Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-9086 (GCVE-0-2025-9086)
Vulnerability from cvelistv5 – Published: 2025-09-12 05:10 – Updated: 2026-06-02 12:59| Vendor | Product | Version | |
|---|---|---|---|
| curl | curl |
Affected:
8.15.0 , ≤ 8.15.0
(semver)
Affected: 8.14.1 , ≤ 8.14.1 (semver) Affected: 8.14.0 , ≤ 8.14.0 (semver) Affected: 8.13.0 , ≤ 8.13.0 (semver) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V4.0
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XCH328 |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XCM324 |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XCM328 |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XCM332 |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRH334 (24 V DC, 8xFO, CC) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (230 V AC, 12xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (230 V AC, 8xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (24 V DC, 12xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (24 V DC, 8xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (2x230 V AC, 12xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (2x230 V AC, 8xFO) |
Affected:
0 , < V3.3
(custom)
|
|
| Siemens | SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) |
Affected:
0 , < V3.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T17:15:47.921625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T17:16:20.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-05T02:47:38.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/10/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCH328",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM324",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM328",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM332",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRH334 (24 V DC, 8xFO, CC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230 V AC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230 V AC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24 V DC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24 V DC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230 V AC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230 V AC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:59:46.514Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.15.0",
"status": "affected",
"version": "8.15.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.14.1",
"status": "affected",
"version": "8.14.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.14.0",
"status": "affected",
"version": "8.14.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.13.0",
"status": "affected",
"version": "8.13.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Stenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T09:51:46.552Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2025-9086.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2025-9086.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/3294999"
}
],
"title": "Out of bounds read for cookie path"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2025-9086",
"datePublished": "2025-09-12T05:10:03.815Z",
"dateReserved": "2025-08-16T05:40:23.800Z",
"dateUpdated": "2026-06-02T12:59:46.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-9086",
"date": "2026-07-09",
"epss": "0.01301",
"percentile": "0.67055"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-9086\",\"sourceIdentifier\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"published\":\"2025-09-12T06:15:44.100\",\"lastModified\":\"2026-06-17T10:08:17.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"1. A cookie is set using the `secure` keyword for `https://target` \\n 2. curl is redirected to or otherwise made to speak with `http://target` (same \\n hostname, but using clear text HTTP) using the same cookie set \\n 3. The same cookie name is set - but with just a slash as path (`path=\\\\\\\"/\\\\\\\",`).\\n Since this site is not secure, the cookie *should* just be ignored.\\n4. A bug in the path comparison logic makes curl read outside a heap buffer\\n boundary\\n\\nThe bug either causes a crash or it potentially makes the comparison come to\\nthe wrong conclusion and lets the clear-text site override the contents of the\\nsecure cookie, contrary to expectations and depending on the memory contents\\nimmediately following the single-byte allocation that holds the path.\\n\\nThe presumed and correct behavior would be to plainly ignore the second set of\\nthe cookie since it was already set as secure on a secure host so overriding\\nit on an insecure host should not be okay.\"}],\"affected\":[{\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"affectedData\":[{\"vendor\":\"curl\",\"product\":\"curl\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"8.15.0\",\"lessThanOrEqual\":\"8.15.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.14.1\",\"lessThanOrEqual\":\"8.14.1\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.14.0\",\"lessThanOrEqual\":\"8.14.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.13.0\",\"lessThanOrEqual\":\"8.13.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM RST2428P\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM RST2428P\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V4.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XCH328\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XCM324\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XCM328\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XCM332\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XRH334 (24 V DC, 8xFO, CC)\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XRM334 (230 V AC, 12xFO)\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XRM334 (230 V AC, 8xFO)\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XRM334 (24 V DC, 12xFO)\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XRM334 (24 V DC, 8xFO)\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XRM334 (2x230 V AC, 12xFO)\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XRM334 (2x230 V AC, 8xFO)\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-09-12T17:15:47.921625Z\",\"id\":\"CVE-2025-9086\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.13.0\",\"versionEndExcluding\":\"8.16.0\",\"matchCriteriaId\":\"4979D5F1-8D49-4EC0-AC6B-230636A10C34\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://curl.se/docs/CVE-2025-9086.html\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://curl.se/docs/CVE-2025-9086.json\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/3294999\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/09/10/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-089022.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-253495.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/09/10/1\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-01-05T02:47:38.406Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RST2428P\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RST2428P\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCH328\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCM324\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCM328\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCM332\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRH334 (24 V DC, 8xFO, CC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (230 V AC, 12xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (230 V AC, 8xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (24 V DC, 12xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (24 V DC, 8xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (2x230 V AC, 12xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (2x230 V AC, 8xFO)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-089022.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-253495.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-06-02T12:59:46.514Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9086\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-12T17:15:47.921625Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-12T17:16:09.204Z\"}}], \"cna\": {\"title\": \"Out of bounds read for cookie path\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Google Big Sleep\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Daniel Stenberg\"}], \"affected\": [{\"vendor\": \"curl\", \"product\": \"curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.15.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.15.0\"}, {\"status\": \"affected\", \"version\": \"8.14.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.14.1\"}, {\"status\": \"affected\", \"version\": \"8.14.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.14.0\"}, {\"status\": \"affected\", \"version\": \"8.13.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.13.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://curl.se/docs/CVE-2025-9086.json\", \"name\": \"json\"}, {\"url\": \"https://curl.se/docs/CVE-2025-9086.html\", \"name\": \"www\"}, {\"url\": \"https://hackerone.com/reports/3294999\", \"name\": \"issue\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"1. A cookie is set using the `secure` keyword for `https://target` \\n 2. curl is redirected to or otherwise made to speak with `http://target` (same \\n hostname, but using clear text HTTP) using the same cookie set \\n 3. The same cookie name is set - but with just a slash as path (`path=\\\\\\\"/\\\\\\\",`).\\n Since this site is not secure, the cookie *should* just be ignored.\\n4. A bug in the path comparison logic makes curl read outside a heap buffer\\n boundary\\n\\nThe bug either causes a crash or it potentially makes the comparison come to\\nthe wrong conclusion and lets the clear-text site override the contents of the\\nsecure cookie, contrary to expectations and depending on the memory contents\\nimmediately following the single-byte allocation that holds the path.\\n\\nThe presumed and correct behavior would be to plainly ignore the second set of\\nthe cookie since it was already set as secure on a secure host so overriding\\nit on an insecure host should not be okay.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"shortName\": \"curl\", \"dateUpdated\": \"2026-01-08T09:51:46.552Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-9086\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-02T12:59:46.514Z\", \"dateReserved\": \"2025-08-16T05:40:23.800Z\", \"assignerOrgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"datePublished\": \"2025-09-12T05:10:03.815Z\", \"assignerShortName\": \"curl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
ICSA-26-043-06
Vulnerability from csaf_cisa - Published: 2026-01-28 00:00 - Updated: 2026-02-25 07:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Siemens / SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
|
vers:intdot/<3.3 |
Vendor Fix
Vendor Fix
|
|
|
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens / SCALANCE XCH328 (6GK5328-4TS01-2EC2)
|
6GK5328-4TS01-2EC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens / SCALANCE XCM324 (6GK5324-8TS01-2AC2)
|
6GK5324-8TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens / SCALANCE XCM328 (6GK5328-4TS01-2AC2)
|
6GK5328-4TS01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens / SCALANCE XCM332 (6GK5332-0GA01-2AC2)
|
6GK5332-0GA01-2AC2
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens / SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
|
6GK5334-2TS01-2ER3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
|
6GK5334-3TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens / SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
|
6GK5334-2TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens / SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
|
6GK5334-5TS01-3AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
|
6GK5334-3TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
Siemens / SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
|
6GK5334-2TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens / SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
|
6GK5334-5TS01-2AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
|
6GK5334-3TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
|
6GK5334-2TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
|
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens / SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
|
6GK5334-5TS01-4AR3
|
vers:intdot/<3.3 |
Vendor Fix
fix
|
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reported these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC OS before V3.3 contains third-party components with multiple vulnerabilities.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-089022 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Energy, Critical Manufacturing, Transportation Systems, Water and Wastewater",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-089022: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.3 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-089022.json"
},
{
"category": "self",
"summary": "SSA-089022: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.3 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-26-043-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-043-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-26-043-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens SINEC OS",
"tracking": {
"current_release_date": "2026-02-25T07:00:00.000000Z",
"generator": {
"date": "2026-02-25T17:30:48.835210Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.5.0"
}
},
"id": "ICSA-26-043-06",
"initial_release_date": "2026-01-28T00:00:00.000000Z",
"revision_history": [
{
"date": "2026-01-28T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2026-02-12T07:00:00.000000Z",
"legacy_version": "Additional Release 1",
"number": "2",
"summary": "Initial CISA Republication of Siemens SSA-089022 advisory"
},
{
"date": "2026-02-24T00:00:00.000000Z",
"legacy_version": "Additional Release 2",
"number": "3",
"summary": "Added SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family to the affected products, Clarified that only SINEC OS firmware is impacted."
},
{
"date": "2026-02-25T07:00:00.000000Z",
"legacy_version": "Latest Updated CISA Republication",
"number": "4",
"summary": "CISA Republication update based on Siemens ProductCERT SSA-089022 advisory"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "RUGGEDCOM RST2428P (6GK6242-6PA00)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6GK6242-6PA00"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RST2428P (6GK6242-6PA00)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XCH328 (6GK5328-4TS01-2EC2)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6GK5328-4TS01-2EC2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XCH328 (6GK5328-4TS01-2EC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XCM324 (6GK5324-8TS01-2AC2)",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6GK5324-8TS01-2AC2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XCM324 (6GK5324-8TS01-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XCM328 (6GK5328-4TS01-2AC2)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6GK5328-4TS01-2AC2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XCM328 (6GK5328-4TS01-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XCM332 (6GK5332-0GA01-2AC2)",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"6GK5332-0GA01-2AC2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XCM332 (6GK5332-0GA01-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"6GK5334-2TS01-2ER3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"6GK5334-3TS01-3AR3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"6GK5334-2TS01-3AR3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"6GK5334-5TS01-3AR3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"6GK5334-3TS01-2AR3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"6GK5334-2TS01-2AR3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"6GK5334-5TS01-2AR3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"model_numbers": [
"6GK5334-3TS01-4AR3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"model_numbers": [
"6GK5334-2TS01-4AR3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.3",
"product": {
"name": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"model_numbers": [
"6GK5334-5TS01-4AR3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48174",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48174"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2022-48174"
},
{
"cve": "CVE-2023-7256",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7256"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/415.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2023-7256"
},
{
"cve": "CVE-2023-39810",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39810"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2023-39810"
},
{
"cve": "CVE-2023-42363",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42363"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2023-42363"
},
{
"cve": "CVE-2023-42364",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42364"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2023-42364"
},
{
"cve": "CVE-2023-42365",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42365"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2023-42365"
},
{
"cve": "CVE-2023-42366",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2023-42366"
},
{
"cve": "CVE-2024-6197",
"cwe": {
"id": "CWE-590",
"name": "Free of Memory not on the Heap"
},
"notes": [
{
"category": "summary",
"text": "libcurl\u0027s ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6197"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/590.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-6197"
},
{
"cve": "CVE-2024-6874",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "libcurl\u0027s URL API function\n[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode\nconversions, to and from IDN. Asking to convert a name that is exactly 256\nbytes, libcurl ends up reading outside of a stack based buffer when built to\nuse the *macidn* IDN backend. The conversion function then fills up the\nprovided buffer exactly - but does not null terminate the string.\n\nThis flaw can lead to stack contents accidently getting returned as part of\nthe converted string.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6874"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-6874"
},
{
"cve": "CVE-2024-7264",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "libcurl\u0027s ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-7264"
},
{
"cve": "CVE-2024-8006",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8006"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-8006"
},
{
