Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
ConnectWise ScreenConnect
https://www.connectwise.com/company/trust/security-bulletins/connectwis… (10.0-8.4)
Arista CloudVision Portal Virtual Appliances on AWS/GCP
https://www.arista.com/en/support/advisories-notices/security-advisory/… (9.8)
Dell Enterprise SONiC OS
https://nvd.nist.gov/vuln/detail/CVE-2023-32484 (9.8)
Dell SmartFabric OS10
https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-securit… (9.8-9.1)
SolarWinds Access Rights Manager (ARM)
https://nvd.nist.gov/vuln/detail/CVE-2024-23476 (9.6)
https://nvd.nist.gov/vuln/detail/CVE-2024-23477 (9.6)
https://nvd.nist.gov/vuln/detail/CVE-2024-23479 (9.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-40057 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2024-23478 (8.0)
VMware Enhanced Authentication Plug-in (EAP) (end of life)
https://www.vmware.com/security/advisories/VMSA-2024-0003.html (9.6-7.8)
Dell OpenManage Integration with Microsoft Windows Admin Center
https://www.dell.com/support/kbdoc/nl-nl/000222075/dsa-2024-084-securit… (8.8)
F5 iControl REST
https://nvd.nist.gov/vuln/detail/CVE-2024-22093 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-22389 (7.2)
Atlassian Confluence Data Center and Server
https://nvd.nist.gov/vuln/detail/CVE-2024-21678 (8.5)
Zyxel ATP / USG FLEX / USG FLEX 50(W) / USG20(W)-VPN / USG FLEX H
https://www.zyxel.com/global/en/support/security-advisories/zyxel-secur… (8.1-5.7)
Grafana
https://nvd.nist.gov/vuln/detail/CVE-2023-5123 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-5122 (5.0)
Unbound
https://nvd.nist.gov/vuln/detail/CVE-2024-1488 (8.0)
F5 BIG-IP (all modules)
https://nvd.nist.gov/vuln/detail/CVE-2024-23979 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-24775 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-23976 (6.0)
F5 BIG-IP (all modules) / BIG-IP Next SPK
https://nvd.nist.gov/vuln/detail/CVE-2024-23314 (7.5)
F5 BIG-IP AFM
https://nvd.nist.gov/vuln/detail/CVE-2024-21763 (7.5)
F5 BIG-IP AFM IPS
https://nvd.nist.gov/vuln/detail/CVE-2024-21771 (7.5)
F5 BIG-IP Advanced WAF/ASM
https://nvd.nist.gov/vuln/detail/CVE-2024-21789 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21849 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-23308 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-23805 (7.5)
F5 BIG-IP PEM
https://nvd.nist.gov/vuln/detail/CVE-2024-23982 (7.5)
F5 NGINX Plus / Open Source
https://nvd.nist.gov/vuln/detail/CVE-2024-24989 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-24990 (7.5)
IBM Storage Scale Container Native Storage Access
https://nvd.nist.gov/vuln/detail/CVE-2022-41738 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-41737 (7.1)
Spring Security
https://nvd.nist.gov/vuln/detail/CVE-2024-22234 (7.4)
Dell RecoverPoint for Virtual Machines
https://nvd.nist.gov/vuln/detail/CVE-2024-22426 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2024-22425 (6.5)
Fortinet FortiClientEMS
https://nvd.nist.gov/vuln/detail/CVE-2023-45581 (7.2)
GitHub Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2024-1482 (7.1)
Bhyve
https://nvd.nist.gov/vuln/detail/CVE-2024-25940 (n/a)
FreeBSD Jails
https://nvd.nist.gov/vuln/detail/CVE-2024-25941 (n/a)
QEMU
https://nvd.nist.gov/vuln/detail/CVE-2024-26327 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2024-26328 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2024-24474 (n/a)
Medium
Palo Alto Networks PAN-OS
https://nvd.nist.gov/vuln/detail/CVE-2024-0007 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-0008 (6.6)
https://nvd.nist.gov/vuln/detail/CVE-2024-0009 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-0010 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-0011 (4.3)
F5 BIG-IP / BIG-IQ
https://nvd.nist.gov/vuln/detail/CVE-2024-21782 (6.7)
LXD
https://nvd.nist.gov/vuln/detail/CVE-2023-49721 (6.7)
VMware Aria Operations (voorheen vRealize Operations) / Cloud Foundation
https://nvd.nist.gov/vuln/detail/CVE-2024-22235 (6.7)
Helm
https://nvd.nist.gov/vuln/detail/CVE-2024-25620 (6.4)
F5 F5OS
https://nvd.nist.gov/vuln/detail/CVE-2024-24966 (6.2)
https://nvd.nist.gov/vuln/detail/CVE-2024-23607 (5.5)
Cilium
https://nvd.nist.gov/vuln/detail/CVE-2024-25630 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-25631 (6.1)
Dell Secure Connect Gateway Application / Secure Connect Gateway Appliance
https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-securit… (5.4)
NetApp SnapCenter
https://nvd.nist.gov/vuln/detail/CVE-2024-21987 (5.4)
OpenShift
https://nvd.nist.gov/vuln/detail/CVE-2024-1342 (5.4)
IBM Cloud Pak for Security
https://nvd.nist.gov/vuln/detail/CVE-2024-22335 (5.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-22336 (5.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-22337 (5.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-50951 (4.0)
Fortinet FortiManager / FortiAnalyzer / FortiAnalyzer-BigData
https://nvd.nist.gov/vuln/detail/CVE-2023-44253 (5.0)
Fortinet FortiNAC
https://nvd.nist.gov/vuln/detail/CVE-2023-44253 (5.0)
F5 BIG-IP Next CNF
https://nvd.nist.gov/vuln/detail/CVE-2024-23306 (4.4)
Linux Kernel Netfilter
https://nvd.nist.gov/vuln/detail/CVE-2024-26581 (n/a)