Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-53382 (GCVE-0-2024-53382)
Vulnerability from cvelistv5
Published
2025-03-03 00:00
Modified
2025-03-03 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
References
| ► | URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53382",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T21:52:57.337439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T21:53:33.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Prism",
"vendor": "PrismJS",
"versions": [
{
"lessThanOrEqual": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prismjs:prism:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T06:36:55.825Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
},
{
"url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-53382",
"datePublished": "2025-03-03T00:00:00.000Z",
"dateReserved": "2024-11-20T00:00:00.000Z",
"dateUpdated": "2025-03-03T21:53:33.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-53382\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-03-03T07:15:33.397\",\"lastModified\":\"2025-06-27T13:08:24.660\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.\"},{\"lang\":\"es\",\"value\":\"Prism (tambi\u00e9n conocido como PrismJS) hasta la versi\u00f3n 1.29.0 permite el DOM Clobbering (con el consiguiente XSS para entradas no confiables que contienen HTML pero no contienen directamente JavaScript), porque la b\u00fasqueda de document.currentScript puede ser ocultada por elementos HTML inyectados por un atacante.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:prismjs:prism:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"1.29.0\",\"matchCriteriaId\":\"D9B99D59-D970-4A13-9526-394BA7C0E81D\"}]}]}],\"references\":[{\"url\":\"https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"Patch\"]},{\"url\":\"https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unknown\", \"product\": \"Prism\", \"vendor\": \"PrismJS\", \"versions\": [{\"lessThanOrEqual\": \"1.29.0\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.\"}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-03-03T06:36:55.825Z\"}, \"references\": [{\"url\": \"https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660\"}, {\"url\": \"https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N\"}}], \"cpeApplicability\": [{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:prismjs:prism:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.29.0\"}]}]}]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-53382\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-03T21:52:57.337439Z\"}}}], \"references\": [{\"url\": \"https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-03T21:53:13.145Z\"}}]}",
"cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2024-53382\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"assignerShortName\": \"mitre\", \"dateUpdated\": \"2025-03-03T21:53:33.210Z\", \"dateReserved\": \"2024-11-20T00:00:00.000Z\", \"datePublished\": \"2025-03-03T00:00:00.000Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
ncsc-2025-0123
Vulnerability from csaf_ncscnl
Published
2025-04-16 08:37
Modified
2025-04-16 08:37
Summary
Kwetsbaarheden verholpen in Oracle Database Producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores variërend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-385
Covert Timing Channel
CWE-347
Improper Verification of Cryptographic Signature
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-400
Uncontrolled Resource Consumption
CWE-502
Deserialization of Untrusted Data
CWE-918
Server-Side Request Forgery (SSRF)
CWE-787
Out-of-bounds Write
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-44
Path Equivalence: 'file.name' (Internal Dot)
CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-755
Improper Handling of Exceptional Conditions
CWE-178
Improper Handling of Case Sensitivity
CWE-193
Off-by-one Error
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-523
Unprotected Transport of Credentials
CWE-190
Integer Overflow or Wraparound
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-285
Improper Authorization
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-284
Improper Access Control
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476
NULL Pointer Dereference
CWE-459
Incomplete Cleanup
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-269
Improper Privilege Management
CWE-287
Improper Authentication
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores vari\u00ebrend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Path Equivalence: \u0027file.name\u0027 (Internal Dot)",
"title": "CWE-44"
},
{
"category": "general",
"text": "Sensitive Information in Resource Not Removed Before Reuse",
"title": "CWE-226"
},
{
"category": "general",
"text": "Use of Incorrectly-Resolved Name or Reference",
"title": "CWE-706"
},
{
"category": "general",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Off-by-one Error",
"title": "CWE-193"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Unprotected Transport of Credentials",
"title": "CWE-523"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"title": "CWE-614"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database Producten",
"tracking": {
"current_release_date": "2025-04-16T08:37:39.412900Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0123",
"initial_release_date": "2025-04-16T08:37:39.412900Z",
"revision_history": [
{
"date": "2025-04-16T08:37:39.412900Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/22.1",
