Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-21701 (GCVE-0-2025-21701)
Vulnerability from cvelistv5
Published
2025-02-13 15:05
Modified
2025-09-02 19:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: avoid race between device unregistration and ethnl ops
The following trace can be seen if a device is being unregistered while
its number of channels are being modified.
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120
CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771
RIP: 0010:__mutex_lock+0xc8a/0x1120
Call Trace:
<TASK>
ethtool_check_max_channel+0x1ea/0x880
ethnl_set_channels+0x3c3/0xb10
ethnl_default_set_doit+0x306/0x650
genl_family_rcv_msg_doit+0x1e3/0x2c0
genl_rcv_msg+0x432/0x6f0
netlink_rcv_skb+0x13d/0x3b0
genl_rcv+0x28/0x40
netlink_unicast+0x42e/0x720
netlink_sendmsg+0x765/0xc20
__sys_sendto+0x3ac/0x420
__x64_sys_sendto+0xe0/0x1c0
do_syscall_64+0x95/0x180
entry_SYSCALL_64_after_hwframe+0x76/0x7e
This is because unregister_netdevice_many_notify might run before the
rtnl lock section of ethnl operations, eg. set_channels in the above
example. In this example the rss lock would be destroyed by the device
unregistration path before being used again, but in general running
ethnl operations while dismantle has started is not a good idea.
Fix this by denying any operation on devices being unregistered. A check
was already there in ethnl_ops_begin, but not wide enough.
Note that the same issue cannot be seen on the ioctl version
(__dev_ethtool) because the device reference is retrieved from within
the rtnl lock section there. Once dismantle started, the net device is
unlisted and no reference will be found.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: cfd719f04267108f5f5bf802b9d7de69e99a99f9 Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa Version: 7c26da3be1e9843a15b5318f90db8a564479d2ac |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T19:15:24.731894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T19:16:21.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ethtool/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "26bc6076798aa4dc83a07d0a386f9e57c94e8517",
"status": "affected",
"version": "cfd719f04267108f5f5bf802b9d7de69e99a99f9",
"versionType": "git"
},
{
"lessThan": "b1cb37a31a482df3dd35a6ac166282dac47664f4",
"status": "affected",
"version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
"versionType": "git"
},
{
"lessThan": "2f29127e94ae9fdc7497331003d6860e9551cdf3",
"status": "affected",
"version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
"versionType": "git"
},
{
"lessThan": "b382ab9b885cbb665e0e70a727f101c981b4edf3",
"status": "affected",
"version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
"versionType": "git"
},
{
"lessThan": "4dc880245f9b529fa8f476b5553c799d2848b47b",
"status": "affected",
"version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
"versionType": "git"
},
{
"lessThan": "12e070eb6964b341b41677fd260af5a305316a1f",
"status": "affected",
"version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
"versionType": "git"
},
{
"status": "affected",
"version": "7c26da3be1e9843a15b5318f90db8a564479d2ac",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ethtool/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.15.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T13:06:18.444Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517"
},
{
"url": "https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4"
},
{
"url": "https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3"
},
{
"url": "https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3"
},
{
"url": "https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b"
},
{
"url": "https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f"
}
],
"title": "net: avoid race between device unregistration and ethnl ops",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21701",
"datePublished": "2025-02-13T15:05:46.483Z",
"dateReserved": "2024-12-29T08:45:45.748Z",
"dateUpdated": "2025-09-02T19:16:21.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-21701\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-13T15:15:20.867\",\"lastModified\":\"2025-09-02T20:15:33.237\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: avoid race between device unregistration and ethnl ops\\n\\nThe following trace can be seen if a device is being unregistered while\\nits number of channels are being modified.\\n\\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\\n RIP: 0010:__mutex_lock+0xc8a/0x1120\\n Call Trace:\\n \u003cTASK\u003e\\n ethtool_check_max_channel+0x1ea/0x880\\n ethnl_set_channels+0x3c3/0xb10\\n ethnl_default_set_doit+0x306/0x650\\n genl_family_rcv_msg_doit+0x1e3/0x2c0\\n genl_rcv_msg+0x432/0x6f0\\n netlink_rcv_skb+0x13d/0x3b0\\n genl_rcv+0x28/0x40\\n netlink_unicast+0x42e/0x720\\n netlink_sendmsg+0x765/0xc20\\n __sys_sendto+0x3ac/0x420\\n __x64_sys_sendto+0xe0/0x1c0\\n do_syscall_64+0x95/0x180\\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n\\nThis is because unregister_netdevice_many_notify might run before the\\nrtnl lock section of ethnl operations, eg. set_channels in the above\\nexample. In this example the rss lock would be destroyed by the device\\nunregistration path before being used again, but in general running\\nethnl operations while dismantle has started is not a good idea.\\n\\nFix this by denying any operation on devices being unregistered. A check\\nwas already there in ethnl_ops_begin, but not wide enough.\\n\\nNote that the same issue cannot be seen on the ioctl version\\n(__dev_ethtool) because the device reference is retrieved from within\\nthe rtnl lock section there. Once dismantle started, the net device is\\nunlisted and no reference will be found.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: evitar la ejecuci\u00f3n entre la anulaci\u00f3n del registro del dispositivo y las operaciones ethnl. El siguiente rastro se puede ver si se anula el registro de un dispositivo mientras se modifica su n\u00famero de canales. DEBUG_LOCKS_WARN_ON(lock-\u0026gt;magic != lock) WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120 CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771 RIP: 0010:__mutex_lock+0xc8a/0x1120 Call Trace: ethtool_check_max_channel+0x1ea/0x880 ethnl_set_channels+0x3c3/0xb10 ethnl_default_set_doit+0x306/0x650 genl_family_rcv_msg_doit+0x1e3/0x2c0 genl_rcv_msg+0x432/0x6f0 netlink_rcv_skb+0x13d/0x3b0 genl_rcv+0x28/0x40 netlink_unicast+0x42e/0x720 netlink_sendmsg+0x765/0xc20 __sys_sendto+0x3ac/0x420 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e. Esto se debe a que unregister_netdevice_many_notify podr\u00eda ejecutarse antes de la secci\u00f3n de bloqueo rtnl de las operaciones ethnl, por ejemplo, set_channels en el ejemplo anterior. En este ejemplo, el bloqueo de rss se destruir\u00eda por la ruta de anulaci\u00f3n del registro del dispositivo antes de volver a usarse, pero en general, ejecutar operaciones ethnl mientras se ha iniciado el desmantelamiento no es una buena idea. Solucione esto denegando cualquier operaci\u00f3n en los dispositivos que se van a anular el registro. Ya hab\u00eda una comprobaci\u00f3n en ethnl_ops_begin, pero no lo suficientemente amplia. Tenga en cuenta que no se puede ver el mismo problema en la versi\u00f3n ioctl (__dev_ethtool) porque la referencia del dispositivo se recupera desde dentro de la secci\u00f3n de bloqueo rtnl all\u00ed. Una vez que se inicia el desmantelamiento, el dispositivo de red no aparece en la lista y no se encontrar\u00e1 ninguna referencia.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.4,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21701\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-02T19:15:24.731894Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-02T19:16:15.041Z\"}}], \"cna\": {\"title\": \"net: avoid race between device unregistration and ethnl ops\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"cfd719f04267108f5f5bf802b9d7de69e99a99f9\", \"lessThan\": \"26bc6076798aa4dc83a07d0a386f9e57c94e8517\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dde91ccfa25fd58f64c397d91b81a4b393100ffa\", \"lessThan\": \"b1cb37a31a482df3dd35a6ac166282dac47664f4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dde91ccfa25fd58f64c397d91b81a4b393100ffa\", \"lessThan\": \"2f29127e94ae9fdc7497331003d6860e9551cdf3\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dde91ccfa25fd58f64c397d91b81a4b393100ffa\", \"lessThan\": \"b382ab9b885cbb665e0e70a727f101c981b4edf3\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dde91ccfa25fd58f64c397d91b81a4b393100ffa\", \"lessThan\": \"4dc880245f9b529fa8f476b5553c799d2848b47b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dde91ccfa25fd58f64c397d91b81a4b393100ffa\", \"lessThan\": \"12e070eb6964b341b41677fd260af5a305316a1f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7c26da3be1e9843a15b5318f90db8a564479d2ac\", \"versionType\": \"git\"}], \"programFiles\": [\"net/ethtool/netlink.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.16\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.16\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.15.179\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.129\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.76\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.13.*\"}, {\"status\": \"unaffected\", \"version\": \"6.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/ethtool/netlink.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517\"}, {\"url\": \"https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4\"}, {\"url\": \"https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3\"}, {\"url\": \"https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3\"}, {\"url\": \"https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b\"}, {\"url\": \"https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: avoid race between device unregistration and ethnl ops\\n\\nThe following trace can be seen if a device is being unregistered while\\nits number of channels are being modified.\\n\\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\\n RIP: 0010:__mutex_lock+0xc8a/0x1120\\n Call Trace:\\n \u003cTASK\u003e\\n ethtool_check_max_channel+0x1ea/0x880\\n ethnl_set_channels+0x3c3/0xb10\\n ethnl_default_set_doit+0x306/0x650\\n genl_family_rcv_msg_doit+0x1e3/0x2c0\\n genl_rcv_msg+0x432/0x6f0\\n netlink_rcv_skb+0x13d/0x3b0\\n genl_rcv+0x28/0x40\\n netlink_unicast+0x42e/0x720\\n netlink_sendmsg+0x765/0xc20\\n __sys_sendto+0x3ac/0x420\\n __x64_sys_sendto+0xe0/0x1c0\\n do_syscall_64+0x95/0x180\\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n\\nThis is because unregister_netdevice_many_notify might run before the\\nrtnl lock section of ethnl operations, eg. set_channels in the above\\nexample. In this example the rss lock would be destroyed by the device\\nunregistration path before being used again, but in general running\\nethnl operations while dismantle has started is not a good idea.\\n\\nFix this by denying any operation on devices being unregistered. A check\\nwas already there in ethnl_ops_begin, but not wide enough.\\n\\nNote that the same issue cannot be seen on the ioctl version\\n(__dev_ethtool) because the device reference is retrieved from within\\nthe rtnl lock section there. Once dismantle started, the net device is\\nunlisted and no reference will be found.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.179\", \"versionStartIncluding\": \"5.15.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.129\", \"versionStartIncluding\": \"5.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.76\", \"versionStartIncluding\": \"5.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.13\", \"versionStartIncluding\": \"5.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.2\", \"versionStartIncluding\": \"5.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.14\", \"versionStartIncluding\": \"5.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"5.10.87\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T13:06:18.444Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-21701\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-02T19:16:21.196Z\", \"dateReserved\": \"2024-12-29T08:45:45.748Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-02-13T15:05:46.483Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
wid-sec-w-2025-0378
Vulnerability from csaf_certbund
Published
2025-02-13 23:00
Modified
