Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-4877
Vulnerability from cvelistv5
Published
2025-04-03 15:11
Modified
2025-04-04 13:25
Severity ?
EPSS score ?
Summary
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-4877", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-04T13:23:24.817604Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-04T13:25:17.430Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "OpenVPN", vendor: "OpenVPN", versions: [ { lessThanOrEqual: "2.6.11", status: "affected", version: "2.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-268", description: "CWE-268 Privilege Chaining", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T15:11:51.057Z", orgId: "36a55730-e66d-4d39-8ca6-3c3b3017965e", shortName: "OpenVPN", }, references: [ { url: "https://community.openvpn.net/openvpn/wiki/CVE-2024-4877", }, { url: "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html", }, ], }, }, cveMetadata: { assignerOrgId: "36a55730-e66d-4d39-8ca6-3c3b3017965e", assignerShortName: "OpenVPN", cveId: "CVE-2024-4877", datePublished: "2025-04-03T15:11:51.057Z", dateReserved: "2024-05-14T17:31:57.913Z", dateUpdated: "2025-04-04T13:25:17.430Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-4877\",\"sourceIdentifier\":\"security@openvpn.net\",\"published\":\"2025-04-03T16:15:32.840\",\"lastModified\":\"2025-04-07T14:18:34.453\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges\"},{\"lang\":\"es\",\"value\":\"Las versiones 2.4.0 a 2.6.10 de OpenVPN en Windows permiten que un proceso externo con menos privilegios cree una tubería con nombre a la que se conectaría el componente GUI de OpenVPN, lo que le permitiría escalar sus privilegios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@openvpn.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-268\"}]}],\"references\":[{\"url\":\"https://community.openvpn.net/openvpn/wiki/CVE-2024-4877\",\"source\":\"security@openvpn.net\"},{\"url\":\"https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html\",\"source\":\"security@openvpn.net\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4877\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-04T13:23:24.817604Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-04T13:24:06.558Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"OpenVPN\", \"product\": \"OpenVPN\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.6.11\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://community.openvpn.net/openvpn/wiki/CVE-2024-4877\"}, {\"url\": \"https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-268\", \"description\": \"CWE-268 Privilege Chaining\"}]}], \"providerMetadata\": {\"orgId\": \"36a55730-e66d-4d39-8ca6-3c3b3017965e\", \"shortName\": \"OpenVPN\", \"dateUpdated\": \"2025-04-03T15:11:51.057Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-4877\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-04T13:25:17.430Z\", \"dateReserved\": \"2024-05-14T17:31:57.913Z\", \"assignerOrgId\": \"36a55730-e66d-4d39-8ca6-3c3b3017965e\", \"datePublished\": \"2025-04-03T15:11:51.057Z\", \"assignerShortName\": \"OpenVPN\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
wid-sec-w-2024-1433
Vulnerability from csaf_certbund
Published
2024-06-23 22:00
Modified
2024-10-31 23:00
Summary
OpenVPN: Mehrere Schwachstellen ermöglichen Denial of Service und Privilegieneskalation
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenVPN ist eine Open Source Software zum Aufbau eines Virtuellen Privaten Netzwerkes (VPN) über eine verschlüsselte TLS-Verbindung. Zur Verschlüsselung werden die Bibliotheken des Programmes OpenSSL benutzt.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenVPN ausnutzen, um einen Denial of Service Angriff durchzuführen und erhöhte Privilegien zu erlangen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "OpenVPN ist eine Open Source Software zum Aufbau eines Virtuellen Privaten Netzwerkes (VPN) über eine verschlüsselte TLS-Verbindung. Zur Verschlüsselung werden die Bibliotheken des Programmes OpenSSL benutzt.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenVPN ausnutzen, um einen Denial of Service Angriff durchzuführen und erhöhte Privilegien zu erlangen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1433 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1433.json", }, { category: "self", summary: "WID-SEC-2024-1433 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1433", }, { category: "external", summary: "OpenVPN GitHub vom 2024-06-23", url: "https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst#security-fixes", }, { category: "external", summary: "VuXML Security Advisory vom 2024-06-23", url: "http://www.vuxml.org/freebsd/142c538e-b18f-40a1-afac-c479effadd5c.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6860-1 vom 2024-07-02", url: "https://ubuntu.com/security/notices/USN-6860-1", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2024-9376FF0291 vom 2024-07-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-9376ff0291", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3502-1 vom 2024-10-01", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MKHQ4XCAY5VAP2Q6UDAYNS7OL2QJGLP6/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3502-1 vom 2024-10-01", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKHQ4XCAY5VAP2Q6UDAYNS7OL2QJGLP6/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3502-1 vom 2024-10-01", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019540.