Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-24974
Vulnerability from cvelistv5
Published
2024-07-08 10:20
Modified
2024-08-10 03:55
Severity ?
EPSS score ?
Summary
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "openvpn", vendor: "openvpn", versions: [ { lessThan: "2.5.10", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:openvpn:openvpn:2.6.0:-:*:*:community:*:*:*", ], defaultStatus: "unaffected", product: "openvpn", vendor: "openvpn", versions: [ { lessThan: "2.6.10", status: "affected", version: "2.6.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-24974", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-09T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-10T03:55:21.896Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:36:21.292Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://community.openvpn.net/openvpn/wiki/CVE-2024-24974", }, { tags: [ "x_transferred", ], url: "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/", }, { tags: [ "x_transferred", ], url: "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "Interactive Service", ], platforms: [ "Windows", ], product: "OpenVPN 2", vendor: "OpenVPN", versions: [ { status: "affected", version: "2.6.9 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-923", description: "Improper Restriction of Communication Channel to Intended Endpoints", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-08T10:22:24.212Z", orgId: "36a55730-e66d-4d39-8ca6-3c3b3017965e", shortName: "OpenVPN", }, references: [ { url: "https://community.openvpn.net/openvpn/wiki/CVE-2024-24974", }, { url: "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/", }, { url: "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html", }, ], }, }, cveMetadata: { assignerOrgId: "36a55730-e66d-4d39-8ca6-3c3b3017965e", assignerShortName: "OpenVPN", cveId: "CVE-2024-24974", datePublished: "2024-07-08T10:20:34.520Z", dateReserved: "2024-03-12T18:26:01.713Z", dateUpdated: "2024-08-10T03:55:21.896Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-24974\",\"sourceIdentifier\":\"security@openvpn.net\",\"published\":\"2024-07-08T11:15:10.103\",\"lastModified\":\"2024-11-21T09:00:04.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.\"},{\"lang\":\"es\",\"value\":\"El servicio interactivo en OpenVPN 2.6.9 y versiones anteriores permite acceder remotamente al canal del servicio OpenVPN, lo que permite a un atacante remoto interactuar con el servicio interactivo privilegiado OpenVPN.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@openvpn.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-923\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*\",\"versionEndExcluding\":\"2.5.10\",\"matchCriteriaId\":\"62343D14-4C89-4E6F-9C74-46E7EEAF79CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.6.10\",\"matchCriteriaId\":\"0E77CFBC-2014-4588-B77C-C34E333645A7\"}]}]}],\"references\":[{\"url\":\"https://community.openvpn.net/openvpn/wiki/CVE-2024-24974\",\"source\":\"security@openvpn.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/\",\"source\":\"security@openvpn.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html\",\"source\":\"security@openvpn.net\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://community.openvpn.net/openvpn/wiki/CVE-2024-24974\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://community.openvpn.net/openvpn/wiki/CVE-2024-24974\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:36:21.292Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-24974\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-30T18:38:55.346204Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*\"], \"vendor\": \"openvpn\", \"product\": \"openvpn\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.5.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:openvpn:openvpn:2.6.0:-:*:*:community:*:*:*\"], \"vendor\": \"openvpn\", \"product\": \"openvpn\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.0\", \"lessThan\": \"2.6.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-30T18:39:46.410Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"OpenVPN\", \"modules\": [\"Interactive Service\"], \"product\": \"OpenVPN 2\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.9 and earlier\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://community.openvpn.net/openvpn/wiki/CVE-2024-24974\"}, {\"url\": \"https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/\"}, {\"url\": \"https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-923\", \"description\": \"Improper Restriction of Communication Channel to Intended Endpoints\"}]}], \"providerMetadata\": {\"orgId\": \"36a55730-e66d-4d39-8ca6-3c3b3017965e\", \"shortName\": \"OpenVPN\", \"dateUpdated\": \"2024-07-08T10:22:24.212Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-24974\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-10T03:55:21.896Z\", \"dateReserved\": \"2024-03-12T18:26:01.713Z\", \"assignerOrgId\": \"36a55730-e66d-4d39-8ca6-3c3b3017965e\", \"datePublished\": \"2024-07-08T10:20:34.520Z\", \"assignerShortName\": \"OpenVPN\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
ghsa-mfqw-44wg-mrpf
Vulnerability from github
Published
2024-07-08 12:31
Modified
2024-07-11 15:30
Severity ?