"product": {
"name": "vers:unknown/22.1",
"product_id": "CSAFPID-1304603"
}
}
],
"category": "product_name",
"name": "Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/13.5.0.0",
"product": {
"name": "vers:unknown/13.5.0.0",
"product_id": "CSAFPID-1201359"
}
}
],
"category": "product_name",
"name": "Enterprise Manager for Oracle Database"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product": {
"name": "vers:unknown/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product_id": "CSAFPID-2698376"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/\u003e=21.3|\u003c=21.17",
"product": {
"name": "vers:unknown/\u003e=21.3|\u003c=21.17",
"product_id": "CSAFPID-2698377"
}
}
],
"category": "product_name",
"name": "GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/23.1",
"product": {
"name": "vers:oracle/23.1",
"product_id": "CSAFPID-1238473"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2.0",
"product": {
"name": "vers:unknown/2.0",
"product_id": "CSAFPID-1237753"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/20.2",
"product": {
"name": "vers:unknown/20.2",
"product_id": "CSAFPID-1238475"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/23.1",
"product": {
"name": "vers:unknown/23.1",
"product_id": "CSAFPID-1296375"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/none",
"product": {
"name": "vers:unknown/none",
"product_id": "CSAFPID-1237603"
}
}
],
"category": "product_name",
"name": "Big Data Spatial and Graph"
}
],
"category": "product_family",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.3|\u003c=19.22",
"product": {
"name": "vers:oracle/\u003e=19.3|\u003c=19.22",
"product_id": "CSAFPID-1145825"
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3|\u003c=21.13",
"product": {
"name": "vers:oracle/\u003e=21.3|\u003c=21.13",
"product_id": "CSAFPID-1145826"
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.3|\u003c=19.26",
"product": {
"name": "vers:oracle/\u003e=19.3|\u003c=19.26",
"product_id": "CSAFPID-2698969",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product": {
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product_id": "CSAFPID-2698968",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.4|\u003c=21.16",
"product": {
"name": "vers:oracle/\u003e=21.4|\u003c=21.16",
"product_id": "CSAFPID-1839905",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product": {
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product_id": "CSAFPID-2698934",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
}
],
"category": "product_family",
"name": "Oracle Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/13.5.0.0",
"product": {
"name": "vers:oracle/13.5.0.0",
"product_id": "CSAFPID-1144644"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Manager for Oracle Database"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/1.5.0",
"product": {
"name": "vers:oracle/1.5.0",
"product_id": "CSAFPID-2699002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/1.6.0",
"product": {
"name": "vers:oracle/1.6.0",
"product_id": "CSAFPID-2699003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/1.6.1",
"product": {
"name": "vers:oracle/1.6.1",
"product_id": "CSAFPID-2699004",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.6.1:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle NoSQL Database"
}
],
"category": "product_family",
"name": "Oracle NoSQL Database"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=22.1.1.1.0|\u003c=22.1.1.30.0",
"product": {
"name": "vers:oracle/\u003e=22.1.1.1.0|\u003c=22.1.1.30.0",
"product_id": "CSAFPID-2699053",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle TimesTen In-Memory Database"
}
],
"category": "product_family",
"name": "Oracle TimesTen In-Memory Database"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/25.1.0",
"product": {
"name": "vers:oracle/25.1.0",
"product_id": "CSAFPID-2698932",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/25.2.0",
"product": {
"name": "vers:oracle/25.2.0",
"product_id": "CSAFPID-2698931",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.8.0|\u003c=23.11.0",
"product": {
"name": "vers:oracle/\u003e=23.8.0|\u003c=23.11.0",
"product_id": "CSAFPID-2698930",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=24.1.0|\u003c=24.11.0",
"product": {
"name": "vers:oracle/\u003e=24.1.0|\u003c=24.11.0",
"product_id": "CSAFPID-2698933",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Autonomous Health Framework"
}
],
"category": "product_family",
"name": "Oracle Autonomous Health Framework"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/21.7.1.0.0",
"product": {
"name": "vers:oracle/21.7.1.0.0",
"product_id": "CSAFPID-2698943",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.7.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Essbase"
}
],
"category": "product_family",
"name": "Oracle Essbase"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.10",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.10",
"product_id": "CSAFPID-2698949",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "GoldenGate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
"product_id": "CSAFPID-2698941",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product": {
"name": "vers:oracle/\u003e=21.3|\u003c=21.17",
"product_id": "CSAFPID-2698942",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product": {
"name": "vers:oracle/\u003e=23.4|\u003c=23.7",