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3532-1 vom 2024-10-04", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019550.html", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14436-1 vom 2024-10-31", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KIPA7OBR5EVC3PIBCIJICJKK7MH3RBNA/", }, ], source_lang: "en-US", title: "OpenVPN: Mehrere Schwachstellen ermöglichen Denial of Service und Privilegieneskalation", tracking: { current_release_date: "2024-10-31T23:00:00.000+00:00", generator: { date: "2024-11-01T09:14:49.355+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-1433", initial_release_date: "2024-06-23T22:00:00.000+00:00", revision_history: [ { date: "2024-06-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-07-02T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-07-18T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-10-01T22:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-10-06T22:00:00.000+00:00", number: "5", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-10-31T23:00:00.000+00:00", number: "6", summary: "Neue Updates von openSUSE aufgenommen", }, ], status: "final", version: "6", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { branches: [ { category: "product_version_range", name: "<2.6.11", product: { name: "Open Source OpenVPN <2.6.11", product_id: "T035617", }, }, { category: "product_version", name: "2.6.11", product: { name: "Open Source OpenVPN 2.6.11", product_id: "T035617-fixed", product_identification_helper: { cpe: "cpe:/a:openvpn:openvpn:2.6.11", }, }, }, ], category: "product_name", name: "OpenVPN", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE openSUSE", product: { name: "SUSE openSUSE", product_id: "T027843", product_identification_helper: { cpe: "cpe:/o:suse:opensuse:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2024-28882", notes: [ { category: "description", text: "In OpenVPN bestehen mehrere Schwachstellen. Diese Fehler sind darauf zurückzuführen, dass die Anwendung Kontrollkanalnachrichten akzeptiert, die nicht druckbare Zeichen enthalten, sowie auf eine unsachgemäße Verwaltung interner Ressourcen, die zu einer hohen CPU-Auslastung führt. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Eine der Sicherheitslücken erfordert eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], product_status: { known_affected: [ "T002207", "T035617", "T000126", "T027843", "74185", ], }, release_date: "2024-06-23T22:00:00.000+00:00", title: "CVE-2024-28882", }, { cve: "CVE-2024-5594", notes: [ { category: "description", text: "In OpenVPN bestehen mehrere Schwachstellen. Diese Fehler sind darauf zurückzuführen, dass die Anwendung Kontrollkanalnachrichten akzeptiert, die nicht druckbare Zeichen enthalten, sowie auf eine unsachgemäße Verwaltung interner Ressourcen, die zu einer hohen CPU-Auslastung führt. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Eine der Sicherheitslücken erfordert eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], product_status: { known_affected: [ "T002207", "T035617", "T000126", "T027843", "74185", ], }, release_date: "2024-06-23T22:00:00.000+00:00", title: "CVE-2024-5594", }, { cve: "CVE-2024-4877", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in OpenVPN GUI, die auf unzureichende Sicherheitsbeschränkungen in der Service Pipe zurückzuführen ist und es einem Benutzer mit der Berechtigung SeImpersonatePrivilege ermöglicht, auf Benutzerdaten zuzugreifen und somit Zugriff auf das von openvpn-gui.exe verwendete Konto zu erhalten. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte zu erlangen.", }, ], product_status: { known_affected: [ "T002207", "T035617", "T000126", "T027843", "74185", ], }, release_date: "2024-06-23T22:00:00.000+00:00", title: "CVE-2024-4877", }, ], }
WID-SEC-W-2024-1433
Vulnerability from csaf_certbund
Published
2024-06-23 22:00
Modified
2024-10-31 23:00
Summary
OpenVPN: Mehrere Schwachstellen ermöglichen Denial of Service und Privilegieneskalation
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenVPN ist eine Open Source Software zum Aufbau eines Virtuellen Privaten Netzwerkes (VPN) über eine verschlüsselte TLS-Verbindung. Zur Verschlüsselung werden die Bibliotheken des Programmes OpenSSL benutzt.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenVPN ausnutzen, um einen Denial of Service Angriff durchzuführen und erhöhte Privilegien zu erlangen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "OpenVPN ist eine Open Source Software zum Aufbau eines Virtuellen Privaten Netzwerkes (VPN) über eine verschlüsselte TLS-Verbindung. Zur Verschlüsselung werden die Bibliotheken des Programmes OpenSSL benutzt.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenVPN ausnutzen, um einen Denial of Service Angriff durchzuführen und erhöhte Privilegien zu erlangen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1433 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1433.json", }, { category: "self", summary: "WID-SEC-2024-1433 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1433", }, { category: "external", summary: "OpenVPN GitHub vom 2024-06-23", url: "https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst#security-fixes", }, { category: "external", summary: "VuXML Security Advisory vom 2024-06-23", url: "http://www.vuxml.org/freebsd/142c538e-b18f-40a1-afac-c479effadd5c.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6860-1 vom 2024-07-02", url: "https://ubuntu.com/security/notices/USN-6860-1", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2024-9376FF0291 vom 2024-07-18", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-9376ff0291", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3502-1 vom 2024-10-01", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MKHQ4XCAY5VAP2Q6UDAYNS7OL2QJGLP6/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3502-1 vom 2024-10-01", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKHQ4XCAY5VAP2Q6UDAYNS7OL2QJGLP6/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3502-1 vom 2024-10-01", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019540.