Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2025-24513
Vulnerability from cvelistv5
Published
2025-03-24 23:29
Modified
2025-03-25 13:39
Severity ?
EPSS score ?
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Version: 0 ≤ 1.11.4 Version: 1.12.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24513", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-25T13:39:36.149148Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-25T13:39:50.057Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ingress-nginx", repo: "https://github.com/kubernetes/ingress-nginx", vendor: "kubernetes", versions: [ { lessThanOrEqual: "1.11.4", status: "affected", version: "0", versionType: "semver", }, { status: "affected", version: "1.12.0", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Nir Ohfeld", }, { lang: "en", type: "finder", value: "Ronen Shustin", }, ], datePublic: "2025-03-24T19:36:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A security issue was discovered in <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\">ingress-nginx</a> where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.", }, ], value: "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.", }, ], impacts: [ { capecId: "CAPEC-126", descriptions: [ { lang: "en", value: "CAPEC-126 Path Traversal", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T23:29:25.215Z", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { url: "https://github.com/kubernetes/kubernetes/issues/131005", }, ], source: { discovery: "EXTERNAL", }, title: "ingress-nginx controller - auth secret file path traversal vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2025-24513", datePublished: "2025-03-24T23:29:25.215Z", dateReserved: "2025-01-23T00:50:17.928Z", dateUpdated: "2025-03-25T13:39:50.057Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2025-24513\",\"sourceIdentifier\":\"jordan@liggitt.net\",\"published\":\"2025-03-25T00:15:14.900\",\"lastModified\":\"2025-03-27T16:45:46.410\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.\"},{\"lang\":\"es\",\"value\":\"Se descubrió un problema de seguridad en ingress-nginx (https://github.com/kubernetes/ingress-nginx). La función Controlador de Admisión de ingress-nginx incluye datos proporcionados por el atacante en un nombre de archivo, lo que provoca un directory traversal dentro del contenedor. Esto podría provocar una denegación de servicio o, en combinación con otras vulnerabilidades, una divulgación limitada de objetos secretos del clúster.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://github.com/kubernetes/kubernetes/issues/131005\",\"source\":\"jordan@liggitt.net\"}]}}", vulnrichment: { containers: "{\"cna\": {\"title\": \"ingress-nginx controller - auth secret file path traversal vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Nir Ohfeld\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ronen Shustin\"}], \"impacts\": [{\"capecId\": \"CAPEC-126\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-126 Path Traversal\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/kubernetes/ingress-nginx\", \"vendor\": \"kubernetes\", \"product\": \"ingress-nginx\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.11.4\"}, {\"status\": \"affected\", \"version\": \"1.12.0\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-03-24T19:36:00.000Z\", \"references\": [{\"url\": \"https://github.com/kubernetes/kubernetes/issues/131005\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A security issue was discovered in <a target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/kubernetes/ingress-nginx\\\">ingress-nginx</a> where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a6081bf6-c852-4425-ad4f-a67919267565\", \"shortName\": \"kubernetes\", \"dateUpdated\": \"2025-03-24T23:29:25.215Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-24513\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-25T13:39:36.149148Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-03-25T13:39:25.280Z\"}}]}", cveMetadata: "{\"cveId\": \"CVE-2025-24513\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-24T23:29:25.215Z\", \"dateReserved\": \"2025-01-23T00:50:17.928Z\", \"assignerOrgId\": \"a6081bf6-c852-4425-ad4f-a67919267565\", \"datePublished\": \"2025-03-24T23:29:25.215Z\", \"assignerShortName\": \"kubernetes\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
ncsc-2025-0106
Vulnerability from csaf_ncscnl
Published
2025-04-08 13:57
Modified
2025-04-08 13:57
Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server en Solid Edge.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (root/admin rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Spoofing
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Dreigingsinformatie
Kans
medium
Schade
high
CWE-287
Improper Authentication
CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
CWE-606
Unchecked Input for Loop Condition
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-363
Race Condition Enabling Link Following
CWE-420
Unprotected Alternate Channel
CWE-684
Incorrect Provision of Specified Functionality
CWE-834
Excessive Iteration
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-319
Cleartext Transmission of Sensitive Information
CWE-354
Improper Validation of Integrity Check Value
CWE-325
Missing Cryptographic Step
CWE-404
Improper Resource Shutdown or Release
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
Uncontrolled Resource Consumption
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-1390
Weak Authentication
CWE-204
Observable Response Discrepancy
CWE-15
External Control of System or Configuration Setting
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-653
Improper Isolation or Compartmentalization
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-620
Unverified Password Change
CWE-798
Use of Hard-coded Credentials
CWE-269
Improper Privilege Management
CWE-295
Improper Certificate Validation
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server en Solid Edge.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (root/admin rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Spoofing\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.", title: "Interpretaties", }, { category: "description", text: "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "description", text: " ", title: "Dreigingsinformatie", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Authentication", title: "CWE-287", }, { category: "general", text: "Use of a Cryptographic Primitive with a Risky Implementation", title: "CWE-1240", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Race Condition Enabling Link Following", title: "CWE-363", }, { category: "general", text: "Unprotected Alternate Channel", title: "CWE-420", }, { category: "general", text: "Incorrect Provision of Specified Functionality", title: "CWE-684", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "general", text: "Expected Behavior Violation", title: "CWE-440", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, { category: "general", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "general", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Weak Authentication", title: "CWE-1390", }, { category: "general", text: "Observable Response Discrepancy", title: "CWE-204", }, { category: "general", text: "External Control of System or Configuration Setting", title: "CWE-15", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Isolation or Compartmentalization", title: "CWE-653", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Unverified Password Change", title: "CWE-620", }, { category: "general", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-187636.