Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Tinyproxy
https://nvd.nist.gov/vuln/detail/CVE-2023-49606 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-40533 (5.9)
Jenkins Git server Plugin / Subversion Partial Release Manager Plugin / Script Security Plugin
https://www.jenkins.io/security/advisory/2024-05-02/ (8.8-3.3)
Veeam Service Provider Console
https://www.veeam.com/kb4575 (8.8)
Brocade SANnav
https://nvd.nist.gov/vuln/detail/CVE-2024-2860 (7.8)
Pulse Secure Client
https://nvd.nist.gov/vuln/detail/CVE-2023-34298 (7.8)
Tunnelvision kwetsbaarheid
https://nvd.nist.gov/vuln/detail/CVE-2024-3661 (7.6)
Cisco IP Phone
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS?vs_f=Cisco (7.5-5.9)
Red Hat OpenStack Platform
https://nvd.nist.gov/vuln/detail/CVE-2024-4436 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-4437 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-4438 (7.5)
Suricata
https://nvd.nist.gov/vuln/detail/CVE-2024-32663 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-32664 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-32867 (5.3)
Citrix Netscaler ADC / Gateway
https://bishopfox.com/blog/netscaler-adc-and-gateway-advisory (n/a)
kubevirt
https://nvd.nist.gov/vuln/detail/CVE-2024-33394 (n/a)
Nagios XI
https://nvd.nist.gov/vuln/detail/CVE-2024-33775 (n/a)
Medium
VMware Avi Load Balancer
https://nvd.nist.gov/vuln/detail/CVE-2024-22264 (7.2)
Veritas NetBackup
https://nvd.nist.gov/vuln/detail/CVE-2024-34404 (6.8)
HCL Bigfix
https://nvd.nist.gov/vuln/detail/CVE-2024-23551 (6.5)
Libvirt
https://nvd.nist.gov/vuln/detail/CVE-2024-4418 (6.2)
Broadcom Brocade Fabric OS
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226 (5.9)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227 (4.3)
IBM Cloud Pak for Security
https://nvd.nist.gov/vuln/detail/CVE-2022-38386 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2023-47727 (4.3)
SolarWinds Serv-U
https://nvd.nist.gov/vuln/detail/CVE-2024-28072 (5.7)
Octopus Server
https://nvd.nist.gov/vuln/detail/CVE-2024-4456 (4.1)
Jitsi Meet
https://nvd.nist.gov/vuln/detail/CVE-2024-33530 (n/a)
Linux Kernel Netfilter
https://nvd.nist.gov/vuln/detail/CVE-2024-27064 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2024-27065 (n/a)