"product_id": "CSAFPID-2699022",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.7:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.18",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.18",
"product_id": "CSAFPID-1839977",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=21.3.0.0.0|\u003c=21.16.0.0.0",
"product": {
"name": "vers:oracle/\u003e=21.3.0.0.0|\u003c=21.16.0.0.0",
"product_id": "CSAFPID-1840034",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=23.4|\u003c=23.6",
"product": {
"name": "vers:oracle/\u003e=23.4|\u003c=23.6",
"product_id": "CSAFPID-1840035",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle GoldenGate Big Data and Application Adapters"
}
],
"category": "product_family",
"name": "Oracle GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.7",
"product": {
"name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.7",
"product_id": "CSAFPID-1144602"
}
}
],
"category": "product_name",
"name": "Oracle GoldenGate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003c23.1",
"product": {
"name": "vers:oracle/\u003c23.1",
"product_id": "CSAFPID-1145800"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/2.0",
"product": {
"name": "vers:unknown/2.0",
"product_id": "CSAFPID-356315",
"product_identification_helper": {
"cpe": "cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/23.1",
"product": {
"name": "vers:unknown/23.1",
"product_id": "CSAFPID-356152"
}
}
],
"category": "product_name",
"name": "Big Data Spatial and Graph"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/23.4.3",
"product": {
"name": "vers:oracle/23.4.3",
"product_id": "CSAFPID-2699065",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/24.3.0",
"product": {
"name": "vers:oracle/24.3.0",
"product_id": "CSAFPID-2699066",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/23.4.4",
"product": {
"name": "vers:oracle/23.4.4",
"product_id": "CSAFPID-1840017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/24.4.0",
"product": {
"name": "vers:oracle/24.4.0",
"product_id": "CSAFPID-1840013",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Graph Server and Client"
}
],
"category": "product_family",
"name": "Oracle Graph Server and Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003c=22.4.7",
"product": {
"name": "vers:oracle/\u003c=22.4.7",
"product_id": "CSAFPID-1145419",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003c=23.4.2",
"product": {
"name": "vers:oracle/\u003c=23.4.2",
"product_id": "CSAFPID-1145421",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003c=24.1.0",
"product": {
"name": "vers:oracle/\u003c=24.1.0",
"product_id": "CSAFPID-1145422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Graph Server and Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/3.0.6",
"product": {
"name": "vers:oracle/3.0.6",
"product_id": "CSAFPID-1145420",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Big Data Spatial and Graph"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.1.0.1",
"product": {
"name": "vers:oracle/12.1.0.1",
"product_id": "CSAFPID-2699109",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/12.1.0.2",
"product": {
"name": "vers:oracle/12.1.0.2",
"product_id": "CSAFPID-2699107",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/12.1.0.3",
"product": {
"name": "vers:oracle/12.1.0.3",
"product_id": "CSAFPID-2699106",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/18.1.0.0",
"product": {
"name": "vers:oracle/18.1.0.0",
"product_id": "CSAFPID-2699110",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/18.1.0.1",
"product": {
"name": "vers:oracle/18.1.0.1",
"product_id": "CSAFPID-2698972",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/18.1.0.2",
"product": {
"name": "vers:oracle/18.1.0.2",
"product_id": "CSAFPID-2699108",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Secure Backup"
}
],
"category": "product_family",
"name": "Oracle Secure Backup"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/19.3|\u003c=19.26",
"product": {
"name": "vers:semver/19.3|\u003c=19.26",
"product_id": "CSAFPID-2698485"
}
},
{
"category": "product_version_range",
"name": "vers:semver/21.3|\u003c=21.17",
"product": {
"name": "vers:semver/21.3|\u003c=21.17",
"product_id": "CSAFPID-2698486"
}
},
{
"category": "product_version_range",
"name": "vers:semver/23.4|\u003c=23.7",
"product": {
"name": "vers:semver/23.4|\u003c=23.7",
"product_id": "CSAFPID-2698487"
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/12.1.0.1",
"product": {
"name": "vers:semver/12.1.0.1",
"product_id": "CSAFPID-2698463"
}
},
{
"category": "product_version_range",
"name": "vers:semver/12.1.0.2",
"product": {
"name": "vers:semver/12.1.0.2",
"product_id": "CSAFPID-2698464"
}
},
{
"category": "product_version_range",
"name": "vers:semver/12.1.0.3",
"product": {
"name": "vers:semver/12.1.0.3",
"product_id": "CSAFPID-2698465"
}
},
{
"category": "product_version_range",
"name": "vers:semver/18.1.0.0",
"product": {
"name": "vers:semver/18.1.0.0",
"product_id": "CSAFPID-2698466"
}
},
{
"category": "product_version_range",
"name": "vers:semver/18.1.0.1",
"product": {
"name": "vers:semver/18.1.0.1",
"product_id": "CSAFPID-2698467"
}
},
{
"category": "product_version_range",
"name": "vers:semver/18.1.0.2",
"product": {
"name": "vers:semver/18.1.0.2",
"product_id": "CSAFPID-2698468"
}
}
],
"category": "product_name",
"name": "Oracle Secure Backup"
}
],
"category": "vendor",
"name": "Oracle Corporation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1935",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-1935",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1935.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-1935"