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-277137.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-525431.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-634640.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-672923.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-725549.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-819629.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-874353.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-817234.pdf", }, ], title: "Kwetsbaarheden verholpen in Siemens producten", tracking: { current_release_date: "2025-04-08T13:57:11.959816Z", generator: { date: "2025-02-25T15:15:00Z", engine: { name: "V.A.", version: "1.0", }, }, id: "NCSC-2025-0106", initial_release_date: "2025-04-08T13:57:11.959816Z", revision_history: [ { date: "2025-04-08T13:57:11.959816Z", number: "1.0.0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.21.1-1-a", product: { name: "vers:unknown/<v1.21.1-1-a", product_id: "CSAFPID-2631845", }, }, ], category: "product_name", name: "Industrial Edge Own Device (IEOD)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.21.1-1", product: { name: "vers:unknown/<v1.21.1-1", product_id: "CSAFPID-2631844", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.21", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.20.2-1", product: { name: "vers:unknown/<v1.20.2-1", product_id: "CSAFPID-2631843", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.20", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631842", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.19", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631841", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.18", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631840", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.17", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.21.1-1", product: { name: "vers:unknown/<v1.21.1-1", product_id: "CSAFPID-2631839", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.21", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.20.2-1", product: { name: "vers:unknown/<v1.20.2-1", product_id: "CSAFPID-2631838", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.20", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631837", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.19", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631836", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.18", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631835", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.17", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631900", }, }, ], category: "product_name", name: "SENTRON 7KT PAC1260 Data Manager", }, { branches: [ { category: "product_version_range", name: "vers:unknown/4.0", product: { name: "vers:unknown/4.0", product_id: "CSAFPID-2632341", }, }, { category: "product_version_range", name: "vers:unknown/4.1", product: { name: "vers:unknown/4.1", product_id: "CSAFPID-2632342", }, }, { category: "product_version_range", name: "vers:unknown/4.2", product: { name: "vers:unknown/4.2", product_id: "CSAFPID-2632343", }, }, ], category: "product_name", name: "License Server", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v4.3", product: { name: "vers:unknown/<v4.3", product_id: "CSAFPID-2631790", }, }, ], category: "product_name", name: "Siemens License Server (SLS)", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:siemens/224.0 update 12", product: { name: "vers:siemens/224.0 update 12", product_id: "CSAFPID-2632460", }, }, { category: "product_version_range", name: "vers:siemens/225.0 update 3", product: { name: "vers:siemens/225.0 update 3", product_id: "CSAFPID-2632459", }, }, ], category: "product_name", name: "Solid Edge", }, { branches: [ { category: "product_version_range", name: "vers:siemens/v224.0 update 12", product: { name: "vers:siemens/v224.0 update 12", product_id: "CSAFPID-2632083", }, }, ], category: "product_name", name: "Solid_Edge_Se2024", }, { branches: [ { category: "product_version_range", name: "vers:siemens/2.0 sp1", product: { name: "vers:siemens/2.0 sp1", product_id: "CSAFPID-1211926", }, }, ], category: "product_name", name: "SINEC Network Management System", }, { branches: [ { category: "product_version_range", name: "vers:unknown/none", product: { name: "vers:unknown/none", product_id: "CSAFPID-2619361", }, }, ], category: "product_name", name: "Siemens Simatic S7-1500 Tm Mfp", }, { branches: [ { category: "product_version_range", name: "vers:unknown/>=3|<312", product: { name: "vers:unknown/>=3|<312", product_id: "CSAFPID-1209122", }, }, ], category: "product_name", name: "Siemens Telecontrol Server Basic", }, ], category: "product_family", name: "Siemens", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v224.0update12", product: { name: "vers:unknown/<v224.0update12", product_id: "CSAFPID-2631854", }, }, ], category: "product_name", name: "Solid Edge SE2024", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v225.0update3", product: { name: "vers:unknown/<v225.0update3", product_id: "CSAFPID-2631855", }, }, ], category: "product_name", name: "Solid Edge SE2025", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2.0.0", product: { name: "vers:unknown/<v2.0.0", product_id: "CSAFPID-1296722", }, }, ], category: "product_name", name: "SIMATIC CFU DIQ", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2.0", product: { name: "vers:unknown/<v2.0", product_id: "CSAFPID-2631923", }, }, { category: "product_version_range", name: "vers:unknown/<v2.0.0", product: { name: "vers:unknown/<v2.0.0", product_id: "CSAFPID-1296723", }, }, ], category: "product_name", name: "SIMATIC CFU PA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631924", }, }, ], category: "product_name", name: "SIMATIC ET 200AL IM 157-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631925", }, }, ], category: "product_name", name: "SIMATIC ET 200M IM 153-4 PN IO HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631926", }, }, ], category: "product_name", name: "SIMATIC ET 200M IM 153-4 PN IO ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631927", }, }, ], category: "product_name", name: "SIMATIC ET 200MP IM 155-5 PN BA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631928", }, }, ], category: "product_name", name: "SIMATIC ET 200MP IM 155-5 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631929", }, }, ], category: "product_name", name: "SIMATIC ET 200MP IM 155-5 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631932", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN FO", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631933", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631934", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN HS", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631935", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765658", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-8 PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765659", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-8F PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631856", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1510SP