2025-07-15 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um erhöhte Privilegien zu erlangen oder einen Denial of Service auszulösen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um erh\u00f6hte Privilegien zu erlangen oder einen Denial of Service auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0378 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0378.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0378 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0378"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21700",
"url": "https://lore.kernel.org/linux-cve-announce/2025021308-CVE-2025-21700-305d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21701",
"url": "https://lore.kernel.org/linux-cve-announce/2025021350-CVE-2025-21701-ce96@gregkh/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0784-1 vom 2025-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020484.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0834-1 vom 2025-03-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020497.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0847-1 vom 2025-03-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020505.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020508.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0955-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020563.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4102 vom 2025-04-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2025-097 vom 2025-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2025-097.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-069 vom 2025-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-069.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1177-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020670.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1178-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020674.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1180-1 vom 2025-04-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DGJ23MSZWYIA7MJ47RNVV6T27Z324VKA/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7428-2 vom 2025-04-09",
"url": "https://ubuntu.com/security/notices/USN-7428-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7428-1 vom 2025-04-09",
"url": "https://ubuntu.com/security/notices/USN-7428-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7429-2 vom 2025-04-09",
"url": "https://ubuntu.com/security/notices/USN-7429-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7429-1 vom 2025-04-09",
"url": "https://ubuntu.com/security/notices/USN-7429-1"
},
{
"category": "external",
"summary": "Google Cloud Platform Security Bulletin GCP-2025-015 vom 2025-04-15",
"url": "https://cloud.google.com/support/bulletins#gcp-2025-015"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7445-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7445-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7452-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7452-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7451-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7451-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7449-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7449-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7453-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7453-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7450-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7450-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7448-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7448-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7455-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7455-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7462-2 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7462-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7455-3 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7455-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7462-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7462-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7461-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7461-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7449-2 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7449-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7460-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7460-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7459-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7459-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7463-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7463-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7455-2 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7455-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7461-2 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7461-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7455-4 vom 2025-04-25",
"url": "https://ubuntu.com/security/notices/USN-7455-4"
},
{
"category": "external",
"summary": "Google Cloud Platform Security Bulletin GCP-2025-019 vom 2025-04-25",
"url": "https://cloud.google.com/support/bulletins#gcp-2025-019"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7468-1 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7468-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7455-5 vom 2025-04-29",
"url": "https://ubuntu.com/security/notices/USN-7455-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7459-2 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7459-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7461-3 vom 2025-05-02",
"url": "https://ubuntu.com/security/notices/USN-7461-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7475-1 vom 2025-05-02",
"url": "https://ubuntu.com/security/notices/USN-7475-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7523-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7523-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4178 vom 2025-05-26",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7524-1 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7524-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7540-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7540-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7539-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7539-1"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20270-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021056.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20260-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20192-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20190-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021154.html"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-082556 vom 2025-06-10",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01919-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021477.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01951-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021509.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01967-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021533.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02099-1 vom 2025-06-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021644.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20406 vom 2025-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-20406.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02264-1 vom 2025-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021785.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02308-1 vom 2025-07-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021805.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02320-1 vom 2025-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021812.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02322-1 vom 2025-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021810.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-15T22:00:00.000+00:00",
"generator": {
"date": "2025-07-16T07:53:21.746+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0378",
"initial_release_date": "2025-02-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-05T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-11T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-19T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-31T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-08T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-09T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Google aufgenommen"
},
{
"date": "2025-04-22T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-23T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-24T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Google aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-01T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-26T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Debian und Ubuntu aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-10T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Siemens aufgenommen"
},
{
"date": "2025-06-11T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-15T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-16T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-10T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-14T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "31"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Cloud Platform",
"product": {
"name": "Google Cloud Platform",
"product_id": "393401",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:-"
}
}
},
{
"category": "product_name",
"name": "Google Container-Optimized OS",
"product": {
"name": "Google Container-Optimized OS",
"product_id": "1607324",
"product_identification_helper": {
"cpe": "cpe:/o:google:container-optimized_os:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.6.76",
"product": {
"name": "Open Source Linux Kernel \u003c6.6.76",
"product_id": "T041231"
}
},
{
"category": "product_version",
"name": "6.6.76",
"product": {
"name": "Open Source Linux Kernel 6.6.76",
"product_id": "T041231-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.6.76"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.12.13",
"product": {
"name": "Open Source Linux Kernel \u003c6.12.13",
"product_id": "T041232"
}
},
{
"category": "product_version",
"name": "6.12.13",
"product": {
"name": "Open Source Linux Kernel 6.12.13",
"product_id": "T041232-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.12.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.13.2",
"product": {
"name": "Open Source Linux Kernel \u003c6.13.2",
"product_id": "T041233"
}
},
{
"category": "product_version",
"name": "6.13.2",
"product": {
"name": "Open Source Linux Kernel 6.13.2",
"product_id": "T041233-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.13.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.14-rc1",
"product": {
"name": "Open Source Linux Kernel \u003c6.14-rc1",
"product_id": "T041234"
}
},
{
"category": "product_version",
"name": "6.14-rc1",
"product": {
"name": "Open Source Linux Kernel 6.14-rc1",
"product_id": "T041234-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.14-rc1"
}
}
}
],
"category": "product_name",
"name": "Linux Kernel"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1500 CPU",
"product": {
"name": "Siemens SIMATIC S7 1500 CPU",
"product_id": "T025776",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:simatic_s7:1500_cpu"
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7"
}
],
"category": "vendor",
"name": "Siemens"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21700",
"product_status": {
"known_affected": [
"T034583",
"393401",
"T004914",
"T039664",
"T041231",
"2951",
"T002207",
"T000126",
"398363",
"T025776",
"1607324",
"T041234",
"T041233",
"T041232"
]
},
"release_date": "2025-02-13T23:00:00.000+00:00",
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"product_status": {
"known_affected": [
"T034583",
"393401",
"T004914",
"T039664",
"T041231",
"2951",
"T002207",
"T000126",
"398363",
"T025776",
"1607324",
"T041234",
"T041233",
"T041232"
]
},
"release_date": "2025-02-13T23:00:00.000+00:00",
"title": "CVE-2025-21701"
}
]
}
fkie_cve-2025-21701
Vulnerability from fkie_nvd
Published
2025-02-13 15:15
Modified
2025-09-02 20:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: avoid race between device unregistration and ethnl ops
The following trace can be seen if a device is being unregistered while
its number of channels are being modified.