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3532-1 vom 2024-10-04", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019550.html", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14436-1 vom 2024-10-31", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KIPA7OBR5EVC3PIBCIJICJKK7MH3RBNA/", }, ], source_lang: "en-US", title: "OpenVPN: Mehrere Schwachstellen ermöglichen Denial of Service und Privilegieneskalation", tracking: { current_release_date: "2024-10-31T23:00:00.000+00:00", generator: { date: "2024-11-01T09:14:49.355+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-1433", initial_release_date: "2024-06-23T22:00:00.000+00:00", revision_history: [ { date: "2024-06-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-07-02T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-07-18T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-10-01T22:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-10-06T22:00:00.000+00:00", number: "5", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-10-31T23:00:00.000+00:00", number: "6", summary: "Neue Updates von openSUSE aufgenommen", }, ], status: "final", version: "6", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { branches: [ { category: "product_version_range", name: "<2.6.11", product: { name: "Open Source OpenVPN <2.6.11", product_id: "T035617", }, }, { category: "product_version", name: "2.6.11", product: { name: "Open Source OpenVPN 2.6.11", product_id: "T035617-fixed", product_identification_helper: { cpe: "cpe:/a:openvpn:openvpn:2.6.11", }, }, }, ], category: "product_name", name: "OpenVPN", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE openSUSE", product: { name: "SUSE openSUSE", product_id: "T027843", product_identification_helper: { cpe: "cpe:/o:suse:opensuse:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2024-28882", notes: [ { category: "description", text: "In OpenVPN bestehen mehrere Schwachstellen. Diese Fehler sind darauf zurückzuführen, dass die Anwendung Kontrollkanalnachrichten akzeptiert, die nicht druckbare Zeichen enthalten, sowie auf eine unsachgemäße Verwaltung interner Ressourcen, die zu einer hohen CPU-Auslastung führt. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Eine der Sicherheitslücken erfordert eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], product_status: { known_affected: [ "T002207", "T035617", "T000126", "T027843", "74185", ], }, release_date: "2024-06-23T22:00:00.000+00:00", title: "CVE-2024-28882", }, { cve: "CVE-2024-5594", notes: [ { category: "description", text: "In OpenVPN bestehen mehrere Schwachstellen. Diese Fehler sind darauf zurückzuführen, dass die Anwendung Kontrollkanalnachrichten akzeptiert, die nicht druckbare Zeichen enthalten, sowie auf eine unsachgemäße Verwaltung interner Ressourcen, die zu einer hohen CPU-Auslastung führt. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Eine der Sicherheitslücken erfordert eine Benutzerinteraktion, um sie erfolgreich auszunutzen.", }, ], product_status: { known_affected: [ "T002207", "T035617", "T000126", "T027843", "74185", ], }, release_date: "2024-06-23T22:00:00.000+00:00", title: "CVE-2024-5594", }, { cve: "CVE-2024-4877", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in OpenVPN GUI, die auf unzureichende Sicherheitsbeschränkungen in der Service Pipe zurückzuführen ist und es einem Benutzer mit der Berechtigung SeImpersonatePrivilege ermöglicht, auf Benutzerdaten zuzugreifen und somit Zugriff auf das von openvpn-gui.exe verwendete Konto zu erhalten. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte zu erlangen.", }, ], product_status: { known_affected: [ "T002207", "T035617", "T000126", "T027843", "74185", ], }, release_date: "2024-06-23T22:00:00.000+00:00", title: "CVE-2024-4877", }, ], }
ncsc-2025-0077
Vulnerability from csaf_ncscnl
Published
2025-03-11 12:30
Modified
2025-03-11 12:30
Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als SCALANCE, SIMATIC, SINAMICS, SINEMA, SiPass, Teamcenter en Tecnomatix.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (root/admin rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Spoofing
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Dreigingsinformatie
Kans
medium
Schade
high
CWE-187
Partial String Comparison
CWE-283
Unverified Ownership
CWE-273
Improper Check for Dropped Privileges
CWE-1287
Improper Validation of Specified Type of Input
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-208
Observable Timing Discrepancy
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CWE-824
Access of Uninitialized Pointer
CWE-305
Authentication Bypass by Primary Weakness
CWE-117
Improper Output Neutralization for Logs
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190
Integer Overflow or Wraparound
CWE-693
Protection Mechanism Failure
CWE-552
Files or Directories Accessible to External Parties
CWE-290
Authentication Bypass by Spoofing
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-125
Out-of-bounds Read
CWE-306
Missing Authentication for Critical Function
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-121
Stack-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-287
Improper Authentication
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Siemens heeft kwetsbaarheden verholpen in diverse producten als SCALANCE, SIMATIC, SINAMICS, SINEMA, SiPass, Teamcenter en Tecnomatix.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (root/admin rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Spoofing\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.", title: "Interpretaties", }, { category: "description", text: "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "description", text: " ", title: "Dreigingsinformatie", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Partial String Comparison", title: "CWE-187", }, { category: "general", text: "Unverified Ownership", title: "CWE-283", }, { category: "general", text: "Improper Check for Dropped Privileges", title: "CWE-273", }, { category: "general", text: "Improper Validation of Specified Type of Input", title: "CWE-1287", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "general", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "general", text: "Improper Restriction of Communication Channel to Intended Endpoints", title: "CWE-923", }, { category: "general", text: "Access of Uninitialized Pointer", title: "CWE-824", }, { category: "general", text: "Authentication Bypass by Primary Weakness", title: "CWE-305", }, { category: "general", text: "Improper Output Neutralization for Logs", title: "CWE-117", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Protection Mechanism Failure", title: "CWE-693", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Authentication Bypass by Spoofing", title: "CWE-290", }, { category: "general", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Authentication", title: "CWE-287", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-050438.