F-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631858", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1510SP-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631860", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1512SP F-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631862", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1512SP-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765660", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 MF HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631936", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN BA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.3", product: { name: "vers:unknown/<v1.3", product_id: "CSAFPID-2631937", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631938", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631939", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN HS", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631940", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631920", }, }, ], category: "product_name", name: "SIDOOR ATD430W", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631921", }, }, ], category: "product_name", name: "SIDOOR ATE530G COATED", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631922", }, }, ], category: "product_name", name: "SIDOOR ATE530S COATED", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631967", }, }, ], category: "product_name", name: "SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631968", }, }, ], category: "product_name", name: "SIMOCODE pro V PROFINET", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631969", }, }, ], category: "product_name", name: "SINUMERIK 840D sl", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632004", }, }, ], category: "product_name", name: "SIWAREX WP231", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632005", }, }, ], category: "product_name", name: "SIWAREX WP241", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632006", }, }, ], category: "product_name", name: "SIWAREX WP251", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632007", }, }, ], category: "product_name", name: "SIWAREX WP521 ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632008", }, }, ], category: "product_name", name: "SIWAREX WP522 ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631966", }, }, ], category: "product_name", name: "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765690", }, }, ], category: "product_name", name: "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765691", }, }, ], category: "product_name", name: "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.3", product: { name: "vers:unknown/<v8.3", product_id: "CSAFPID-2459039", }, }, ], category: "product_name", name: "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631970", }, }, ], category: "product_name", name: "SIPLUS ET 200M IM 153-4 PN IO HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631971", }, }, ], category: "product_name", name: "SIPLUS ET 200M IM 153-4 PN IO ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631972", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631973", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631974", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631975", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765700", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM 151-8 PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765701", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM 151-8F PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631976", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM151-3 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631977", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM151-3 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1296980", }, }, ], category: "product_name", name: "SIPLUS ET 200SP CPU 1512SP F-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631978", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631979", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631980", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631981", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631982", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST BA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631983", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631984", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631985", }, }, ], category: "product_name", name: "SIPLUS HCS4200 CIM4210", }, { branches: [ { category: "product_version_range", name: "vers:unknown/10.16.0", product: { name: "vers:unknown/10.16.0", product_id: "CSAFPID-2632402", }, }, ], category: "product_name", name: "Mendix Runtime", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v10.21.0", product: { name: "vers:unknown/<v10.21.0", product_id: "CSAFPID-2631802", }, }, ], category: "product_name", name: "Mendix Runtime V10", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631803", }, }, ], category: "product_name", name: "Mendix Runtime V10.12", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631804", }, }, ], category: "product_name", name: "Mendix Runtime V10.18", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631805", }, }, ], category: "product_name", name: "Mendix Runtime V10.6", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1296837", }, }, ], category: "product_name", name: "Mendix Runtime V8", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v9.24.34", product: { name: "vers:unknown/<v9.24.34", product_id: "CSAFPID-2631806", }, }, ], category: "product_name", name: "Mendix Runtime V9", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2022-21658", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "other", text: "Race Condition Enabling Link Following", title: "CWE-363", }, { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2022-21658", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-21658.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2022-21658", }, { cve: "CVE-2023-2975", cwe: { id: "CWE-287", name: "Improper Authentication", }, notes: [ { category: "other", text: "Improper Authentication", title: "CWE-287", }, { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-2975", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2975.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-2975", }, { cve: "CVE-2023-3446", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Use of a Cryptographic Primitive with a Risky Implementation", title: "CWE-1240", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-3446", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3446.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-3446", }, { cve: "CVE-2023-3817", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Use of a Cryptographic Primitive with a Risky Implementation", title: "CWE-1240", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-3817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-3817", }, { cve: "CVE-2023-4807", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-4807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4807.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-4807", }, { cve: "CVE-2023-5363", cwe: { id: "CWE-325", name: "Missing Cryptographic Step", }, notes: [ { category: "other", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Incorrect Provision of Specified Functionality", title: "CWE-684", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-5363", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5363.