Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Microsoft Azure Managed Instance for Apache Cassandra
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38175 (9.6)
GitHub Enterprise Server
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14 (9.5-5.3)
F5 BIG-IP Next Central Manager
https://my.f5.com/manage/s/article/K000140111 (8.9)
https://my.f5.com/manage/s/article/K000139938 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-41719 (5.1)
F5 BIG-IP HSB
https://my.f5.com/manage/s/article/K05710614 (8.7)
F5 BIG-IP TMM
https://my.f5.com/manage/s/article/K000138833 (8.7)
F5 NGINX Plus
https://nvd.nist.gov/vuln/detail/CVE-2024-39792 (8.7)
Zoom Workplace Apps / Rooms Clients
https://www.zoom.com/en/trust/security-bulletin/zsb-24022/ (8.5)
F5 BIG-IP MPTCP
https://my.f5.com/manage/s/article/K000138477 (8.2)
OpenBMC
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html (8.1-5.9)
Atlassian Bamboo Data Center and Server
https://confluence.atlassian.com/security/security-bulletin-august-20-2024-1431535667.html (7.6-7.5)
Dell SupportAssist for Home PCs
https://www.dell.com/support/kbdoc/en-us/000227899/dsa-2024-312-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability (7.3)
Atlassian Confluence Data Center and Server
https://confluence.atlassian.com/security/security-bulletin-august-20-2024-1431535667.html (7.5-7.1)
Palo Alto Networks Cortex XSOAR
https://security.paloaltonetworks.com/CVE-2024-5914 (7.0)
https://security.paloaltonetworks.com/CVE-2024-5916 (6.0)
https://security.paloaltonetworks.com/CVE-2024-5915 (5.2)
Medium
Cilium
https://nvd.nist.gov/vuln/detail/CVE-2024-42488 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-42486 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2024-42487 (4.0)
Zoom Workplace Desktop App for macOS / Zoom Meeting SDK for macOS
https://www.zoom.com/en/trust/security-bulletin/zsb-24032/ (6.5)
JetBrains TeamCity
https://nvd.nist.gov/vuln/detail/CVE-2024-43809 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-43810 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2024-43808 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2024-43807 (5.4)
Palo Alto Networks PAN-OS
https://nvd.nist.gov/vuln/detail/CVE-2024-5916 (6.0)
Dell Client Platform BIOS
https://www.dell.com/support/kbdoc/en-us/000225776/dsa-2024-260 (5.8)
HashiCorp Nomad / Nomad Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2024-7625 (5.8)
F5 NGINX Open Source / NGINX Plus
https://nvd.nist.gov/vuln/detail/CVE-2024-7347 (5.7)
Linux kernel netfilter
https://nvd.nist.gov/vuln/detail/CVE-2024-42268 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-42269 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-42270 (5.5)
Open-Xchange App Suite
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6277_7.10.6_2024-05-06.pdf (5.5-5.4)
Grafana
https://grafana.com/blog/2024/08/14/grafana-security-release-medium-severity-security-fix-for-cve-2024-6837/ (5.4)
F5 BIG-IP iControl REST
https://nvd.nist.gov/vuln/detail/CVE-2024-41723 (5.3)
Palo Alto Networks GlobalProtect
https://security.paloaltonetworks.com/CVE-2024-5915 (5.2)
F5 BIG-IP
https://my.f5.com/manage/s/article/K000140711 (4.4)
Grafana
https://github.com/advisories/GHSA-hh8p-374f-qgr5 (4.4)
VMware Tanzu Spring Framework
https://spring.io/blog/2024/08/14/spring-framework-releases-fixes-for-cve-2024-38808-and-cve-2024-38809 (n/a)
Xen
https://xenbits.xen.org/xsa/advisory-460.html (n/a)
https://xenbits.xen.org/xsa/advisory-461.html (n/a)