Details
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
{ affected: [], aliases: [ "CVE-2024-24974", ], database_specific: { cwe_ids: [ "CWE-923", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2024-07-08T11:15:10Z", severity: "HIGH", }, details: "The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.", id: "GHSA-mfqw-44wg-mrpf", modified: "2024-07-11T15:30:44Z", published: "2024-07-08T12:31:05Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24974", }, { type: "WEB", url: "https://community.openvpn.net/openvpn/wiki/CVE-2024-24974", }, { type: "WEB", url: "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974", }, { type: "WEB", url: "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", type: "CVSS_V3", }, ], }
ncsc-2025-0077
Vulnerability from csaf_ncscnl
Published
2025-03-11 12:30
Modified
2025-03-11 12:30
Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als SCALANCE, SIMATIC, SINAMICS, SINEMA, SiPass, Teamcenter en Tecnomatix.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (root/admin rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Spoofing
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Dreigingsinformatie
Kans
medium
Schade
high
CWE-187
Partial String Comparison
CWE-283
Unverified Ownership
CWE-273
Improper Check for Dropped Privileges
CWE-1287
Improper Validation of Specified Type of Input
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-208
Observable Timing Discrepancy
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CWE-824
Access of Uninitialized Pointer
CWE-305
Authentication Bypass by Primary Weakness
CWE-117
Improper Output Neutralization for Logs
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190
Integer Overflow or Wraparound
CWE-693
Protection Mechanism Failure
CWE-552
Files or Directories Accessible to External Parties
CWE-290
Authentication Bypass by Spoofing
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-125
Out-of-bounds Read
CWE-306
Missing Authentication for Critical Function
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-121
Stack-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-287
Improper Authentication
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Siemens heeft kwetsbaarheden verholpen in diverse producten als SCALANCE, SIMATIC, SINAMICS, SINEMA, SiPass, Teamcenter en Tecnomatix.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (root/admin rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Spoofing\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.", title: "Interpretaties", }, { category: "description", text: "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "description", text: " ", title: "Dreigingsinformatie", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Partial String Comparison", title: "CWE-187", }, { category: "general", text: "Unverified Ownership", title: "CWE-283", }, { category: "general", text: "Improper Check for Dropped Privileges", title: "CWE-273", }, { category: "general", text: "Improper Validation of Specified Type of Input", title: "CWE-1287", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "general", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "general", text: "Improper Restriction of Communication Channel to Intended Endpoints", title: "CWE-923", }, { category: "general", text: "Access of Uninitialized Pointer", title: "CWE-824", }, { category: "general", text: "Authentication Bypass by Primary Weakness", title: "CWE-305", }, { category: "general", text: "Improper Output Neutralization for Logs", title: "CWE-117", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Protection Mechanism Failure", title: "CWE-693", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Authentication Bypass by Spoofing", title: "CWE-290", }, { category: "general", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Authentication", title: "CWE-287", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-050438.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-073066.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-075201.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-216014.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280834.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-503939.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-507653.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-515903.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-615740.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-787280.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-858251.pdf", }, ], title: "Kwetsbaarheden verholpen in Siemens producten", tracking: { current_release_date: "2025-03-11T12:30:29.277759Z", generator: { date: "2025-02-25T15:15:00Z", engine: { name: "V.A.", version: "1.0", }, }, id: "NCSC-2025-0077", initial_release_date: "2025-03-11T12:30:29.277759Z", revision_history: [ { date: "2025-03-11T12:30:29.277759Z", number: "1.0.0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459094", }, }, ], category: "product_name", name: "RUGGEDCOM RM1224 LTE(4G) EU", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299123", }, }, ], category: "product_name", name: "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459095", }, }, ], category: "product_name", name: "RUGGEDCOM RM1224 LTE(4G) NAM", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299124", }, }, ], category: "product_name", name: "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/3.x", product: { name: "vers:unknown/3.x", product_id: "CSAFPID-2459491", }, }, { category: "product_version_range", name: "vers:unknown/<v4.0", product: { name: "vers:unknown/<v4.0", product_id: "CSAFPID-2459084", }, }, ], category: "product_name", name: "SCALANCE LPE9403", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459096", }, }, ], category: "product_name", name: "SCALANCE M804PB", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299125", }, }, ], category: "product_name", name: "SCALANCE M804PB (6GK5804-0AP00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299126", }, }, ], category: "product_name", name: "SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299127", }, }, ], category: "product_name", name: "SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459097", }, }, ], category: "product_name", name: "SCALANCE M812-1 ADSL-Router family", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299128", }, }, ], category: "product_name", name: "SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299129", }, }, ], category: "product_name", name: "SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459098", }, }, ], category: "product_name", name: "SCALANCE M816-1 ADSL-Router family", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459099", }, }, ], category: "product_name", name: "SCALANCE M826-2 SHDSL-Router", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299130", }, }, ], category: "product_name", name: "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459100", }, }, ], category: "product_name", name: "SCALANCE M874-2", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299131", }, }, ], category: "product_name", name: "SCALANCE M874-2 (6GK5874-2AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459101", }, }, ], category: "product_name", name: "SCALANCE M874-3", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299132", }, }, ], category: "product_name", name: "SCALANCE M874-3 (6GK5874-3AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459102", }, }, ], category: "product_name", name: "SCALANCE M874-3 3G-Router (CN)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299133", }, }, ], category: "product_name", name: "SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459103", }, }, ], category: "product_name", name: "SCALANCE M876-3", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299134", }, }, ], category: "product_name", name: "SCALANCE M876-3 (6GK5876-3AA02-2BA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459104", }, }, ], category: "product_name", name: "SCALANCE M876-3 (ROK)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299135", }, }, ], category: "product_name", name: "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459105", }, }, ], category: "product_name", name: "SCALANCE M876-4", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299136", }, }, ], category: "product_name", name: "SCALANCE M876-4 (6GK5876-4AA10-2BA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459106", }, }, ], category: "product_name", name: "SCALANCE M876-4 (EU)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299137", }, }, ], category: "product_name", name: "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459107", }, }, ], category: "product_name", name: "SCALANCE M876-4 (NAM)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299138", }, }, ], category: "product_name", name: "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459108", }, }, ], category: "product_name", name: "SCALANCE MUB852-1 (A1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459109", }, }, ], category: "product_name", name: "SCALANCE MUB852-1 (B1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459110", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (A1)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299139", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459111", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (B1)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299140", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459112", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (EU)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299141", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459113", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (A1)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299142", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459114", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (B1)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299143", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459115", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (CN)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299144", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459116", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (EU)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299145", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459117", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (RoW)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299146", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459118", }, }, ], category: "product_name", name: "SCALANCE S615 EEC LAN-Router", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299147", }, }, ], category: "product_name", name: "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459119", }, }, ], category: "product_name", name: "SCALANCE S615 LAN-Router", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299148", }, }, ], category: "product_name", name: "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459120", }, }, ], category: "product_name", name: "SCALANCE SC-600 family", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459042", }, }, ], category: "product_name", name: "SIMATIC Field PG M5", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v26.01.12", product: { name: "vers:unknown/<v26.01.12", product_id: "CSAFPID-2459077", }, }, ], category: "product_name", name: "SIMATIC Field PG M6", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v31.01.07", product: { name: "vers:unknown/<v31.01.07", product_id: "CSAFPID-2459043", }, }, ], category: "product_name", name: "SIMATIC IPC BX-21A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v29.01.07", product: { name: "vers:unknown/<v29.01.07", product_id: "CSAFPID-2459044", }, }, ], category: "product_name", name: "SIMATIC IPC BX-32A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v29.01.07", product: { name: "vers:unknown/<v29.01.07", product_id: "CSAFPID-2459045", }, }, ], category: "product_name", name: "SIMATIC IPC BX-39A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v32.01.04", product: { name: "vers:unknown/<v32.01.04", product_id: "CSAFPID-2459046", }, }, ], category: "product_name", name: "SIMATIC IPC BX-59A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v29.01.07", product: { name: "vers:unknown/<v29.01.07", product_id: "CSAFPID-2459047", }, }, ], category: "product_name", name: "SIMATIC IPC PX-32A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v29.01.07", product: { name: "vers:unknown/<v29.01.07", product_id: "CSAFPID-2459048", }, }, ], category: "product_name", name: "SIMATIC IPC PX-39A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v29.01.07", product: { name: "vers:unknown/<v29.01.07", product_id: "CSAFPID-2459049", }, }, ], category: "product_name", name: "SIMATIC IPC PX-39A PRO", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459050", }, }, ], category: "product_name", name: "SIMATIC IPC RC-543B", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459051", }, }, ], category: "product_name", name: "SIMATIC IPC RW-543A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459052", }, }, ], category: "product_name", name: "SIMATIC IPC127E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459053", }, }, ], category: "product_name", name: "SIMATIC IPC227E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459054", }, }, ], category: "product_name", name: "SIMATIC IPC227G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459055", }, }, ], category: "product_name", name: "SIMATIC IPC277E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459056", }, }, ], category: "product_name", name: "SIMATIC IPC277G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459058", }, }, ], category: "product_name", name: "SIMATIC IPC3000 SMART V3", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459059", }, }, ], category: "product_name", name: "SIMATIC IPC327G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459060", }, }, ], category: "product_name", name: "SIMATIC IPC347G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459061", }, }, ], category: "product_name", name: "SIMATIC IPC377G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459062", }, }, ], category: "product_name", name: "SIMATIC IPC427E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459063", }, }, ], category: "product_name", name: "SIMATIC IPC477E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459064", }, }, ], category: "product_name", name: "SIMATIC IPC477E PRO", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459065", }, }, ], category: "product_name", name: "SIMATIC IPC527G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v25.02.15", product: { name: "vers:unknown/<v25.02.15", product_id: "CSAFPID-2459066", }, }, ], category: "product_name", name: "SIMATIC IPC627E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v25.02.15", product: { name: "vers:unknown/<v25.02.15", product_id: "CSAFPID-2459067", }, }, ], category: "product_name", name: "SIMATIC IPC647E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v25.02.15", product: { name: "vers:unknown/<v25.02.15", product_id: "CSAFPID-2459068", }, }, ], category: "product_name", name: "SIMATIC IPC677E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v25.02.15", product: { name: "vers:unknown/<v25.02.15", product_id: "CSAFPID-2459069", }, }, ], category: "product_name", name: "SIMATIC IPC847E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459070", }, }, ], category: "product_name", name: "SIMATIC ITP1000", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459057", }, }, ], category: "product_name", name: "SIMATIC IPC277G PRO", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459093", }, }, ], category: "product_name", name: "SINAMICS S200", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v6.4.8", product: { name: "vers:unknown/<v6.4.8", product_id: "CSAFPID-2459089", }, }, { category: "product_version_range", name: "vers:unknown/<v6.4.9", product: { name: "vers:unknown/<v6.4.9", product_id: "CSAFPID-2459082", }, }, ], category: "product_name", name: "SiPass integrated AC5102 (ACC-G2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/6.4.0", product: { name: "vers:unknown/6.4.0", product_id: "CSAFPID-2459482", }, }, { category: "product_version_range", name: "vers:unknown/6.4.1", product: { name: "vers:unknown/6.4.1", product_id: "CSAFPID-2459483", }, }, { category: "product_version_range", name: "vers:unknown/6.4.2", product: { name: "vers:unknown/6.4.2", product_id: "CSAFPID-2459484", }, }, { category: "product_version_range", name: "vers:unknown/6.4.3", product: { name: "vers:unknown/6.4.3", product_id: "CSAFPID-2459485", }, }, { category: "product_version_range", name: "vers:unknown/6.4.4", product: { name: "vers:unknown/6.4.4", product_id: "CSAFPID-2459486", }, }, { category: "product_version_range", name: "vers:unknown/6.4.5", product: { name: "vers:unknown/6.4.5", product_id: "CSAFPID-2459487", }, }, { category: "product_version_range", name: "vers:unknown/6.4.6", product: { name: "vers:unknown/6.4.6", product_id: "CSAFPID-2459488", }, }, { category: "product_version_range", name: "vers:unknown/6.4.7", product: { name: "vers:unknown/6.4.7", product_id: "CSAFPID-2459489", }, }, { category: "product_version_range", name: "vers:unknown/6.4.8", product: { name: "vers:unknown/6.4.8", product_id: "CSAFPID-2459490", }, }, ], category: "product_name", name: "SiPass integrated AC5102, SiPass integrated ACC-AP", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v6.4.8", product: { name: "vers:unknown/<v6.4.8", product_id: "CSAFPID-2459090", }, }, { category: "product_version_range", name: "vers:unknown/<v6.4.9", product: { name: "vers:unknown/<v6.4.9", product_id: "CSAFPID-2459083", }, }, ], category: "product_name", name: "SiPass integrated ACC-AP", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v14.3.0.13", product: { name: "vers:unknown/<v14.3.0.13", product_id: "CSAFPID-2459071", }, }, ], category: "product_name", name: "Teamcenter Visualization V14.3", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2312.0009", product: { name: "vers:unknown/<v2312.0009", product_id: "CSAFPID-2459072", }, }, ], category: "product_name", name: "Teamcenter Visualization V2312", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2406.0007", product: { name: "vers:unknown/<v2406.0007", product_id: "CSAFPID-2459073", }, }, ], category: "product_name", name: "Teamcenter Visualization V2406", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2412.0002", product: { name: "vers:unknown/<v2412.0002", product_id: "CSAFPID-2459074", }, }, ], category: "product_name", name: "Teamcenter Visualization V2412", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2302.0021", product: { name: "vers:unknown/<v2302.0021", product_id: "CSAFPID-2459075", }, }, ], category: "product_name", name: "Tecnomatix Plant Simulation V2302", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2404.0010", product: { name: "vers:unknown/<v2404.0010", product_id: "CSAFPID-2459076", }, }, ], category: "product_name", name: "Tecnomatix Plant Simulation V2404", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2024-1305", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-1305", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1305.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-1305", }, { cve: "CVE-2024-4877", product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-4877", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4877.json", }, ], title: "CVE-2024-4877", }, { cve: "CVE-2024-5594", cwe: { id: "CWE-117", name: "Improper Output Neutralization for Logs", }, notes: [ { category: "other", text: "Improper Output Neutralization for Logs", title: "CWE-117", }, { category: "other", text: "Improper Validation of Specified Type of Input", title: "CWE-1287", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-5594", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5594.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-5594", }, { cve: "CVE-2024-24974", cwe: { id: "CWE-923", name: "Improper Restriction of Communication Channel to Intended Endpoints", }, notes: [ { category: "other", text: "Improper Restriction of Communication Channel to Intended Endpoints", title: "CWE-923", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-24974", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24974.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-24974", }, { cve: "CVE-2024-27459", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-27459", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27459.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-27459", }, { cve: "CVE-2024-27903", cwe: { id: "CWE-283", name: "Unverified Ownership", }, notes: [ { category: "other", text: "Unverified Ownership", title: "CWE-283", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-27903", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27903.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-27903", }, { cve: "CVE-2024-28882", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-28882", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28882.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-28882", }, { cve: "CVE-2024-41046", product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-41046", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41046.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-41046", }, { cve: "CVE-2024-41049", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-41049", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41049.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-41049", }, { cve: "CVE-2024-41055", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-41055", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41055.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-41055", }, { cve: "CVE-2024-42154", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-42154", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42154.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-42154", }, { cve: "CVE-2024-42161", cwe: { id: "CWE-824", name: "Access of Uninitialized Pointer", }, notes: [ { category: "other", text: "Access of Uninitialized Pointer", title: "CWE-824", }, { category: "general", text: "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-42161", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42161.json", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-42161", }, { cve: "CVE-2024-42512", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, notes: [ { category: "other", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-42512", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42512.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-42512", }, { cve: "CVE-2024-42513", cwe: { id: "CWE-290", name: "Authentication Bypass by Spoofing", }, notes: [ { category: "other", text: "Authentication Bypass by Spoofing", title: "CWE-290", }, { category: "other", text: "Authentication Bypass by Primary Weakness", title: "CWE-305", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-42513", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42513.