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-5363", }, { cve: "CVE-2023-5678", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "other", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-5678", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json", }, ], title: "CVE-2023-5678", }, { cve: "CVE-2023-7104", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-7104", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-7104", }, { cve: "CVE-2024-0056", cwe: { id: "CWE-420", name: "Unprotected Alternate Channel", }, notes: [ { category: "other", text: "Unprotected Alternate Channel", title: "CWE-420", }, { category: "other", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-0056", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0056.json", }, ], scores: [ { cvss_v3: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-0056", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-0232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json", }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-0727", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-0727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-0727", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-9143", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-9143", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json", }, ], title: "CVE-2024-9143", }, { cve: "CVE-2024-21319", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-21319", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21319.json", }, ], title: "CVE-2024-21319", }, { cve: "CVE-2024-23814", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-23814", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23814.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-23814", }, { cve: "CVE-2024-30105", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-30105", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30105.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-30105", }, { cve: "CVE-2024-41788", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41788", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41788.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41788", }, { cve: "CVE-2024-41789", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41789", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41789.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41789", }, { cve: "CVE-2024-41790", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41790", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41790.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41790", }, { cve: "CVE-2024-41791", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41791.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41791", }, { cve: "CVE-2024-41792", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41792", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41792.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41792", }, { cve: "CVE-2024-41793", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41793", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41793.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41793", }, { cve: "CVE-2024-41794", cwe: { id: "CWE-798", name: "Use of Hard-coded Credentials", }, notes: [ { category: "other", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41794", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41794.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41794", }, { cve: "CVE-2024-41795", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, notes: [ { category: "other", text: "Cross-Site Request Forgery (CSRF)", title: "CWE-352", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41795.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41795", }, { cve: "CVE-2024-41796", cwe: { id: "CWE-620", name: "Unverified Password Change", }, notes: [ { category: "other", text: "Unverified Password Change", title: "CWE-620", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41796", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41796.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41796", }, { cve: "CVE-2024-54091", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-54091", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54091.json", }, ], title: "CVE-2024-54091", }, { cve: "CVE-2024-54092", cwe: { id: "CWE-1390", name: "Weak Authentication", }, notes: [ { category: "other", text: "Weak Authentication", title: "CWE-1390", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-54092", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54092.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-54092", }, { cve: "CVE-2025-30280", cwe: { id: "CWE-204", name: "Observable Response Discrepancy", }, notes: [ { category: "other", text: "Observable Response Discrepancy", title: "CWE-204", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-30280", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30280.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-30280", }, { cve: "CVE-2025-1097", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-1097", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1097.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-1097", }, { cve: "CVE-2025-24514", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-24514", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24514.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-24514", }, { cve: "CVE-2025-24513", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-24513", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24513.json", }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-24513", }, { cve: "CVE-2025-1974", cwe: { id: "CWE-653", name: "Improper Isolation or Compartmentalization", }, notes: [ { category: "other", text: "Improper Isolation or Compartmentalization", title: "CWE-653", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-1974", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1974.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-1974", }, { cve: "CVE-2025-1098", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-1098", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1098.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-1098", }, { cve: "CVE-2025-29999", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-29999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-29999.json", }, ], title: "CVE-2025-29999", }, { cve: "CVE-2025-30000", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-30000", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30000.json", }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-30000", }, ], }
ncsc-2025-0095
Vulnerability from csaf_ncscnl
Published
2025-03-25 07:13
Modified
2025-03-27 14:41
Summary
Kwetsbaarheden verholpen in Kubernetes Ingress NGINX Controller
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Kubernetes heeft een aantal kwetsbaarheden in de Ingress NGINX Controller verholpen. Deze kwetsbaarheden stellen kwaadwillenden in staat een ongeauthenticeerde remote code execution (RCE) uit voeren.
Interpretaties