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120
CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771
RIP: 0010:__mutex_lock+0xc8a/0x1120
Call Trace:
<TASK>
ethtool_check_max_channel+0x1ea/0x880
ethnl_set_channels+0x3c3/0xb10
ethnl_default_set_doit+0x306/0x650
genl_family_rcv_msg_doit+0x1e3/0x2c0
genl_rcv_msg+0x432/0x6f0
netlink_rcv_skb+0x13d/0x3b0
genl_rcv+0x28/0x40
netlink_unicast+0x42e/0x720
netlink_sendmsg+0x765/0xc20
__sys_sendto+0x3ac/0x420
__x64_sys_sendto+0xe0/0x1c0
do_syscall_64+0x95/0x180
entry_SYSCALL_64_after_hwframe+0x76/0x7e
This is because unregister_netdevice_many_notify might run before the
rtnl lock section of ethnl operations, eg. set_channels in the above
example. In this example the rss lock would be destroyed by the device
unregistration path before being used again, but in general running
ethnl operations while dismantle has started is not a good idea.
Fix this by denying any operation on devices being unregistered. A check
was already there in ethnl_ops_begin, but not wide enough.
Note that the same issue cannot be seen on the ioctl version
(__dev_ethtool) because the device reference is retrieved from within
the rtnl lock section there. Once dismantle started, the net device is
unlisted and no reference will be found.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: evitar la ejecuci\u00f3n entre la anulaci\u00f3n del registro del dispositivo y las operaciones ethnl. El siguiente rastro se puede ver si se anula el registro de un dispositivo mientras se modifica su n\u00famero de canales. DEBUG_LOCKS_WARN_ON(lock-\u0026gt;magic != lock) WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120 CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771 RIP: 0010:__mutex_lock+0xc8a/0x1120 Call Trace: ethtool_check_max_channel+0x1ea/0x880 ethnl_set_channels+0x3c3/0xb10 ethnl_default_set_doit+0x306/0x650 genl_family_rcv_msg_doit+0x1e3/0x2c0 genl_rcv_msg+0x432/0x6f0 netlink_rcv_skb+0x13d/0x3b0 genl_rcv+0x28/0x40 netlink_unicast+0x42e/0x720 netlink_sendmsg+0x765/0xc20 __sys_sendto+0x3ac/0x420 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e. Esto se debe a que unregister_netdevice_many_notify podr\u00eda ejecutarse antes de la secci\u00f3n de bloqueo rtnl de las operaciones ethnl, por ejemplo, set_channels en el ejemplo anterior. En este ejemplo, el bloqueo de rss se destruir\u00eda por la ruta de anulaci\u00f3n del registro del dispositivo antes de volver a usarse, pero en general, ejecutar operaciones ethnl mientras se ha iniciado el desmantelamiento no es una buena idea. Solucione esto denegando cualquier operaci\u00f3n en los dispositivos que se van a anular el registro. Ya hab\u00eda una comprobaci\u00f3n en ethnl_ops_begin, pero no lo suficientemente amplia. Tenga en cuenta que no se puede ver el mismo problema en la versi\u00f3n ioctl (__dev_ethtool) porque la referencia del dispositivo se recupera desde dentro de la secci\u00f3n de bloqueo rtnl all\u00ed. Una vez que se inicia el desmantelamiento, el dispositivo de red no aparece en la lista y no se encontrar\u00e1 ninguna referencia."
}
],
"id": "CVE-2025-21701",
"lastModified": "2025-09-02T20:15:33.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-13T15:15:20.867",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
ghsa-268v-p5rc-rhmv
Vulnerability from github
Published
2025-02-13 15:31
Modified
2025-09-02 21:30
Severity ?
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
net: avoid race between device unregistration and ethnl ops
The following trace can be seen if a device is being unregistered while its number of channels are being modified.
DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120 CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771 RIP: 0010:__mutex_lock+0xc8a/0x1120 Call Trace: ethtool_check_max_channel+0x1ea/0x880 ethnl_set_channels+0x3c3/0xb10 ethnl_default_set_doit+0x306/0x650 genl_family_rcv_msg_doit+0x1e3/0x2c0 genl_rcv_msg+0x432/0x6f0 netlink_rcv_skb+0x13d/0x3b0 genl_rcv+0x28/0x40 netlink_unicast+0x42e/0x720 netlink_sendmsg+0x765/0xc20 __sys_sendto+0x3ac/0x420 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e
This is because unregister_netdevice_many_notify might run before the rtnl lock section of ethnl operations, eg. set_channels in the above example. In this example the rss lock would be destroyed by the device unregistration path before being used again, but in general running ethnl operations while dismantle has started is not a good idea.
Fix this by denying any operation on devices being unregistered. A check was already there in ethnl_ops_begin, but not wide enough.
Note that the same issue cannot be seen on the ioctl version (__dev_ethtool) because the device reference is retrieved from within the rtnl lock section there. Once dismantle started, the net device is unlisted and no reference will be found.
{
"affected": [],
"aliases": [
"CVE-2025-21701"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-13T15:15:20Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"id": "GHSA-268v-p5rc-rhmv",
"modified": "2025-09-02T21:30:56Z",
"published": "2025-02-13T15:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21701"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
suse-su-2025:02852-1
Vulnerability from csaf_suse
Published
2025-08-18 15:58
Modified
2025-08-18 15:58
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs' (bsc#1245431).
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555).
Patchnames
SUSE-2025-2852,SUSE-SLE-Micro-5.5-2025-2852
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).\n- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).\n- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).\n- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).\n- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).\n- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).\n- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).\n- CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287).\n- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).\n- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).\n- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).\n- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).\n\nThe following non-security bugs were fixed:\n\n- Revert \u0027hugetlb: unshare some PMDs when splitting VMAs\u0027 (bsc#1245431).\n- Revert \u0027mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\u0027 \n- Revert \u0027mm/hugetlb: unshare page tables during VMA split, not before\u0027 \n- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2852,SUSE-SLE-Micro-5.5-2025-2852",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02852-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02852-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502852-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02852-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041256.html"
},
{
"category": "self",
"summary": "SUSE Bug 1206051",
"url": "https://bugzilla.suse.com/1206051"
},
{
"category": "self",
"summary": "SUSE Bug 1221829",
"url": "https://bugzilla.suse.com/1221829"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234863",
"url": "https://bugzilla.suse.com/1234863"
},
{
"category": "self",
"summary": "SUSE Bug 1236104",
"url": "https://bugzilla.suse.com/1236104"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1238160",
"url": "https://bugzilla.suse.com/1238160"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1240799",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242417",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "self",
"summary": "SUSE Bug 1244309",
"url": "https://bugzilla.suse.com/1244309"
},
{
"category": "self",
"summary": "SUSE Bug 1244523",
"url": "https://bugzilla.suse.com/1244523"
},
{
"category": "self",
"summary": "SUSE Bug 1245217",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "self",
"summary": "SUSE Bug 1245431",
"url": "https://bugzilla.suse.com/1245431"
},
{
"category": "self",
"summary": "SUSE Bug 1245506",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "self",
"summary": "SUSE Bug 1245711",
"url": "https://bugzilla.suse.com/1245711"
},
{
"category": "self",
"summary": "SUSE Bug 1245986",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "self",
"summary": "SUSE Bug 1246000",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "self",
"summary": "SUSE Bug 1246029",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "self",
"summary": "SUSE Bug 1246037",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "self",
"summary": "SUSE Bug 1246045",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "self",
"summary": "SUSE Bug 1246073",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "self",
"summary": "SUSE Bug 1246186",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "self",
"summary": "SUSE Bug 1246287",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "self",
"summary": "SUSE Bug 1246555",
"url": "https://bugzilla.suse.com/1246555"
},
{
"category": "self",
"summary": "SUSE Bug 1246781",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "self",
"summary": "SUSE Bug 1247314",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "self",
"summary": "SUSE Bug 1247347",
"url": "https://bugzilla.suse.com/1247347"
},
{
"category": "self",
"summary": "SUSE Bug 1247348",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "self",
"summary": "SUSE Bug 1247349",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "self",
"summary": "SUSE Bug 1247437",
"url": "https://bugzilla.suse.com/1247437"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49138 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49770 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52923 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26643 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26643/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53164 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38120 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38200 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38212 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38212/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38213 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38350 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38497 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38497/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-08-18T15:58:13Z",
"generator": {
"date": "2025-08-18T15:58:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02852-1",
"initial_release_date": "2025-08-18T15:58:13Z",
"revision_history": [
{
"date": "2025-08-18T15:58:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"product_id": "kernel-devel-rt-5.14.21-150500.13.103.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150500.13.103.2.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150500.13.103.2.noarch",
"product_id": "kernel-source-rt-5.14.21-150500.13.103.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150500.13.103.2.x86_64",
"product_id": "kernel-rt-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150500.13.103.2.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150500.13.103.2.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150500.13.103.2.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150500.13.103.2.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150500.13.103.2.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kernel-rt-vdso-5.14.21-150500.13.103.2.x86_64",
"product_id": "kernel-rt-vdso-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150500.13.103.2.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150500.13.103.2.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-vdso-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kernel-rt_debug-vdso-5.14.21-150500.13.103.2.x86_64",
"product_id": "kernel-rt_debug-vdso-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150500.13.103.2.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150500.13.103.2.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150500.13.103.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-5.14.21-150500.13.103.2.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch"