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-42513", }, { cve: "CVE-2024-52285", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-52285", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52285.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-52285", }, { cve: "CVE-2024-56181", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, notes: [ { category: "other", text: "Protection Mechanism Failure", title: "CWE-693", }, { category: "general", text: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-56181", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56181.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-56181", }, { cve: "CVE-2024-56182", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, notes: [ { category: "other", text: "Protection Mechanism Failure", title: "CWE-693", }, { category: "general", text: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-56182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56182.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-56182", }, { cve: "CVE-2024-56336", cwe: { id: "CWE-287", name: "Improper Authentication", }, notes: [ { category: "other", text: "Improper Authentication", title: "CWE-287", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-56336", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56336.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-56336", }, { cve: "CVE-2025-23384", cwe: { id: "CWE-187", name: "Partial String Comparison", }, notes: [ { category: "other", text: "Partial String Comparison", title: "CWE-187", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23384", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23384.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23384", }, { cve: "CVE-2025-23396", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23396", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23396.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23396", }, { cve: "CVE-2025-23397", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23397", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23397.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23397", }, { cve: "CVE-2025-23398", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23398.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23398", }, { cve: "CVE-2025-23399", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23399", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23399.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23399", }, { cve: "CVE-2025-23400", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23400", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23400.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23400", }, { cve: "CVE-2025-23401", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23401", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23401.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23401", }, { cve: "CVE-2025-23402", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23402", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23402.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23402", }, { cve: "CVE-2025-25266", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-25266", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25266.json", }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-25266", }, { cve: "CVE-2025-25267", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-25267", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25267.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-25267", }, { cve: "CVE-2025-27392", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27392", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27392.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27392", }, { cve: "CVE-2025-27393", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27393", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27393.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27393", }, { cve: "CVE-2025-27394", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27394", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27394.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27394", }, { cve: "CVE-2025-27395", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27395", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27395.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27395", }, { cve: "CVE-2025-27396", cwe: { id: "CWE-273", name: "Improper Check for Dropped Privileges", }, notes: [ { category: "other", text: "Improper Check for Dropped Privileges", title: "CWE-273", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27396", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27396.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27396", }, { cve: "CVE-2025-27397", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27397", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27397.json", }, ], title: "CVE-2025-27397", }, { cve: "CVE-2025-27398", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27398.json", }, ], title: "CVE-2025-27398", }, { cve: "CVE-2025-27438", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27438", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27438.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27438", }, { cve: "CVE-2025-27493", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27493", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27493.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27493", }, { cve: "CVE-2025-27494", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Authentication", title: "CWE-287", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27494", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27494.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27494", }, ], }