"cve": "CVE-2024-8096",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than \u0027revoked\u0027 (like for example \u0027unauthorized\u0027) it is not treated as a bad certficate.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-8096"
},
{
"cve": "CVE-2024-9681",
"cwe": {
"id": "CWE-697",
"name": "Incorrect Comparison"
},
"notes": [
{
"category": "summary",
"text": "When curl is asked to use HSTS, the expiry time for a subdomain might\r\noverwrite a parent domain\u0027s cache entry, making it end sooner or later than\r\notherwise intended.\r\n\r\nThis affects curl using applications that enable HSTS and use URLs with the\r\ninsecure `HTTP://` scheme and perform transfers with hosts like\r\n`x.example.com` as well as `example.com` where the first host is a subdomain\r\nof the second host.\r\n\r\n(The HSTS cache either needs to have been populated manually or there needs to\r\nhave been previous HTTPS accesses done as the cache needs to have entries for\r\nthe domains involved to trigger this problem.)\r\n\r\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\r\nbug can make the subdomain\u0027s expiry timeout *bleed over* and get set for the\r\nparent domain `example.com` in curl\u0027s HSTS cache.\r\n\r\nThe result of a triggered bug is that HTTP accesses to `example.com` get\r\nconverted to HTTPS for a different period of time than what was asked for by\r\nthe origin server. If `example.com` for example stops supporting HTTPS at its\r\nexpiry time, curl might then fail to access `http://example.com` until the\r\n(wrongly set) timeout expires. This bug can also expire the parent\u0027s entry\r\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\r\nthan otherwise intended.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/697.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-9681"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-12718",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Allows modifying some file metadata (e.g. last modified) with filter=\"data\"\u00a0or file permissions (chmod) with filter=\"tar\"\u00a0of files outside the extraction directory.\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don\u0027t include the extraction filter feature.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-12718"
},
{
"cve": "CVE-2024-41996",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-41996"
},
{
"cve": "CVE-2024-47619",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47619"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-47619"
},
{
"cve": "CVE-2024-52533",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing \u0027\\\\0\u0027 character.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2024-52533"
},
{
"cve": "CVE-2025-0167",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare circumstance.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-0167"
},
{
"cve": "CVE-2025-0665",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"notes": [
{
"category": "summary",
"text": "libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/1341.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-0665"
},
{
"cve": "CVE-2025-0725",
"cwe": {
"id": "CWE-680",
"name": "Integer Overflow to Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/680.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-0725"
},
{
"cve": "CVE-2025-1390",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "The PAM module pam_cap.so of libcap configuration supports group names starting with \u201c@\u201d, during actual parsing, configurations not starting with \u201c@\u201d are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-1390"
},
{
"cve": "CVE-2025-3360",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow and buffer under-read in GLib occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-3360"
},
{
"cve": "CVE-2025-4138",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-4138"
},
{
"cve": "CVE-2025-4330",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-4330"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "GLib is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/124.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4435",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"notes": [
{
"category": "summary",
"text": "When using a TarFile.errorlevel = 0\u00a0and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0\u00a0in affected versions is that the member would still be extracted and not skipped.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/682.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-4435"
},
{
"cve": "CVE-2025-4516",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-4516"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=\"data\".\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-6141",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-6141"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path=\u0027/\u0027`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-9231",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/385.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-9231"
},
{
"cve": "CVE-2025-9232",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the \u0027no_proxy\u0027 environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na \u0027no_proxy\u0027 environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-9232"
},
{
"cve": "CVE-2025-10148",
"cwe": {
"id": "CWE-340",
"name": "Generation of Predictable Numbers or Identifiers"
},
"notes": [
{
"category": "summary",
"text": "curl\u0027s websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/340.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-10148"
},
{
"cve": "CVE-2025-27587",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "summary",
"text": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/385.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-27587"
},
{
"cve": "CVE-2025-32433",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32433"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-32433"
},
{
"cve": "CVE-2025-38084",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: unshare page tables during VMA split, not before\n\nCurrently, __split_vma() triggers hugetlb page table unsharing through\nvm_ops-\u003emay_split(). This happens before the VMA lock and rmap locks are\ntaken - which is too early, it allows racing VMA-locked page faults in our\nprocess and racing rmap walks from other processes to cause page tables to\nbe shared again before we actually perform the split.\n\nFix it by explicitly calling into the hugetlb unshare logic from\n__split_vma() in the same place where THP splitting also happens. At that\npoint, both the VMA and the rmap(s) are write-locked.\n\nAn annoying detail is that we can now call into the helper\nhugetlb_unshare_pmds() from two different locking contexts:\n\n1. from hugetlb_split(), holding:\n - mmap lock (exclusively)\n - VMA lock\n - file rmap lock (exclusively)\n2. hugetlb_unshare_all_pmds(), which I think is designed to be able to\n call us with only the mmap lock held (in shared mode), but currently\n only runs while holding mmap lock (exclusively) and VMA lock\n\nBackporting note:\nThis commit fixes a racy protection that was introduced in commit\nb30c14cd6102 (\"hugetlb: unshare some PMDs when splitting VMAs\"); that\ncommit claimed to fix an issue introduced in 5.13, but it should actually\nalso go all the way back.\n\n[jannh@google.com: v2]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-38084"
},
{
"cve": "CVE-2025-38085",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\n\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\n\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don\u0027t see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\n\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-38085"
},
{
"cve": "CVE-2025-38086",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ch9200: fix uninitialised access during mii_nway_restart\n\nIn mii_nway_restart() the code attempts to call\nmii-\u003emdio_read which is ch9200_mdio_read(). ch9200_mdio_read()\nutilises a local buffer called \"buff\", which is initialised\nwith control_read(). However \"buff\" is conditionally\ninitialised inside control_read():\n\n if (err == size) {\n memcpy(data, buf, size);\n }\n\nIf the condition of \"err == size\" is not met, then\n\"buff\" remains uninitialised. Once this happens the\nuninitialised \"buff\" is accessed and returned during\nch9200_mdio_read():\n\n return (buff[0] | buff[1] \u003c\u003c 8);\n\nThe problem stems from the fact that ch9200_mdio_read()\nignores the return value of control_read(), leading to\nuinit-access of \"buff\".\n\nTo fix this we should check the return value of\ncontrol_read() and return early on error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-38086"
},
{
"cve": "CVE-2025-38345",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi operand cache leak in dswstate.c\n\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\n\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\n\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\n\nBoot log of ACPI operand cache leak is as follows:\n\u003e[ 0.585957] ACPI: Added _OSI(Module Device)\n\u003e[ 0.587218] ACPI: Added _OSI(Processor Device)\n\u003e[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n\u003e[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n\u003e[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n\u003e[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n\u003e[ 0.597858] ACPI: Unable to start the ACPI Interpreter\n\u003e[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n\u003e[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n\u003e[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n\u003e[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n\u003e[ 0.609177] Call Trace:\n\u003e[ 0.610063] ? dump_stack+0x5c/0x81\n\u003e[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0\n\u003e[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.613906] ? acpi_os_delete_cache+0xa/0x10\n\u003e[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b\n\u003e[ 0.619293] ? acpi_terminate+0xa/0x14\n\u003e[ 0.620394] ? acpi_init+0x2af/0x34f\n\u003e[ 0.621616] ? __class_create+0x4c/0x80\n\u003e[ 0.623412] ? video_setup+0x7f/0x7f\n\u003e[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.625861] ? do_one_initcall+0x4e/0x1a0\n\u003e[ 0.627513] ? kernel_init_freeable+0x19e/0x21f\n\u003e[ 0.628972] ? rest_init+0x80/0x80\n\u003e[ 0.630043] ? kernel_init+0xa/0x100\n\u003e[ 0.631084] ? ret_from_fork+0x25/0x30\n\u003e[ 0.633343] vgaarb: loaded\n\u003e[ 0.635036] EDAC MC: Ver: 3.0.0\n\u003e[ 0.638601] PCI: Probing PCI hardware\n\u003e[ 0.639833] PCI host bridge to bus 0000:00\n\u003e[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]\n\u003e ... Continue to boot and log is omitted ...\n\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state-\u003eoperand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\n\nThis cache leak causes a security threat because an old kernel (\u003c= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\n\nI made a patch to fix ACPI operand cache leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38345"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-38345"
},
{
"cve": "CVE-2025-38350",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38498",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-38498"
},
{
"cve": "CVE-2025-39839",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix OOB read/write in network-coding decode\n\nbatadv_nc_skb_decode_packet() trusts coded_len and checks only against\nskb-\u003elen. XOR starts at sizeof(struct batadv_unicast_packet), reducing\npayload headroom, and the source skb length is not verified, allowing an\nout-of-bounds read and a small out-of-bounds write.\n\nValidate that coded_len fits within the payload area of both destination\nand source sk_buffs before XORing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39839"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-39839"
},
{
"cve": "CVE-2025-39841",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39841"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39846",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()\n\nIn __iodyn_find_io_region(), pcmcia_make_resource() is assigned to\nres and used in pci_bus_alloc_resource(). There is a dereference of res\nin pci_bus_alloc_resource(), which could lead to a NULL pointer\ndereference on failure of pcmcia_make_resource().\n\nFix this bug by adding a check of res.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39846"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-39846"
},
{
"cve": "CVE-2025-39853",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix potential invalid access when MAC list is empty\n\nlist_first_entry() never returns NULL - if the list is empty, it still\nreturns a pointer to an invalid object, leading to potential invalid\nmemory access when dereferenced.\n\nFix this by using list_first_entry_or_null instead of list_first_entry.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39853"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-39853"
},
{
"cve": "CVE-2025-39860",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()\n\nsyzbot reported the splat below without a repro.\n\nIn the splat, a single thread calling bt_accept_dequeue() freed sk\nand touched it after that.\n\nThe root cause would be the racy l2cap_sock_cleanup_listen() call\nadded by the cited commit.\n\nbt_accept_dequeue() is called under lock_sock() except for\nl2cap_sock_release().\n\nTwo threads could see the same socket during the list iteration\nin bt_accept_dequeue():\n\n CPU1 CPU2 (close())\n ---- ----\n sock_hold(sk) sock_hold(sk);\n lock_sock(sk) \u003c-- block close()\n sock_put(sk)\n bt_accept_unlink(sk)\n sock_put(sk) \u003c-- refcnt by bt_accept_enqueue()\n release_sock(sk)\n lock_sock(sk)\n sock_put(sk)\n bt_accept_unlink(sk)\n sock_put(sk) \u003c-- last refcnt\n bt_accept_unlink(sk) \u003c-- UAF\n\nDepending on the timing, the other thread could show up in the\n\"Freed by task\" part.\n\nLet\u0027s call l2cap_sock_cleanup_listen() under lock_sock() in\nl2cap_sock_release().\n\n[0]:\nBUG: KASAN: slab-use-after-free in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]\nBUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115\nRead of size 4 at addr ffff88803b7eb1c4 by task syz.5.3276/16995\nCPU: 3 UID: 0 PID: 16995 Comm: syz.5.3276 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xcd/0x630 mm/kasan/report.c:482\n kasan_report+0xe0/0x110 mm/kasan/report.c:595\n debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]\n do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n release_sock+0x21/0x220 net/core/sock.c:3746\n bt_accept_dequeue+0x505/0x600 net/bluetooth/af_bluetooth.c:312\n l2cap_sock_cleanup_listen+0x5c/0x2a0 net/bluetooth/l2cap_sock.c:1451\n l2cap_sock_release+0x5c/0x210 net/bluetooth/l2cap_sock.c:1425\n __sock_release+0xb3/0x270 net/socket.c:649\n sock_close+0x1c/0x30 net/socket.c:1439\n __fput+0x3ff/0xb70 fs/file_table.c:468\n task_work_run+0x14d/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43\n exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]\n do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f2accf8ebe9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffdb6cb1378 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 00000000000426fb RCX: 00007f2accf8ebe9\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007f2acd1b7da0 R08: 0000000000000001 R09: 00000012b6cb166f\nR10: 0000001b30e20000 R11: 0000000000000246 R12: 00007f2acd1b609c\nR13: 00007f2acd1b6090 R14: ffffffffffffffff R15: 00007ffdb6cb1490\n \u003c/TASK\u003e\n\nAllocated by task 5326:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4365 [inline]\n __kmalloc_nopro\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39860"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-39860"
},
{
"cve": "CVE-2025-39864",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix use-after-free in cmp_bss()\n\nFollowing bss_free() quirk introduced in commit 776b3580178f\n(\"cfg80211: track hidden SSID networks properly\"), adjust\ncfg80211_update_known_bss() to free the last beacon frame\nelements only if they\u0027re not shared via the corresponding\n\u0027hidden_beacon_bss\u0027 pointer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39864"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-39864"
},
{
"cve": "CVE-2025-39865",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: fix NULL pointer dereference in tee_shm_put\n\ntee_shm_put have NULL pointer dereference:\n\n__optee_disable_shm_cache --\u003e\n\tshm = reg_pair_to_ptr(...);//shm maybe return NULL\n tee_shm_free(shm); --\u003e\n\t\ttee_shm_put(shm);//crash\n\nAdd check in tee_shm_put to fix it.\n\npanic log:\nUnable to handle kernel paging request at virtual address 0000000000100cca\nMem abort info:\nESR = 0x0000000096000004\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x04: level 0 translation fault\nData abort info:\nISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000002049d07000\n[0000000000100cca] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] SMP\nCPU: 2 PID: 14442 Comm: systemd-sleep Tainted: P OE ------- ----\n6.6.0-39-generic #38\nSource Version: 938b255f6cb8817c95b0dd5c8c2944acfce94b07\nHardware name: greatwall GW-001Y1A-FTH, BIOS Great Wall BIOS V3.0\n10/26/2022\npstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : tee_shm_put+0x24/0x188\nlr : tee_shm_free+0x14/0x28\nsp : ffff001f98f9faf0\nx29: ffff001f98f9faf0 x28: ffff0020df543cc0 x27: 0000000000000000\nx26: ffff001f811344a0 x25: ffff8000818dac00 x24: ffff800082d8d048\nx23: ffff001f850fcd18 x22: 0000000000000001 x21: ffff001f98f9fb88\nx20: ffff001f83e76218 x19: ffff001f83e761e0 x18: 000000000000ffff\nx17: 303a30303a303030 x16: 0000000000000000 x15: 0000000000000003\nx14: 0000000000000001 x13: 0000000000000000 x12: 0101010101010101\nx11: 0000000000000001 x10: 0000000000000001 x9 : ffff800080e08d0c\nx8 : ffff001f98f9fb88 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffff001f83e761e0 x1 : 00000000ffff001f x0 : 0000000000100cca\nCall trace:\ntee_shm_put+0x24/0x188\ntee_shm_free+0x14/0x28\n__optee_disable_shm_cache+0xa8/0x108\noptee_shutdown+0x28/0x38\nplatform_shutdown+0x28/0x40\ndevice_shutdown+0x144/0x2b0\nkernel_power_off+0x3c/0x80\nhibernate+0x35c/0x388\nstate_store+0x64/0x80\nkobj_attr_store+0x14/0x28\nsysfs_kf_write+0x48/0x60\nkernfs_fop_write_iter+0x128/0x1c0\nvfs_write+0x270/0x370\nksys_write+0x6c/0x100\n__arm64_sys_write+0x20/0x30\ninvoke_syscall+0x4c/0x120\nel0_svc_common.constprop.0+0x44/0xf0\ndo_el0_svc+0x24/0x38\nel0_svc+0x24/0x88\nel0t_64_sync_handler+0x134/0x150\nel0t_64_sync+0x14c/0x15",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39865"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-39865"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997626/"