},
"product_reference": "kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150500.13.103.2.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150500.13.103.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150500.13.103.2.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150500.13.103.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Ignore multiple conn complete events\n\nWhen one of the three connection complete events is received multiple\ntimes for the same handle, the device is registered multiple times which\nleads to memory corruptions. Therefore, consequent events for a single\nconnection are ignored.\n\nThe conn-\u003estate can hold different values, therefore HCI_CONN_HANDLE_UNSET\nis introduced to identify new connections. To make sure the events do not\ncontain this or another invalid handle HCI_CONN_HANDLE_MAX and checks\nare introduced.\n\nBuglink: https://bugzilla.kernel.org/show_bug.cgi?id=215497",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49138",
"url": "https://www.suse.com/security/cve/CVE-2022-49138"
},
{
"category": "external",
"summary": "SUSE Bug 1238160 for CVE-2022-49138",
"url": "https://bugzilla.suse.com/1238160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-49138"
},
{
"cve": "CVE-2022-49770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: avoid putting the realm twice when decoding snaps fails\n\nWhen decoding the snaps fails it maybe leaving the \u0027first_realm\u0027\nand \u0027realm\u0027 pointing to the same snaprealm memory. And then it\u0027ll\nput it twice and could cause random use-after-free, BUG_ON, etc\nissues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49770",
"url": "https://www.suse.com/security/cve/CVE-2022-49770"
},
{
"category": "external",
"summary": "SUSE Bug 1242597 for CVE-2022-49770",
"url": "https://bugzilla.suse.com/1242597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-49770"
},
{
"cve": "CVE-2023-52923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: adapt set backend to use GC transaction API\n\nUse the GC transaction API to replace the old and buggy gc API and the\nbusy mark approach.\n\nNo set elements are removed from async garbage collection anymore,\ninstead the _DEAD bit is set on so the set element is not visible from\nlookup path anymore. Async GC enqueues transaction work that might be\naborted and retried later.\n\nrbtree and pipapo set backends does not set on the _DEAD bit from the\nsync GC path since this runs in control plane path where mutex is held.\nIn this case, set elements are deactivated, removed and then released\nvia RCU callback, sync GC never fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52923",
"url": "https://www.suse.com/security/cve/CVE-2023-52923"
},
{
"category": "external",
"summary": "SUSE Bug 1236104 for CVE-2023-52923",
"url": "https://bugzilla.suse.com/1236104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "moderate"
}
],
"title": "CVE-2023-52923"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26643",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26643"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout\n\nWhile the rhashtable set gc runs asynchronously, a race allows it to\ncollect elements from anonymous sets with timeouts while it is being\nreleased from the commit path.\n\nMingi Cho originally reported this issue in a different path in 6.1.x\nwith a pipapo set with low timeouts which is not possible upstream since\n7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set\nelement timeout\").\n\nFix this by setting on the dead flag for anonymous sets to skip async gc\nin this case.\n\nAccording to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on\ntransaction abort\"), Florian plans to accelerate abort path by releasing\nobjects via workqueue, therefore, this sets on the dead flag for abort\npath too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26643",
"url": "https://www.suse.com/security/cve/CVE-2024-26643"
},
{
"category": "external",
"summary": "SUSE Bug 1221829 for CVE-2024-26643",
"url": "https://bugzilla.suse.com/1221829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-26643"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53164"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ordering of qlen adjustment\n\nChanges to sch-\u003eq.qlen around qdisc_tree_reduce_backlog() need to happen\n_before_ a call to said function because otherwise it may fail to notify\nparent qdiscs when the child is about to become empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53164",
"url": "https://www.suse.com/security/cve/CVE-2024-53164"
},
{
"category": "external",
"summary": "SUSE Bug 1234863 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1234863"
},
{
"category": "external",
"summary": "SUSE Bug 1246019 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1246019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2024-53164"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap\n\nmemtrace mmap issue has an out of bounds issue. This patch fixes the by\nchecking that the requested mapping region size should stay within the\nallocated region size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38088",
"url": "https://www.suse.com/security/cve/CVE-2025-38088"
},
{
"category": "external",
"summary": "SUSE Bug 1245506 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38088"
},
{
"cve": "CVE-2025-38120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo_avx2: fix initial map fill\n\nIf the first field doesn\u0027t cover the entire start map, then we must zero\nout the remainder, else we leak those bits into the next match round map.\n\nThe early fix was incomplete and did only fix up the generic C\nimplementation.\n\nA followup patch adds a test case to nft_concat_range.sh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38120",
"url": "https://www.suse.com/security/cve/CVE-2025-38120"
},
{
"category": "external",
"summary": "SUSE Bug 1245711 for CVE-2025-38120",
"url": "https://bugzilla.suse.com/1245711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-38120"
},
{
"cve": "CVE-2025-38177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let\u0027s make it idempotent\nto ease qdisc_tree_reduce_backlog() callers\u0027 life:\n\n1. update_vf() decreases cl-\u003ecl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl-\u003eel_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38177",
"url": "https://www.suse.com/security/cve/CVE-2025-38177"
},
{
"category": "external",
"summary": "SUSE Bug 1245986 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "external",
"summary": "SUSE Bug 1246356 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1246356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38177"
},
{
"cve": "CVE-2025-38181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Fix null-ptr-deref in calipso_req_{set,del}attr().\n\nsyzkaller reported a null-ptr-deref in sock_omalloc() while allocating\na CALIPSO option. [0]\n\nThe NULL is of struct sock, which was fetched by sk_to_full_sk() in\ncalipso_req_setattr().\n\nSince commit a1a5344ddbe8 (\"tcp: avoid two atomic ops for syncookies\"),\nreqsk-\u003ersk_listener could be NULL when SYN Cookie is returned to its\nclient, as hinted by the leading SYN Cookie log.\n\nHere are 3 options to fix the bug:\n\n 1) Return 0 in calipso_req_setattr()\n 2) Return an error in calipso_req_setattr()\n 3) Alaways set rsk_listener\n\n1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie\nfor CALIPSO. 3) is also no go as there have been many efforts to reduce\natomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35\n(\"tcp/dccp: do not touch listener sk_refcnt under synflood\").\n\nAs of the blamed commit, SYN Cookie already did not need refcounting,\nand no one has stumbled on the bug for 9 years, so no CALIPSO user will\ncare about SYN Cookie.\n\nLet\u0027s return an error in calipso_req_setattr() and calipso_req_delattr()\nin the SYN Cookie case.\n\nThis can be reproduced by [1] on Fedora and now connect() of nc times out.\n\n[0]:\nTCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:406 [inline]\nRIP: 0010:sock_net include/net/sock.h:655 [inline]\nRIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806\nCode: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b\nRSP: 0018:ffff88811af89038 EFLAGS: 00010216\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400\nRDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030\nRBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e\nR10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000\nR13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050\nFS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cIRQ\u003e\n ipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288\n calipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204\n calipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597\n netlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249\n selinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342\n selinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551\n security_inet_conn_request+0x50/0xa0 security/security.c:4945\n tcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825\n tcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275\n tcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328\n tcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781\n tcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667\n tcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904\n ip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436\n ip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491\n dst_input include/net/dst.h:469 [inline]\n ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]\n ip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38181",
"url": "https://www.suse.com/security/cve/CVE-2025-38181"
},
{
"category": "external",
"summary": "SUSE Bug 1246000 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "external",
"summary": "SUSE Bug 1246001 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38181"
},
{
"cve": "CVE-2025-38200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\n\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\n\nPrevent the integer underflow by changing the type of related variables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38200",
"url": "https://www.suse.com/security/cve/CVE-2025-38200"
},
{
"category": "external",
"summary": "SUSE Bug 1246045 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "external",
"summary": "SUSE Bug 1246046 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-38200"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38212"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix to protect IPCS lookups using RCU\n\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\n\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\n\nidr_for_each() is protected by rwsem, but this is not enough. If it is\nnot protected by RCU read-critical region, when idr_for_each() calls\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\nstructure, the node will be freed immediately, and when reading the next\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\n\nTherefore, we need to add code to make sure that idr_for_each() is\nprotected within the RCU read-critical region when we call it in\nshm_destroy_orphaned().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38212",
"url": "https://www.suse.com/security/cve/CVE-2025-38212"
},
{
"category": "external",
"summary": "SUSE Bug 1246029 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "external",
"summary": "SUSE Bug 1246030 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38212"
},
{
"cve": "CVE-2025-38213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38213"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38213",
"url": "https://www.suse.com/security/cve/CVE-2025-38213"
},
