Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Ivanti Connect Secure / Ivanti Policy Secure
https://nvd.nist.gov/vuln/detail/CVE-2024-21894 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-22053 (8.2)
https://nvd.nist.gov/vuln/detail/CVE-2024-22052 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-22023 (5.3)
Fortinet FortiClientLinux
https://nvd.nist.gov/vuln/detail/CVE-2023-45590 (9.6)
Microsoft Azure
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0160 (9.0-5.5)
Fortinet FortiSandbox
https://www.fortiguard.com/psirt/FG-IR-23-489 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-23671 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-47540 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-47541 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-31487 (5.9)
Microsoft Windows
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0158 (8.8-4.3)
IBM Security Verify Access / Application Gateway
https://nvd.nist.gov/vuln/detail/CVE-2024-28787 (8.7)
Broadcom Brocade Fabric OS
https://nvd.nist.gov/vuln/detail/CVE-2023-3454 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-5973 (4.3)
Fortinet FortiClientMac installer
https://www.fortiguard.com/psirt/FG-IR-23-345 (7.8)
Cisco Nexus Dashboard
https://nvd.nist.gov/vuln/detail/CVE-2024-20281 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-20282 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2024-20283 (4.3)
Cisco Nexus Dashboard Fabric Controller (NDFC)
https://nvd.nist.gov/vuln/detail/CVE-2024-20348 (7.5)
Envoy Proxy
https://nvd.nist.gov/vuln/detail/CVE-2024-27919 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-30255 (5.3)
Fortinet FortiProxy / FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2023-41677 (7.5)
Apache CloudStack
https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp (critical-medium)
Xen
https://xenbits.xenproject.org/xsa/advisory-454.html
https://xenbits.xenproject.org/xsa/advisory-455.html
Medium
Devolutions Server / Remote Desktop Manager
https://devolutions.net/security/advisories/DEVO-2024-0006 (6.8)
Fortinet FortiManager
https://nvd.nist.gov/vuln/detail/CVE-2023-47542 (6.7)
Fortinet FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2023-48784 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-23662 (5.3)
Cisco Identity Services Engine (ISE)
https://nvd.nist.gov/vuln/detail/CVE-2024-20368 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-20332 (5.5)
Red Hat KubeVirt
https://nvd.nist.gov/vuln/detail/CVE-2024-31420 (6.5)
Hashicorp Vault / Vault Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2024-2660 (6.4)
Cisco Small Business RV016 / RV042 / RV042G / RV082 / RV320 / RV325 Routers
https://nvd.nist.gov/vuln/detail/CVE-2024-20362 (6.1)
Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P)
https://nvd.nist.gov/vuln/detail/CVE-2024-20310 (6.1)
Open-Xchange App Suite
https://nvd.nist.gov/vuln/detail/CVE-2024-23192 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-23189 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2024-23190 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2024-23191 (5.4)
Zoom Desktop Client for Windows
https://nvd.nist.gov/vuln/detail/CVE-2024-24694 (5.9)
Cisco TelePresence Management Suite (TMS)
https://nvd.nist.gov/vuln/detail/CVE-2024-20334 (5.5)
Cisco Enterprise Chat and Email (ECE)
https://nvd.nist.gov/vuln/detail/CVE-2024-20367 (5.4)
Cisco Nexus Dashboard Orchestrator (NDO)
https://nvd.nist.gov/vuln/detail/CVE-2024-20302 (5.4)
HCL BigFix Inventory server
https://nvd.nist.gov/vuln/detail/CVE-2024-23540 (5.3)
Checkmk
https://nvd.nist.gov/vuln/detail/CVE-2024-2380 (4.6)
Red Hat OpenShift Virtualization
https://nvd.nist.gov/vuln/detail/CVE-2024-31419 (4.3)
Zoom Desktop Client for Linux
https://nvd.nist.gov/vuln/detail/CVE-2024-27242 (4.1)
Linux Kernel Netfilter
https://nvd.nist.gov/vuln/detail/CVE-2024-26808 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2024-26809 (n/a)