},
{
"category": "vendor_fix",
"details": "See Section Additional Information.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.3 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
}
],
"title": "CVE-2025-59375"
}
]
}
ICSA-26-188-05
Vulnerability from csaf_cisa - Published: 2026-06-02 00:00 - Updated: 2026-07-07 06:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<4.0 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<4.0 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<4.0 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<4.0 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens / RUGGEDCOM RST2428P (6GK6242-6PA00)
|
6GK6242-6PA00
|
vers:intdot/<4.0 |
Vendor Fix
fix
|
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reported these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC OS before V4.0 contains multiple vulnerabilities.\n\nSiemens has released a new version for RUGGEDCOM RST2428P and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-253495 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-253495: Multiple Vulnerabilities in SINEC OS before V4.0 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-253495.json"
},
{
"category": "self",
"summary": "SSA-253495: Multiple Vulnerabilities in SINEC OS before V4.0 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-26-188-05 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-188-05.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-26-188-05 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-05"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens SINEC OS",
"tracking": {
"current_release_date": "2026-07-07T06:00:00.000000Z",
"generator": {
"date": "2026-07-01T21:20:37.202359Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.5.0"
}
},
"id": "ICSA-26-188-05",
"initial_release_date": "2026-06-02T00:00:00.000000Z",
"revision_history": [
{
"date": "2026-06-02T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2026-07-07T06:00:00.000000Z",
"legacy_version": "CISA Republication",
"number": "2",
"summary": "Initial CISA Republication of Siemens ProductCERT SSA-253495 advisory"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c4.0",
"product": {
"name": "RUGGEDCOM RST2428P (6GK6242-6PA00)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6GK6242-6PA00"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RST2428P (6GK6242-6PA00)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1352",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-1352"
},
{
"cve": "CVE-2025-1376",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/404.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-1376"
},
{
"cve": "CVE-2025-6052",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in how GLib\u2019s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn\u2019t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-6052"
},
{
"cve": "CVE-2025-6141",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-6141"
},
{
"cve": "CVE-2025-6170",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-6170"
},
{
"cve": "CVE-2025-7039",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-7039"
},
{
"cve": "CVE-2025-8732",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that \"[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-8732"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-9231",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/385.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-9231"
},
{
"cve": "CVE-2025-9232",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the \u0027no_proxy\u0027 environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na \u0027no_proxy\u0027 environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-9232"
},
{
"cve": "CVE-2025-10966",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "curl\u0027s code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-10966"
},
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset\u00a0and _.omit\u00a0functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\r\n\r\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\r\n\r\nThis issue is patched on 4.17.23",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/1321.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-13465"
},
{
"cve": "CVE-2025-13601",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-13601"
},
{
"cve": "CVE-2025-39913",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock-\u003ecork.\n\nsyzbot reported the splat below. [0]\n\nThe repro does the following:\n\n 1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes)\n 2. Attach the prog to a SOCKMAP\n 3. Add a socket to the SOCKMAP\n 4. Activate fault injection\n 5. Send data less than cork_bytes\n\nAt 5., the data is carried over to the next sendmsg() as it is\nsmaller than the cork_bytes specified by bpf_msg_cork_bytes().\n\nThen, tcp_bpf_send_verdict() tries to allocate psock-\u003ecork to hold\nthe data, but this fails silently due to fault injection + __GFP_NOWARN.\n\nIf the allocation fails, we need to revert the sk-\u003esk_forward_alloc\nchange done by sk_msg_alloc().\n\nLet\u0027s call sk_msg_free() when tcp_bpf_send_verdict fails to allocate\npsock-\u003ecork.\n\nThe \"*copied\" also needs to be updated such that a proper error can\nbe returned to the caller, sendmsg. It fails to allocate psock-\u003ecork.\nNothing has been corked so far, so this patch simply sets \"*copied\"\nto 0.\n\n[0]:\nWARNING: net/ipv4/af_inet.c:156 at inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156, CPU#1: syz-executor/5983\nModules linked in:\nCPU: 1 UID: 0 PID: 5983 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156\nCode: 0f 0b 90 e9 62 fe ff ff e8 7a db b5 f7 90 0f 0b 90 e9 95 fe ff ff e8 6c db b5 f7 90 0f 0b 90 e9 bb fe ff ff e8 5e db b5 f7 90 \u003c0f\u003e 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc\nRSP: 0018:ffffc90000a08b48 EFLAGS: 00010246\nRAX: ffffffff8a09d0b2 RBX: dffffc0000000000 RCX: ffff888024a23c80\nRDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000\nRBP: 0000000000000fff R08: ffff88807e07c627 R09: 1ffff1100fc0f8c4\nR10: dffffc0000000000 R11: ffffed100fc0f8c5 R12: ffff88807e07c380\nR13: dffffc0000000000 R14: ffff88807e07c60c R15: 1ffff1100fc0f872\nFS: 00005555604c4500(0000) GS:ffff888125af1000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555604df5c8 CR3: 0000000032b06000 CR4: 00000000003526f0\nCall Trace:\n \u003cIRQ\u003e\n __sk_destruct+0x86/0x660 net/core/sock.c:2339\n rcu_do_batch kernel/rcu/tree.c:2605 [inline]\n rcu_core+0xca8/0x1770 kernel/rcu/tree.c:2861\n handle_softirqs+0x286/0x870 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n invoke_softirq kernel/softirq.c:453 [inline]\n __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:696\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052\n \u003c/IRQ\u003e",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39913"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-39913"
},
{
"cve": "CVE-2025-40214",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\naf_unix: Initialise scc_index in unix_add_edge().\r\n\r\nQuang Le reported that the AF_UNIX GC could garbage-collect a\r\nreceive queue of an alive in-flight socket, with a nice repro.\r\n\r\nThe repro consists of three stages.\r\n\r\n 1)\r\n 1-a. Create a single cyclic reference with many sockets\r\n 1-b. close() all sockets\r\n 1-c. Trigger GC\r\n\r\n 2)\r\n 2-a. Pass sk-A to an embryo sk-B\r\n 2-b. Pass sk-X to sk-X\r\n 2-c. Trigger GC\r\n\r\n 3)\r\n 3-a. accept() the embryo sk-B\r\n 3-b. Pass sk-B to sk-C\r\n 3-c. close() the in-flight sk-A\r\n 3-d. Trigger GC\r\n\r\nAs of 2-c, sk-A and sk-X are linked to unix_unvisited_vertices,\r\nand unix_walk_scc() groups them into two different SCCs:\r\n\r\n unix_sk(sk-A)-\u003evertex-\u003escc_index = 2 (UNIX_VERTEX_INDEX_START)\r\n unix_sk(sk-X)-\u003evertex-\u003escc_index = 3\r\n\r\nOnce GC completes, unix_graph_grouped is set to true.\r\nAlso, unix_graph_maybe_cyclic is set to true due to sk-X\u0027s\r\ncyclic self-reference, which makes close() trigger GC.\r\n\r\nAt 3-b, unix_add_edge() allocates unix_sk(sk-B)-\u003evertex and\r\nlinks it to unix_unvisited_vertices.\r\n\r\nunix_update_graph() is called at 3-a. and 3-b., but neither\r\nunix_graph_grouped nor unix_graph_maybe_cyclic is changed\r\nbecause both sk-B\u0027s listener and sk-C are not in-flight.\r\n\r\n3-c decrements sk-A\u0027s file refcnt to 1.\r\n\r\nSince unix_graph_grouped is true at 3-d, unix_walk_scc_fast()\r\nis finally called and iterates 3 sockets sk-A, sk-B, and sk-X:\r\n\r\n sk-A -\u003e sk-B (-\u003e sk-C)\r\n sk-X -\u003e sk-X\r\n\r\nThis is totally fine. All of them are not yet close()d and\r\nshould be grouped into different SCCs.\r\n\r\nHowever, unix_vertex_dead() misjudges that sk-A and sk-B are\r\nin the same SCC and sk-A is dead.\r\n\r\n unix_sk(sk-A)-\u003escc_index == unix_sk(sk-B)-\u003escc_index \u003c-- Wrong!\r\n \u0026\u0026\r\n sk-A\u0027s file refcnt == unix_sk(sk-A)-\u003evertex-\u003eout_degree\r\n ^-- 1 in-flight count for sk-B\r\n -\u003e sk-A is dead !?\r\n\r\nThe problem is that unix_add_edge() does not initialise scc_index.\r\n\r\nStage 1) is used for heap spraying, making a newly allocated\r\nvertex have vertex-\u003escc_index == 2 (UNIX_VERTEX_INDEX_START)\r\nset by unix_walk_scc() at 1-c.\r\n\r\nLet\u0027s track the max SCC index from the previous unix_walk_scc()\r\ncall and assign the max + 1 to a new vertex\u0027s scc_index.\r\n\r\nThis way, we can continue to avoid Tarjan\u0027s algorithm while\r\npreventing misjudgments.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40214"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40214"
},
{
"cve": "CVE-2025-40248",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvsock: Ignore signal/timeout on connect() if already established\r\n\r\nDuring connect(), acting on a signal/timeout by disconnecting an already\r\nestablished socket leads to several issues:\r\n\r\n1. connect() invoking vsock_transport_cancel_pkt() -\u003e\r\n virtio_transport_purge_skbs() may race with sendmsg() invoking\r\n virtio_transport_get_credit(). This results in a permanently elevated\r\n `vvs-\u003ebytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.\r\n\r\n2. connect() resetting a connected socket\u0027s state may race with socket\r\n being placed in a sockmap. A disconnected socket remaining in a sockmap\r\n breaks sockmap\u0027s assumptions. And gives rise to WARNs.\r\n\r\n3. connect() transitioning SS_CONNECTED -\u003e SS_UNCONNECTED allows for a\r\n transport change/drop after TCP_ESTABLISHED. Which poses a problem for\r\n any simultaneous sendmsg() or connect() and may result in a\r\n use-after-free/null-ptr-deref.\r\n\r\nDo not disconnect socket on signal/timeout. Keep the logic for unconnected\r\nsockets: they don\u0027t linger, can\u0027t be placed in a sockmap, are rejected by\r\nsendmsg().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40248"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40248"
},
{
"cve": "CVE-2025-40250",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/mlx5: Clean up only new IRQ glue on request_irq() failure\r\n\r\nThe mlx5_irq_alloc() function can inadvertently free the entire rmap\r\nand end up in a crash[1] when the other threads tries to access this,\r\nwhen request_irq() fails due to exhausted IRQ vectors. This commit\r\nmodifies the cleanup to remove only the specific IRQ mapping that was\r\njust added.\r\n\r\nThis prevents removal of other valid mappings and ensures precise\r\ncleanup of the failed IRQ allocation\u0027s associated glue object.\r\n\r\nNote: This error is observed when both fwctl and rds configs are enabled.\r\n\r\n[1]\r\nmlx5_core 0000:05:00.0: Successfully registered panic handler for port 1\r\nmlx5_core 0000:05:00.0: mlx5_irq_alloc:293:(pid 66740): Failed to\r\nrequest irq. err = -28\r\ninfiniband mlx5_0: mlx5_ib_test_wc:290:(pid 66740): Error -28 while\r\ntrying to test write-combining support\r\nmlx5_core 0000:05:00.0: Successfully unregistered panic handler for port 1\r\nmlx5_core 0000:06:00.0: Successfully registered panic handler for port 1\r\nmlx5_core 0000:06:00.0: mlx5_irq_alloc:293:(pid 66740): Failed to\r\nrequest irq. err = -28\r\ninfiniband mlx5_0: mlx5_ib_test_wc:290:(pid 66740): Error -28 while\r\ntrying to test write-combining support\r\nmlx5_core 0000:06:00.0: Successfully unregistered panic handler for port 1\r\nmlx5_core 0000:03:00.0: mlx5_irq_alloc:293:(pid 28895): Failed to\r\nrequest irq. err = -28\r\nmlx5_core 0000:05:00.0: mlx5_irq_alloc:293:(pid 28895): Failed to\r\nrequest irq. err = -28\r\ngeneral protection fault, probably for non-canonical address\r\n0xe277a58fde16f291: 0000 [#1] SMP NOPTI\r\n\r\nRIP: 0010:free_irq_cpu_rmap+0x23/0x7d\r\nCall Trace:\r\n \u003cTASK\u003e\r\n ? show_trace_log_lvl+0x1d6/0x2f9\r\n ? show_trace_log_lvl+0x1d6/0x2f9\r\n ? mlx5_irq_alloc.cold+0x5d/0xf3 [mlx5_core]\r\n ? __die_body.cold+0x8/0xa\r\n ? die_addr+0x39/0x53\r\n ? exc_general_protection+0x1c4/0x3e9\r\n ? dev_vprintk_emit+0x5f/0x90\r\n ? asm_exc_general_protection+0x22/0x27\r\n ? free_irq_cpu_rmap+0x23/0x7d\r\n mlx5_irq_alloc.cold+0x5d/0xf3 [mlx5_core]\r\n irq_pool_request_vector+0x7d/0x90 [mlx5_core]\r\n mlx5_irq_request+0x2e/0xe0 [mlx5_core]\r\n mlx5_irq_request_vector+0xad/0xf7 [mlx5_core]\r\n comp_irq_request_pci+0x64/0xf0 [mlx5_core]\r\n create_comp_eq+0x71/0x385 [mlx5_core]\r\n ? mlx5e_open_xdpsq+0x11c/0x230 [mlx5_core]\r\n mlx5_comp_eqn_get+0x72/0x90 [mlx5_core]\r\n ? xas_load+0x8/0x91\r\n mlx5_comp_irqn_get+0x40/0x90 [mlx5_core]\r\n mlx5e_open_channel+0x7d/0x3c7 [mlx5_core]\r\n mlx5e_open_channels+0xad/0x250 [mlx5_core]\r\n mlx5e_open_locked+0x3e/0x110 [mlx5_core]\r\n mlx5e_open+0x23/0x70 [mlx5_core]\r\n __dev_open+0xf1/0x1a5\r\n __dev_change_flags+0x1e1/0x249\r\n dev_change_flags+0x21/0x5c\r\n do_setlink+0x28b/0xcc4\r\n ? __nla_parse+0x22/0x3d\r\n ? inet6_validate_link_af+0x6b/0x108\r\n ? cpumask_next+0x1f/0x35\r\n ? __snmp6_fill_stats64.constprop.0+0x66/0x107\r\n ? __nla_validate_parse+0x48/0x1e6\r\n __rtnl_newlink+0x5ff/0xa57\r\n ? kmem_cache_alloc_trace+0x164/0x2ce\r\n rtnl_newlink+0x44/0x6e\r\n rtnetlink_rcv_msg+0x2bb/0x362\r\n ? __netlink_sendskb+0x4c/0x6c\r\n ? netlink_unicast+0x28f/0x2ce\r\n ? rtnl_calcit.isra.0+0x150/0x146\r\n netlink_rcv_skb+0x5f/0x112\r\n netlink_unicast+0x213/0x2ce\r\n netlink_sendmsg+0x24f/0x4d9\r\n __sock_sendmsg+0x65/0x6a\r\n ____sys_sendmsg+0x28f/0x2c9\r\n ? import_iovec+0x17/0x2b\r\n ___sys_sendmsg+0x97/0xe0\r\n __sys_sendmsg+0x81/0xd8\r\n do_syscall_64+0x35/0x87\r\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\r\nRIP: 0033:0x7fc328603727\r\nCode: c3 66 90 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 0b ed\r\nff ff 44 89 e2 48 89 ee 89 df 41 89 c0 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00\r\nf0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 44 ed ff ff 48\r\nRSP: 002b:00007ffe8eb3f1a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e\r\nRAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fc328603727\r\nRDX: 0000000000000000 RSI: 00007ffe8eb3f1f0 RDI: 000000000000000d\r\nRBP: 00007ffe8eb3f1f0 R08: 0000000000000000 R09: 0000000000000000\r\nR10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000\r\nR13: 00000000000\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40250"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40250"
},
{
"cve": "CVE-2025-40251",
"cwe": {
"id": "CWE-911",
"name": "Improper Update of Reference Count"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndevlink: rate: Unset parent pointer in devl_rate_nodes_destroy\r\n\r\nThe function devl_rate_nodes_destroy is documented to \"Unset parent for\r\nall rate objects\". However, it was only calling the driver-specific\r\n`rate_leaf_parent_set` or `rate_node_parent_set` ops and decrementing\r\nthe parent\u0027s refcount, without actually setting the\r\n`devlink_rate-\u003eparent` pointer to NULL.\r\n\r\nThis leaves a dangling pointer in the `devlink_rate` struct, which cause\r\nrefcount error in netdevsim[1] and mlx5[2]. In addition, this is\r\ninconsistent with the behavior of `devlink_nl_rate_parent_node_set`,\r\nwhere the parent pointer is correctly cleared.\r\n\r\nThis patch fixes the issue by explicitly setting `devlink_rate-\u003eparent`\r\nto NULL after notifying the driver, thus fulfilling the function\u0027s\r\ndocumented behavior for all rate objects.\r\n\r\n[1]\r\nrepro steps:\r\necho 1 \u003e /sys/bus/netdevsim/new_device\r\ndevlink dev eswitch set netdevsim/netdevsim1 mode switchdev\r\necho 1 \u003e /sys/bus/netdevsim/devices/netdevsim1/sriov_numvfs\r\ndevlink port function rate add netdevsim/netdevsim1/test_node\r\ndevlink port function rate set netdevsim/netdevsim1/128 parent test_node\r\necho 1 \u003e /sys/bus/netdevsim/del_device\r\n\r\ndmesg:\r\nrefcount_t: decrement hit 0; leaking memory.\r\nWARNING: CPU: 8 PID: 1530 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0\r\nCPU: 8 UID: 0 PID: 1530 Comm: bash Not tainted 6.18.0-rc4+ #1 NONE\r\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\r\nRIP: 0010:refcount_warn_saturate+0x42/0xe0\r\nCall Trace:\r\n \u003cTASK\u003e\r\n devl_rate_leaf_destroy+0x8d/0x90\r\n __nsim_dev_port_del+0x6c/0x70 [netdevsim]\r\n nsim_dev_reload_destroy+0x11c/0x140 [netdevsim]\r\n nsim_drv_remove+0x2b/0xb0 [netdevsim]\r\n device_release_driver_internal+0x194/0x1f0\r\n bus_remove_device+0xc6/0x130\r\n device_del+0x159/0x3c0\r\n device_unregister+0x1a/0x60\r\n del_device_store+0x111/0x170 [netdevsim]\r\n kernfs_fop_write_iter+0x12e/0x1e0\r\n vfs_write+0x215/0x3d0\r\n ksys_write+0x5f/0xd0\r\n do_syscall_64+0x55/0x10f0\r\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\r\n\r\n[2]\r\ndevlink dev eswitch set pci/0000:08:00.0 mode switchdev\r\ndevlink port add pci/0000:08:00.0 flavour pcisf pfnum 0 sfnum 1000\r\ndevlink port function rate add pci/0000:08:00.0/group1\r\ndevlink port function rate set pci/0000:08:00.0/32768 parent group1\r\nmodprobe -r mlx5_ib mlx5_fwctl mlx5_core\r\n\r\ndmesg:\r\nrefcount_t: decrement hit 0; leaking memory.\r\nWARNING: CPU: 7 PID: 16151 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0\r\nCPU: 7 UID: 0 PID: 16151 Comm: bash Not tainted 6.17.0-rc7_for_upstream_min_debug_2025_10_02_12_44 #1 NONE\r\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\r\nRIP: 0010:refcount_warn_saturate+0x42/0xe0\r\nCall Trace:\r\n \u003cTASK\u003e\r\n devl_rate_leaf_destroy+0x8d/0x90\r\n mlx5_esw_offloads_devlink_port_unregister+0x33/0x60 [mlx5_core]\r\n mlx5_esw_offloads_unload_rep+0x3f/0x50 [mlx5_core]\r\n mlx5_eswitch_unload_sf_vport+0x40/0x90 [mlx5_core]\r\n mlx5_sf_esw_event+0xc4/0x120 [mlx5_core]\r\n notifier_call_chain+0x33/0xa0\r\n blocking_notifier_call_chain+0x3b/0x50\r\n mlx5_eswitch_disable_locked+0x50/0x110 [mlx5_core]\r\n mlx5_eswitch_disable+0x63/0x90 [mlx5_core]\r\n mlx5_unload+0x1d/0x170 [mlx5_core]\r\n mlx5_uninit_one+0xa2/0x130 [mlx5_core]\r\n remove_one+0x78/0xd0 [mlx5_core]\r\n pci_device_remove+0x39/0xa0\r\n device_release_driver_internal+0x194/0x1f0\r\n unbind_store+0x99/0xa0\r\n kernfs_fop_write_iter+0x12e/0x1e0\r\n vfs_write+0x215/0x3d0\r\n ksys_write+0x5f/0xd0\r\n do_syscall_64+0x53/0x1f0\r\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40251"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/911.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40251"