fkie_cve-2024-24974
Vulnerability from fkie_nvd
Published
2024-07-08 11:15
Modified
2024-11-21 09:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*", matchCriteriaId: "62343D14-4C89-4E6F-9C74-46E7EEAF79CB", versionEndExcluding: "2.5.10", vulnerable: true, }, { criteria: "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*", matchCriteriaId: "0E77CFBC-2014-4588-B77C-C34E333645A7", versionEndExcluding: "2.6.10", versionStartIncluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.", }, { lang: "es", value: "El servicio interactivo en OpenVPN 2.6.9 y versiones anteriores permite acceder remotamente al canal del servicio OpenVPN, lo que permite a un atacante remoto interactuar con el servicio interactivo privilegiado OpenVPN.", }, ], id: "CVE-2024-24974", lastModified: "2024-11-21T09:00:04.127", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-08T11:15:10.103", references: [ { source: "security@openvpn.net", tags: [ "Vendor Advisory", ], url: "https://community.openvpn.net/openvpn/wiki/CVE-2024-24974", }, { source: "security@openvpn.net", tags: [ "Vendor Advisory", ], url: "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/", }, { source: "security@openvpn.net", tags: [ "Mailing List", ], url: "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://community.openvpn.net/openvpn/wiki/CVE-2024-24974", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html", }, ], sourceIdentifier: "security@openvpn.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-923", }, ], source: "security@openvpn.net", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
WID-SEC-W-2024-0688
Vulnerability from csaf_certbund
Published
2024-03-20 23:00
Modified
2024-11-24 23:00
Summary
OpenVPN: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenVPN ist eine Open Source Software zum Aufbau eines Virtuellen Privaten Netzwerkes (VPN) über eine verschlüsselte TLS-Verbindung. Zur Verschlüsselung werden die Bibliotheken des Programmes OpenSSL benutzt.
Angriff
Ein Angreifer kann eine Schwachstelle in OpenVPN ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- Android
- iPhoneOS
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "OpenVPN ist eine Open Source Software zum Aufbau eines Virtuellen Privaten Netzwerkes (VPN) über eine verschlüsselte TLS-Verbindung. Zur Verschlüsselung werden die Bibliotheken des Programmes OpenSSL benutzt.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann eine Schwachstelle in OpenVPN ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.", title: "Angriff", }, { category: "general", text: "- Android\n- iPhoneOS\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0688 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0688.json", }, { category: "self", summary: "WID-SEC-2024-0688 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0688", }, { category: "external", summary: "OpenVPN GitHub vom 2024-03-20", url: "https://github.com/OpenVPN/openvpn/releases/tag/v2.6.10", }, ], source_lang: "en-US", title: "OpenVPN: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-24T23:00:00.000+00:00", generator: { date: "2024-11-25T11:41:40.711+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0688", initial_release_date: "2024-03-20T23:00:00.000+00:00", revision_history: [ { date: "2024-03-20T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-11-24T23:00:00.000+00:00", number: "2", summary: "Produktzuordnung überprüft", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<2.6.10", product: { name: "Open Source OpenVPN <2.6.10", product_id: "T033613", }, }, { category: "product_version", name: "2.6.10", product: { name: "Open Source OpenVPN 2.6.10", product_id: "T033613-fixed", product_identification_helper: { cpe: "cpe:/a:openvpn:openvpn:2.6.10", }, }, }, ], category: "product_name", name: "OpenVPN", }, ], category: "vendor", name: "Open Source", }, ], }, vulnerabilities: [ { cve: "CVE-2024-1305", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in OpenVPN. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme, wie z.B. einem Integer-Überlauf oder einer unsachgemäßen Zugriffskontrolle. Ein lokaler oder entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033613", ], }, release_date: "2024-03-20T23:00:00.000+00:00", title: "CVE-2024-1305", }, { cve: "CVE-2024-24974", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in OpenVPN. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme, wie z.B. einem Integer-Überlauf oder einer unsachgemäßen Zugriffskontrolle. Ein lokaler oder entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033613", ], }, release_date: "2024-03-20T23:00:00.000+00:00", title: "CVE-2024-24974", }, { cve: "CVE-2024-27459", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in OpenVPN. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme, wie z.B. einem Integer-Überlauf oder einer unsachgemäßen Zugriffskontrolle. Ein lokaler oder entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033613", ], }, release_date: "2024-03-20T23:00:00.000+00:00", title: "CVE-2024-27459", }, { cve: "CVE-2024-27903", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in OpenVPN. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme, wie z.B. einem Integer-Überlauf oder einer unsachgemäßen Zugriffskontrolle. Ein lokaler oder entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033613", ], }, release_date: "2024-03-20T23:00:00.000+00:00", title: "CVE-2024-27903", }, ], }
wid-sec-w-2024-0688
Vulnerability from csaf_certbund
Published
2024-03-20 23:00
Modified
2024-11-24 23:00
Summary
OpenVPN: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenVPN ist eine Open Source Software zum Aufbau eines Virtuellen Privaten Netzwerkes (VPN) über eine verschlüsselte TLS-Verbindung. Zur Verschlüsselung werden die Bibliotheken des Programmes OpenSSL benutzt.