},
{
"cve": "CVE-2020-1938",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-1938",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-1938"
},
{
"cve": "CVE-2020-9484",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-9484",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-9484.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-9484"
},
{
"cve": "CVE-2020-11996",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-11996",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11996.json"
}
],
"title": "CVE-2020-11996"
},
{
"cve": "CVE-2020-13935",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13935",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13935.json"
}
],
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13943",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13943",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13943.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-13943"
},
{
"cve": "CVE-2020-36843",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-36843",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36843.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2020-36843"
},
{
"cve": "CVE-2021-24122",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-24122",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-24122.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-24122"
},
{
"cve": "CVE-2021-25122",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-25122",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25122.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-25329",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-25329",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25329.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-25329"
},
{
"cve": "CVE-2021-30640",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-30640",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-30640.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-30640"
},
{
"cve": "CVE-2021-33037",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-33037",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33037.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-41079",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41079",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41079.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-41079"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-42575",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-42575",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-42575.json"
}
],
"title": "CVE-2021-42575"
},
{
"cve": "CVE-2021-43980",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-43980",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-43980.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2021-43980"
},
{
"cve": "CVE-2022-3786",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"notes": [
{
"category": "other",
"text": "Off-by-one Error",
"title": "CWE-193"
},
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-3786",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3786.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2022-3786"
},
{
"cve": "CVE-2022-25762",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"notes": [
{
"category": "other",
"text": "Sensitive Information in Resource Not Removed Before Reuse",
"title": "CWE-226"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-25762",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-25762.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2022-25762"
},
{
"cve": "CVE-2022-42252",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42252",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42252.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Unprotected Transport of Credentials",
"title": "CWE-523"
},
{
"category": "other",
"text": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"title": "CWE-614"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-28708",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28708.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-34053",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-34053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34053.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-34053"
},
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-41080",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41080.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-42795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45648",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45648.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6763",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json"
}
],
"title": "CVE-2024-6763"
},
{
"cve": "CVE-2024-8176",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8176",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2024-8184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-8184"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-9143",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json"
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-11233",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11233",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11233.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11233"
},
{
"cve": "CVE-2024-11234",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11234"
},
{
