of Input", title: "CWE-1286", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "Path Equivalence: 'file.name' (Internal Dot)", title: "CWE-44", }, { category: "general", text: "Sensitive Information in Resource Not Removed Before Reuse", title: "CWE-226", }, { category: "general", text: "Use of Incorrectly-Resolved Name or Reference", title: "CWE-706", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Off-by-one Error", title: "CWE-193", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Unprotected Transport of Credentials", title: "CWE-523", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", title: "CWE-614", }, { category: "general", text: "Improper Authorization", title: "CWE-285", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Authentication", title: "CWE-287", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpuapr2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Database Producten", tracking: { current_release_date: "2025-04-16T08:37:39.412900Z", generator: { date: "2025-02-25T15:15:00Z", engine: { name: "V.A.", version: "1.0", }, }, id: "NCSC-2025-0123", initial_release_date: "2025-04-16T08:37:39.412900Z", revision_history: [ { date: "2025-04-16T08:37:39.412900Z", number: "1.0.0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:unknown/22.1", product: { name: "vers:unknown/22.1", product_id: "CSAFPID-1304603", }, }, ], category: "product_name", name: "Database Server", }, { branches: [ { category: "product_version_range", name: "vers:unknown/13.5.0.0", product: { name: "vers:unknown/13.5.0.0", product_id: "CSAFPID-1201359", }, }, ], category: "product_name", name: "Enterprise Manager for Oracle Database", }, { branches: [ { category: "product_version_range", name: "vers:unknown/>=19.1.0.0.0|<=19.26.0.0.250219", product: { name: "vers:unknown/>=19.1.0.0.0|<=19.26.0.0.250219", product_id: "CSAFPID-2698376", }, }, { category: "product_version_range", name: "vers:unknown/>=21.3|<=21.17", product: { name: "vers:unknown/>=21.3|<=21.17", product_id: "CSAFPID-2698377", }, }, ], category: "product_name", name: "GoldenGate", }, { branches: [ { category: "product_version_range", name: "vers:oracle/23.1", product: { name: "vers:oracle/23.1", product_id: "CSAFPID-1238473", }, }, { category: "product_version_range", name: "vers:unknown/2.0", product: { name: "vers:unknown/2.0", product_id: "CSAFPID-1237753", }, }, { category: "product_version_range", name: "vers:unknown/20.2", product: { name: "vers:unknown/20.2", product_id: "CSAFPID-1238475", }, }, { category: "product_version_range", name: "vers:unknown/23.1", product: { name: "vers:unknown/23.1", product_id: "CSAFPID-1296375", }, }, { category: "product_version_range", name: "vers:unknown/none", product: { name: "vers:unknown/none", product_id: "CSAFPID-1237603", }, }, ], category: "product_name", name: "Big Data Spatial and Graph", }, ], category: "product_family", name: "Oracle", }, { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.3|<=19.22", product: { name: "vers:oracle/>=19.3|<=19.22", product_id: "CSAFPID-1145825", }, }, { category: "product_version_range", name: "vers:oracle/>=21.3|<=21.13", product: { name: "vers:oracle/>=21.3|<=21.13", product_id: "CSAFPID-1145826", }, }, ], category: "product_name", name: "Oracle Database Server", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.3|<=19.26", product: { name: "vers:oracle/>=19.3|<=19.26", product_id: "CSAFPID-2698969", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=21.3|<=21.17", product: { name: "vers:oracle/>=21.3|<=21.17", product_id: "CSAFPID-2698968", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=21.4|<=21.16", product: { name: "vers:oracle/>=21.4|<=21.16", product_id: "CSAFPID-1839905", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=23.4|<=23.7", product: { name: "vers:oracle/>=23.4|<=23.7", product_id: "CSAFPID-2698934", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle Database Server", }, ], category: "product_family", name: "Oracle Database Server", }, { branches: [ { category: "product_version_range", name: "vers:oracle/13.5.0.0", product: { name: "vers:oracle/13.5.0.0", product_id: "CSAFPID-1144644", }, }, ], category: "product_name", name: "Oracle Enterprise Manager for Oracle Database", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/1.5.0", product: { name: "vers:oracle/1.5.0", product_id: "CSAFPID-2699002", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/1.6.0", product: { name: "vers:oracle/1.6.0", product_id: "CSAFPID-2699003", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/1.6.1", product: { name: "vers:oracle/1.6.1", product_id: "CSAFPID-2699004", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.6.1:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle NoSQL Database", }, ], category: "product_family", name: "Oracle NoSQL Database", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/>=22.1.1.1.0|<=22.1.1.30.0", product: { name: "vers:oracle/>=22.1.1.1.0|<=22.1.1.30.0", product_id: "CSAFPID-2699053", product_identification_helper: { cpe: "cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle TimesTen In-Memory Database", }, ], category: "product_family", name: "Oracle TimesTen In-Memory Database", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/25.1.0", product: { name: "vers:oracle/25.1.0", product_id: "CSAFPID-2698932", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/25.2.0", product: { name: "vers:oracle/25.2.0", product_id: "CSAFPID-2698931", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=23.8.0|<=23.11.0", product: { name: "vers:oracle/>=23.8.0|<=23.11.0", product_id: "CSAFPID-2698930", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=24.1.0|<=24.11.0", product: { name: "vers:oracle/>=24.1.0|<=24.11.0", product_id: "CSAFPID-2698933", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Autonomous Health Framework", }, ], category: "product_family", name: "Oracle Autonomous Health Framework", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/21.7.1.0.0", product: { name: "vers:oracle/21.7.1.0.0", product_id: "CSAFPID-2698943", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.7.1.0.0:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle Essbase", }, ], category: "product_family", name: "Oracle Essbase", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.10", product: { name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.10", product_id: "CSAFPID-2698949", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "GoldenGate Stream Analytics", }, { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.1.0.0.0|<=19.26.0.0.250219", product: { name: "vers:oracle/>=19.1.0.0.0|<=19.26.0.0.250219", product_id: "CSAFPID-2698941", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=21.3|<=21.17", product: { name: "vers:oracle/>=21.3|<=21.17", product_id: "CSAFPID-2698942", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3-21.17:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=23.4|<=23.7", product: { name: "vers:oracle/>=23.4|<=23.7", product_id: "CSAFPID-2699022", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:23.4-23.7:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle GoldenGate", }, { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.18", product: { name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.18", product_id: "CSAFPID-1839977", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=21.3.0.0.0|<=21.16.0.0.0", product: { name: "vers:oracle/>=21.3.0.0.0|<=21.16.0.0.0", product_id: "CSAFPID-1840034", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=23.4|<=23.6", product: { name: "vers:oracle/>=23.4|<=23.6", product_id: "CSAFPID-1840035", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle GoldenGate Big Data and Application Adapters", }, ], category: "product_family", name: "Oracle GoldenGate", }, { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.7", product: { name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.7", product_id: "CSAFPID-1144602", }, }, ], category: "product_name", name: "Oracle GoldenGate Stream Analytics", }, { branches: [ { category: "product_version_range", name: "vers:oracle/<23.1", product: { name: "vers:oracle/<23.1", product_id: "CSAFPID-1145800", }, }, { category: "product_version_range", name: "vers:unknown/2.0", product: { name: "vers:unknown/2.0", product_id: "CSAFPID-356315", product_identification_helper: { cpe: "cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:unknown/23.1", product: { name: "vers:unknown/23.1", product_id: "CSAFPID-356152", }, }, ], category: "product_name", name: "Big Data Spatial and Graph", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/23.4.3", product: { name: "vers:oracle/23.4.3", product_id: "CSAFPID-2699065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/24.3.0", product: { name: "vers:oracle/24.3.0", product_id: "CSAFPID-2699066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/23.4.4", product: { name: "vers:oracle/23.4.4", product_id: "CSAFPID-1840017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/24.4.0", product: { name: "vers:oracle/24.4.0", product_id: "CSAFPID-1840013", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:24.4.0:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Graph Server and Client", }, ], category: "product_family", name: "Oracle Graph Server and Client", }, { branches: [ { category: "product_version_range", name: "vers:oracle/<=22.4.7", product: { name: "vers:oracle/<=22.4.7", product_id: "CSAFPID-1145419", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/<=23.4.2", product: { name: "vers:oracle/<=23.4.2", product_id: "CSAFPID-1145421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/<=24.1.0", product: { name: "vers:oracle/<=24.1.0", product_id: "CSAFPID-1145422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Graph Server and Client", }, { branches: [ { category: "product_version_range", name: "vers:oracle/3.0.6", product: { name: "vers:oracle/3.0.6", product_id: "CSAFPID-1145420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle Big Data Spatial and Graph", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/12.1.0.1", product: { name: "vers:oracle/12.1.0.1", product_id: "CSAFPID-2699109", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:12.1.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/12.1.0.2", product: { name: "vers:oracle/12.1.0.2", product_id: "CSAFPID-2699107", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:12.1.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/12.1.0.3", product: { name: "vers:oracle/12.1.0.3", product_id: "CSAFPID-2699106", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:12.1.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/18.1.0.0", product: { name: "vers:oracle/18.1.0.0", product_id: "CSAFPID-2699110", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/18.1.0.1", product: { name: "vers:oracle/18.1.0.1", product_id: "CSAFPID-2698972", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/18.1.0.2", product: { name: "vers:oracle/18.1.0.2", product_id: "CSAFPID-2699108", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.2:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle Secure Backup", }, ], category: "product_family", name: "Oracle Secure Backup", }, ], category: "vendor", name: "Oracle", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:semver/19.3|<=19.26", product: { name: "vers:semver/19.3|<=19.26", product_id: "CSAFPID-2698485", }, }, { category: "product_version_range", name: "vers:semver/21.3|<=21.17", product: { name: "vers:semver/21.3|<=21.17", product_id: "CSAFPID-2698486", }, }, { category: "product_version_range", name: "vers:semver/23.4|<=23.7", product: { name: "vers:semver/23.4|<=23.7", product_id: "CSAFPID-2698487", }, }, ], category: "product_name", name: "Oracle Database Server", }, { branches: [ { category: "product_version_range", name: "vers:semver/12.1.0.1", product: { name: "vers:semver/12.1.0.1", product_id: "CSAFPID-2698463", }, }, { category: "product_version_range", name: "vers:semver/12.1.0.2", product: { name: "vers:semver/12.1.0.2", product_id: "CSAFPID-2698464", }, }, { category: "product_version_range", name: "vers:semver/12.1.0.3", product: { name: "vers:semver/12.1.0.3", product_id: "CSAFPID-2698465", }, }, { category: "product_version_range", name: "vers:semver/18.1.0.0", product: { name: "vers:semver/18.1.0.0", product_id: "CSAFPID-2698466", }, }, { category: "product_version_range", name: "vers:semver/18.1.0.1", product: { name: "vers:semver/18.1.0.1", product_id: "CSAFPID-2698467", }, }, { category: "product_version_range", name: "vers:semver/18.1.0.2", product: { name: "vers:semver/18.1.0.2", product_id: "CSAFPID-2698468", }, }, ], category: "product_name", name: "Oracle Secure Backup", }, ], category: "vendor", name: "Oracle Corporation", }, ], }, vulnerabilities: [ { cve: "CVE-2020-1935", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-1935", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1935.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2020-1935", }, { cve: "CVE-2020-1938", cwe: { id: "CWE-285", name: "Improper Authorization", }, notes: [ { category: "other", text: "Improper Authorization", title: "CWE-285", }, { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-1938", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1938.