Angriff
Ein Angreifer kann eine Schwachstelle in OpenVPN ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- Android
- iPhoneOS
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "OpenVPN ist eine Open Source Software zum Aufbau eines Virtuellen Privaten Netzwerkes (VPN) über eine verschlüsselte TLS-Verbindung. Zur Verschlüsselung werden die Bibliotheken des Programmes OpenSSL benutzt.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann eine Schwachstelle in OpenVPN ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.", title: "Angriff", }, { category: "general", text: "- Android\n- iPhoneOS\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0688 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0688.json", }, { category: "self", summary: "WID-SEC-2024-0688 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0688", }, { category: "external", summary: "OpenVPN GitHub vom 2024-03-20", url: "https://github.com/OpenVPN/openvpn/releases/tag/v2.6.10", }, ], source_lang: "en-US", title: "OpenVPN: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-24T23:00:00.000+00:00", generator: { date: "2024-11-25T11:41:40.711+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0688", initial_release_date: "2024-03-20T23:00:00.000+00:00", revision_history: [ { date: "2024-03-20T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-11-24T23:00:00.000+00:00", number: "2", summary: "Produktzuordnung überprüft", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<2.6.10", product: { name: "Open Source OpenVPN <2.6.10", product_id: "T033613", }, }, { category: "product_version", name: "2.6.10", product: { name: "Open Source OpenVPN 2.6.10", product_id: "T033613-fixed", product_identification_helper: { cpe: "cpe:/a:openvpn:openvpn:2.6.10", }, }, }, ], category: "product_name", name: "OpenVPN", }, ], category: "vendor", name: "Open Source", }, ], }, vulnerabilities: [ { cve: "CVE-2024-1305", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in OpenVPN. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme, wie z.B. einem Integer-Überlauf oder einer unsachgemäßen Zugriffskontrolle. Ein lokaler oder entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033613", ], }, release_date: "2024-03-20T23:00:00.000+00:00", title: "CVE-2024-1305", }, { cve: "CVE-2024-24974", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in OpenVPN. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme, wie z.B. einem Integer-Überlauf oder einer unsachgemäßen Zugriffskontrolle. Ein lokaler oder entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033613", ], }, release_date: "2024-03-20T23:00:00.000+00:00", title: "CVE-2024-24974", }, { cve: "CVE-2024-27459", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in OpenVPN. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme, wie z.B. einem Integer-Überlauf oder einer unsachgemäßen Zugriffskontrolle. Ein lokaler oder entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033613", ], }, release_date: "2024-03-20T23:00:00.000+00:00", title: "CVE-2024-27459", }, { cve: "CVE-2024-27903", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in OpenVPN. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme, wie z.B. einem Integer-Überlauf oder einer unsachgemäßen Zugriffskontrolle. Ein lokaler oder entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder seine Privilegien zu erweitern.", }, ], product_status: { known_affected: [ "T033613", ], }, release_date: "2024-03-20T23:00:00.000+00:00", title: "CVE-2024-27903", }, ], }
gsd-2024-24974
Vulnerability from gsd
Modified
2024-04-02 05:02
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{ gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2024-24974", ], id: "GSD-2024-24974", modified: "2024-04-02T05:02:57.852936Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2024-24974", STATE: "RESERVED", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.