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-073066.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-075201.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-216014.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280834.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-503939.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-507653.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-515903.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-615740.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-787280.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-858251.pdf", }, ], title: "Kwetsbaarheden verholpen in Siemens producten", tracking: { current_release_date: "2025-03-11T12:30:29.277759Z", generator: { date: "2025-02-25T15:15:00Z", engine: { name: "V.A.", version: "1.0", }, }, id: "NCSC-2025-0077", initial_release_date: "2025-03-11T12:30:29.277759Z", revision_history: [ { date: "2025-03-11T12:30:29.277759Z", number: "1.0.0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459094", }, }, ], category: "product_name", name: "RUGGEDCOM RM1224 LTE(4G) EU", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299123", }, }, ], category: "product_name", name: "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459095", }, }, ], category: "product_name", name: "RUGGEDCOM RM1224 LTE(4G) NAM", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299124", }, }, ], category: "product_name", name: "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/3.x", product: { name: "vers:unknown/3.x", product_id: "CSAFPID-2459491", }, }, { category: "product_version_range", name: "vers:unknown/<v4.0", product: { name: "vers:unknown/<v4.0", product_id: "CSAFPID-2459084", }, }, ], category: "product_name", name: "SCALANCE LPE9403", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459096", }, }, ], category: "product_name", name: "SCALANCE M804PB", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299125", }, }, ], category: "product_name", name: "SCALANCE M804PB (6GK5804-0AP00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299126", }, }, ], category: "product_name", name: "SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299127", }, }, ], category: "product_name", name: "SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459097", }, }, ], category: "product_name", name: "SCALANCE M812-1 ADSL-Router family", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299128", }, }, ], category: "product_name", name: "SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299129", }, }, ], category: "product_name", name: "SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459098", }, }, ], category: "product_name", name: "SCALANCE M816-1 ADSL-Router family", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459099", }, }, ], category: "product_name", name: "SCALANCE M826-2 SHDSL-Router", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299130", }, }, ], category: "product_name", name: "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459100", }, }, ], category: "product_name", name: "SCALANCE M874-2", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299131", }, }, ], category: "product_name", name: "SCALANCE M874-2 (6GK5874-2AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459101", }, }, ], category: "product_name", name: "SCALANCE M874-3", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299132", }, }, ], category: "product_name", name: "SCALANCE M874-3 (6GK5874-3AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459102", }, }, ], category: "product_name", name: "SCALANCE M874-3 3G-Router (CN)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299133", }, }, ], category: "product_name", name: "SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459103", }, }, ], category: "product_name", name: "SCALANCE M876-3", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299134", }, }, ], category: "product_name", name: "SCALANCE M876-3 (6GK5876-3AA02-2BA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459104", }, }, ], category: "product_name", name: "SCALANCE M876-3 (ROK)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299135", }, }, ], category: "product_name", name: "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459105", }, }, ], category: "product_name", name: "SCALANCE M876-4", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299136", }, }, ], category: "product_name", name: "SCALANCE M876-4 (6GK5876-4AA10-2BA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459106", }, }, ], category: "product_name", name: "SCALANCE M876-4 (EU)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299137", }, }, ], category: "product_name", name: "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459107", }, }, ], category: "product_name", name: "SCALANCE M876-4 (NAM)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299138", }, }, ], category: "product_name", name: "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459108", }, }, ], category: "product_name", name: "SCALANCE MUB852-1 (A1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459109", }, }, ], category: "product_name", name: "SCALANCE MUB852-1 (B1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459110", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (A1)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299139", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459111", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (B1)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299140", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459112", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (EU)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299141", }, }, ], category: "product_name", name: "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459113", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (A1)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299142", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459114", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (B1)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299143", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459115", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (CN)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299144", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459116", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (EU)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299145", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459117", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (RoW)", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299146", }, }, ], category: "product_name", name: "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459118", }, }, ], category: "product_name", name: "SCALANCE S615 EEC LAN-Router", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299147", }, }, ], category: "product_name", name: "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.2.1", product: { name: "vers:unknown/<v8.2.1", product_id: "CSAFPID-2459119", }, }, ], category: "product_name", name: "SCALANCE S615 LAN-Router", }, { branches: [ { category: "product_version_range", name: "vers:all/<v8.2", product: { name: "vers:all/<v8.2", product_id: "CSAFPID-1299148", }, }, ], category: "product_name", name: "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459120", }, }, ], category: "product_name", name: "SCALANCE SC-600 family", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459042", }, }, ], category: "product_name", name: "SIMATIC Field PG M5", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v26.01.12", product: { name: "vers:unknown/<v26.01.12", product_id: "CSAFPID-2459077", }, }, ], category: "product_name", name: "SIMATIC Field PG M6", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v31.01.07", product: { name: "vers:unknown/<v31.01.07", product_id: "CSAFPID-2459043", }, }, ], category: "product_name", name: "SIMATIC IPC BX-21A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v29.01.07", product: { name: "vers:unknown/<v29.01.07", product_id: "CSAFPID-2459044", }, }, ], category: "product_name", name: "SIMATIC IPC BX-32A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v29.01.07", product: { name: "vers:unknown/<v29.01.07", product_id: "CSAFPID-2459045", }, }, ], category: "product_name", name: "SIMATIC IPC BX-39A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v32.01.04", product: { name: "vers:unknown/<v32.01.04", product_id: "CSAFPID-2459046", }, }, ], category: "product_name", name: "SIMATIC IPC BX-59A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v29.01.07", product: { name: "vers:unknown/<v29.01.07", product_id: "CSAFPID-2459047", }, }, ], category: "product_name", name: "SIMATIC IPC PX-32A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v29.01.07", product: { name: "vers:unknown/<v29.01.07", product_id: "CSAFPID-2459048", }, }, ], category: "product_name", name: "SIMATIC IPC PX-39A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v29.01.07", product: { name: "vers:unknown/<v29.01.07", product_id: "CSAFPID-2459049", }, }, ], category: "product_name", name: "SIMATIC IPC PX-39A PRO", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459050", }, }, ], category: "product_name", name: "SIMATIC IPC RC-543B", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459051", }, }, ], category: "product_name", name: "SIMATIC IPC RW-543A", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459052", }, }, ], category: "product_name", name: "SIMATIC IPC127E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459053", }, }, ], category: "product_name", name: "SIMATIC IPC227E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459054", }, }, ], category: "product_name", name: "SIMATIC IPC227G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459055", }, }, ], category: "product_name", name: "SIMATIC IPC277E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459056", }, }, ], category: "product_name", name: "SIMATIC IPC277G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459058", }, }, ], category: "product_name", name: "SIMATIC IPC3000 SMART V3", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459059", }, }, ], category: "product_name", name: "SIMATIC IPC327G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459060", }, }, ], category: "product_name", name: "SIMATIC IPC347G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459061", }, }, ], category: "product_name", name: "SIMATIC IPC377G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459062", }, }, ], category: "product_name", name: "SIMATIC IPC427E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459063", }, }, ], category: "product_name", name: "SIMATIC IPC477E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459064", }, }, ], category: "product_name", name: "SIMATIC IPC477E PRO", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459065", }, }, ], category: "product_name", name: "SIMATIC IPC527G", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v25.02.15", product: { name: "vers:unknown/<v25.02.15", product_id: "CSAFPID-2459066", }, }, ], category: "product_name", name: "SIMATIC IPC627E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v25.02.15", product: { name: "vers:unknown/<v25.02.15", product_id: "CSAFPID-2459067", }, }, ], category: "product_name", name: "SIMATIC IPC647E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v25.02.15", product: { name: "vers:unknown/<v25.02.15", product_id: "CSAFPID-2459068", }, }, ], category: "product_name", name: "SIMATIC IPC677E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v25.02.15", product: { name: "vers:unknown/<v25.02.15", product_id: "CSAFPID-2459069", }, }, ], category: "product_name", name: "SIMATIC IPC847E", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459070", }, }, ], category: "product_name", name: "SIMATIC ITP1000", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459057", }, }, ], category: "product_name", name: "SIMATIC IPC277G PRO", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2459093", }, }, ], category: "product_name", name: "SINAMICS S200", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v6.4.8", product: { name: "vers:unknown/<v6.4.8", product_id: "CSAFPID-2459089", }, }, { category: "product_version_range", name: "vers:unknown/<v6.4.9", product: { name: "vers:unknown/<v6.4.9", product_id: "CSAFPID-2459082", }, }, ], category: "product_name", name: "SiPass integrated AC5102 (ACC-G2)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/6.4.0", product: { name: "vers:unknown/6.4.0", product_id: "CSAFPID-2459482", }, }, { category: "product_version_range", name: "vers:unknown/6.4.1", product: { name: "vers:unknown/6.4.1", product_id: "CSAFPID-2459483", }, }, { category: "product_version_range", name: "vers:unknown/6.4.2", product: { name: "vers:unknown/6.4.2", product_id: "CSAFPID-2459484", }, }, { category: "product_version_range", name: "vers:unknown/6.4.3", product: { name: "vers:unknown/6.4.3", product_id: "CSAFPID-2459485", }, }, { category: "product_version_range", name: "vers:unknown/6.4.4", product: { name: "vers:unknown/6.4.4", product_id: "CSAFPID-2459486", }, }, { category: "product_version_range", name: "vers:unknown/6.4.5", product: { name: "vers:unknown/6.4.5", product_id: "CSAFPID-2459487", }, }, { category: "product_version_range", name: "vers:unknown/6.4.6", product: { name: "vers:unknown/6.4.6", product_id: "CSAFPID-2459488", }, }, { category: "product_version_range", name: "vers:unknown/6.4.7", product: { name: "vers:unknown/6.4.7", product_id: "CSAFPID-2459489", }, }, { category: "product_version_range", name: "vers:unknown/6.4.8", product: { name: "vers:unknown/6.4.8", product_id: "CSAFPID-2459490", }, }, ], category: "product_name", name: "SiPass integrated AC5102, SiPass integrated ACC-AP", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v6.4.8", product: { name: "vers:unknown/<v6.4.8", product_id: "CSAFPID-2459090", }, }, { category: "product_version_range", name: "vers:unknown/<v6.4.9", product: { name: "vers:unknown/<v6.4.9", product_id: "CSAFPID-2459083", }, }, ], category: "product_name", name: "SiPass integrated ACC-AP", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v14.3.0.13", product: { name: "vers:unknown/<v14.3.0.13", product_id: "CSAFPID-2459071", }, }, ], category: "product_name", name: "Teamcenter Visualization V14.3", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2312.0009", product: { name: "vers:unknown/<v2312.0009", product_id: "CSAFPID-2459072", }, }, ], category: "product_name", name: "Teamcenter Visualization V2312", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2406.0007", product: { name: "vers:unknown/<v2406.0007", product_id: "CSAFPID-2459073", }, }, ], category: "product_name", name: "Teamcenter Visualization V2406", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2412.0002", product: { name: "vers:unknown/<v2412.0002", product_id: "CSAFPID-2459074", }, }, ], category: "product_name", name: "Teamcenter Visualization V2412", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2302.0021", product: { name: "vers:unknown/<v2302.0021", product_id: "CSAFPID-2459075", }, }, ], category: "product_name", name: "Tecnomatix Plant Simulation V2302", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2404.0010", product: { name: "vers:unknown/<v2404.0010", product_id: "CSAFPID-2459076", }, }, ], category: "product_name", name: "Tecnomatix Plant Simulation V2404", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2024-1305", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-1305", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1305.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-1305", }, { cve: "CVE-2024-4877", product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-4877", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4877.json", }, ], title: "CVE-2024-4877", }, { cve: "CVE-2024-5594", cwe: { id: "CWE-117", name: "Improper Output Neutralization for Logs", }, notes: [ { category: "other", text: "Improper Output Neutralization for Logs", title: "CWE-117", }, { category: "other", text: "Improper Validation of Specified Type of Input", title: "CWE-1287", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-5594", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5594.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-5594", }, { cve: "CVE-2024-24974", cwe: { id: "CWE-923", name: "Improper Restriction of Communication Channel to Intended Endpoints", }, notes: [ { category: "other", text: "Improper Restriction of Communication Channel to Intended Endpoints", title: "CWE-923", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-24974", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24974.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-24974", }, { cve: "CVE-2024-27459", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-27459", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27459.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-27459", }, { cve: "CVE-2024-27903", cwe: { id: "CWE-283", name: "Unverified Ownership", }, notes: [ { category: "other", text: "Unverified Ownership", title: "CWE-283", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-27903", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27903.