},
{
"cve": "CVE-2025-40252",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()\r\n\r\nThe loops in \u0027qede_tpa_cont()\u0027 and \u0027qede_tpa_end()\u0027, iterate\r\nover \u0027cqe-\u003elen_list[]\u0027 using only a zero-length terminator as\r\nthe stopping condition. If the terminator was missing or\r\nmalformed, the loop could run past the end of the fixed-size array.\r\n\r\nAdd an explicit bound check using ARRAY_SIZE() in both loops to prevent\r\na potential out-of-bounds access.\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40252"
},
{
"cve": "CVE-2025-40254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: openvswitch: remove never-working support for setting nsh fields\r\n\r\nThe validation of the set(nsh(...)) action is completely wrong.\r\nIt runs through the nsh_key_put_from_nlattr() function that is the\r\nsame function that validates NSH keys for the flow match and the\r\npush_nsh() action. However, the set(nsh(...)) has a very different\r\nmemory layout. Nested attributes in there are doubled in size in\r\ncase of the masked set(). That makes proper validation impossible.\r\n\r\nThere is also confusion in the code between the \u0027masked\u0027 flag, that\r\nsays that the nested attributes are doubled in size containing both\r\nthe value and the mask, and the \u0027is_mask\u0027 that says that the value\r\nwe\u0027re parsing is the mask. This is causing kernel crash on trying to\r\nwrite into mask part of the match with SW_FLOW_KEY_PUT() during\r\nvalidation, while validate_nsh() doesn\u0027t allocate any memory for it:\r\n\r\n BUG: kernel NULL pointer dereference, address: 0000000000000018\r\n #PF: supervisor read access in kernel mode\r\n #PF: error_code(0x0000) - not-present page\r\n PGD 1c2383067 P4D 1c2383067 PUD 20b703067 PMD 0\r\n Oops: Oops: 0000 [#1] SMP NOPTI\r\n CPU: 8 UID: 0 Kdump: loaded Not tainted 6.17.0-rc4+ #107 PREEMPT(voluntary)\r\n RIP: 0010:nsh_key_put_from_nlattr+0x19d/0x610 [openvswitch]\r\n Call Trace:\r\n \u003cTASK\u003e\r\n validate_nsh+0x60/0x90 [openvswitch]\r\n validate_set.constprop.0+0x270/0x3c0 [openvswitch]\r\n __ovs_nla_copy_actions+0x477/0x860 [openvswitch]\r\n ovs_nla_copy_actions+0x8d/0x100 [openvswitch]\r\n ovs_packet_cmd_execute+0x1cc/0x310 [openvswitch]\r\n genl_family_rcv_msg_doit+0xdb/0x130\r\n genl_family_rcv_msg+0x14b/0x220\r\n genl_rcv_msg+0x47/0xa0\r\n netlink_rcv_skb+0x53/0x100\r\n genl_rcv+0x24/0x40\r\n netlink_unicast+0x280/0x3b0\r\n netlink_sendmsg+0x1f7/0x430\r\n ____sys_sendmsg+0x36b/0x3a0\r\n ___sys_sendmsg+0x87/0xd0\r\n __sys_sendmsg+0x6d/0xd0\r\n do_syscall_64+0x7b/0x2c0\r\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\r\n\r\nThe third issue with this process is that while trying to convert\r\nthe non-masked set into masked one, validate_set() copies and doubles\r\nthe size of the OVS_KEY_ATTR_NSH as if it didn\u0027t have any nested\r\nattributes. It should be copying each nested attribute and doubling\r\nthem in size independently. And the process must be properly reversed\r\nduring the conversion back from masked to a non-masked variant during\r\nthe flow dump.\r\n\r\nIn the end, the only two outcomes of trying to use this action are\r\neither validation failure or a kernel crash. And if somehow someone\r\nmanages to install a flow with such an action, it will most definitely\r\nnot do what it is supposed to, since all the keys and the masks are\r\nmixed up.\r\n\r\nFixing all the issues is a complex task as it requires re-writing\r\nmost of the validation code.\r\n\r\nGiven that and the fact that this functionality never worked since\r\nintroduction, let\u0027s just remove it altogether. It\u0027s better to\r\nre-introduce it later with a proper implementation instead of trying\r\nto fix it in stable releases.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40254"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40254"
},
{
"cve": "CVE-2025-40257",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmptcp: fix a race in mptcp_pm_del_add_timer()\r\n\r\nmptcp_pm_del_add_timer() can call sk_stop_timer_sync(sk, \u0026entry-\u003eadd_timer)\r\nwhile another might have free entry already, as reported by syzbot.\r\n\r\nAdd RCU protection to fix this issue.\r\n\r\nAlso change confusing add_timer variable with stop_timer boolean.\r\n\r\nsyzbot report:\r\n\r\nBUG: KASAN: slab-use-after-free in __timer_delete_sync+0x372/0x3f0 kernel/time/timer.c:1616\r\nRead of size 4 at addr ffff8880311e4150 by task kworker/1:1/44\r\n\r\nCPU: 1 UID: 0 PID: 44 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025\r\nWorkqueue: events mptcp_worker\r\nCall Trace:\r\n \u003cTASK\u003e\r\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\r\n print_address_description mm/kasan/report.c:378 [inline]\r\n print_report+0xca/0x240 mm/kasan/report.c:482\r\n kasan_report+0x118/0x150 mm/kasan/report.c:595\r\n __timer_delete_sync+0x372/0x3f0 kernel/time/timer.c:1616\r\n sk_stop_timer_sync+0x1b/0x90 net/core/sock.c:3631\r\n mptcp_pm_del_add_timer+0x283/0x310 net/mptcp/pm.c:362\r\n mptcp_incoming_options+0x1357/0x1f60 net/mptcp/options.c:1174\r\n tcp_data_queue+0xca/0x6450 net/ipv4/tcp_input.c:5361\r\n tcp_rcv_established+0x1335/0x2670 net/ipv4/tcp_input.c:6441\r\n tcp_v4_do_rcv+0x98b/0xbf0 net/ipv4/tcp_ipv4.c:1931\r\n tcp_v4_rcv+0x252a/0x2dc0 net/ipv4/tcp_ipv4.c:2374\r\n ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:205\r\n ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:239\r\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\r\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\r\n __netif_receive_skb_one_core net/core/dev.c:6079 [inline]\r\n __netif_receive_skb+0x143/0x380 net/core/dev.c:6192\r\n process_backlog+0x31e/0x900 net/core/dev.c:6544\r\n __napi_poll+0xb6/0x540 net/core/dev.c:7594\r\n napi_poll net/core/dev.c:7657 [inline]\r\n net_rx_action+0x5f7/0xda0 net/core/dev.c:7784\r\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\r\n __do_softirq kernel/softirq.c:656 [inline]\r\n __local_bh_enable_ip+0x1a0/0x2e0 kernel/softirq.c:302\r\n mptcp_pm_send_ack net/mptcp/pm.c:210 [inline]\r\n mptcp_pm_addr_send_ack+0x41f/0x500 net/mptcp/pm.c:-1\r\n mptcp_pm_worker+0x174/0x320 net/mptcp/pm.c:1002\r\n mptcp_worker+0xd5/0x1170 net/mptcp/protocol.c:2762\r\n process_one_work kernel/workqueue.c:3263 [inline]\r\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346\r\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427\r\n kthread+0x711/0x8a0 kernel/kthread.c:463\r\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\r\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\r\n \u003c/TASK\u003e\r\n\r\nAllocated by task 44:\r\n kasan_save_stack mm/kasan/common.c:56 [inline]\r\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:77\r\n poison_kmalloc_redzone mm/kasan/common.c:400 [inline]\r\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:417\r\n kasan_kmalloc include/linux/kasan.h:262 [inline]\r\n __kmalloc_cache_noprof+0x1ef/0x6c0 mm/slub.c:5748\r\n kmalloc_noprof include/linux/slab.h:957 [inline]\r\n mptcp_pm_alloc_anno_list+0x104/0x460 net/mptcp/pm.c:385\r\n mptcp_pm_create_subflow_or_signal_addr+0xf9d/0x1360 net/mptcp/pm_kernel.c:355\r\n mptcp_pm_nl_fully_established net/mptcp/pm_kernel.c:409 [inline]\r\n __mptcp_pm_kernel_worker+0x417/0x1ef0 net/mptcp/pm_kernel.c:1529\r\n mptcp_pm_worker+0x1ee/0x320 net/mptcp/pm.c:1008\r\n mptcp_worker+0xd5/0x1170 net/mptcp/protocol.c:2762\r\n process_one_work kernel/workqueue.c:3263 [inline]\r\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346\r\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427\r\n kthread+0x711/0x8a0 kernel/kthread.c:463\r\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\r\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\r\n\r\nFreed by task 6630:\r\n kasan_save_stack mm/kasan/common.c:56 [inline]\r\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:77\r\n __kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:587\r\n kasan_save_free_info mm/kasan/kasan.h:406 [inline]\r\n poison_slab_object m\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40257"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40257"
},
{
"cve": "CVE-2025-40258",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmptcp: fix race condition in mptcp_schedule_work()\r\n\r\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\r\n\r\nIssue here is that mptcp_schedule_work() schedules a work,\r\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\r\nThis refcount will be released by mptcp_worker().\r\n\r\n[A] if (schedule_work(...)) {\r\n[B] sock_hold(sk);\r\n return true;\r\n }\r\n\r\nProblem is that mptcp_worker() can run immediately and complete before [B]\r\n\r\nWe need instead :\r\n\r\n sock_hold(sk);\r\n if (schedule_work(...))\r\n return true;\r\n sock_put(sk);\r\n\r\n[1]\r\nrefcount_t: addition on 0; use-after-free.\r\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\r\nCall Trace:\r\n \u003cTASK\u003e\r\n __refcount_add include/linux/refcount.h:-1 [inline]\r\n __refcount_inc include/linux/refcount.h:366 [inline]\r\n refcount_inc include/linux/refcount.h:383 [inline]\r\n sock_hold include/net/sock.h:816 [inline]\r\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\r\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\r\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\r\n expire_timers kernel/time/timer.c:1798 [inline]\r\n __run_timers kernel/time/timer.c:2372 [inline]\r\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\r\n run_timer_base kernel/time/timer.c:2393 [inline]\r\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\r\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\r\n __do_softirq kernel/softirq.c:656 [inline]\r\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\r\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\r\n kthread+0x711/0x8a0 kernel/kthread.c:463\r\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\r\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40261",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnvme: nvme-fc: Ensure -\u003eioerr_work is cancelled in nvme_fc_delete_ctrl()\r\n\r\nnvme_fc_delete_assocation() waits for pending I/O to complete before\r\nreturning, and an error can cause -\u003eioerr_work to be queued after\r\ncancel_work_sync() had been called. Move the call to cancel_work_sync() to\r\nbe after nvme_fc_delete_association() to ensure -\u003eioerr_work is not running\r\nwhen the nvme_fc_ctrl object is freed. Otherwise the following can occur:\r\n\r\n[ 1135.911754] list_del corruption, ff2d24c8093f31f8-\u003enext is NULL\r\n[ 1135.917705] ------------[ cut here ]------------\r\n[ 1135.922336] kernel BUG at lib/list_debug.c:52!\r\n[ 1135.926784] Oops: invalid opcode: 0000 [#1] SMP NOPTI\r\n[ 1135.931851] CPU: 48 UID: 0 PID: 726 Comm: kworker/u449:23 Kdump: loaded Not tainted 6.12.0 #1 PREEMPT(voluntary)\r\n[ 1135.943490] Hardware name: Dell Inc. PowerEdge R660/0HGTK9, BIOS 2.5.4 01/16/2025\r\n[ 1135.950969] Workqueue: 0x0 (nvme-wq)\r\n[ 1135.954673] RIP: 0010:__list_del_entry_valid_or_report.cold+0xf/0x6f\r\n[ 1135.961041] Code: c7 c7 98 68 72 94 e8 26 45 fe ff 0f 0b 48 c7 c7 70 68 72 94 e8 18 45 fe ff 0f 0b 48 89 fe 48 c7 c7 80 69 72 94 e8 07 45 fe ff \u003c0f\u003e 0b 48 89 d1 48 c7 c7 a0 6a 72 94 48 89 c2 e8 f3 44 fe ff 0f 0b\r\n[ 1135.979788] RSP: 0018:ff579b19482d3e50 EFLAGS: 00010046\r\n[ 1135.985015] RAX: 0000000000000033 RBX: ff2d24c8093f31f0 RCX: 0000000000000000\r\n[ 1135.992148] RDX: 0000000000000000 RSI: ff2d24d6bfa1d0c0 RDI: ff2d24d6bfa1d0c0\r\n[ 1135.999278] RBP: ff2d24c8093f31f8 R08: 0000000000000000 R09: ffffffff951e2b08\r\n[ 1136.006413] R10: ffffffff95122ac8 R11: 0000000000000003 R12: ff2d24c78697c100\r\n[ 1136.013546] R13: fffffffffffffff8 R14: 0000000000000000 R15: ff2d24c78697c0c0\r\n[ 1136.020677] FS: 0000000000000000(0000) GS:ff2d24d6bfa00000(0000) knlGS:0000000000000000\r\n[ 1136.028765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 1136.034510] CR2: 00007fd207f90b80 CR3: 000000163ea22003 CR4: 0000000000f73ef0\r\n[ 1136.041641] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\r\n[ 1136.048776] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\r\n[ 1136.055910] PKRU: 55555554\r\n[ 1136.058623] Call Trace:\r\n[ 1136.061074] \u003cTASK\u003e\r\n[ 1136.063179] ? show_trace_log_lvl+0x1b0/0x2f0\r\n[ 1136.067540] ? show_trace_log_lvl+0x1b0/0x2f0\r\n[ 1136.071898] ? move_linked_works+0x4a/0xa0\r\n[ 1136.075998] ? __list_del_entry_valid_or_report.cold+0xf/0x6f\r\n[ 1136.081744] ? __die_body.cold+0x8/0x12\r\n[ 1136.085584] ? die+0x2e/0x50\r\n[ 1136.088469] ? do_trap+0xca/0x110\r\n[ 1136.091789] ? do_error_trap+0x65/0x80\r\n[ 1136.095543] ? __list_del_entry_valid_or_report.cold+0xf/0x6f\r\n[ 1136.101289] ? exc_invalid_op+0x50/0x70\r\n[ 1136.105127] ? __list_del_entry_valid_or_report.cold+0xf/0x6f\r\n[ 1136.110874] ? asm_exc_invalid_op+0x1a/0x20\r\n[ 1136.115059] ? __list_del_entry_valid_or_report.cold+0xf/0x6f\r\n[ 1136.120806] move_linked_works+0x4a/0xa0\r\n[ 1136.124733] worker_thread+0x216/0x3a0\r\n[ 1136.128485] ? __pfx_worker_thread+0x10/0x10\r\n[ 1136.132758] kthread+0xfa/0x240\r\n[ 1136.135904] ? __pfx_kthread+0x10/0x10\r\n[ 1136.139657] ret_from_fork+0x31/0x50\r\n[ 1136.143236] ? __pfx_kthread+0x10/0x10\r\n[ 1136.146988] ret_from_fork_asm+0x1a/0x30\r\n[ 1136.150915] \u003c/TASK\u003e",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/1341.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40261"
},
{
"cve": "CVE-2025-40262",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nInput: imx_sc_key - fix memory corruption on unload\r\n\r\nThis is supposed to be \"priv\" but we accidentally pass \"\u0026priv\" which is\r\nan address in the stack and so it will lead to memory corruption when\r\nthe imx_sc_key_action() function is called. Remove the \u0026.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40262"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40262"
},
{
"cve": "CVE-2025-40263",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nInput: cros_ec_keyb - fix an invalid memory access\r\n\r\nIf cros_ec_keyb_register_matrix() isn\u0027t called (due to\r\n`buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev-\u003eidev` remains\r\nNULL. An invalid memory access is observed in cros_ec_keyb_process()\r\nwhen receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work()\r\nin such case.\r\n\r\n Unable to handle kernel read from unreadable memory at virtual address 0000000000000028\r\n ...\r\n x3 : 0000000000000000 x2 : 0000000000000000\r\n x1 : 0000000000000000 x0 : 0000000000000000\r\n Call trace:\r\n input_event\r\n cros_ec_keyb_work\r\n blocking_notifier_call_chain\r\n ec_irq_thread\r\n\r\nIt\u0027s still unknown about why the kernel receives such malformed event,\r\nin any cases, the kernel shouldn\u0027t access `ckdev-\u003eidev` and friends if\r\nthe driver doesn\u0027t intend to initialize them.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40263"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40263"
},
{
"cve": "CVE-2025-40264",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbe2net: pass wrb_params in case of OS2BMC\r\n\r\nbe_insert_vlan_in_pkt() is called with the wrb_params argument being NULL\r\nat be_send_pkt_to_bmc() call site.\u00a0 This may lead to dereferencing a NULL\r\npointer when processing a workaround for specific packet, as commit\r\nbc0c3405abbb (\"be2net: fix a Tx stall bug caused by a specific ipv6\r\npacket\") states.\r\n\r\nThe correct way would be to pass the wrb_params from be_xmit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40264"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40264"
},
{
"cve": "CVE-2025-40271",
"cwe": {
"id": "CWE-625",
"name": "Permissive Regular Expression"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: fix uaf in proc_readdir_de()\n\nPde is erased from subdir rbtree through rb_erase(), but not set the node\nto EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE()\nset the erased node to EMPTY, then pde_subdir_next() will return NULL to\navoid uaf access.\n\nWe found an uaf issue while using stress-ng testing, need to run testcase\ngetdent and tun in the same time. The steps of the issue is as follows:\n\n1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current\n pde is tun3;\n\n2) in the [time windows] unregister netdevice tun3 and tun2, and erase\n them from rbtree. erase tun3 first, and then erase tun2. the\n pde(tun2) will be released to slab;\n\n3) continue to getdent process, then pde_subdir_next() will return\n pde(tun2) which is released, it will case uaf access.\n\nCPU 0 | CPU 1\n-------------------------------------------------------------------------\ntraverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun-\u003edev) //tun3 tun2\nsys_getdents64() |\n iterate_dir() |\n proc_readdir() |\n proc_readdir_de() | snmp6_unregister_dev()\n pde_get(de); | proc_remove()\n read_unlock(\u0026proc_subdir_lock); | remove_proc_subtree()\n | write_lock(\u0026proc_subdir_lock);\n [time window] | rb_erase(\u0026root-\u003esubdir_node, \u0026parent-\u003esubdir);\n | write_unlock(\u0026proc_subdir_lock);\n read_lock(\u0026proc_subdir_lock); |\n next = pde_subdir_next(de); |\n pde_put(de); |\n de = next; //UAF |\n\nrbtree of dev_snmp6\n |\n pde(tun3)\n / \\\n NULL pde(tun2)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40271"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/625.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40271"
},
{
"cve": "CVE-2025-40278",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak\n\nFix a KMSAN kernel-infoleak detected by the syzbot .\n\n[net?] KMSAN: kernel-infoleak in __skb_datagram_iter\n\nIn tcf_ife_dump(), the variable \u0027opt\u0027 was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\n\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied.\n\nThis change silences the KMSAN report and prevents potential information\nleaks from the kernel memory.\n\nThis fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures no infoleak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40278"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40278"
},
{