"cve": "CVE-2024-11236",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11236",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11236.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-11236"
},
{
"cve": "CVE-2024-13176",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13176",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-13176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2024-23672",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23672",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-36114",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36114",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-36114"
},
{
"cve": "CVE-2024-37891",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"notes": [
{
"category": "other",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37891",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39338",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39338.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-39338"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-53382",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-53382",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53382.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-53382"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-21578",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21578",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21578.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-21578"
},
{
"cve": "CVE-2025-24813",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Path Equivalence: \u0027file.name\u0027 (Internal Dot)",
"title": "CWE-44"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Use of Incorrectly-Resolved Name or Reference",
"title": "CWE-706"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24813",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24813.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24970",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-24970"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25193",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25193.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-25193"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26791",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26791.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-26791"
},
{
"cve": "CVE-2025-30694",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30694",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30694.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30694"
},
{
"cve": "CVE-2025-30701",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30701",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30701.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30701"
},
{
"cve": "CVE-2025-30702",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30702",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30702.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30702"
},
{
"cve": "CVE-2025-30733",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30733",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30733.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30733"
},
{
"cve": "CVE-2025-30736",
"product_status": {
"known_affected": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30736",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30736.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1304603",
"CSAFPID-1201359",
"CSAFPID-1145825",
"CSAFPID-2698969",
"CSAFPID-1145826",
"CSAFPID-2698968",
"CSAFPID-1839905",
"CSAFPID-2698934",
"CSAFPID-1144644",
"CSAFPID-2699002",
"CSAFPID-2699003",
"CSAFPID-2699004",
"CSAFPID-2699053",
"CSAFPID-2698485",
"CSAFPID-2698486",
"CSAFPID-2698487",
"CSAFPID-2698932",
"CSAFPID-2698931",
"CSAFPID-2698930",
"CSAFPID-2698933",
"CSAFPID-2698943",
"CSAFPID-2698376",
"CSAFPID-2698377",
"CSAFPID-2698949",
"CSAFPID-2698941",
"CSAFPID-2698942",
"CSAFPID-2699022",
"CSAFPID-1839977",
"CSAFPID-1840034",
"CSAFPID-1840035",
"CSAFPID-1144602",
"CSAFPID-1238473",
"CSAFPID-1145800",
"CSAFPID-356315",
"CSAFPID-1237753",
"CSAFPID-1238475",
"CSAFPID-1296375",
"CSAFPID-356152",
"CSAFPID-1237603",
"CSAFPID-2699065",
"CSAFPID-2699066",
"CSAFPID-1840017",
"CSAFPID-1840013",
"CSAFPID-1145419",
"CSAFPID-1145421",
"CSAFPID-1145422",
"CSAFPID-1145420",
"CSAFPID-2699109",
"CSAFPID-2699107",
"CSAFPID-2699106",
"CSAFPID-2699110",
"CSAFPID-2698972",
"CSAFPID-2699108",
"CSAFPID-2698463",
"CSAFPID-2698464",
"CSAFPID-2698465",
"CSAFPID-2698466",
"CSAFPID-2698467",
"CSAFPID-2698468"
]
}
],
"title": "CVE-2025-30736"
}
]
}
fkie_cve-2024-53382
Vulnerability from fkie_nvd
Published
2025-03-03 07:15
Modified
2025-06-27 13:08
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660 | Exploit, Third Party Advisory, Patch | |
| cve@mitre.org | https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259 | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660 | Exploit, Third Party Advisory, Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prismjs:prism:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "D9B99D59-D970-4A13-9526-394BA7C0E81D",
"versionEndIncluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements."
},
{
"lang": "es",
"value": "Prism (tambi\u00e9n conocido como PrismJS) hasta la versi\u00f3n 1.29.0 permite el DOM Clobbering (con el consiguiente XSS para entradas no confiables que contienen HTML pero no contienen directamente JavaScript), porque la b\u00fasqueda de document.currentScript puede ser ocultada por elementos HTML inyectados por un atacante."