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-27903", }, { cve: "CVE-2024-28882", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-28882", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28882.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-28882", }, { cve: "CVE-2024-41046", product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-41046", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41046.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-41046", }, { cve: "CVE-2024-41049", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-41049", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41049.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-41049", }, { cve: "CVE-2024-41055", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-41055", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41055.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-41055", }, { cve: "CVE-2024-42154", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-42154", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42154.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-42154", }, { cve: "CVE-2024-42161", cwe: { id: "CWE-824", name: "Access of Uninitialized Pointer", }, notes: [ { category: "other", text: "Access of Uninitialized Pointer", title: "CWE-824", }, { category: "general", text: "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-42161", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42161.json", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-42161", }, { cve: "CVE-2024-42512", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, notes: [ { category: "other", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-42512", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42512.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-42512", }, { cve: "CVE-2024-42513", cwe: { id: "CWE-290", name: "Authentication Bypass by Spoofing", }, notes: [ { category: "other", text: "Authentication Bypass by Spoofing", title: "CWE-290", }, { category: "other", text: "Authentication Bypass by Primary Weakness", title: "CWE-305", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-42513", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42513.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-42513", }, { cve: "CVE-2024-52285", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-52285", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52285.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-52285", }, { cve: "CVE-2024-56181", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, notes: [ { category: "other", text: "Protection Mechanism Failure", title: "CWE-693", }, { category: "general", text: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-56181", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56181.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-56181", }, { cve: "CVE-2024-56182", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, notes: [ { category: "other", text: "Protection Mechanism Failure", title: "CWE-693", }, { category: "general", text: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-56182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56182.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-56182", }, { cve: "CVE-2024-56336", cwe: { id: "CWE-287", name: "Improper Authentication", }, notes: [ { category: "other", text: "Improper Authentication", title: "CWE-287", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2024-56336", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56336.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2024-56336", }, { cve: "CVE-2025-23384", cwe: { id: "CWE-187", name: "Partial String Comparison", }, notes: [ { category: "other", text: "Partial String Comparison", title: "CWE-187", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23384", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23384.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23384", }, { cve: "CVE-2025-23396", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23396", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23396.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23396", }, { cve: "CVE-2025-23397", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23397", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23397.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23397", }, { cve: "CVE-2025-23398", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23398.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23398", }, { cve: "CVE-2025-23399", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23399", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23399.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23399", }, { cve: "CVE-2025-23400", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23400", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23400.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23400", }, { cve: "CVE-2025-23401", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23401", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23401.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23401", }, { cve: "CVE-2025-23402", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-23402", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23402.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-23402", }, { cve: "CVE-2025-25266", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-25266", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25266.json", }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-25266", }, { cve: "CVE-2025-25267", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-25267", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25267.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-25267", }, { cve: "CVE-2025-27392", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27392", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27392.