"cve": "CVE-2025-40280",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free in tipc_mon_reinit_self().\n\nsyzbot reported use-after-free of tipc_net(net)-\u003emonitors[]\nin tipc_mon_reinit_self(). [0]\n\nThe array is protected by RTNL, but tipc_mon_reinit_self()\niterates over it without RTNL.\n\ntipc_mon_reinit_self() is called from tipc_net_finalize(),\nwhich is always under RTNL except for tipc_net_finalize_work().\n\nLet\u0027s hold RTNL in tipc_net_finalize_work().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\nBUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162\nRead of size 1 at addr ffff88805eae1030 by task kworker/0:7/5989\n\nCPU: 0 UID: 0 PID: 5989 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nWorkqueue: events tipc_net_finalize_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:568\n kasan_check_byte include/linux/kasan.h:399 [inline]\n lock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5842\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162\n rtlock_slowlock kernel/locking/rtmutex.c:1894 [inline]\n rwbase_rtmutex_lock_state kernel/locking/spinlock_rt.c:160 [inline]\n rwbase_write_lock+0xd3/0x7e0 kernel/locking/rwbase_rt.c:244\n rt_write_lock+0x76/0x110 kernel/locking/spinlock_rt.c:243\n write_lock_bh include/linux/rwlock_rt.h:99 [inline]\n tipc_mon_reinit_self+0x79/0x430 net/tipc/monitor.c:718\n tipc_net_finalize+0x115/0x190 net/tipc/net.c:140\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400\n kthread+0x70e/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 6089:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x1a8/0x320 mm/slub.c:4407\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n tipc_mon_create+0xc3/0x4d0 net/tipc/monitor.c:657\n tipc_enable_bearer net/tipc/bearer.c:357 [inline]\n __tipc_nl_bearer_enable+0xe16/0x13f0 net/tipc/bearer.c:1047\n __tipc_nl_compat_doit net/tipc/netlink_compat.c:371 [inline]\n tipc_nl_compat_doit+0x3bc/0x5f0 net/tipc/netlink_compat.c:393\n tipc_nl_compat_handle net/tipc/netlink_compat.c:-1 [inline]\n tipc_nl_compat_recv+0x83c/0xbe0 net/tipc/netlink_compat.c:1321\n genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2552\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]\n netlink_unicast+0x846/0xa10 net/netlink/af_netlink.c:1346\n netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x21c/0x270 net/socket.c:729\n ____sys_sendmsg+0x508/0x820 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x1a1/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40280"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/825.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40280"
},
{
"cve": "CVE-2025-40281",
"cwe": {
"id": "CWE-1335",
"name": "Incorrect Bitwise Shift of Integer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto\n\nsyzbot reported a possible shift-out-of-bounds [1]\n\nBlamed commit added rto_alpha_max and rto_beta_max set to 1000.\n\nIt is unclear if some sctp users are setting very large rto_alpha\nand/or rto_beta.\n\nIn order to prevent user regression, perform the test at run time.\n\nAlso add READ_ONCE() annotations as sysctl values can change under us.\n\n[1]\n\nUBSAN: shift-out-of-bounds in net/sctp/transport.c:509:41\nshift exponent 64 is too large for 32-bit type \u0027unsigned int\u0027\nCPU: 0 UID: 0 PID: 16704 Comm: syz.2.2320 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:233 [inline]\n __ubsan_handle_shift_out_of_bounds+0x27f/0x420 lib/ubsan.c:494\n sctp_transport_update_rto.cold+0x1c/0x34b net/sctp/transport.c:509\n sctp_check_transmitted+0x11c4/0x1c30 net/sctp/outqueue.c:1502\n sctp_outq_sack+0x4ef/0x1b20 net/sctp/outqueue.c:1338\n sctp_cmd_process_sack net/sctp/sm_sideeffect.c:840 [inline]\n sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1372 [inline]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40281"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/1335.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40281"
},
{
"cve": "CVE-2025-40345",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: storage: sddr55: Reject out-of-bound new_pba\r\n\r\nDiscovered by Atuin - Automated Vulnerability Discovery Engine.\r\n\r\nnew_pba comes from the status packet returned after each write.\r\nA bogus device could report values beyond the block count derived\r\nfrom info-\u003ecapacity, letting the driver walk off the end of\r\npba_to_lba[] and corrupt heap memory.\r\n\r\nReject PBAs that exceed the computed block count and fail the\r\ntransfer so we avoid touching out-of-range mapping entries.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40345"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-40345"
},
{
"cve": "CVE-2025-46394",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"notes": [
{
"category": "summary",
"text": "In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/451.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-46394"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/825.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-49794"
},
{
"cve": "CVE-2025-49795",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/825.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-49795"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-60876",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60876"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-60876"
},
{
"cve": "CVE-2025-66035",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "summary",
"text": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular\u0027s HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66035"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/201.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-66035"
},
{
"cve": "CVE-2025-66382",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/407.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-66382"
},
{
"cve": "CVE-2025-66412",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler\u0027s internal security schema is incomplete, allowing attackers to bypass Angular\u0027s built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66412"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-66412"
},
{
"cve": "CVE-2025-69720",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69720"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-69720"
},
{
"cve": "CVE-2025-71185",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: ti: dma-crossbar: fix device leak on am335x route allocation\r\n\r\nMake sure to drop the reference taken when looking up the crossbar\r\nplatform device during am335x route allocation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71185"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-71185"
},
{
"cve": "CVE-2025-71186",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: stm32: dmamux: fix device leak on route allocation\r\n\r\nMake sure to drop the reference taken when looking up the DMA mux\r\nplatform device during route allocation.\r\n\r\nNote that holding a reference to a device does not prevent its driver\r\ndata from going away so there is no point in keeping the reference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71186"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-71186"
},
{
"cve": "CVE-2025-71188",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: lpc18xx-dmamux: fix device leak on route allocation\r\n\r\nMake sure to drop the reference taken when looking up the DMA mux\r\nplatform device during route allocation.\r\n\r\nNote that holding a reference to a device does not prevent its driver\r\ndata from going away so there is no point in keeping the reference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71188"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-71188"
},
{
"cve": "CVE-2025-71189",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: dw: dmamux: fix OF node leak on route allocation failure\r\n\r\nMake sure to drop the reference taken to the DMA master OF node also on\r\nlate route allocation failures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71189"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-71189"
},
{
"cve": "CVE-2025-71190",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: bcm-sba-raid: fix device leak on probe\r\n\r\nMake sure to drop the reference taken when looking up the mailbox device\r\nduring probe on probe failures and on driver unbind.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71190"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-71190"
},
{
"cve": "CVE-2025-71191",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: at_hdmac: fix device leak on of_dma_xlate()\r\n\r\nMake sure to drop the reference taken when looking up the DMA platform\r\ndevice during of_dma_xlate() when releasing channel resources.\r\n\r\nNote that commit 3832b78b3ec2 (\"dmaengine: at_hdmac: add missing\r\nput_device() call in at_dma_xlate()\") fixed the leak in a couple of\r\nerror paths but the reference is still leaking on successful allocation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71191"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2025-71191"
},
{
"cve": "CVE-2026-1484",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1484"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-1484"
},
{
"cve": "CVE-2026-1489",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1489"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-1489"
},
{
"cve": "CVE-2026-3784",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"notes": [
{
"category": "summary",
"text": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3784"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/305.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-3784"
},
{
"cve": "CVE-2026-22610",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular\u2019s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG \u003cscript\u003e elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22610"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-22610"
},
{
"cve": "CVE-2026-22976",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset\r\n\r\n`qfq_class-\u003eleaf_qdisc-\u003eq.qlen \u003e 0` does not imply that the class\r\nitself is active.\r\n\r\nTwo qfq_class objects may point to the same leaf_qdisc. This happens\r\nwhen:\r\n\r\n1. one QFQ qdisc is attached to the dev as the root qdisc, and\r\n\r\n2. another QFQ qdisc is temporarily referenced (e.g., via qdisc_get()\r\n/ qdisc_put()) and is pending to be destroyed, as in function\r\ntc_new_tfilter.\r\n\r\nWhen packets are enqueued through the root QFQ qdisc, the shared\r\nleaf_qdisc-\u003eq.qlen increases. At the same time, the second QFQ\r\nqdisc triggers qdisc_put and qdisc_destroy: the qdisc enters\r\nqfq_reset() with its own q-\u003eq.qlen == 0, but its class\u0027s leaf\r\nqdisc-\u003eq.qlen \u003e 0. Therefore, the qfq_reset would wrongly deactivate\r\nan inactive aggregate and trigger a null-deref in qfq_deactivate_agg:\r\n\r\n[ 0.903172] BUG: kernel NULL pointer dereference, address: 0000000000000000\r\n[ 0.903571] #PF: supervisor write access in kernel mode\r\n[ 0.903860] #PF: error_code(0x0002) - not-present page\r\n[ 0.904177] PGD 10299b067 P4D 10299b067 PUD 10299c067 PMD 0\r\n[ 0.904502] Oops: Oops: 0002 [#1] SMP NOPTI\r\n[ 0.904737] CPU: 0 UID: 0 PID: 135 Comm: exploit Not tainted 6.19.0-rc3+ #2 NONE\r\n[ 0.905157] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014\r\n[ 0.905754] RIP: 0010:qfq_deactivate_agg (include/linux/list.h:992 (discriminator 2) include/linux/list.h:1006 (discriminator 2) net/sched/sch_qfq.c:1367 (discriminator 2) net/sched/sch_qfq.c:1393 (discriminator 2))\r\n[ 0.906046] Code: 0f 84 4d 01 00 00 48 89 70 18 8b 4b 10 48 c7 c2 ff ff ff ff 48 8b 78 08 48 d3 e2 48 21 f2 48 2b 13 48 8b 30 48 d3 ea 8b 4b 18 0\r\n\r\nCode starting with the faulting instruction\r\n===========================================\r\n 0:\t0f 84 4d 01 00 00 \tje 0x153\r\n 6:\t48 89 70 18 \tmov %rsi,0x18(%rax)\r\n a:\t8b 4b 10 \tmov 0x10(%rbx),%ecx\r\n d:\t48 c7 c2 ff ff ff ff \tmov $0xffffffffffffffff,%rdx\r\n 14:\t48 8b 78 08 \tmov 0x8(%rax),%rdi\r\n 18:\t48 d3 e2 \tshl %cl,%rdx\r\n 1b:\t48 21 f2 \tand %rsi,%rdx\r\n 1e:\t48 2b 13 \tsub (%rbx),%rdx\r\n 21:\t48 8b 30 \tmov (%rax),%rsi\r\n 24:\t48 d3 ea \tshr %cl,%rdx\r\n 27:\t8b 4b 18 \tmov 0x18(%rbx),%ecx\r\n\t...\r\n[ 0.907095] RSP: 0018:ffffc900004a39a0 EFLAGS: 00010246\r\n[ 0.907368] RAX: ffff8881043a0880 RBX: ffff888102953340 RCX: 0000000000000000\r\n[ 0.907723] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\r\n[ 0.908100] RBP: ffff888102952180 R08: 0000000000000000 R09: 0000000000000000\r\n[ 0.908451] R10: ffff8881043a0000 R11: 0000000000000000 R12: ffff888102952000\r\n[ 0.908804] R13: ffff888102952180 R14: ffff8881043a0ad8 R15: ffff8881043a0880\r\n[ 0.909179] FS: 000000002a1a0380(0000) GS:ffff888196d8d000(0000) knlGS:0000000000000000\r\n[ 0.909572] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 0.909857] CR2: 0000000000000000 CR3: 0000000102993002 CR4: 0000000000772ef0\r\n[ 0.910247] PKRU: 55555554\r\n[ 0.910391] Call Trace:\r\n[ 0.910527] \u003cTASK\u003e\r\n[ 0.910638] qfq_reset_qdisc (net/sched/sch_qfq.c:357 net/sched/sch_qfq.c:1485)\r\n[ 0.910826] qdisc_reset (include/linux/skbuff.h:2195 include/linux/skbuff.h:2501 include/linux/skbuff.h:3424 include/linux/skbuff.h:3430 net/sched/sch_generic.c:1036)\r\n[ 0.911040] __qdisc_destroy (net/sched/sch_generic.c:1076)\r\n[ 0.911236] tc_new_tfilter (net/sched/cls_api.c:2447)\r\n[ 0.911447] rtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\r\n[ 0.911663] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6861)\r\n[ 0.911894] netlink_rcv_skb (net/netlink/af_netlink.c:2550)\r\n[ 0.912100] netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\r\n[ 0.912296] ? __alloc_skb (net/core/skbuff.c:706)\r\n[ 0.912484] netlink_sendmsg (net/netlink/af\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22976"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-22976"
},
{
"cve": "CVE-2026-22977",
"cwe": {
"id": "CWE-489",
"name": "Active Debug Code"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: sock: fix hardened usercopy panic in sock_recv_errqueue\r\n\r\nskbuff_fclone_cache was created without defining a usercopy region,\r\n[1] unlike skbuff_head_cache which properly whitelists the cb[] field.\r\n[2] This causes a usercopy BUG() when CONFIG_HARDENED_USERCOPY is\r\nenabled and the kernel attempts to copy sk_buff.cb data to userspace\r\nvia sock_recv_errqueue() -\u003e put_cmsg().\r\n\r\nThe crash occurs when: 1. TCP allocates an skb using alloc_skb_fclone()\r\n (from skbuff_fclone_cache) [1]\r\n2. The skb is cloned via skb_clone() using the pre-allocated fclone\r\n[3] 3. The cloned skb is queued to sk_error_queue for timestamp\r\nreporting 4. Userspace reads the error queue via recvmsg(MSG_ERRQUEUE)\r\n5. sock_recv_errqueue() calls put_cmsg() to copy serr-\u003eee from skb-\u003ecb\r\n[4] 6. __check_heap_object() fails because skbuff_fclone_cache has no\r\n usercopy whitelist [5]\r\n\r\nWhen cloned skbs allocated from skbuff_fclone_cache are used in the\r\nsocket error queue, accessing the sock_exterr_skb structure in skb-\u003ecb\r\nvia put_cmsg() triggers a usercopy hardening violation:\r\n\r\n[ 5.379589] usercopy: Kernel memory exposure attempt detected from SLUB object \u0027skbuff_fclone_cache\u0027 (offset 296, size 16)!\r\n[ 5.382796] kernel BUG at mm/usercopy.c:102!\r\n[ 5.383923] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\r\n[ 5.384903] CPU: 1 UID: 0 PID: 138 Comm: poc_put_cmsg Not tainted 6.12.57 #7\r\n[ 5.384903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\r\n[ 5.384903] RIP: 0010:usercopy_abort+0x6c/0x80\r\n[ 5.384903] Code: 1a 86 51 48 c7 c2 40 15 1a 86 41 52 48 c7 c7 c0 15 1a 86 48 0f 45 d6 48 c7 c6 80 15 1a 86 48 89 c1 49 0f 45 f3 e8 84 27 88 ff \u003c0f\u003e 0b 490\r\n[ 5.384903] RSP: 0018:ffffc900006f77a8 EFLAGS: 00010246\r\n[ 5.384903] RAX: 000000000000006f RBX: ffff88800f0ad2a8 RCX: 1ffffffff0f72e74\r\n[ 5.384903] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff87b973a0\r\n[ 5.384903] RBP: 0000000000000010 R08: 0000000000000000 R09: fffffbfff0f72e74\r\n[ 5.384903] R10: 0000000000000003 R11: 79706f6372657375 R12: 0000000000000001\r\n[ 5.384903] R13: ffff88800f0ad2b8 R14: ffffea00003c2b40 R15: ffffea00003c2b00\r\n[ 5.384903] FS: 0000000011bc4380(0000) GS:ffff8880bf100000(0000) knlGS:0000000000000000\r\n[ 5.384903] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 5.384903] CR2: 000056aa3b8e5fe4 CR3: 000000000ea26004 CR4: 0000000000770ef0\r\n[ 5.384903] PKRU: 55555554\r\n[ 5.384903] Call Trace:\r\n[ 5.384903] \u003cTASK\u003e\r\n[ 5.384903] __check_heap_object+0x9a/0xd0\r\n[ 5.384903] __check_object_size+0x46c/0x690\r\n[ 5.384903] put_cmsg+0x129/0x5e0\r\n[ 5.384903] sock_recv_errqueue+0x22f/0x380\r\n[ 5.384903] tls_sw_recvmsg+0x7ed/0x1960\r\n[ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5\r\n[ 5.384903] ? schedule+0x6d/0x270\r\n[ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5\r\n[ 5.384903] ? mutex_unlock+0x81/0xd0\r\n[ 5.384903] ? __pfx_mutex_unlock+0x10/0x10\r\n[ 5.384903] ? __pfx_tls_sw_recvmsg+0x10/0x10\r\n[ 5.384903] ? _raw_spin_lock_irqsave+0x8f/0xf0\r\n[ 5.384903] ? _raw_read_unlock_irqrestore+0x20/0x40\r\n[ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5\r\n\r\nThe crash offset 296 corresponds to skb2-\u003ecb within skbuff_fclones:\r\n - sizeof(struct sk_buff) = 232 - offsetof(struct sk_buff, cb) = 40 -\r\n offset of skb2.cb in fclones = 232 + 40 = 272 - crash offset 296 =\r\n 272 + 24 (inside sock_exterr_skb.ee)\r\n\r\nThis patch uses a local stack variable as a bounce buffer to avoid the hardened usercopy check failure.\r\n\r\n[1] https://elixir.bootlin.com/linux/v6.12.62/source/net/ipv4/tcp.c#L885\r\n[2] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5104\r\n[3] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5566\r\n[4] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5491\r\n[5] https://elixir.bootlin.com/linux/v6.12.62/source/mm/slub.c#L5719",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22977"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/489.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-22977"
},
{