}
],
"id": "CVE-2024-53382",
"lastModified": "2025-06-27T13:08:24.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-03T07:15:33.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"Patch"
],
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory",
"Patch"
],
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
rhsa-2025:11749
Vulnerability from csaf_redhat
Published
2025-07-24 15:20
Modified
2025-08-19 03:13
Summary
Red Hat Security Advisory: Updated 8.1 container image is now available: security and bug fix update
Notes
Topic
Updated rhceph-8.1 container image is now available in the Red Hat Ecosystem Catalog.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 8.1 and Red Hat Enterprise Linux 8.10, 9.5, 9.6.
Users are directed to the Red Hat Ceph Storage Release Notes for full Red Hat Ceph Storage 8.1 Release Notes information:
https://docs.redhat.com/en/documentation/red_hat_ceph_storage/8/html/8.1_release_notes
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous security and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhceph-8.1 container image is now available in the Red Hat Ecosystem Catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. \n \nThis new container image is based on Red Hat Ceph Storage 8.1 and Red Hat Enterprise Linux 8.10, 9.5, 9.6. \n \nUsers are directed to the Red Hat Ceph Storage Release Notes for full Red Hat Ceph Storage 8.1 Release Notes information:\n\nhttps://docs.redhat.com/en/documentation/red_hat_ceph_storage/8/html/8.1_release_notes\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous security and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11749",
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2262352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352"
},
{
"category": "external",
"summary": "2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "external",
"summary": "2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11749.json"
}
],
"title": "Red Hat Security Advisory: Updated 8.1 container image is now available: security and bug fix update",
"tracking": {
"current_release_date": "2025-08-19T03:13:03+00:00",
"generator": {
"date": "2025-08-19T03:13:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:11749",
"initial_release_date": "2025-07-24T15:20:25+00:00",
"revision_history": [
{
"date": "2025-07-24T15:20:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-24T15:20:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-19T03:13:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 8.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:8.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product": {
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product_id": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product_id": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product_id": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product_id": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product_id": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product": {
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product_id": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product_id": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product_id": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product_id": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le"
},
"product_reference": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
},
"product_reference": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24557",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2024-02-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262352"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a \u0027FROM scratch\u0027 in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulled and considered a valid cache candidate for some build steps.\r\nThis only affects one if using DOCKER_BUILDKIT=0 or using the /build API endpoint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: classic builder cache poisoning",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact since attack complexity is quite high. There are multiple conditions which are required: dockerfile is configured to use a non-default setting, attacker must be aware of this information, and they must have the ability to craft a malicious cache.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24557"
},
{
"category": "external",
"summary": "RHBZ#2262352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
}
],
"release_date": "2024-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "moby: classic builder cache poisoning"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-53382",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-03-03T07:00:37.175156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the prism-autoloader plugin of the Prism library. The prism-autoloader plugin uses `document.currentScript` as the base URL for dynamically loading other dependencies and, in certain circumstances, can be vulnerable to a DOM Clobbering attack. This issue could lead to Cross-site scripting (XSS) attacks on web pages that embed Prism and allow users to inject scriptless HTML elements, such as an `img` tag with a controlled `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-53382"
},
{
"category": "external",
"summary": "RHBZ#2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382"
},
{
"category": "external",
"summary": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660",
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
},
{
"category": "external",
"summary": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259",
"url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"
}
],
"release_date": "2025-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin"
},
{
"cve": "CVE-2025-22865",
"cwe": {
"id": "CWE-228",
"name": "Improper Handling of Syntactically Invalid Structure"
},
"discovery_date": "2025-01-28T02:00:52.745155+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 golang library. When using ParsePKCS1PrivateKey to parse an RSA key missing the CRT values, causes a panic when verifying the key is well formed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects only the Go 1.24 release candidates. Red Hat products do not utilize Go 1.24, except Red Hat Ceph Storage 8 which includes a Grafana container that uses Go 1.24 and is therefore affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22865"
},
{
"category": "external",
"summary": "RHBZ#2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865"
},
{
"category": "external",
"summary": "https://go.dev/cl/643098",
"url": "https://go.dev/cl/643098"
},
{
"category": "external",
"summary": "https://go.dev/issue/71216",
"url": "https://go.dev/issue/71216"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3421",
"url": "https://pkg.go.dev/vuln/GO-2025-3421"
}
],
"release_date": "2025-01-28T01:03:25.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite includes affected component however product is not directly impacted since the vulnerability arises when \"net/http\" is used as a server. Satellite uses it solely as a client, so it\u0027s not exposed to the flaw. Product Security has assessed this as Low severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
rhsa-2025:11889
Vulnerability from csaf_redhat
Published
2025-07-28 10:55
Modified
2025-08-14 09:11
Summary
Red Hat Security Advisory: 7.1 container image is now available in the Red Hat Ecosystem Catalog.