De kwetsbaarheden bevinden zich in de `ingress-nginx controller`. Deze kwetsbaarheden omvatten onder andere een kritieke remote code execution (RCE) escalatie, die verband houdt met de ingress-nginx admission controller. Een ongeauthenticeerde kwaadwillende met toegang tot het pod-netwerk kan willekeurige code uitvoeren, wat kan leiden tot de toegang van gevoelige informatie, of mogelijk zelfs overname van het cluster. Daarnaast zijn er problemen gerapporteerd met de `auth-tls-match-cn`, `mirror-target`, `mirror-host`, en `auth-url` Ingress annotaties, die allemaal kunnen leiden tot configuratie-injectie en ongeautoriseerde code-uitvoering.
Voor de duidelijkheid: De kwetsbaarheden hebben betrekking op de `Kubernetes ingress-nginx controller`. Zowel de basissoftware van Kubernetes als NginX zijn niet getroffen.
Onderzoekers hebben Proof-of-Concept-code (PoC) gepubliceerd, waarmee de kwetsbaarheden kunnen worden aangetoond. De PoC vereist Brute-forcing maar weet uiteindelijk RCE te bewerkstelligen met rechten van de applicatie. Overname van het systeem, of volledige controle lijkt niet mogelijk, maar het is aannemelijk dat er in de komende periode een toename in pogingen tot misbruik zal zijn.
Oplossingen
Kubernetes heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-653
Improper Isolation or Compartmentalization
CWE-20
Improper Input Validation
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Kubernetes heeft een aantal kwetsbaarheden in de Ingress NGINX Controller verholpen. Deze kwetsbaarheden stellen kwaadwillenden in staat een ongeauthenticeerde remote code execution (RCE) uit voeren. ", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden bevinden zich in de `ingress-nginx controller`. Deze kwetsbaarheden omvatten onder andere een kritieke remote code execution (RCE) escalatie, die verband houdt met de ingress-nginx admission controller. Een ongeauthenticeerde kwaadwillende met toegang tot het pod-netwerk kan willekeurige code uitvoeren, wat kan leiden tot de toegang van gevoelige informatie, of mogelijk zelfs overname van het cluster. Daarnaast zijn er problemen gerapporteerd met de `auth-tls-match-cn`, `mirror-target`, `mirror-host`, en `auth-url` Ingress annotaties, die allemaal kunnen leiden tot configuratie-injectie en ongeautoriseerde code-uitvoering.\n\nVoor de duidelijkheid: De kwetsbaarheden hebben betrekking op de `Kubernetes ingress-nginx controller`. Zowel de basissoftware van Kubernetes als NginX zijn niet getroffen.\n\nOnderzoekers hebben Proof-of-Concept-code (PoC) gepubliceerd, waarmee de kwetsbaarheden kunnen worden aangetoond. De PoC vereist Brute-forcing maar weet uiteindelijk RCE te bewerkstelligen met rechten van de applicatie. Overname van het systeem, of volledige controle lijkt niet mogelijk, maar het is aannemelijk dat er in de komende periode een toename in pogingen tot misbruik zal zijn.", title: "Interpretaties", }, { category: "description", text: "Kubernetes heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Isolation or Compartmentalization", title: "CWE-653", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - ncscclear", url: "https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974", }, { category: "external", summary: "Reference - certbundde; cveprojectv5; github; nvd; redhat", url: "https://github.com/kubernetes/kubernetes/issues/131006", }, { category: "external", summary: "Reference - certbundde; cveprojectv5; github; nvd; redhat", url: "https://github.com/kubernetes/kubernetes/issues/131007", }, { category: "external", summary: "Reference - certbundde; cveprojectv5; github; nvd; redhat", url: "https://github.com/kubernetes/kubernetes/issues/131008", }, { category: "external", summary: "Reference - certbundde; cveprojectv5; github; nvd; redhat", url: "https://github.com/kubernetes/kubernetes/issues/131005", }, { category: "external", summary: "Reference - certbundde; github; ncscclear", url: "https://github.com/kubernetes/kubernetes/issues/131009", }, ], title: "Kwetsbaarheden verholpen in Kubernetes Ingress NGINX Controller ", tracking: { current_release_date: "2025-03-27T14:41:30.387171Z", generator: { date: "2025-02-25T15:15:00Z", engine: { name: "V.A.", version: "1.0", }, }, id: "NCSC-2025-0095", initial_release_date: "2025-03-25T07:13:08.093318Z", revision_history: [ { date: "2025-03-25T07:13:08.093318Z", number: "1.0.0", summary: "Initiele versie", }, { date: "2025-03-27T14:41:30.387171Z", number: "1.0.1", summary: "Onderzoekers hebben Proof-of-Concept-code (PoC) gepubliceerd.", }, ], status: "final", version: "1.0.1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:semver/<=1.11.4", product: { name: "vers:semver/<=1.11.4", product_id: "CSAFPID-2556266", }, }, { category: "product_version_range", name: "vers:unknown/1.12.0", product: { name: "vers:unknown/1.12.0", product_id: "CSAFPID-2556267", }, }, ], category: "product_name", name: "ingress-nginx", }, ], category: "vendor", name: "Kubernetes", }, ], }, vulnerabilities: [ { cve: "CVE-2025-1974", cwe: { id: "CWE-653", name: "Improper Isolation or Compartmentalization", }, notes: [ { category: "other", text: "Improper Isolation or Compartmentalization", title: "CWE-653", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], product_status: { known_affected: [ "CSAFPID-2556266", "CSAFPID-2556267", ], }, references: [ { category: "self", summary: "CVE-2025-1974", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1974.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2556266", "CSAFPID-2556267", ], }, ], title: "CVE-2025-1974", }, { cve: "CVE-2025-1097", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2556266", "CSAFPID-2556267", ], }, references: [ { category: "self", summary: "CVE-2025-1097", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1097.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2556266", "CSAFPID-2556267", ], }, ], title: "CVE-2025-1097", }, { cve: "CVE-2025-1098", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2556266", "CSAFPID-2556267", ], }, references: [ { category: "self", summary: "CVE-2025-1098", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1098.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2556266", "CSAFPID-2556267", ], }, ], title: "CVE-2025-1098", }, { cve: "CVE-2025-24514", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2556266", "CSAFPID-2556267", ], }, references: [ { category: "self", summary: "CVE-2025-24514", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24514.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2556266", "CSAFPID-2556267", ], }, ], title: "CVE-2025-24514", }, { cve: "CVE-2025-24513", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-2556266", "CSAFPID-2556267", ], }, references: [ { category: "self", summary: "CVE-2025-24513", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24513.json", }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-2556266", "CSAFPID-2556267", ], }, ], title: "CVE-2025-24513", }, ], }
opensuse-su-2025:14937-1
Vulnerability from csaf_opensuse
Published
2025-03-28 00:00
Modified
2025-03-28 00:00
Summary
govulncheck-vulndb-0.0.20250327T184518-1.1 on GA media
Notes
Title of the patch
govulncheck-vulndb-0.0.20250327T184518-1.1 on GA media
Description of the patch
These are all security issues fixed in the govulncheck-vulndb-0.0.20250327T184518-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14937