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2020-1938", }, { cve: "CVE-2020-9484", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-9484", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-9484.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2020-9484", }, { cve: "CVE-2020-11996", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-11996", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11996.json", }, ], title: "CVE-2020-11996", }, { cve: "CVE-2020-13935", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-13935", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13935.json", }, ], title: "CVE-2020-13935", }, { cve: "CVE-2020-13943", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-13943", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13943.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2020-13943", }, { cve: "CVE-2020-36843", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "other", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-36843", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36843.json", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2020-36843", }, { cve: "CVE-2021-24122", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-24122", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-24122.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-24122", }, { cve: "CVE-2021-25122", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-25122", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25122.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-25122", }, { cve: "CVE-2021-25329", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-25329", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25329.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-25329", }, { cve: "CVE-2021-30640", cwe: { id: "CWE-287", name: "Improper Authentication", }, notes: [ { category: "other", text: "Improper Authentication", title: "CWE-287", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-30640", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-30640.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-30640", }, { cve: "CVE-2021-33037", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-33037", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33037.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-33037", }, { cve: "CVE-2021-41079", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-41079", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41079.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-41079", }, { cve: "CVE-2021-41184", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-41184", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-41184", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-42575", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-42575.json", }, ], title: "CVE-2021-42575", }, { cve: "CVE-2021-43980", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-43980", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-43980.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-43980", }, { cve: "CVE-2022-3786", cwe: { id: "CWE-193", name: "Off-by-one Error", }, notes: [ { category: "other", text: "Off-by-one Error", title: "CWE-193", }, { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2022-3786", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3786.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2022-3786", }, { cve: "CVE-2022-25762", cwe: { id: "CWE-226", name: "Sensitive Information in Resource Not Removed Before Reuse", }, notes: [ { category: "other", text: "Sensitive Information in Resource Not Removed Before Reuse", title: "CWE-226", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2022-25762", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-25762.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2022-25762", }, { cve: "CVE-2022-42252", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2022-42252", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42252.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2022-42252", }, { cve: "CVE-2023-28708", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Unprotected Transport of Credentials", title: "CWE-523", }, { category: "other", text: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", title: "CWE-614", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-28708", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28708.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-28708", }, { cve: "CVE-2023-34053", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-34053", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34053.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-34053", }, { cve: "CVE-2023-41080", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-41080", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41080.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-41080", }, { cve: "CVE-2023-42795", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-42795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42795.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-42795", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-45648", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-45648", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45648.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-45648", }, { cve: "CVE-2023-46589", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-46589", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-46589", }, { cve: "CVE-2024-6763", cwe: { id: "CWE-1286", name: "Improper Validation of Syntactic Correctness of Input", }, notes: [ { category: "other", text: "Improper Validation of Syntactic Correctness of Input", title: "CWE-1286", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-6763", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json", }, ], title: "CVE-2024-6763", }, { cve: "CVE-2024-8176", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-8176", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8176.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-8176", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-8184", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8184.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-8184", }, { cve: "CVE-2024-9143", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-9143", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json", }, ], title: "CVE-2024-9143", }, { cve: "CVE-2024-11053", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-11053", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-11053", }, { cve: "CVE-2024-11233", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-11233", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11233.