{
"category": "external",
"summary": "SUSE Bug 1246037 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "external",
"summary": "SUSE Bug 1246039 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-38213"
},
{
"cve": "CVE-2025-38257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38257",
"url": "https://www.suse.com/security/cve/CVE-2025-38257"
},
{
"category": "external",
"summary": "SUSE Bug 1246186 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "external",
"summary": "SUSE Bug 1246189 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38257"
},
{
"cve": "CVE-2025-38289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38289",
"url": "https://www.suse.com/security/cve/CVE-2025-38289"
},
{
"category": "external",
"summary": "SUSE Bug 1246287 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "external",
"summary": "SUSE Bug 1246288 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-38289"
},
{
"cve": "CVE-2025-38350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38350",
"url": "https://www.suse.com/security/cve/CVE-2025-38350"
},
{
"category": "external",
"summary": "SUSE Bug 1246781 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "external",
"summary": "SUSE Bug 1247043 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1247043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38468"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\nping -I lo -c1 -W0.001 127.0.0.1\n\nThe root cause is the following:\n\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\n the selected leaf qdisc\n2. netem_dequeue calls enqueue on the child qdisc\n3. blackhole_enqueue drops the packet and returns a value that is not\n just NET_XMIT_SUCCESS\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\n5. As this is the only class in the selected hprio rbtree,\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\n NULL\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\n hprio rbtree, and fail the BUG_ON\n\nThe function graph for this scenario is shown here:\n 0) | htb_enqueue() {\n 0) + 13.635 us | netem_enqueue();\n 0) 4.719 us | htb_activate_prios();\n 0) # 2249.199 us | }\n 0) | htb_dequeue() {\n 0) 2.355 us | htb_lookup_leaf();\n 0) | netem_dequeue() {\n 0) + 11.061 us | blackhole_enqueue();\n 0) | qdisc_tree_reduce_backlog() {\n 0) | qdisc_lookup_rcu() {\n 0) 1.873 us | qdisc_match_from_root();\n 0) 6.292 us | }\n 0) 1.894 us | htb_search();\n 0) | htb_qlen_notify() {\n 0) 2.655 us | htb_deactivate_prios();\n 0) 6.933 us | }\n 0) + 25.227 us | }\n 0) 1.983 us | blackhole_dequeue();\n 0) + 86.553 us | }\n 0) # 2932.761 us | qdisc_warn_nonwc();\n 0) | htb_lookup_leaf() {\n 0) | BUG_ON();\n ------------------------------------------\n\nThe full original bug report can be seen here [1].\n\nWe can fix this just by returning NULL instead of the BUG_ON,\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\nNULL.\n\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38468",
"url": "https://www.suse.com/security/cve/CVE-2025-38468"
},
{
"category": "external",
"summary": "SUSE Bug 1247437 for CVE-2025-38468",
"url": "https://bugzilla.suse.com/1247437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
},
{
"cve": "CVE-2025-38497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either \u0027qw_sign\u0027 or \u0027landingPage\u0027\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length \u0027l\u0027 is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38497",
"url": "https://www.suse.com/security/cve/CVE-2025-38497"
},
{
"category": "external",
"summary": "SUSE Bug 1247347 for CVE-2025-38497",
"url": "https://bugzilla.suse.com/1247347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.103.2.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.103.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.103.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T15:58:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-38497"
}
]
}
ncsc-2025-0187
Vulnerability from csaf_ncscnl
Published
2025-06-10 13:11
Modified
2025-06-10 13:11
Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als RUGGEDCOM, SCALANCE, SIMATIC en Tecnomatix
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (root/admin rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Spoofing
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-395
Use of NullPointerException Catch to Detect NULL Pointer Dereference
CWE-332
Insufficient Entropy in PRNG
CWE-940
Improper Verification of Source of a Communication Channel
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-390
Detection of Error Condition Without Action
CWE-826
Premature Release of Resource During Expected Lifetime
CWE-222
Truncation of Security-relevant Information
CWE-310
CWE-310
CWE-273
Improper Check for Dropped Privileges
CWE-364
Signal Handler Race Condition
CWE-911
Improper Update of Reference Count
CWE-131
Incorrect Calculation of Buffer Size
CWE-304
Missing Critical Step in Authentication
CWE-684
Incorrect Provision of Specified Functionality
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-268
Privilege Chaining
CWE-366
Race Condition within a Thread
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-407
Inefficient Algorithmic Complexity
CWE-371
CWE-371
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-667
Improper Locking
CWE-311
Missing Encryption of Sensitive Data
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-908
Use of Uninitialized Resource
CWE-617
Reachable Assertion
CWE-129
Improper Validation of Array Index
CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-345
Insufficient Verification of Data Authenticity
CWE-354
Improper Validation of Integrity Check Value
CWE-325
Missing Cryptographic Step
CWE-190
Integer Overflow or Wraparound
CWE-290
Authentication Bypass by Spoofing
CWE-99
Improper Control of Resource Identifiers ('Resource Injection')
CWE-665
Improper Initialization
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-757
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-73
External Control of File Name or Path
CWE-20
Improper Input Validation
CWE-863
Incorrect Authorization
CWE-276
Incorrect Default Permissions
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als RUGGEDCOM, SCALANCE, SIMATIC en Tecnomatix",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (root/admin rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Spoofing\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Use of NullPointerException Catch to Detect NULL Pointer Dereference",
"title": "CWE-395"
},
{
"category": "general",
"text": "Insufficient Entropy in PRNG",
"title": "CWE-332"
},
{
"category": "general",
"text": "Improper Verification of Source of a Communication Channel",
"title": "CWE-940"
},
{
"category": "general",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Premature Release of Resource During Expected Lifetime",
"title": "CWE-826"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "CWE-310",
"title": "CWE-310"
},
{
"category": "general",
"text": "Improper Check for Dropped Privileges",
"title": "CWE-273"
},
{
"category": "general",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
},
{
"category": "general",
"text": "Improper Update of Reference Count",
"title": "CWE-911"
},
{
"category": "general",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "general",
"text": "Missing Critical Step in Authentication",
"title": "CWE-304"
},
{
"category": "general",
"text": "Incorrect Provision of Specified Functionality",
"title": "CWE-684"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Privilege Chaining",
"title": "CWE-268"
},
{
"category": "general",
"text": "Race Condition within a Thread",
"title": "CWE-366"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "CWE-371",
"title": "CWE-371"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Improper Locking",
"title": "CWE-667"
},
{
"category": "general",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "general",
"text": "Reachable Assertion",
"title": "CWE-617"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "general",
"text": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)",
"title": "CWE-99"
},
{
"category": "general",
"text": "Improper Initialization",
"title": "CWE-665"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-082556.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-345750.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-486186.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-513708.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-633269.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-693776.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2025-06-10T13:11:56.672768Z",
"generator": {
"date": "2025-06-05T14:45:00Z",
"engine": {
"name": "V.A.",
"version": "1.1"
}
},
"id": "NCSC-2025-0187",
"initial_release_date": "2025-06-10T13:11:56.672768Z",
"revision_history": [
{
"date": "2025-06-10T13:11:56.672768Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/none",
"product": {
"name": "vers:unknown/none",
"product_id": "CSAFPID-1211853"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:siemens/3.1.0",
"product": {
"name": "vers:siemens/3.1.0",
"product_id": "CSAFPID-1195553"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/1.0",
"product": {
"name": "vers:unknown/1.0",
"product_id": "CSAFPID-1211202"
}
}
],
"category": "product_name",
"name": "Simatic S7-1500 Tm Mfp Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:siemens/7.4.3",
"product": {
"name": "vers:siemens/7.4.3",
"product_id": "CSAFPID-2849543"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/none",
"product": {
"name": "vers:unknown/none",
"product_id": "CSAFPID-1756091"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/none",
"product": {
"name": "vers:unknown/none",
"product_id": "CSAFPID-2619544"
}
}
],
"category": "product_name",
"name": "Ruggedcom Ape1808"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:siemens/3.0.0",
"product": {
"name": "vers:siemens/3.0.0",
"product_id": "CSAFPID-2082475"
}
}
],
"category": "product_name",
"name": "Scalance W700 Ieee 802.11Ax Firmware"
}
],
"category": "product_family",
"name": "Siemens"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=v3.1.0",
"product": {
"name": "vers:all/\u003e=v3.1.0",
"product_id": "CSAFPID-1266669"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=v3.1.0",
"product": {
"name": "vers:all/\u003e=v3.1.0",
"product_id": "CSAFPID-1266670"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=v3.1.0",
"product": {
"name": "vers:all/\u003e=v3.1.0",
"product_id": "CSAFPID-1266671"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=v3.1.0",
"product": {
"name": "vers:all/\u003e=v3.1.0",
"product_id": "CSAFPID-1266672"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "vers:all/*",
"product_id": "CSAFPID-2460438"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv1.3.0",
"product": {
"name": "vers:unknown/\u003cv1.3.0",
"product_id": "CSAFPID-1270701"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 TM MFP - BIOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv1.1",
"product": {
"name": "vers:unknown/\u003cv1.1",
"product_id": "CSAFPID-1270700"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 TM MFP -\u00a0GNU/Linux subsystem"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=v3.1.0",
"product": {
"name": "vers:all/\u003e=v3.1.0",
"product_id": "CSAFPID-1266673"
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "vers:all/*",
"product_id": "CSAFPID-1272525"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM APE1808"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-126262",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_ape1808:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "ruggedcom_ape1808"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "vers:all/*",
"product_id": "CSAFPID-2905706"
}
}
],
"category": "product_name",
"name": "Energy Services"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv2404.0013",
"product": {
"name": "vers:all/\u003cv2404.0013",
"product_id": "CSAFPID-2905742"
}
}
],