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "govulncheck-vulndb-0.0.20250327T184518-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the govulncheck-vulndb-0.0.20250327T184518-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2025-14937", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14937-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2025:14937-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NEVFAGUWHTVZSJTUAIU6C4S26DP2KIGB/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2025:14937-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NEVFAGUWHTVZSJTUAIU6C4S26DP2KIGB/", }, { category: "self", summary: "SUSE CVE CVE-2024-25132 page", url: "https://www.suse.com/security/cve/CVE-2024-25132/", }, { category: "self", summary: "SUSE CVE CVE-2024-53348 page", url: "https://www.suse.com/security/cve/CVE-2024-53348/", }, { category: "self", summary: "SUSE CVE CVE-2024-53351 page", url: "https://www.suse.com/security/cve/CVE-2024-53351/", }, { category: "self", summary: "SUSE CVE CVE-2024-7598 page", url: "https://www.suse.com/security/cve/CVE-2024-7598/", }, { category: "self", summary: "SUSE CVE CVE-2024-7631 page", url: "https://www.suse.com/security/cve/CVE-2024-7631/", }, { category: "self", summary: "SUSE CVE CVE-2024-9042 page", url: "https://www.suse.com/security/cve/CVE-2024-9042/", }, { category: "self", summary: "SUSE CVE CVE-2024-9900 page", url: "https://www.suse.com/security/cve/CVE-2024-9900/", }, { category: "self", summary: "SUSE CVE CVE-2025-1097 page", url: "https://www.suse.com/security/cve/CVE-2025-1097/", }, { category: "self", summary: "SUSE CVE CVE-2025-1098 page", url: "https://www.suse.com/security/cve/CVE-2025-1098/", }, { category: "self", summary: "SUSE CVE CVE-2025-1472 page", url: "https://www.suse.com/security/cve/CVE-2025-1472/", }, { category: "self", summary: "SUSE CVE CVE-2025-1767 page", url: "https://www.suse.com/security/cve/CVE-2025-1767/", }, { category: "self", summary: "SUSE CVE CVE-2025-1974 page", url: "https://www.suse.com/security/cve/CVE-2025-1974/", }, { category: "self", summary: "SUSE CVE CVE-2025-24513 page", url: "https://www.suse.com/security/cve/CVE-2025-24513/", }, { category: "self", summary: "SUSE CVE CVE-2025-24514 page", url: "https://www.suse.com/security/cve/CVE-2025-24514/", }, { category: "self", summary: "SUSE CVE CVE-2025-24920 page", url: "https://www.suse.com/security/cve/CVE-2025-24920/", }, { category: "self", summary: "SUSE CVE CVE-2025-25068 page", url: "https://www.suse.com/security/cve/CVE-2025-25068/", }, { category: "self", summary: "SUSE CVE CVE-2025-25274 page", url: "https://www.suse.com/security/cve/CVE-2025-25274/", }, { category: "self", summary: "SUSE CVE CVE-2025-27612 page", url: "https://www.suse.com/security/cve/CVE-2025-27612/", }, { category: "self", summary: "SUSE CVE CVE-2025-27715 page", url: "https://www.suse.com/security/cve/CVE-2025-27715/", }, { category: "self", summary: "SUSE CVE CVE-2025-27933 page", url: "https://www.suse.com/security/cve/CVE-2025-27933/", }, { category: "self", summary: "SUSE CVE CVE-2025-29778 page", url: "https://www.suse.com/security/cve/CVE-2025-29778/", }, { category: "self", summary: "SUSE CVE CVE-2025-29914 page", url: "https://www.suse.com/security/cve/CVE-2025-29914/", }, { category: "self", summary: "SUSE CVE CVE-2025-29922 page", url: "https://www.suse.com/security/cve/CVE-2025-29922/", }, { category: "self", summary: "SUSE CVE CVE-2025-29923 page", url: "https://www.suse.com/security/cve/CVE-2025-29923/", }, { category: "self", summary: "SUSE CVE CVE-2025-30077 page", url: "https://www.suse.com/security/cve/CVE-2025-30077/", }, { category: "self", summary: "SUSE CVE CVE-2025-30153 page", url: "https://www.suse.com/security/cve/CVE-2025-30153/", }, { category: "self", summary: "SUSE CVE CVE-2025-30162 page", url: "https://www.suse.com/security/cve/CVE-2025-30162/", }, { category: "self", summary: "SUSE CVE CVE-2025-30163 page", url: "https://www.suse.com/security/cve/CVE-2025-30163/", }, { category: "self", summary: "SUSE CVE CVE-2025-30179 page", url: "https://www.suse.com/security/cve/CVE-2025-30179/", }, { category: "self", summary: "SUSE CVE CVE-2025-30204 page", url: "https://www.suse.com/security/cve/CVE-2025-30204/", }, ], title: "govulncheck-vulndb-0.0.20250327T184518-1.1 on GA media", tracking: { current_release_date: "2025-03-28T00:00:00Z", generator: { date: "2025-03-28T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2025:14937-1", initial_release_date: "2025-03-28T00:00:00Z", revision_history: [ { date: "2025-03-28T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", product: { name: "govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", product_id: "govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", product: { name: "govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", product_id: "govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", product: { name: "govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", product_id: "govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", product: { name: "govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", product_id: "govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", }, product_reference: "govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", }, product_reference: "govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20250327T184518-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", }, product_reference: "govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", }, product_reference: "govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25132", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-25132", }, ], notes: [ { category: "general", text: "A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the spec.hibernateAfter value. If a ClusterSync.hiveinternal.openshift.io/v1alpha1 resource is also created, the hive hibernation controller will enter the reconciliation loop leading to a panic when accessing a non-existing field in the ClusterDeployment's status section, resulting in a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-25132", url: "https://www.suse.com/security/cve/CVE-2024-25132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-25132", }, { cve: "CVE-2024-53348", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-53348", }, ], notes: [ { category: "general", text: "LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-53348", url: "https://www.suse.com/security/cve/CVE-2024-53348", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "important", }, ], title: "CVE-2024-53348", }, { cve: "CVE-2024-53351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-53351", }, ], notes: [ { category: "general", text: "Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-53351", url: "https://www.suse.com/security/cve/CVE-2024-53351", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "critical", }, ], title: "CVE-2024-53351", }, { cve: "CVE-2024-7598", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-7598", }, ], notes: [ { category: "general", text: "A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-7598", url: "https://www.suse.com/security/cve/CVE-2024-7598", }, { category: "external", summary: "SUSE Bug 1240110 for CVE-2024-7598", url: "https://bugzilla.suse.com/1240110", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "low", }, ], title: "CVE-2024-7598", }, { cve: "CVE-2024-7631", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-7631", }, ], notes: [ { category: "general", text: "A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-7631", url: "https://www.suse.com/security/cve/CVE-2024-7631", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-7631", }, { cve: "CVE-2024-9042", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-9042", }, ], notes: [ { category: "general", text: "This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-9042", url: "https://www.suse.com/security/cve/CVE-2024-9042", }, { category: "external", summary: "SUSE Bug 1235978 for CVE-2024-9042", url: "https://bugzilla.suse.com/1235978", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "important", }, ], title: "CVE-2024-9042", }, { cve: "CVE-2024-9900", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-9900", }, ], notes: [ { category: "general", text: "mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts in the context of the victim's browser, potentially compromising user sessions, stealing session cookies, redirecting users to malicious websites, or manipulating the DOM.