"cve": "CVE-2026-23025",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmm/page_alloc: prevent pcp corruption with SMP=n\r\n\r\nThe kernel test robot has reported:\r\n\r\n BUG: spinlock trylock failure on UP on CPU#0, kcompactd0/28\r\n lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .owner_cpu: 0\r\n CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-rc5-00127-ga06157804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470\r\n Call Trace:\r\n \u003cIRQ\u003e\r\n __dump_stack (lib/dump_stack.c:95)\r\n dump_stack_lvl (lib/dump_stack.c:123)\r\n dump_stack (lib/dump_stack.c:130)\r\n spin_dump (kernel/locking/spinlock_debug.c:71)\r\n do_raw_spin_trylock (kernel/locking/spinlock_debug.c:?)\r\n _raw_spin_trylock (include/linux/spinlock_api_smp.h:89 kernel/locking/spinlock.c:138)\r\n __free_frozen_pages (mm/page_alloc.c:2973)\r\n ___free_pages (mm/page_alloc.c:5295)\r\n __free_pages (mm/page_alloc.c:5334)\r\n tlb_remove_table_rcu (include/linux/mm.h:? include/linux/mm.h:3122 include/asm-generic/tlb.h:220 mm/mmu_gather.c:227 mm/mmu_gather.c:290)\r\n ? __cfi_tlb_remove_table_rcu (mm/mmu_gather.c:289)\r\n ? rcu_core (kernel/rcu/tree.c:?)\r\n rcu_core (include/linux/rcupdate.h:341 kernel/rcu/tree.c:2607 kernel/rcu/tree.c:2861)\r\n rcu_core_si (kernel/rcu/tree.c:2879)\r\n handle_softirqs (arch/x86/include/asm/jump_label.h:36 include/trace/events/irq.h:142 kernel/softirq.c:623)\r\n __irq_exit_rcu (arch/x86/include/asm/jump_label.h:36 kernel/softirq.c:725)\r\n irq_exit_rcu (kernel/softirq.c:741)\r\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1052)\r\n \u003c/IRQ\u003e\r\n \u003cTASK\u003e\r\n RIP: 0010:_raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)\r\n free_pcppages_bulk (mm/page_alloc.c:1494)\r\n drain_pages_zone (include/linux/spinlock.h:391 mm/page_alloc.c:2632)\r\n __drain_all_pages (mm/page_alloc.c:2731)\r\n drain_all_pages (mm/page_alloc.c:2747)\r\n kcompactd (mm/compaction.c:3115)\r\n kthread (kernel/kthread.c:465)\r\n ? __cfi_kcompactd (mm/compaction.c:3166)\r\n ? __cfi_kthread (kernel/kthread.c:412)\r\n ret_from_fork (arch/x86/kernel/process.c:164)\r\n ? __cfi_kthread (kernel/kthread.c:412)\r\n ret_from_fork_asm (arch/x86/entry/entry_64.S:255)\r\n \u003c/TASK\u003e\r\n\r\nMatthew has analyzed the report and identified that in drain_page_zone()\r\nwe are in a section protected by spin_lock(\u0026pcp-\u003elock) and then get an\r\ninterrupt that attempts spin_trylock() on the same lock. The code is\r\ndesigned to work this way without disabling IRQs and occasionally fail the\r\ntrylock with a fallback. However, the SMP=n spinlock implementation\r\nassumes spin_trylock() will always succeed, and thus it\u0027s normally a\r\nno-op. Here the enabled lock debugging catches the problem, but otherwise\r\nit could cause a corruption of the pcp structure.\r\n\r\nThe problem has been introduced by commit 574907741599 (\"mm/page_alloc:\r\nleave IRQs enabled for per-cpu page allocations\"). The pcp locking scheme\r\nrecognizes the need for disabling IRQs to prevent nesting spin_trylock()\r\nsections on SMP=n, but the need to prevent the nesting in spin_lock() has\r\nnot been recognized. Fix it by introducing local wrappers that change the\r\nspin_lock() to spin_lock_iqsave() with SMP=n and use them in all places\r\nthat do spin_lock(\u0026pcp-\u003elock).\r\n\r\n[vbabka@suse.cz: add pcp_ prefix to the spin_lock_irqsave wrappers, per Steven]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23025"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23025"
},
{
"cve": "CVE-2026-23026",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()\r\n\r\nFix a memory leak in gpi_peripheral_config() where the original memory\r\npointed to by gchan-\u003econfig could be lost if krealloc() fails.\r\n\r\nThe issue occurs when:\r\n1. gchan-\u003econfig points to previously allocated memory\r\n2. krealloc() fails and returns NULL\r\n3. The function directly assigns NULL to gchan-\u003econfig, losing the\r\n reference to the original memory\r\n4. The original memory becomes unreachable and cannot be freed\r\n\r\nFix this by using a temporary variable to hold the krealloc() result\r\nand only updating gchan-\u003econfig when the allocation succeeds.\r\n\r\nFound via static analysis and code review.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23026"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23026"
},
{
"cve": "CVE-2026-23030",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nphy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()\r\n\r\nThe for_each_available_child_of_node() calls of_node_put() to\r\nrelease child_np in each success loop. After breaking from the\r\nloop with the child_np has been released, the code will jump to\r\nthe put_child label and will call the of_node_put() again if the\r\ndevm_request_threaded_irq() fails. These cause a double free bug.\r\n\r\nFix by returning directly to avoid the duplicate of_node_put().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23030"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23030"
},
{
"cve": "CVE-2026-23031",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncan: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak\r\n\r\nIn gs_can_open(), the URBs for USB-in transfers are allocated, added to the\r\nparent-\u003erx_submitted anchor and submitted. In the complete callback\r\ngs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In\r\ngs_can_close() the URBs are freed by calling\r\nusb_kill_anchored_urbs(parent-\u003erx_submitted).\r\n\r\nHowever, this does not take into account that the USB framework unanchors\r\nthe URB before the complete function is called. This means that once an\r\nin-URB has been completed, it is no longer anchored and is ultimately not\r\nreleased in gs_can_close().\r\n\r\nFix the memory leak by anchoring the URB in the\r\ngs_usb_receive_bulk_callback() to the parent-\u003erx_submitted anchor.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23031"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23031"
},
{
"cve": "CVE-2026-23032",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnull_blk: fix kmemleak by releasing references to fault configfs items\r\n\r\nWhen CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk\r\ndriver sets up fault injection support by creating the timeout_inject,\r\nrequeue_inject, and init_hctx_fault_inject configfs items as children\r\nof the top-level nullbX configfs group.\r\n\r\nHowever, when the nullbX device is removed, the references taken to\r\nthese fault-config configfs items are not released. As a result,\r\nkmemleak reports a memory leak, for example:\r\n\r\nunreferenced object 0xc00000021ff25c40 (size 32):\r\n comm \"mkdir\", pid 10665, jiffies 4322121578\r\n hex dump (first 32 bytes):\r\n 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_\r\n 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject..........\r\n backtrace (crc 1a018c86):\r\n __kmalloc_node_track_caller_noprof+0x494/0xbd8\r\n kvasprintf+0x74/0xf4\r\n config_item_set_name+0xf0/0x104\r\n config_group_init_type_name+0x48/0xfc\r\n fault_config_init+0x48/0xf0\r\n 0xc0080000180559e4\r\n configfs_mkdir+0x304/0x814\r\n vfs_mkdir+0x49c/0x604\r\n do_mkdirat+0x314/0x3d0\r\n sys_mkdir+0xa0/0xd8\r\n system_call_exception+0x1b0/0x4f0\r\n system_call_vectored_common+0x15c/0x2ec\r\n\r\nFix this by explicitly releasing the references to the fault-config\r\nconfigfs items when dropping the reference to the top-level nullbX\r\nconfigfs group.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23032"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23032"
},
{
"cve": "CVE-2026-23033",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: omap-dma: fix dma_pool resource leak in error paths\r\n\r\nThe dma_pool created by dma_pool_create() is not destroyed when\r\ndma_async_device_register() or of_dma_controller_register() fails,\r\ncausing a resource leak in the probe error paths.\r\n\r\nAdd dma_pool_destroy() in both error paths to properly release the\r\nallocated dma_pool resource.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23033"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23033"
},
{
"cve": "CVE-2026-23037",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncan: etas_es58x: allow partial RX URB allocation to succeed\r\n\r\nWhen es58x_alloc_rx_urbs() fails to allocate the requested number of\r\nURBs but succeeds in allocating some, it returns an error code.\r\nThis causes es58x_open() to return early, skipping the cleanup label\r\n\u0027free_urbs\u0027, which leads to the anchored URBs being leaked.\r\n\r\nAs pointed out by maintainer Vincent Mailhol, the driver is designed\r\nto handle partial URB allocation gracefully. Therefore, partial\r\nallocation should not be treated as a fatal error.\r\n\r\nModify es58x_alloc_rx_urbs() to return 0 if at least one URB has been\r\nallocated, restoring the intended behavior and preventing the leak\r\nin es58x_open().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23037"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23037"
},
{
"cve": "CVE-2026-23038",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\npnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()\r\n\r\nIn nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails,\r\nthe function jumps to the out_scratch label without freeing the already\r\nallocated dsaddrs list, leading to a memory leak.\r\n\r\nFix this by jumping to the out_err_drain_dsaddrs label, which properly\r\nfrees the dsaddrs list before cleaning up other resources.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23038"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23038"
},
{
"cve": "CVE-2026-23111",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()\n\nnft_map_catchall_activate() has an inverted element activity check\ncompared to its non-catchall counterpart nft_mapelem_activate() and\ncompared to what is logically required.\n\nnft_map_catchall_activate() is called from the abort path to re-activate\ncatchall map elements that were deactivated during a failed transaction.\nIt should skip elements that are already active (they don\u0027t need\nre-activation) and process elements that are inactive (they need to be\nrestored). Instead, the current code does the opposite: it skips inactive\nelements and processes active ones.\n\nCompare the non-catchall activate callback, which is correct:\n\n nft_mapelem_activate():\n if (nft_set_elem_active(ext, iter-\u003egenmask))\n return 0; /* skip active, process inactive */\n\nWith the buggy catchall version:\n\n nft_map_catchall_activate():\n if (!nft_set_elem_active(ext, genmask))\n continue; /* skip inactive, process active */\n\nThe consequence is that when a DELSET operation is aborted,\nnft_setelem_data_activate() is never called for the catchall element.\nFor NFT_GOTO verdict elements, this means nft_data_hold() is never\ncalled to restore the chain-\u003euse reference count. Each abort cycle\npermanently decrements chain-\u003euse. Once chain-\u003euse reaches zero,\nDELCHAIN succeeds and frees the chain while catchall verdict elements\nstill reference it, resulting in a use-after-free.\n\nThis is exploitable for local privilege escalation from an unprivileged\nuser via user namespaces + nftables on distributions that enable\nCONFIG_USER_NS and CONFIG_NF_TABLES.\n\nFix by removing the negation so the check matches nft_mapelem_activate():\nskip active elements, process inactive ones.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23111"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23111"
},
{
"cve": "CVE-2026-23112",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec\n\nnvmet_tcp_build_pdu_iovec() could walk past cmd-\u003ereq.sg when a PDU\nlength or offset exceeds sg_cnt and then use bogus sg-\u003elength/offset\nvalues, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining\nentries, and sg-\u003elength/offset before building the bvec.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23112"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23112"
},
{
"cve": "CVE-2026-23220",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths\r\n\r\nThe problem occurs when a signed request fails smb2 signature verification\r\ncheck. In __process_request(), if check_sign_req() returns an error,\r\nset_smb2_rsp_status(work, STATUS_ACCESS_DENIED) is called.\r\nset_smb2_rsp_status() set work-\u003enext_smb2_rcv_hdr_off as zero. By resetting\r\nnext_smb2_rcv_hdr_off to zero, the pointer to the next command in the chain\r\nis lost. Consequently, is_chained_smb2_message() continues to point to\r\nthe same request header instead of advancing. If the header\u0027s NextCommand\r\nfield is non-zero, the function returns true, causing __handle_ksmbd_work()\r\nto repeatedly process the same failed request in an infinite loop.\r\nThis results in the kernel log being flooded with \"bad smb2 signature\"\r\nmessages and high CPU usage.\r\n\r\nThis patch fixes the issue by changing the return value from\r\nSERVER_HANDLER_CONTINUE to SERVER_HANDLER_ABORT. This ensures that\r\nthe processing loop terminates immediately rather than attempting to\r\ncontinue from an invalidated offset.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23220"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/835.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23220"
},
{
"cve": "CVE-2026-23222",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly\n\nThe existing allocation of scatterlists in omap_crypto_copy_sg_lists()\nwas allocating an array of scatterlist pointers, not scatterlist objects,\nresulting in a 4x too small allocation.\n\nUse sizeof(*new_sg) to get the correct object size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23222"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23222"
},
{
"cve": "CVE-2026-23228",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsmb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()\r\n\r\nOn kthread_run() failure in ksmbd_tcp_new_connection(), the transport is\r\nfreed via free_transport(), which does not decrement active_num_conn,\r\nleaking this counter.\r\n\r\nReplace free_transport() with ksmbd_tcp_disconnect().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23228"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23228"
},
{
"cve": "CVE-2026-23229",
"cwe": {
"id": "CWE-820",
"name": "Missing Synchronization"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: virtio - Add spinlock protection with virtqueue notification\r\n\r\nWhen VM boots with one virtio-crypto PCI device and builtin backend,\r\nrun openssl benchmark command with multiple processes, such as\r\n openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32\r\n\r\nopenssl processes will hangup and there is error reported like this:\r\n virtio_crypto virtio0: dataq.0:id 3 is not a head!\r\n\r\nIt seems that the data virtqueue need protection when it is handled\r\nfor virtio done notification. If the spinlock protection is added\r\nin virtcrypto_done_task(), openssl benchmark with multiple processes\r\nworks well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23229"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/820.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23229"
},
{
"cve": "CVE-2026-23230",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: split cached_fid bitfields to avoid shared-byte RMW races\n\nis_open, has_lease and on_list are stored in the same bitfield byte in\nstruct cached_fid but are updated in different code paths that may run\nconcurrently. Bitfield assignments generate byte read\u2013modify\u2013write\noperations (e.g. `orb $mask, addr` on x86_64), so updating one flag can\nrestore stale values of the others.\n\nA possible interleaving is:\n CPU1: load old byte (has_lease=1, on_list=1)\n CPU2: clear both flags (store 0)\n CPU1: RMW store (old | IS_OPEN) -\u003e reintroduces cleared bits\n\nTo avoid this class of races, convert these flags to separate bool\nfields.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23230"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23230"
},
{
"cve": "CVE-2026-23231",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nf_tables_addchain()\n\nnf_tables_addchain() publishes the chain to table-\u003echains via\nlist_add_tail_rcu() (in nft_chain_add()) before registering hooks.\nIf nf_tables_register_hook() then fails, the error path calls\nnft_chain_del() (list_del_rcu()) followed by nf_tables_chain_destroy()\nwith no RCU grace period in between.\n\nThis creates two use-after-free conditions:\n\n 1) Control-plane: nf_tables_dump_chains() traverses table-\u003echains\n under rcu_read_lock(). A concurrent dump can still be walking\n the chain when the error path frees it.\n\n 2) Packet path: for NFPROTO_INET, nf_register_net_hook() briefly\n installs the IPv4 hook before IPv6 registration fails. Packets\n entering nft_do_chain() via the transient IPv4 hook can still be\n dereferencing chain-\u003eblob_gen_X when the error path frees the\n chain.\n\nAdd synchronize_rcu() between nft_chain_del() and the chain destroy\nso that all RCU readers -- both dump threads and in-flight packet\nevaluation -- have finished before the chain is freed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23231"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23231"
},
{
"cve": "CVE-2026-23236",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: smscufx: properly copy ioctl memory to kernelspace\n\nThe UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from\nuserspace to kernelspace, and instead directly references the memory,\nwhich can cause problems if invalid data is passed from userspace. Fix\nthis all up by correctly copying the memory before accessing it within\nthe kernel.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23236"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23236"
},
{
"cve": "CVE-2026-23238",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nromfs: check sb_set_blocksize() return value\r\n\r\nromfs_fill_super() ignores the return value of sb_set_blocksize(), which\r\ncan fail if the requested block size is incompatible with the block\r\ndevice\u0027s configuration.\r\n\r\nThis can be triggered by setting a loop device\u0027s block size larger than\r\nPAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs\r\nfilesystem on that device.\r\n\r\nWhen sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=4096 but the\r\ndevice has logical_block_size=32768, bdev_validate_blocksize() fails\r\nbecause the requested size is smaller than the device\u0027s logical block\r\nsize. sb_set_blocksize() returns 0 (failure), but romfs ignores this and\r\ncontinues mounting.\r\n\r\nThe superblock\u0027s block size remains at the device\u0027s logical block size\r\n(32768). Later, when sb_bread() attempts I/O with this oversized block\r\nsize, it triggers a kernel BUG in folio_set_bh():\r\n\r\n kernel BUG at fs/buffer.c:1582!\r\n BUG_ON(size \u003e PAGE_SIZE);\r\n\r\nFix by checking the return value of sb_set_blocksize() and failing the\r\nmount with -EINVAL if it returns 0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23238"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-23238"
},
{
"cve": "CVE-2026-24515",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-24515"
},
{
"cve": "CVE-2026-25210",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-25210"
},
{
"cve": "CVE-2026-26157",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26157"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/73.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-26157"
},
{
"cve": "CVE-2026-26158",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26158"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/73.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-26158"
},
{
"cve": "CVE-2026-35535",
"cwe": {
