Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Grafana
https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/ (9.9)
SolarWinds Web Help Desk
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28988 (9.8)
Trend Micro Cloud Edge
https://nvd.nist.gov/vuln/detail/CVE-2024-48904 (9.8)
Ivanti Connect Secure / Policy Secure
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-and-Policy-Secure-CVE-2024-37404?language=en_US (9.1)
VMware HCX
https://nvd.nist.gov/vuln/detail/CVE-2024-38814 (8.8)
GitLab (CE) / (EE)
https://about.gitlab.com/releases/2024/10/23/patch-release-gitlab-17-5-1-released/ (8.7-6.5)
F5 BIG-IP
https://my.f5.com/manage/s/article/K000141302 (8.6)
https://my.f5.com/manage/s/article/K000141080 (4.8)
Cisco ATA
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy (8.2-6.0)
Dell OpenManage Enterprise
https://www.dell.com/support/kbdoc/en-us/000237300/dsa-2024-426-security-update-for-dell-openmanage-enterprise-vulnerabilities (8.0-4.3)
Acronis Cyber Files
https://nvd.nist.gov/vuln/detail/CVE-2024-49389 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-49390 (7.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-49392 (4.8)
Trend Micro Apex One
https://www.zerodayinitiative.com/advisories/ZDI-22-1620/ (7.8)
Trend Micro Deep Security
https://success.trendmicro.com/en-US/solution/KA-0017997 (7.8)
Oracle VM VirtualBox
https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixOVIR (7.5-5.3)
SolarWinds Platform
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-45715 (7.1)
Medium
Red Hat OpenShift Container Platform
https://nvd.nist.gov/vuln/detail/CVE-2024-50311 (6.5)
Cisco UCS Central Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsc-bkpsky-TgJ5f73J (6.3)
Cisco Unified Contact Center Management Portal (Unified CCMP)
https://nvd.nist.gov/vuln/detail/CVE-2024-20512 (6.1)
Dell Secure Connect Gateway
https://www.dell.com/support/kbdoc/en-us/000237211/dsa-2024-407-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities (5.5-4.6)
Zyxel USG FLEX H series uOS
https://nvd.nist.gov/vuln/detail/CVE-2024-9677 (5.5)
SolarWinds Kiwi CatTools
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-45713 (5.1)
F5 BIG-IQ
https://my.f5.com/manage/s/article/K000141302 (4.8)
Cilium
https://nvd.nist.gov/vuln/detail/CVE-2024-47825 (4.0)
Linux Kernel Netfilter
https://nvd.nist.gov/vuln/detail/CVE-2024-50045 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-48976 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-48974 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2024-50038 (n/a)
Zimbra Collaboration
https://nvd.nist.gov/vuln/detail/CVE-2024-45518 (n/a)