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-9900", url: "https://www.suse.com/security/cve/CVE-2024-9900", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-9900", }, { cve: "CVE-2025-1097", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-1097", }, ], notes: [ { category: "general", text: "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-1097", url: "https://www.suse.com/security/cve/CVE-2025-1097", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "important", }, ], title: "CVE-2025-1097", }, { cve: "CVE-2025-1098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-1098", }, ], notes: [ { category: "general", text: "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-1098", url: "https://www.suse.com/security/cve/CVE-2025-1098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "important", }, ], title: "CVE-2025-1098", }, { cve: "CVE-2025-1472", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-1472", }, ], notes: [ { category: "general", text: "Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-1472", url: "https://www.suse.com/security/cve/CVE-2025-1472", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2025-1472", }, { cve: "CVE-2025-1767", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-1767", }, ], notes: [ { category: "general", text: "This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-1767", url: "https://www.suse.com/security/cve/CVE-2025-1767", }, { category: "external", summary: "SUSE Bug 1239643 for CVE-2025-1767", url: "https://bugzilla.suse.com/1239643", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2025-1767", }, { cve: "CVE-2025-1974", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-1974", }, ], notes: [ { category: "general", text: "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-1974", url: "https://www.suse.com/security/cve/CVE-2025-1974", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "critical", }, ], title: "CVE-2025-1974", }, { cve: "CVE-2025-24513", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-24513", }, ], notes: [ { category: "general", text: "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-24513", url: "https://www.suse.com/security/cve/CVE-2025-24513", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2025-24513", }, { cve: "CVE-2025-24514", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-24514", }, ], notes: [ { category: "general", text: "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-24514", url: "https://www.suse.com/security/cve/CVE-2025-24514", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "important", }, ], title: "CVE-2025-24514", }, { cve: "CVE-2025-24920", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-24920", }, ], notes: [ { category: "general", text: "Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-24920", url: "https://www.suse.com/security/cve/CVE-2025-24920", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2025-24920", }, { cve: "CVE-2025-25068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-25068", }, ], notes: [ { category: "general", text: "Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-25068", url: "https://www.suse.com/security/cve/CVE-2025-25068", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "important", }, ], title: "CVE-2025-25068", }, { cve: "CVE-2025-25274", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-25274", }, ], notes: [ { category: "general", text: "Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-25274", url: "https://www.suse.com/security/cve/CVE-2025-25274", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "important", }, ], title: "CVE-2025-25274", }, { cve: "CVE-2025-27612", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-27612", }, ], notes: [ { category: "general", text: "libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-27612", url: "https://www.suse.com/security/cve/CVE-2025-27612", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2025-27612", }, { cve: "CVE-2025-27715", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-27715", }, ], notes: [ { category: "general", text: "Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-27715", url: "https://www.suse.com/security/cve/CVE-2025-27715", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "low", }, ], title: "CVE-2025-27715", }, { cve: "CVE-2025-27933", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-27933", }, ], notes: [ { category: "general", text: "Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-27933", url: "https://www.suse.com/security/cve/CVE-2025-27933", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2025-27933", }, { cve: "CVE-2025-29778", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-29778", }, ], notes: [ { category: "general", text: "Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-29778", url: "https://www.suse.com/security/cve/CVE-2025-29778", }, { category: "external", summary: "SUSE Bug 1240021 for CVE-2025-29778", url: "https://bugzilla.suse.com/1240021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2025-29778", }, { cve: "CVE-2025-29914", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-29914", }, ], notes: [ { category: "general", text: "OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUEST_FILENAME will be set to /uploads/foo.php. This can lead to a rules bypass. This vulnerability is fixed in 3.3.3.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-29914", url: "https://www.suse.com/security/cve/CVE-2025-29914", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2025-29914", }, { cve: "CVE-2025-29922", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-29922", }, ], notes: [ { category: "general", text: "kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By design, this should only be allowed when the workspace owner decides to give access to an API provider by creating an APIBinding. With this vulnerability, it is possible for an attacker to create and delete objects even if none of these requirements are satisfied, i.e. even if there is no APIBinding in that workspace at all or the workspace owner has created an APIBinding, but rejected a permission claim. A fix for this issue has been identified and has been published with kcp 0.26.3 and 0.27.0.