"id": "CWE-271",
"name": "Privilege Dropping / Lowering Errors"
},
"notes": [
{
"category": "summary",
"text": "In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35535"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/271.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-35535"
},
{
"cve": "CVE-2026-41918",
"cwe": {
"id": "CWE-525",
"name": "Use of Web Browser Cache Containing Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41918"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/525.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2026-41918"
}
]
}
MSRC_CVE-2025-9086
Vulnerability from csaf_microsoft - Published: 2025-09-02 00:00 - Updated: 2026-02-18 02:38| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-20 | — |
None Available
|
|
| Unresolved product id: 17086-15 | — |
None Available
|
|
| Unresolved product id: 17086-16 | — |
None Available
|
|
| Unresolved product id: 17086-11 | — |
None Available
|
|
| Unresolved product id: 17084-14 | — |
None Available
|
|
| Unresolved product id: 17086-17 | — |
None Available
|
|
| Unresolved product id: 17086-9 | — |
None Available
|
|
| Unresolved product id: 17084-7 | — |
None Available
|
|
| Unresolved product id: 17086-5 | — |
None Available
|
|
| Unresolved product id: 17086-8 | — |
None Available
|
|
| Unresolved product id: 17084-6 | — |
None Available
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-18 | — | ||
| Unresolved product id: 17084-10 | — | ||
| Unresolved product id: 17084-12 | — | ||
| Unresolved product id: 17084-13 | — | ||
| Unresolved product id: 17084-21 | — | ||
| Unresolved product id: 17084-4 | — | ||
| Unresolved product id: 17086-3 | — | ||
| Unresolved product id: 17086-2 | — | ||
| Unresolved product id: 17086-19 | — | ||
| Unresolved product id: 17086-22 | — | ||
| Unresolved product id: 17084-1 | — |
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 Out of bounds read for cookie path - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-9086.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Out of bounds read for cookie path",
"tracking": {
"current_release_date": "2026-02-18T02:38:38.000Z",
"generator": {
"date": "2026-02-18T08:13:03.976Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-9086",
"initial_release_date": "2025-09-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-13T01:05:35.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-06T14:37:40.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-02-18T01:49:09.000Z",
"legacy_version": "2.1",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-02-18T02:38:38.000Z",
"legacy_version": "3",
"number": "4",
"summary": "Information published."
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 curl 8.11.1-3",
"product": {
"name": "azl3 curl 8.11.1-3",
"product_id": "20"
}
},
{
"category": "product_version_range",
"name": "cbl2 curl 8.8.0-6",
"product": {
"name": "cbl2 curl 8.8.0-6",
"product_id": "16"
}
},
{
"category": "product_version_range",
"name": "azl3 curl 8.11.1-4",
"product": {
"name": "azl3 curl 8.11.1-4",
"product_id": "7"
}
},
{
"category": "product_version_range",
"name": "cbl2 curl 8.8.0-7",
"product": {
"name": "cbl2 curl 8.8.0-7",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "curl"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 cmake 3.21.4-18",
"product": {
"name": "cbl2 cmake 3.21.4-18",
"product_id": "15"
}
},
{
"category": "product_version_range",
"name": "azl3 cmake 3.30.3-9",
"product": {
"name": "azl3 cmake 3.30.3-9",
"product_id": "14"
}
},
{
"category": "product_version_range",
"name": "cbl2 cmake 3.21.4-19",
"product": {
"name": "cbl2 cmake 3.21.4-19",
"product_id": "9"
}
},
{
"category": "product_version_range",
"name": "cbl2 cmake 3.21.4-20",
"product": {
"name": "cbl2 cmake 3.21.4-20",
"product_id": "5"
}
},
{
"category": "product_version_range",
"name": "azl3 cmake 3.30.3-10",
"product": {
"name": "azl3 cmake 3.30.3-10",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "cmake"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 mysql 8.0.43-1",
"product": {
"name": "cbl2 mysql 8.0.43-1",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "mysql"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 rust 1.72.0-10",
"product": {
"name": "cbl2 rust 1.72.0-10",
"product_id": "17"
}
}
],
"category": "product_name",
"name": "rust"
},
{
"category": "product_name",
"name": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "cbl2 tensorflow 2.11.1-2",
"product_id": "18"
}
},
{
"category": "product_name",
"name": "azl3 mysql 8.0.43-1",
"product": {
"name": "azl3 mysql 8.0.43-1",
"product_id": "10"
}
},
{
"category": "product_name",
"name": "azl3 rust 1.75.0-18",
"product": {
"name": "azl3 rust 1.75.0-18",
"product_id": "12"
}
},
{
"category": "product_name",
"name": "azl3 rust 1.86.0-6",
"product": {
"name": "azl3 rust 1.86.0-6",
"product_id": "13"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "21"
}
},
{
"category": "product_name",
"name": "azl3 curl 8.11.1-5",
"product": {
"name": "azl3 curl 8.11.1-5",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "cbl2 cmake 3.21.4-21",
"product": {
"name": "cbl2 cmake 3.21.4-21",
"product_id": "3"
}
},
{
"category": "product_name",
"name": "cbl2 curl 8.8.0-8",
"product": {
"name": "cbl2 curl 8.8.0-8",
"product_id": "2"
}
},
{
"category": "product_name",
"name": "cbl2 mysql 8.0.43-1",
"product": {
"name": "cbl2 mysql 8.0.43-1",
"product_id": "19"
}
},
{
"category": "product_name",
"name": "cbl2 rust 1.72.0-10",
"product": {
"name": "cbl2 rust 1.72.0-10",
"product_id": "22"
}
},
{
"category": "product_name",
"name": "azl3 cmake 3.30.3-11",
"product": {
"name": "azl3 cmake 3.30.3-11",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 curl 8.11.1-3 as a component of Azure Linux 3.0",
"product_id": "17084-20"
},
"product_reference": "20",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cmake 3.21.4-18 as a component of CBL Mariner 2.0",
"product_id": "17086-15"
},
"product_reference": "15",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 curl 8.8.0-6 as a component of CBL Mariner 2.0",
"product_id": "17086-16"
},
"product_reference": "16",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 mysql 8.0.43-1 as a component of CBL Mariner 2.0",
"product_id": "17086-11"
},
"product_reference": "11",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cmake 3.30.3-9 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rust 1.72.0-10 as a component of CBL Mariner 2.0",
"product_id": "17086-17"
},
"product_reference": "17",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tensorflow 2.11.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-18"
},
"product_reference": "18",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 mysql 8.0.43-1 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.75.0-18 as a component of Azure Linux 3.0",
"product_id": "17084-12"
},
"product_reference": "12",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.86.0-6 as a component of Azure Linux 3.0",
"product_id": "17084-13"
},
"product_reference": "13",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-21"
},
"product_reference": "21",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cmake 3.21.4-19 as a component of CBL Mariner 2.0",
"product_id": "17086-9"
},
"product_reference": "9",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 curl 8.11.1-4 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cmake 3.21.4-20 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 curl 8.11.1-5 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cmake 3.21.4-21 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 curl 8.8.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 mysql 8.0.43-1 as a component of CBL Mariner 2.0",
"product_id": "17086-19"
},
"product_reference": "19",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rust 1.72.0-10 as a component of CBL Mariner 2.0",
"product_id": "17086-22"
},
"product_reference": "22",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 curl 8.8.0-7 as a component of CBL Mariner 2.0",
"product_id": "17086-8"
},
"product_reference": "8",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cmake 3.30.3-10 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cmake 3.30.3-11 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9086",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17086-18",
"17084-21",
"17084-4",
"17086-3",
"17086-2",
"17084-1"
]
},
{
"label": "vulnerable_code_not_in_execute_path",
"product_ids": [
"17084-12",
"17084-13",
"17086-22"
]
},
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17084-10",
"17086-19"
]
}
],
"notes": [
{
"category": "general",
"text": "curl",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-20",
"17086-15",
"17086-16",
"17086-11",
"17084-14",
"17086-17",
"17086-9",
"17084-7",
"17086-5",
"17086-8",
"17084-6"
],
"known_not_affected": [
"17086-18",
"17084-10",
"17084-12",
"17084-13",
"17084-21",
"17084-4",
"17086-3",
"17086-2",
"17086-19",
"17086-22",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 Out of bounds read for cookie path - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-9086.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-20"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-15"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-16"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-11"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-14"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-17"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-9"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-7"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-5"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-8"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-20",
"17086-15",
"17086-16",
"17086-11",
"17084-14",
"17086-17",
"17086-9",
"17084-7",
"17086-5",
"17086-8",
"17084-6"
]
}
],
"title": "Out of bounds read for cookie path"
}
]
}
NCSC-2025-0330
Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:20 - Updated: 2025-10-23 13:20Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The 'MadeYouReset' vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl's WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.
CWE-1333 - Inefficient Regular Expression Complexity| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.
CWE-241 - Improper Handling of Unexpected Data Type| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications' Cloud Native Environment has a non-exploitable Security-in-Depth issue.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS's certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle's flaw.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server's Perl component but is not exploitable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden vari\u00ebren van 3.1 tot 9.8, wat wijst op een breed scala aan risico\u0027s, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2025-10-23T13:20:15.363063Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0330",
"initial_release_date": "2025-10-23T13:20:15.363063Z",
"revision_history": [
{
"date": "2025-10-23T13:20:15.363063Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications Cloud Native Core Console"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Management Cloud Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications Calendar Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Automated Test Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Binding Support Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Certificate Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core DBTier"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Repository Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Slice Selection Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Policy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Service Communication Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Unified Data Repository"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Converged Charging System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergent Charging Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Oracle Communications Diameter Signaling Router"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE Element Management System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE LNP Application Processor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Oracle Communications LSMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "Oracle Communications Messaging Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Charging and Control"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "Oracle Communications Offline Mediation Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "Oracle Communications Service Catalog and Design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Operations Monitor"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26555",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26555 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-26555.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2023-26555"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-8006",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8006 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-8006"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-35164",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35164 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-35164.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-35164"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37371 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-50609",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50609.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-50609"
},
{
"cve": "CVE-2024-51504",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "description",
"text": "Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-51504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-1948"
},
{
"cve": "CVE-2025-3576",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "description",
"text": "Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-3576 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3576.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-3576"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4373 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4373.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4802",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "description",
"text": "Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4802 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4802.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4802"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5399",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl\u0027s WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5399 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5399.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5399"
},
{
"cve": "CVE-2025-5889",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5889 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5889.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7339",
"cwe": {
"id": "CWE-241",
"name": "Improper Handling of Unexpected Data Type"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7339 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7339.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7339"
},
{
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7425 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7425"
},
{
"cve": "CVE-2025-7962",
"cwe": {
"id": "CWE-147",
"name": "Improper Neutralization of Input Terminators"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7962"
},
{
"cve": "CVE-2025-8058",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8058 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8058.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8058"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25724 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25724.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-25724"
},
{
"cve": "CVE-2025-27210",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications\u0027 Cloud Native Environment has a non-exploitable Security-in-Depth issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27210 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27210"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-27553",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27553 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27587",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "description",
"text": "OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27587 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27587.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27587"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-32728",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32728 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32728.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32728"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS\u0027s certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle\u0027s flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-53547",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53547 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53547.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53643 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53643.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54090",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"category": "other",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54090 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54090.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-54090"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-57803",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-57803 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57803.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-57803"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-59375"
}
]
}
NCSC-2025-0396
Vulnerability from csaf_ncscnl - Published: 2025-12-15 09:06 - Updated: 2025-12-15 09:06Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Chrome 129 and Microsoft Edge have multiple vulnerabilities, including remote code execution and denial of service risks, with specific issues like CVE-2024-8906 affecting Chrome's Downloads UI.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 has resolved an issue where an app could bypass launch constraint protections and execute malicious code with elevated privileges by implementing additional logic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.2 and macOS Sonoma 14.8.2 have resolved a cache handling issue that allowed physical access attackers to view deleted notes through improved cache management.