Notes
Topic
Updated rhceph-7.1 container image is now available in the Red Hat Ecosystem Catalog.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 7.1 and Red Hat Enterprise Linux 8.10, 9.4, 9.5.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://docs.redhat.com/en/documentation/red_hat_ceph_storage/7/html/7.1_release_notes
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides security and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhceph-7.1 container image is now available in the Red Hat Ecosystem Catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. \n \nThis new container image is based on Red Hat Ceph Storage 7.1 and Red Hat Enterprise Linux 8.10, 9.4, 9.5.\n \nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://docs.redhat.com/en/documentation/red_hat_ceph_storage/7/html/7.1_release_notes\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides security and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11889",
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2295310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
},
{
"category": "external",
"summary": "2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11889.json"
}
],
"title": "Red Hat Security Advisory: 7.1 container image is now available in the Red Hat Ecosystem Catalog.",
"tracking": {
"current_release_date": "2025-08-14T09:11:58+00:00",
"generator": {
"date": "2025-08-14T09:11:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:11889",
"initial_release_date": "2025-07-28T10:55:23+00:00",
"revision_history": [
{
"date": "2025-07-28T10:55:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-28T10:55:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T09:11:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 7.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:7.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"product": {
"name": "rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"product_id": "rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-7"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-74"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-41"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"product": {
"name": "rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"product_id": "rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-76"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-124"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"product": {
"name": "rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"product_id": "rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-7"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-74"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-41"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"product": {
"name": "rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"product_id": "rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-76"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-124"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"product_id": "rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-7"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-74"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-41"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"product": {
"name": "rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"product_id": "rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-76"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-124"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x"
},
"product_reference": "rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le"
},
"product_reference": "rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64"
},
"product_reference": "rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x"
},
"product_reference": "rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le"
},
"product_reference": "rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-28T10:55:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24791",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-07-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2295310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Denial of service due to improper 100-continue handling in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker would need to control a malicious server and induce a client to connect to it, requiring some amount of preparation outside of the attacker\u0027s control. This reduces the severity score of this flaw to Moderate.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-20: Improper Input Validation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by input validation vulnerabilities. Security testing and evaluation standards are implemented within the environment to rigorously test input validation mechanisms during the development lifecycle, while static code analysis identifies potential input validation vulnerabilities by default. Process isolation ensures that processes handling potentially malicious or unvalidated inputs run in isolated environments by separating execution domains for each process. Malicious code protections, such as IPS/IDS and antimalware solutions, help detect and mitigate malicious payloads stemming from input validation vulnerabilities. Finally, robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks further.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24791"
},
{
"category": "external",
"summary": "RHBZ#2295310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791"
},
{
"category": "external",
"summary": "https://go.dev/cl/591255",
"url": "https://go.dev/cl/591255"
},
{
"category": "external",
"summary": "https://go.dev/issue/67555",
"url": "https://go.dev/issue/67555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ",