"category": "product_name",
"name": "Tecnomatix Plant Simulation V2404"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905748"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905793"
}
}
],
"category": "product_name",
"name": "SCALANCE XC316-8 (6GK5324-8TS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905749"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905794"
}
}
],
"category": "product_name",
"name": "SCALANCE XC324-4 (6GK5328-4TS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905750"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905795"
}
}
],
"category": "product_name",
"name": "SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905751"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905796"
}
}
],
"category": "product_name",
"name": "SCALANCE XC332 (6GK5332-0GA00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905752"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905797"
}
}
],
"category": "product_name",
"name": "SCALANCE XC416-8 (6GK5424-8TR00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905753"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905798"
}
}
],
"category": "product_name",
"name": "SCALANCE XC424-4 (6GK5428-4TR00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905754"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905799"
}
}
],
"category": "product_name",
"name": "SCALANCE XC432 (6GK5432-0GR00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905755"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905800"
}
}
],
"category": "product_name",
"name": "SCALANCE XCH328 (6GK5328-4TS01-2EC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905756"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905801"
}
}
],
"category": "product_name",
"name": "SCALANCE XCM324 (6GK5324-8TS01-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905757"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905802"
}
}
],
"category": "product_name",
"name": "SCALANCE XCM328 (6GK5328-4TS01-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905758"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905803"
}
}
],
"category": "product_name",
"name": "SCALANCE XCM332 (6GK5332-0GA01-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905759"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905804"
}
}
],
"category": "product_name",
"name": "SCALANCE XR302-32 (6GK5334-5TS00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905760"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905805"
}
}
],
"category": "product_name",
"name": "SCALANCE XR302-32 (6GK5334-5TS00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905761"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905806"
}
}
],
"category": "product_name",
"name": "SCALANCE XR302-32 (6GK5334-5TS00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905762"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905807"
}
}
],
"category": "product_name",
"name": "SCALANCE XR322-12 (6GK5334-3TS00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905763"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905808"
}
}
],
"category": "product_name",
"name": "SCALANCE XR322-12 (6GK5334-3TS00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905764"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905809"
}
}
],
"category": "product_name",
"name": "SCALANCE XR322-12 (6GK5334-3TS00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905765"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905810"
}
}
],
"category": "product_name",
"name": "SCALANCE XR326-8 (6GK5334-2TS00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905766"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905811"
}
}
],
"category": "product_name",
"name": "SCALANCE XR326-8 (6GK5334-2TS00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905767"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905812"
}
}
],
"category": "product_name",
"name": "SCALANCE XR326-8 (6GK5334-2TS00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905768"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905813"
}
}
],
"category": "product_name",
"name": "SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905769"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905814"
}
}
],
"category": "product_name",
"name": "SCALANCE XR502-32 (6GK5534-5TR00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905770"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905815"
}
}
],
"category": "product_name",
"name": "SCALANCE XR502-32 (6GK5534-5TR00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905771"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905816"
}
}
],
"category": "product_name",
"name": "SCALANCE XR502-32 (6GK5534-5TR00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905772"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905817"
}
}
],
"category": "product_name",
"name": "SCALANCE XR522-12 (6GK5534-3TR00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905773"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905818"
}
}
],
"category": "product_name",
"name": "SCALANCE XR522-12 (6GK5534-3TR00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905774"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905819"
}
}
],
"category": "product_name",
"name": "SCALANCE XR522-12 (6GK5534-3TR00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905775"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905820"
}
}
],
"category": "product_name",
"name": "SCALANCE XR526-8 (6GK5534-2TR00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905776"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905821"
}
}
],
"category": "product_name",
"name": "SCALANCE XR526-8 (6GK5534-2TR00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905777"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905822"
}
}
],
"category": "product_name",
"name": "SCALANCE XR526-8 (6GK5534-2TR00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905778"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905823"
}
}
],
"category": "product_name",
"name": "SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905786"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905831"
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905785"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905830"
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905787"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905832"
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905783"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905828"
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905782"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905827"
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905784"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905829"
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905780"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905825"
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905779"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905824"
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.1",
"product": {
"name": "vers:all/\u003cv3.1",
"product_id": "CSAFPID-2905781"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003cv3.2",
"product": {
"name": "vers:all/\u003cv3.2",
"product_id": "CSAFPID-2905826"
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41617",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "other",
"text": "Improper Check for Dropped Privileges",
"title": "CWE-273"
},
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41617 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-41617.json"
}
],
"title": "CVE-2021-41617"
},
{
"cve": "CVE-2023-4527",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4527 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-4527.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-4527"
},
{
"cve": "CVE-2023-4806",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4806 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-4806.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-4806"
},
{
"cve": "CVE-2023-4911",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4911 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-4911.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-4911"
},
{
"cve": "CVE-2023-5363",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"notes": [
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Incorrect Provision of Specified Functionality",
"title": "CWE-684"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5363 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-5363.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-5363"
},
{
"cve": "CVE-2023-6246",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-6246 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-6246.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-6246"
},
{
"cve": "CVE-2023-6779",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-6779 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-6779.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-6779"
},
{
"cve": "CVE-2023-6780",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-6780 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-6780.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-6780"
},
{
"cve": "CVE-2023-28531",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-28531 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-28531.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-28531"
},
{
"cve": "CVE-2023-38545",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-38545 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-38545.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-38545"
},
{
"cve": "CVE-2023-38546",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "other",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-38546 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-38546.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-38546"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-44487.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46218",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46218 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-46218.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-46219",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46219 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-46219.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-46219"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "other",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "other",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51384",
"cwe": {
"id": "CWE-304",
"name": "Missing Critical Step in Authentication"
},
"notes": [
{
"category": "other",
"text": "Missing Critical Step in Authentication",
"title": "CWE-304"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-51384 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-51384.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-51384"
},
{
"cve": "CVE-2023-51385",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-51385 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-51385.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2023-51385"
},
{
"cve": "CVE-2023-52927",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52927 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-52927.json"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-6119",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6119 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-6119.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-6119"
},
{
"cve": "CVE-2024-6387",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6387 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-6387.json"
}
],
"title": "CVE-2024-6387"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-12243",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12243 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12243.json"
}
],
"title": "CVE-2024-12243"
},
{