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27392", }, { cve: "CVE-2025-27393", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27393", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27393.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27393", }, { cve: "CVE-2025-27394", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27394", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27394.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27394", }, { cve: "CVE-2025-27395", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27395", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27395.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27395", }, { cve: "CVE-2025-27396", cwe: { id: "CWE-273", name: "Improper Check for Dropped Privileges", }, notes: [ { category: "other", text: "Improper Check for Dropped Privileges", title: "CWE-273", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27396", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27396.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27396", }, { cve: "CVE-2025-27397", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27397", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27397.json", }, ], title: "CVE-2025-27397", }, { cve: "CVE-2025-27398", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27398.json", }, ], title: "CVE-2025-27398", }, { cve: "CVE-2025-27438", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27438", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27438.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27438", }, { cve: "CVE-2025-27493", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27493", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27493.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27493", }, { cve: "CVE-2025-27494", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Authentication", title: "CWE-287", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, references: [ { category: "self", summary: "CVE-2025-27494", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27494.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2459094", "CSAFPID-1299123", "CSAFPID-2459095", "CSAFPID-1299124", "CSAFPID-2459491", "CSAFPID-2459084", "CSAFPID-2459096", "CSAFPID-1299125", "CSAFPID-1299126", "CSAFPID-1299127", "CSAFPID-2459097", "CSAFPID-1299128", "CSAFPID-1299129", "CSAFPID-2459098", "CSAFPID-2459099", "CSAFPID-1299130", "CSAFPID-2459100", "CSAFPID-1299131", "CSAFPID-2459101", "CSAFPID-1299132", "CSAFPID-2459102", "CSAFPID-1299133", "CSAFPID-2459103", "CSAFPID-1299134", "CSAFPID-2459104", "CSAFPID-1299135", "CSAFPID-2459105", "CSAFPID-1299136", "CSAFPID-2459106", "CSAFPID-1299137", "CSAFPID-2459107", "CSAFPID-1299138", "CSAFPID-2459108", "CSAFPID-2459109", "CSAFPID-2459110", "CSAFPID-1299139", "CSAFPID-2459111", "CSAFPID-1299140", "CSAFPID-2459112", "CSAFPID-1299141", "CSAFPID-2459113", "CSAFPID-1299142", "CSAFPID-2459114", "CSAFPID-1299143", "CSAFPID-2459115", "CSAFPID-1299144", "CSAFPID-2459116", "CSAFPID-1299145", "CSAFPID-2459117", "CSAFPID-1299146", "CSAFPID-2459118", "CSAFPID-1299147", "CSAFPID-2459119", "CSAFPID-1299148", "CSAFPID-2459120", "CSAFPID-2459042", "CSAFPID-2459077", "CSAFPID-2459043", "CSAFPID-2459044", "CSAFPID-2459045", "CSAFPID-2459046", "CSAFPID-2459047", "CSAFPID-2459048", "CSAFPID-2459049", "CSAFPID-2459050", "CSAFPID-2459051", "CSAFPID-2459052", "CSAFPID-2459053", "CSAFPID-2459054", "CSAFPID-2459055", "CSAFPID-2459056", "CSAFPID-2459058", "CSAFPID-2459059", "CSAFPID-2459060", "CSAFPID-2459061", "CSAFPID-2459062", "CSAFPID-2459063", "CSAFPID-2459064", "CSAFPID-2459065", "CSAFPID-2459066", "CSAFPID-2459067", "CSAFPID-2459068", "CSAFPID-2459069", "CSAFPID-2459070", "CSAFPID-2459057", "CSAFPID-2459093", "CSAFPID-2459089", "CSAFPID-2459082", "CSAFPID-2459482", "CSAFPID-2459483", "CSAFPID-2459484", "CSAFPID-2459485", "CSAFPID-2459486", "CSAFPID-2459487", "CSAFPID-2459488", "CSAFPID-2459489", "CSAFPID-2459490", "CSAFPID-2459090", "CSAFPID-2459083", "CSAFPID-2459071", "CSAFPID-2459072", "CSAFPID-2459073", "CSAFPID-2459074", "CSAFPID-2459075", "CSAFPID-2459076", ], }, ], title: "CVE-2025-27494", }, ], }
fkie_cve-2024-4877
Vulnerability from fkie_nvd
Published
2025-04-03 16:15
Modified
2025-04-07 14:18
Severity ?
Summary
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges", }, { lang: "es", value: "Las versiones 2.4.0 a 2.6.10 de OpenVPN en Windows permiten que un proceso externo con menos privilegios cree una tubería con nombre a la que se conectaría el componente GUI de OpenVPN, lo que le permitiría escalar sus privilegios.", }, ], id: "CVE-2024-4877", lastModified: "2025-04-07T14:18:34.453", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-04-03T16:15:32.840", references: [ { source: "security@openvpn.net", url: "https://community.openvpn.net/openvpn/wiki/CVE-2024-4877", }, { source: "security@openvpn.net", url: "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html", }, ], sourceIdentifier: "security@openvpn.net", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-268", }, ], source: "security@openvpn.net", type: "Secondary", }, ], }
ghsa-c26r-vw7p-2m7h
Vulnerability from github
Published
2025-04-03 18:30
Modified
2025-04-04 15:31
Severity ?
Details
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges
{ affected: [], aliases: [ "CVE-2024-4877", ], database_specific: { cwe_ids: [ "CWE-268", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2025-04-03T16:15:32Z", severity: "HIGH", }, details: "OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges", id: "GHSA-c26r-vw7p-2m7h", modified: "2025-04-04T15:31:15Z", published: "2025-04-03T18:30:58Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4877", }, { type: "WEB", url: "https://community.openvpn.net/openvpn/wiki/CVE-2024-4877", }, { type: "WEB", url: "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.