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-11233", }, { cve: "CVE-2024-11234", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, { category: "general", text: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-11234", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11234.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-11234", }, { cve: "CVE-2024-11236", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-11236", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11236.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-11236", }, { cve: "CVE-2024-13176", cwe: { id: "CWE-385", name: "Covert Timing Channel", }, notes: [ { category: "other", text: "Covert Timing Channel", title: "CWE-385", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-13176", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-13176.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-13176", }, { cve: "CVE-2024-23672", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-23672", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-23672", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-36114", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-36114", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-36114", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38820", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-38820", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-38820", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-39338", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39338.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-39338", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-47554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-47554", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2024-53382", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-53382", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53382.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-53382", }, { cve: "CVE-2024-57699", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-57699", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-57699.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-57699", }, { cve: "CVE-2025-21578", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-21578", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21578.json", }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-21578", }, { cve: "CVE-2025-24813", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Path Equivalence: 'file.name' (Internal Dot)", title: "CWE-44", }, { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Use of Incorrectly-Resolved Name or Reference", title: "CWE-706", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-24813", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24813.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-24813", }, { cve: "CVE-2025-24970", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-24970", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-24970", }, { cve: "CVE-2025-25193", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-25193", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25193.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-25193", }, { cve: "CVE-2025-26791", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-26791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26791.json", }, ], scores: [ { cvss_v3: { baseScore: 4.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-26791", }, { cve: "CVE-2025-30694", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-30694", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30694.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-30694", }, { cve: "CVE-2025-30701", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-30701", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30701.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-30701", }, { cve: "CVE-2025-30702", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-30702", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30702.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-30702", }, { cve: "CVE-2025-30733", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-30733", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30733.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-30733", }, { cve: "CVE-2025-30736", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-30736", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30736.json", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-30736", }, ], }
fkie_cve-2024-53382
Vulnerability from fkie_nvd
Published
2025-03-03 07:15
Modified
2025-03-03 22:15
Severity ?
Summary
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.", }, { lang: "es", value: "Prism (también conocido como PrismJS) hasta la versión 1.29.0 permite el DOM Clobbering (con el consiguiente XSS para entradas no confiables que contienen HTML pero no contienen directamente JavaScript), porque la búsqueda de document.currentScript puede ser ocultada por elementos HTML inyectados por un atacante.", }, ], id: "CVE-2024-53382", lastModified: "2025-03-03T22:15:35.637", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], }, published: "2025-03-03T07:15:33.397", references: [ { source: "cve@mitre.org", url: "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660", }, { source: "cve@mitre.org", url: "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", url: "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "cve@mitre.org", type: "Secondary", }, ], }
ghsa-x7hr-w5r2-h6wg
Vulnerability from github
Published
2025-03-03 09:30
Modified
2025-03-10 22:19
Severity ?
Summary
PrismJS DOM Clobbering vulnerability
Details
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
{ affected: [ { package: { ecosystem: "npm", name: "prismjs", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "1.30.0", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-53382", ], database_specific: { cwe_ids: [ "CWE-94", ], github_reviewed: true, github_reviewed_at: "2025-03-03T20:16:32Z", nvd_published_at: "2025-03-03T07:15:33Z", severity: "MODERATE", }, details: "Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.", id: "GHSA-x7hr-w5r2-h6wg", modified: "2025-03-10T22:19:21Z", published: "2025-03-03T09:30:34Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-53382", }, { type: "WEB", url: "https://github.com/PrismJS/prism/pull/3863", }, { type: "WEB", url: "https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d", }, { type: "WEB", url: "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660", }, { type: "PACKAGE", url: "https://github.com/PrismJS/prism", }, { type: "WEB", url: "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", type: "CVSS_V3", }, ], summary: "PrismJS DOM Clobbering vulnerability", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.