"cve": "CVE-2024-24855",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24855 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-24855.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-24855"
},
{
"cve": "CVE-2024-26596",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26596 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-26596.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-26596"
},
{
"cve": "CVE-2024-28085",
"cwe": {
"id": "CWE-268",
"name": "Privilege Chaining"
},
"notes": [
{
"category": "other",
"text": "Privilege Chaining",
"title": "CWE-268"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28085 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28085.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-28085"
},
{
"cve": "CVE-2024-33599",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33599 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-33599.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33600 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-33600.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "other",
"text": "Reachable Assertion",
"title": "CWE-617"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33601 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-33601.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"cwe": {
"id": "CWE-466",
"name": "Return of Pointer Value Outside of Expected Range"
},
"notes": [
{
"category": "other",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33602 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-33602.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-34397",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Source of a Communication Channel",
"title": "CWE-940"
},
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34397 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-34397.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-34397"
},
{
"cve": "CVE-2024-37370",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37370 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37370.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-37370"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37371 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-41797",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41797 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-41797.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-41797"
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45490 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-45490.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45491 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-45491.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45492 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-45492.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-50246",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50246 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50246.json"
}
],
"title": "CVE-2024-50246"
},
{
"cve": "CVE-2024-53166",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-53166 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-53166.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-53166"
},
{
"cve": "CVE-2024-57977",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "other",
"text": "Improper Locking",
"title": "CWE-667"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57977 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57977.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-57977"
},
{
"cve": "CVE-2024-57996",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57996 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57996.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-58005",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)",
"title": "CWE-99"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-58005 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-58005.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2025-0133",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-0133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-0133"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4373 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4373.json"
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4598 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4598.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-4598"
},
{
"cve": "CVE-2025-21701",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21701 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21701.json"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21702",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21702 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21702.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-21712",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21712 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21712.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-21712"
},
{
"cve": "CVE-2025-21724",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21724 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21724.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21728",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21728 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21728.json"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21745",
"cwe": {
"id": "CWE-911",
"name": "Improper Update of Reference Count"
},
"notes": [
{
"category": "other",
"text": "Improper Update of Reference Count",
"title": "CWE-911"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21745 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21745.json"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21756",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21756 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21756.json"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21758",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21758 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21758.json"
}
],
"title": "CVE-2025-21758"
},
{
"cve": "CVE-2025-21765",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21765 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21765.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21766 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21766.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"cwe": {
"id": "CWE-332",
"name": "Insufficient Entropy in PRNG"
},
"notes": [
{
"category": "other",
"text": "Insufficient Entropy in PRNG",
"title": "CWE-332"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21767 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21767.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21795",
"cwe": {
"id": "CWE-371",
"name": "-"
},
"notes": [
{
"category": "other",
"text": "CWE-371",
"title": "CWE-371"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21795.json"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21796.json"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21848",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "other",
"text": "Use of NullPointerException Catch to Detect NULL Pointer Dereference",
"title": "CWE-395"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21848 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21848.json"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21862",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "other",
"text": "Improper Initialization",
"title": "CWE-665"
},
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21862 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21862.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"cwe": {
"id": "CWE-371",
"name": "-"
},
"notes": [
{
"category": "other",
"text": "CWE-371",
"title": "CWE-371"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21864.json"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21865 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-21865.json"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-26465",
"cwe": {
"id": "CWE-310",
"name": "-"
},
"notes": [
{
"category": "other",
"text": "CWE-310",
"title": "CWE-310"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26465 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26465.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-26465"
},
{
"cve": "CVE-2025-31115",
"cwe": {
"id": "CWE-366",
"name": "Race Condition within a Thread"
},
"notes": [
{
"category": "other",
"text": "Race Condition within a Thread",
"title": "CWE-366"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Premature Release of Resource During Expected Lifetime",
"title": "CWE-826"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-31115"
},
{
"cve": "CVE-2025-32454",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32454 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32454.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-32454"
},
{
"cve": "CVE-2025-40567",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40567 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40567.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-40567"
},
{
"cve": "CVE-2025-40568",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40568 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40568.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-40568"
},
{
"cve": "CVE-2025-40569",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40569 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40569.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-40569"
},
{
"cve": "CVE-2025-40585",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "other",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40585 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40585.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-40585"
},
{
"cve": "CVE-2025-46836",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46836 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46836.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1211853",
"CSAFPID-1266669",
"CSAFPID-1266670",
"CSAFPID-1195553",
"CSAFPID-1266671",
"CSAFPID-1266672",
"CSAFPID-2460438",
"CSAFPID-1270701",
"CSAFPID-1270700",
"CSAFPID-1266673",
"CSAFPID-1211202",
"CSAFPID-1272525",
"CSAFPID-2849543",
"CSAFPID-1756091",
"CSAFPID-2619544",
"CSAFPID-126262",
"CSAFPID-2082475",
"CSAFPID-2905706",
"CSAFPID-2905742",
"CSAFPID-2905748",
"CSAFPID-2905793",
"CSAFPID-2905749",
"CSAFPID-2905794",
"CSAFPID-2905750",
"CSAFPID-2905795",
"CSAFPID-2905751",
"CSAFPID-2905796",
"CSAFPID-2905752",
"CSAFPID-2905797",
"CSAFPID-2905753",
"CSAFPID-2905798",
"CSAFPID-2905754",
"CSAFPID-2905799",
"CSAFPID-2905755",
"CSAFPID-2905800",
"CSAFPID-2905756",
"CSAFPID-2905801",
"CSAFPID-2905757",
"CSAFPID-2905802",
"CSAFPID-2905758",
"CSAFPID-2905803",
"CSAFPID-2905759",
"CSAFPID-2905804",
"CSAFPID-2905760",
"CSAFPID-2905805",
"CSAFPID-2905761",
"CSAFPID-2905806",
"CSAFPID-2905762",
"CSAFPID-2905807",
"CSAFPID-2905763",
"CSAFPID-2905808",
"CSAFPID-2905764",
"CSAFPID-2905809",
"CSAFPID-2905765",
"CSAFPID-2905810",
"CSAFPID-2905766",
"CSAFPID-2905811",
"CSAFPID-2905767",
"CSAFPID-2905812",
"CSAFPID-2905768",
"CSAFPID-2905813",
"CSAFPID-2905769",
"CSAFPID-2905814",
"CSAFPID-2905770",
"CSAFPID-2905815",
"CSAFPID-2905771",
"CSAFPID-2905816",
"CSAFPID-2905772",
"CSAFPID-2905817",
"CSAFPID-2905773",
"CSAFPID-2905818",
"CSAFPID-2905774",
"CSAFPID-2905819",
"CSAFPID-2905775",
"CSAFPID-2905820",
"CSAFPID-2905776",
"CSAFPID-2905821",
"CSAFPID-2905777",
"CSAFPID-2905822",
"CSAFPID-2905778",
"CSAFPID-2905823",
"CSAFPID-2905786",
"CSAFPID-2905831",
"CSAFPID-2905785",
"CSAFPID-2905830",
"CSAFPID-2905787",
"CSAFPID-2905832",
"CSAFPID-2905783",
"CSAFPID-2905828",
"CSAFPID-2905782",
"CSAFPID-2905827",
"CSAFPID-2905784",
"CSAFPID-2905829",
"CSAFPID-2905780",
"CSAFPID-2905825",
"CSAFPID-2905779",
"CSAFPID-2905824",
"CSAFPID-2905781",
"CSAFPID-2905826"
]
}
],
"title": "CVE-2025-46836"
}
]
}
ssa-082556
Vulnerability from csaf_siemens
Published
2025-06-10 00:00
Modified
2025-08-12 00:00
Summary
SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5
Notes
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).
Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).\n\nSiemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"category": "self",
"summary": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-082556.json"
}
],
"title": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5",
"tracking": {
"current_release_date": "2025-08-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-082556",
"initial_release_date": "2025-06-10T00:00:00Z",
"revision_history": [
{
"date": "2025-06-10T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added CVE-2025-6395, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990"
}
],
"status": "interim",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4AX00-1AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)",
"product_id": "2",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4AX00-1AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4FX00-1AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)",
"product_id": "4",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4FX00-1AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"6AG1518-4AX00-4AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41617",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-41617"
},
{
"cve": "CVE-2023-4527",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-4527"
},
{
"cve": "CVE-2023-4806",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-4806"
},
{
"cve": "CVE-2023-4911",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A buffer overflow was discovered in the GNU C Library\u0027s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-4911"
},
{
"cve": "CVE-2023-5363",
"cwe": {
"id": "CWE-684",
"name": "Incorrect Provision of Specified Functionality"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST\u0027s SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-5363"
},
{
"cve": "CVE-2023-6246",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-6246"
},
{
"cve": "CVE-2023-6779",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-6779"
},
{
"cve": "CVE-2023-6780",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-6780"
},
{
"cve": "CVE-2023-28531",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-28531"
},
{
"cve": "CVE-2023-38545",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.\r\n\r\nWhen curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.\r\n\r\nIf the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and instead passes on the resolved address only to the proxy. Due to a bug, the local variable that means \"let the host resolve the name\" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-38545"
},
{
"cve": "CVE-2023-38546",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "summary",
"text": "This flaw allows an attacker to insert cookies at will into a running program\r\nusing libcurl, if the specific series of conditions are met.\r\n\r\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\r\nthat are the individual handles for single transfers.\r\n\r\nlibcurl provides a function call that duplicates en easy handle called\r\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\r\n\r\nIf a transfer has cookies enabled when the handle is duplicated, the\r\ncookie-enable state is also cloned - but without cloning the actual\r\ncookies. If the source handle did not read any cookies from a specific file on\r\ndisk, the cloned version of the handle would instead store the file name as\r\n`none` (using the four ASCII letters, no quotes).\r\n\r\nSubsequent use of the cloned handle that does not explicitly set a source to\r\nload cookies from would then inadvertently load cookies from a file named\r\n`none` - if such a file exists and is readable in the current directory of the\r\nprogram using libcurl. And if using the correct file format of course.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-38546"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46218",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\u0027s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-46219",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-46219"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "summary",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51384",
"cwe": {
"id": "CWE-304",
"name": "Missing Critical Step in Authentication"
},
"notes": [
{
"category": "summary",
"text": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-51384"
},
{
"cve": "CVE-2023-51385",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-51385"
},
{
"cve": "CVE-2023-52927",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-6119",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don\u0027t perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-6119"
},
{
"cve": "CVE-2024-6387",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"notes": [
{
"category": "summary",
"text": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-6387"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-12243",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-12243"
},
{
"cve": "CVE-2024-24855",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition was found in the Linux kernel\u0027s scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-24855"
},
{
"cve": "CVE-2024-26596",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: dsa: netdev_priv() dereference before check on non-DSA netdevice events.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26596"
},
{
"cve": "CVE-2024-28085",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users\u0027 terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-28085"
},
{
"cve": "CVE-2024-33599",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "nscd: Stack-based buffer overflow in netgroup cache\r\n\r\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\r\nby client requests then a subsequent client request for netgroup data\r\nmay result in a stack-based buffer overflow. This flaw was introduced\r\nin glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "nscd: Null pointer crashes after notfound response\r\n\r\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\r\nnetgroup response to the cache, the client request can result in a null\r\npointer dereference. This flaw was introduced in glibc 2.15 when the\r\ncache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "nscd: netgroup cache may terminate daemon on memory allocation failure\r\n\r\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\r\nxrealloc and these functions may terminate the process due to a memory\r\nallocation failure resulting in a denial of service to the clients. The\r\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"cwe": {
"id": "CWE-466",
"name": "Return of Pointer Value Outside of Expected Range"
},
"notes": [
{
"category": "summary",
"text": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\r\n\r\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\r\nwhen the NSS callback does not store all strings in the provided buffer.\r\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-34397",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-34397"
},
{
"cve": "CVE-2024-37370",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-37370"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-50246",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/ntfs3: Add rough attr alloc_size check",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-50246"
},
{
"cve": "CVE-2024-53166",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "block, bfq: bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-\u003elock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-53166"
},
{
"cve": "CVE-2024-57977",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "memcg: A soft lockup vulnerability in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-57977"
},
{
"cve": "CVE-2024-57996",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "net_sched: sch_sfq: vulnerability caused by incorrectly handling a packet limit of 1, leading to an array-index-out-of-bounds error and subsequent crash when the queue length is decremented for an empty slot.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-58005",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tpm: Change to kvalloc() in eventlog/acpi.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "GLib is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\r\n\r\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-4598"
},
{
"cve": "CVE-2025-6395",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-6395"
},
{
"cve": "CVE-2025-21701",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "net: vulnerability arises because unregister_netdevice_many_notify might run before the rtnl lock section of ethnl operations, leading to potential use of destroyed locks, which is fixed by denying operations on devices being unregistered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21702",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-21712",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "md/md-bitmap: vulnerability caused by bitmap_get_stats() can be called even if the bitmap is destroyed or not fully initialized, leading to a kernel crash, which is fixed by synchronizing bitmap_get_stats() with bitmap_info.mutex.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21712"
},
{
"cve": "CVE-2025-21724",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index(). Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index() where shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift (an unsigned long value) could result in undefined behavior. The constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds 31 (e.g., pgshift = 63) the shift operation overflows, as the result cannot be represented in a 32-bit type.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21728",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21745",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\r\n\r\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\r\nclass_dev_iter_(init|next)(), but does not end iterating with\r\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\r\n\r\nFix by ending the iterating with class_dev_iter_exit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21758",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21758"
},
{
"cve": "CVE-2025-21765",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv4: use RCU protection in __ip_rt_update_pmtu(). __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it reads does not disappear.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PREEMPT_RT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 get_random_u32+0x4f/0x110 clocksource_verify_choose_cpus+0xab/0x1a0 clocksource_verify_percpu.part.0+0x6b/0x330 clocksource_watchdog_kthread+0x193/0x1a0 It is due to the fact that clocksource_verify_choose_cpus() is invoked with preemption disabled. This function invokes get_random_u32() to obtain random numbers for choosing CPUs. The batched_entropy_32 local lock and/or the base_crng.lock spinlock in driver/char/random.c will be acquired during the call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot be acquired in atomic context. Fix this problem by using migrate_disable() to allow smp_processor_id() to be reliably used without introducing atomic context. preempt_disable() is then called after clocksource_verify_choose_cpus() but before the clocksource measurement is being run to avoid introducing unexpected latency.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21795",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSD: hang in nfsd4_shutdown_callback. If nfs4_client is in courtesy state then there is no point to send the callback. This causes nfsd4_shutdown_callback to hang since cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21848",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\r\n\r\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\r\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21862",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "drop_monitor: incorrect initialization order. If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: drop secpath at the same time as we currently drop dst\r\n\r\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\r\nrunning tests that boil down to:\r\n - create a pair of netns\r\n - run a basic TCP test over ipcomp6\r\n - delete the pair of netns\r\n\r\nThe xfrm_state found on spi_byaddr was not deleted at the time we\r\ndelete the netns, because we still have a reference on it. This\r\nlingering reference comes from a secpath (which holds a ref on the\r\nxfrm_state), which is still attached to an skb. This skb is not\r\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\r\nskb_attempt_defer_free.\r\n\r\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\r\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\r\nthat case, we still have a reference on the xfrm_state that we don\u0027t\r\nexpect at this point.\r\n\r\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\r\nlonger needed, so let\u0027s also drop the secpath. At this point,\r\ntcp_filter has already called into the LSM hooks that may require the\r\nsecpath, so it should not be needed anymore. However, in some of those\r\nplaces, the MPTCP extension has just been attached to the skb, so we\r\ncannot simply drop all extensions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Commit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns dismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger -\u003edellink() twice for the same device during -\u003eexit_batch_rtnl().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-26465",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-26465"
},
{
"cve": "CVE-2025-31115",
"cwe": {
"id": "CWE-826",
"name": "Premature Release of Resource During Expected Lifetime"
},
"notes": [
{
"category": "summary",
"text": "The threaded .xz decoder in liblzma has a vulnerability that can at least result in a crash (denial of service). The effects include heap use after free and writing to an address based on the null pointer plus an offset.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-31115"
},
{
"cve": "CVE-2025-32988",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-32988"
},
{
"cve": "CVE-2025-32989",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-32989"
},
{
"cve": "CVE-2025-46836",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-46836"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…