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-29922", url: "https://www.suse.com/security/cve/CVE-2025-29922", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "critical", }, ], title: "CVE-2025-29922", }, { cve: "CVE-2025-29923", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-29923", }, ], notes: [ { category: "general", text: "go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen when the client is configured to transmit its identity, there are network connectivity issues, or the client was configured with aggressive timeouts. The problem occurs for multiple use cases. For sticky connections, you receive persistent out-of-order responses for the lifetime of the connection. All commands in the pipeline receive incorrect responses. When used with the default ConnPool once a connection is returned after use with ConnPool#Put the read buffer will be checked and the connection will be marked as bad due to the unread data. This means that at most one out-of-order response before the connection is discarded. This issue is fixed in 9.5.5, 9.6.3, and 9.7.3. You can prevent the vulnerability by setting the flag DisableIndentity to true when constructing the client instance.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-29923", url: "https://www.suse.com/security/cve/CVE-2025-29923", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "low", }, ], title: "CVE-2025-29923", }, { cve: "CVE-2025-30077", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-30077", }, ], notes: [ { category: "general", text: "Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-30077", url: "https://www.suse.com/security/cve/CVE-2025-30077", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2025-30077", }, { cve: "CVE-2025-30153", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-30153", }, ], notes: [ { category: "general", text: "kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb), causing the server to consume all available system memory. The root cause comes from the ZipFileBodyDecoder, which is registered automatically by the module (contrary to what the documentation says). This vulnerability is fixed in 0.131.0.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-30153", url: "https://www.suse.com/security/cve/CVE-2025-30153", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "important", }, ], title: "CVE-2025-30153", }, { cve: "CVE-2025-30162", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-30162", }, ], notes: [ { category: "general", text: "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces, egress traffic from workloads covered by such network policies to LoadBalancers configured by `Gateway` resources will incorrectly be allowed. LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue. This issue affects: Cilium v1.15 between v1.15.0 and v1.15.14 inclusive, v1.16 between v1.16.0 and v1.16.7 inclusive, and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.15.15, v1.16.8, and v1.17.2. A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-30162", url: "https://www.suse.com/security/cve/CVE-2025-30162", }, { category: "external", summary: "SUSE Bug 1240019 for CVE-2025-30162", url: "https://bugzilla.suse.com/1240019", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "low", }, ], title: "CVE-2025-30162", }, { cve: "CVE-2025-30163", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-30163", }, ], notes: [ { category: "general", text: "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of network policies. Node based network policy is disabled by default in Cilium. This issue affects: Cilium v1.16 between v1.16.0 and v1.16.7 inclusive and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.16.8 and v1.17.2. Users can work around this issue by ensuring that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-30163", url: "https://www.suse.com/security/cve/CVE-2025-30163", }, { category: "external", summary: "SUSE Bug 1240020 for CVE-2025-30163", url: "https://bugzilla.suse.com/1240020", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "low", }, ], title: "CVE-2025-30163", }, { cve: "CVE-2025-30179", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-30179", }, ], notes: [ { category: "general", text: "Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-30179", url: "https://www.suse.com/security/cve/CVE-2025-30179", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2025-30179", }, { cve: "CVE-2025-30204", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-30204", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Prior to \n5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-30204", url: "https://www.suse.com/security/cve/CVE-2025-30204", }, { category: "external", summary: "SUSE Bug 1240442 for CVE-2025-30204", url: "https://bugzilla.suse.com/1240442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250327T184518-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-28T00:00:00Z", details: "important", }, ], title: "CVE-2025-30204", }, ], }
ghsa-242m-6h72-7hgp
Vulnerability from github
Published
2025-03-25 00:30
Modified
2025-03-25 15:10
Severity ?
Summary
ingress-nginx controller - auth secret file path traversal vulnerability
Details
A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
{ affected: [ { package: { ecosystem: "Go", name: "k8s.io/ingress-nginx", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "1.11.5", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Go", name: "k8s.io/ingress-nginx", }, ranges: [ { events: [ { introduced: "1.12.0-beta.0", }, { fixed: "1.12.1", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2025-24513", ], database_specific: { cwe_ids: [ "CWE-20", "CWE-22", ], github_reviewed: true, github_reviewed_at: "2025-03-25T15:10:08Z", nvd_published_at: "2025-03-25T00:15:14Z", severity: "MODERATE", }, details: "A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.", id: "GHSA-242m-6h72-7hgp", modified: "2025-03-25T15:10:08Z", published: "2025-03-25T00:30:26Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-24513", }, { type: "WEB", url: "https://github.com/kubernetes/kubernetes/issues/131005", }, { type: "PACKAGE", url: "https://github.com/kubernetes/ingress-nginx", }, { type: "WEB", url: "https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5", }, { type: "WEB", url: "https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1", }, { type: "WEB", url: "https://groups.google.com/g/kubernetes-security-announce/c/2qa9DFtN0cQ", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", type: "CVSS_V3", }, ], summary: "ingress-nginx controller - auth secret file path traversal vulnerability", }
fkie_cve-2025-24513
Vulnerability from fkie_nvd
Published
2025-03-25 00:15
Modified
2025-03-27 16:45
Severity ?
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.", }, { lang: "es", value: "Se descubrió un problema de seguridad en ingress-nginx (https://github.com/kubernetes/ingress-nginx). La función Controlador de Admisión de ingress-nginx incluye datos proporcionados por el atacante en un nombre de archivo, lo que provoca un directory traversal dentro del contenedor. Esto podría provocar una denegación de servicio o, en combinación con otras vulnerabilidades, una divulgación limitada de objetos secretos del clúster.", }, ], id: "CVE-2025-24513", lastModified: "2025-03-27T16:45:46.410", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "jordan@liggitt.net", type: "Secondary", }, ], }, published: "2025-03-25T00:15:14.900", references: [ { source: "jordan@liggitt.net", url: "https://github.com/kubernetes/kubernetes/issues/131005", }, ], sourceIdentifier: "jordan@liggitt.net", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "jordan@liggitt.net", type: "Secondary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.