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
}
],
"release_date": "2024-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-28T10:55:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Denial of service due to improper 100-continue handling in net/http"
},
{
"cve": "CVE-2024-53382",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-03-03T07:00:37.175156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the prism-autoloader plugin of the Prism library. The prism-autoloader plugin uses `document.currentScript` as the base URL for dynamically loading other dependencies and, in certain circumstances, can be vulnerable to a DOM Clobbering attack. This issue could lead to Cross-site scripting (XSS) attacks on web pages that embed Prism and allow users to inject scriptless HTML elements, such as an `img` tag with a controlled `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-53382"
},
{
"category": "external",
"summary": "RHBZ#2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382"
},
{
"category": "external",
"summary": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660",
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
},
{
"category": "external",
"summary": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259",
"url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"
}
],
"release_date": "2025-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-28T10:55:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin"
},
{
"cve": "CVE-2025-22865",
"cwe": {
"id": "CWE-228",
"name": "Improper Handling of Syntactically Invalid Structure"
},
"discovery_date": "2025-01-28T02:00:52.745155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 golang library. When using ParsePKCS1PrivateKey to parse an RSA key missing the CRT values, causes a panic when verifying the key is well formed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects only the Go 1.24 release candidates. Red Hat products do not utilize Go 1.24, except Red Hat Ceph Storage 8 which includes a Grafana container that uses Go 1.24 and is therefore affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22865"
},
{
"category": "external",
"summary": "RHBZ#2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865"
},
{
"category": "external",
"summary": "https://go.dev/cl/643098",
"url": "https://go.dev/cl/643098"
},
{
"category": "external",
"summary": "https://go.dev/issue/71216",
"url": "https://go.dev/issue/71216"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3421",
"url": "https://pkg.go.dev/vuln/GO-2025-3421"
}
],
"release_date": "2025-01-28T01:03:25.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-28T10:55:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-28T10:55:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
}
]
}
ghsa-x7hr-w5r2-h6wg
Vulnerability from github
Published
2025-03-03 09:30
Modified
2025-06-30 12:51
Severity ?
VLAI Severity ?
Summary
PrismJS DOM Clobbering vulnerability
Details
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "prismjs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.30.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-53382"
],
"database_specific": {
"cwe_ids": [
"CWE-79",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-03T20:16:32Z",
"nvd_published_at": "2025-03-03T07:15:33Z",
"severity": "MODERATE"
},
"details": "Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.",
"id": "GHSA-x7hr-w5r2-h6wg",
"modified": "2025-06-30T12:51:19Z",
"published": "2025-03-03T09:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382"
},
{
"type": "WEB",
"url": "https://github.com/PrismJS/prism/pull/3863"
},
{
"type": "WEB",
"url": "https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d"
},
{
"type": "WEB",
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
},
{
"type": "PACKAGE",
"url": "https://github.com/PrismJS/prism"
},
{
"type": "WEB",
"url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "PrismJS DOM Clobbering vulnerability"
}
wid-sec-w-2025-1399
Vulnerability from csaf_certbund
Published
2025-06-25 22:00
Modified
2025-06-25 22:00
Summary
IBM Maximo Asset Management: Schwachstelle ermöglicht Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support für Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM Maximo Asset Management ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support f\u00fcr Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM Maximo Asset Management ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1399 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1399.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1399 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1399"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-06-25",
"url": "https://www.ibm.com/support/pages/node/7238118"
}
],
"source_lang": "en-US",
"title": "IBM Maximo Asset Management: Schwachstelle erm\u00f6glicht Cross-Site Scripting",
"tracking": {
"current_release_date": "2025-06-25T22:00:00.000+00:00",
"generator": {
"date": "2025-06-26T09:41:11.113+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-1399",
"initial_release_date": "2025-06-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.6.1.3 interim fix 032",
"product": {
"name": "IBM Maximo Asset Management \u003c7.6.1.3 interim fix 032",
"product_id": "T044855"
}
},
{
"category": "product_version",
"name": "7.6.1.3 interim fix 032",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.3 interim fix 032",
"product_id": "T044855-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.3_interim_fix_032"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53382",
"product_status": {
"known_affected": [
"T044855"
]
},
"release_date": "2025-06-25T22:00:00.000+00:00",
"title": "CVE-2024-53382"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…