CWE-524 - Use of Cache Containing Sensitive Information| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue related to access to protected user data through enhanced restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A configuration issue was resolved by implementing additional restrictions to enhance system security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in macOS versions 14.8.3, 26.1, and 15.7.3 have resolved a parsing issue in directory path handling through enhanced path validation, potentially allowing apps to access sensitive user data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved a denial-of-service vulnerability through enhanced input validation measures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A buffer overflow vulnerability has been addressed through improved memory management techniques.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced data protection measures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a permissions issue by removing vulnerable code that allowed unauthorized access to sensitive location information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The issue was addressed through improved cache management techniques.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a session management vulnerability that allowed users with Voice Control enabled to transcribe another user's activity through enhanced checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a privacy issue related to log entries by enhancing private data redaction, preventing unauthorized access to protected user data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a permissions issue that previously allowed apps to access sensitive user data by implementing additional restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing additional code-signing restrictions to enhance user data protection.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing enhanced code-signing restrictions to protect user-sensitive data from unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 has resolved a permissions issue that previously allowed unauthorized access to sensitive user data by implementing additional restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The issue was addressed through the implementation of enhanced URL validation measures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 has addressed a permissions issue that could allow apps to gain root privileges through additional restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A race condition issue was effectively resolved through enhancements in state management, improving system reliability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The issue was addressed through improvements in memory management techniques.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A type confusion vulnerability was effectively addressed through improved state management techniques.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The issue was addressed through improved cache management techniques.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue was resolved through the implementation of enhanced checks, improving the overall security posture.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The issue was addressed by implementing additional permissions checks to enhance security measures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved a logic issue in file handling that could have allowed unauthorized access to protected user data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in macOS Sonoma (14.8.3), macOS Sequoia (15.7.3) en macOS Tahoe (26.2).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten een breed scala aan problemen, waaronder geheugenbeschadiging, logboekproblemen, en ongeoorloofde toegang tot gevoelige gebruikersgegevens. Deze kwetsbaarheden konden worden misbruikt door kwaadwillenden om ongeautoriseerde toegang te verkrijgen of om de stabiliteit van het systeem in gevaar te brengen.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren of bestand te openen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "CWE-275",
"title": "CWE-275"
},
{
"category": "general",
"text": "Improper Handling of Insufficient Permissions or Privileges ",
"title": "CWE-280"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "general",
"text": "CWE-371",
"title": "CWE-371"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "general",
"text": "Missing Initialization of a Variable",
"title": "CWE-456"
},
{
"category": "general",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
},
{
"category": "general",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CWE-1018",
"title": "CWE-1018"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125886"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125887"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125888"
}
],
"title": "Kwetsbaarheden verholpen in Apple macOS",
"tracking": {
"current_release_date": "2025-12-15T09:06:36.450655Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0396",
"initial_release_date": "2025-12-15T09:06:36.450655Z",
"revision_history": [
{
"date": "2025-12-15T09:06:36.450655Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "macOS Sequoia"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "macOS Sonoma"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "macOS Tahoe"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7264",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7264 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7264.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-7264"
},
{
"cve": "CVE-2024-8906",
"notes": [
{
"category": "description",
"text": "Chrome 129 and Microsoft Edge have multiple vulnerabilities, including remote code execution and denial of service risks, with specific issues like CVE-2024-8906 affecting Chrome\u0027s Downloads UI.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8906.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-8906"
},
{
"cve": "CVE-2025-5918",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5918.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-5918"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43320",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 has resolved an issue where an app could bypass launch constraint protections and execute malicious code with elevated privileges by implementing additional logic.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43320 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43320.json"
}
],
"title": "CVE-2025-43320"
},
{
"cve": "CVE-2025-43410",
"cwe": {
"id": "CWE-524",
"name": "Use of Cache Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.2 and macOS Sonoma 14.8.2 have resolved a cache handling issue that allowed physical access attackers to view deleted notes through improved cache management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43410 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43410.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43410"
},
{
"cve": "CVE-2025-43416",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue related to access to protected user data through enhanced restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43416 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43416.json"
}
],
"title": "CVE-2025-43416"
},
{
"cve": "CVE-2025-43428",
"notes": [
{
"category": "description",
"text": "A configuration issue was resolved by implementing additional restrictions to enhance system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43428 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43428.json"
}
],
"title": "CVE-2025-43428"
},
{
"cve": "CVE-2025-43463",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS versions 14.8.3, 26.1, and 15.7.3 have resolved a parsing issue in directory path handling through enhanced path validation, potentially allowing apps to access sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43463 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43463.json"
}
],
"title": "CVE-2025-43463"
},
{
"cve": "CVE-2025-43482",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved a denial-of-service vulnerability through enhanced input validation measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43482 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43482.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43482"
},
{
"cve": "CVE-2025-43501",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability has been addressed through improved memory management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43501 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43501.json"
}
],
"title": "CVE-2025-43501"
},
{
"cve": "CVE-2025-43509",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced data protection measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43509 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43509.json"
}
],
"title": "CVE-2025-43509"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43511 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43511.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43511"
},
{
"cve": "CVE-2025-43512",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43512 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43512.json"
}
],
"title": "CVE-2025-43512"
},
{
"cve": "CVE-2025-43513",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a permissions issue by removing vulnerable code that allowed unauthorized access to sensitive location information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43513 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43513.json"
}
],
"title": "CVE-2025-43513"
},
{
"cve": "CVE-2025-43514",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improved cache management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43514 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43514.json"
}
],
"title": "CVE-2025-43514"
},
{
"cve": "CVE-2025-43516",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a session management vulnerability that allowed users with Voice Control enabled to transcribe another user\u0027s activity through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43516.json"
}
],
"title": "CVE-2025-43516"
},
{
"cve": "CVE-2025-43517",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a privacy issue related to log entries by enhancing private data redaction, preventing unauthorized access to protected user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43517.json"
}
],
"title": "CVE-2025-43517"
},
{
"cve": "CVE-2025-43518",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43518 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43518.json"
}
],
"title": "CVE-2025-43518"
},
{
"cve": "CVE-2025-43519",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a permissions issue that previously allowed apps to access sensitive user data by implementing additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43519 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43519.json"
}
],
"title": "CVE-2025-43519"
},
{
"cve": "CVE-2025-43521",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing additional code-signing restrictions to enhance user data protection.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43521 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43521.json"
}
],
"title": "CVE-2025-43521"
},
{
"cve": "CVE-2025-43522",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing enhanced code-signing restrictions to protect user-sensitive data from unauthorized access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43522 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43522.json"
}
],
"title": "CVE-2025-43522"
},
{
"cve": "CVE-2025-43523",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 has resolved a permissions issue that previously allowed unauthorized access to sensitive user data by implementing additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43523 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43523.json"
}
],
"title": "CVE-2025-43523"
},
{
"cve": "CVE-2025-43526",
"notes": [
{
"category": "description",
"text": "The issue was addressed through the implementation of enhanced URL validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43526 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43526.json"
}
],
"title": "CVE-2025-43526"
},
{
"cve": "CVE-2025-43527",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Insufficient Permissions or Privileges ",
"title": "CWE-280"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.3 has addressed a permissions issue that could allow apps to gain root privileges through additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43527 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43527.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43527"
},
{
"cve": "CVE-2025-43529",
"notes": [
{
"category": "description",
"text": "Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43530",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43530 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43530.json"
}
],
"title": "CVE-2025-43530"
},
{
"cve": "CVE-2025-43531",
"notes": [
{
"category": "description",
"text": "A race condition issue was effectively resolved through enhancements in state management, improving system reliability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43531 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43531.json"
}
],
"title": "CVE-2025-43531"
},
{
"cve": "CVE-2025-43532",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43532 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43532.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43532"
},
{
"cve": "CVE-2025-43533",
"notes": [
{
"category": "description",
"text": "Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-43535",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improvements in memory management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43535 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43535.json"
}
],
"title": "CVE-2025-43535"
},
{
"cve": "CVE-2025-43536",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43536 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43536.json"
}
],
"title": "CVE-2025-43536"
},
{
"cve": "CVE-2025-43538",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43538 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43538.json"
}
],
"title": "CVE-2025-43538"
},
{
"cve": "CVE-2025-43539",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43539 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43539.json"
}
],
"title": "CVE-2025-43539"
},
{
"cve": "CVE-2025-43541",
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was effectively addressed through improved state management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43541 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43541.json"
}
],
"title": "CVE-2025-43541"
},
{
"cve": "CVE-2025-43542",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43542 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43542.json"
}
],
"title": "CVE-2025-43542"
},
{
"cve": "CVE-2025-46276",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46276 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46276.json"
}
],
"title": "CVE-2025-46276"
},
{
"cve": "CVE-2025-46277",
"notes": [
{
"category": "description",
"text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46277 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46277.json"
}
],
"title": "CVE-2025-46277"
},
{
"cve": "CVE-2025-46278",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improved cache management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46278 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46278.json"
}
],
"title": "CVE-2025-46278"
},
{
"cve": "CVE-2025-46279",
"notes": [
{
"category": "description",
"text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46279 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46279.json"
}
],
"title": "CVE-2025-46279"
},
{
"cve": "CVE-2025-46281",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved through the implementation of enhanced checks, improving the overall security posture.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46281 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46281.json"
}
],
"title": "CVE-2025-46281"
},
{
"cve": "CVE-2025-46282",
"notes": [
{
"category": "description",
"text": "The issue was addressed by implementing additional permissions checks to enhance security measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46282 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46282.json"
}
],
"title": "CVE-2025-46282"
},
{
"cve": "CVE-2025-46283",
"notes": [
{
"category": "description",
"text": "A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46283 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46283.json"
}
],
"title": "CVE-2025-46283"
},
{
"cve": "CVE-2025-46285",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46285 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46285.json"
}
],
"title": "CVE-2025-46285"
},
{
"cve": "CVE-2025-46287",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46287 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46287.json"
}
],
"title": "CVE-2025-46287"
},
{
"cve": "CVE-2025-46288",
"notes": [
{
"category": "description",
"text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46288 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46288.json"
}
],
"title": "CVE-2025-46288"
},
{
"cve": "CVE-2025-46289",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved a logic issue in file handling that could have allowed unauthorized access to protected user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46289 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46289.json"
}
],
"title": "CVE-2025-46289"
},
{
"cve": "CVE-2025-46291",
"notes": [
{
"category": "description",
"text": "A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46291 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46291.json"
}
],
"title": "CVE-2025-46291"
}
]
}
NCSC-2025-0397
Vulnerability from csaf_ncscnl - Published: 2025-12-15 09:08 - Updated: 2025-12-15 09:08Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A configuration issue was resolved by implementing additional restrictions to enhance system security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A buffer overflow vulnerability has been addressed through improved memory management techniques.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A race condition issue was effectively resolved through enhancements in state management, improving system reliability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
The issue was addressed through improvements in memory management techniques.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A type confusion vulnerability was effectively addressed through improved state management techniques.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
The issue was resolved through the implementation of additional entitlement checks to enhance security measures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in iOS en iPadOS (versies 18.7.3 en 26.2)",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten onder andere een use-after-free probleem, een geheugenbeschadiging, en een logboekprobleem dat ongeautoriseerde toegang tot gevoelige gebruikersdata mogelijk maakte. Deze kwetsbaarheden konden worden uitgebuit door kwaadwillenden via speciaal vervaardigde gegevens of door misbruik van de loggingmechanismen. De fixes omvatten verbeterde geheugenbeheerpraktijken en strengere controles om de integriteit van gebruikersgegevens te waarborgen.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren, een malafide bestand te openen of link te volgen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "CWE-371",
"title": "CWE-371"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "general",
"text": "Missing Initialization of a Variable",
"title": "CWE-456"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125884"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125885"
}
],
"title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
"tracking": {
"current_release_date": "2025-12-15T09:08:39.804149Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0397",
"initial_release_date": "2025-12-15T09:08:39.804149Z",
"revision_history": [
{
"date": "2025-12-15T09:08:39.804149Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "iOS, iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7264",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7264 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7264.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2024-7264"
},
{
"cve": "CVE-2025-5918",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5918.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-5918"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43428",
"notes": [
{
"category": "description",
"text": "A configuration issue was resolved by implementing additional restrictions to enhance system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43428 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43428.json"
}
],
"title": "CVE-2025-43428"
},
{
"cve": "CVE-2025-43475",
"notes": [
{
"category": "description",
"text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43475 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43475.json"
}
],
"title": "CVE-2025-43475"
},
{
"cve": "CVE-2025-43501",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability has been addressed through improved memory management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43501 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43501.json"
}
],
"title": "CVE-2025-43501"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43511 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43511.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-43511"
},
{
"cve": "CVE-2025-43512",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43512 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43512.json"
}
],
"title": "CVE-2025-43512"
},
{
"cve": "CVE-2025-43518",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43518 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43518.json"
}
],
"title": "CVE-2025-43518"
},
{
"cve": "CVE-2025-43529",
"notes": [
{
"category": "description",
"text": "Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43530",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43530 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43530.json"
}
],
"title": "CVE-2025-43530"
},
{
"cve": "CVE-2025-43531",
"notes": [
{
"category": "description",
"text": "A race condition issue was effectively resolved through enhancements in state management, improving system reliability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43531 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43531.json"
}
],
"title": "CVE-2025-43531"
},
{
"cve": "CVE-2025-43532",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43532 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43532.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-43532"
},
{
"cve": "CVE-2025-43533",
"notes": [
{
"category": "description",
"text": "Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-43535",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improvements in memory management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43535 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43535.json"
}
],
"title": "CVE-2025-43535"
},
{
"cve": "CVE-2025-43536",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43536 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43536.json"
}
],
"title": "CVE-2025-43536"
},
{
"cve": "CVE-2025-43538",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43538 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43538.json"
}
],
"title": "CVE-2025-43538"
},
{
"cve": "CVE-2025-43539",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43539 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43539.json"
}
],
"title": "CVE-2025-43539"
},
{
"cve": "CVE-2025-43541",
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was effectively addressed through improved state management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43541 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43541.json"
}
],
"title": "CVE-2025-43541"
},
{
"cve": "CVE-2025-43542",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43542 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43542.json"
}
],
"title": "CVE-2025-43542"
},
{
"cve": "CVE-2025-46276",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46276 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46276.json"
}
],
"title": "CVE-2025-46276"
},
{
"cve": "CVE-2025-46277",
"notes": [
{
"category": "description",
"text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46277 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46277.json"
}
],
"title": "CVE-2025-46277"
},
{
"cve": "CVE-2025-46279",
"notes": [
{
"category": "description",
"text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46279 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46279.json"
}
],
"title": "CVE-2025-46279"
},
{
"cve": "CVE-2025-46285",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46285 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46285.json"
}
],
"title": "CVE-2025-46285"
},
{
"cve": "CVE-2025-46287",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46287 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46287.json"
}
],
"title": "CVE-2025-46287"
},
{
"cve": "CVE-2025-46288",
"notes": [
{
"category": "description",
"text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46288 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46288.json"
}
],
"title": "CVE-2025-46288"
},
{
"cve": "CVE-2025-46292",
"notes": [
{
"category": "description",
"text": "The issue was resolved through the implementation of additional entitlement checks to enhance security measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46292 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46292.json"
}
],
"title": "CVE-2025-46292"
}
]
}
NCSC-2026-0020
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:18 - Updated: 2026-01-21 09:18Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent updates for various Java platforms, including OpenJDK and IBM, address critical security vulnerabilities related to heap corruption and TLS protections, while also enhancing scripting support and HTTP client handling.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle WebLogic Server en Oracle Commerce producten",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een gedeeltelijke Denial-of-Service te veroorzaken via HTTP. Dit kan leiden tot systeemuitval en verstoring van de dienstverlening. Daarnaast is er een kritieke XML External Entity (XXE) injectie kwetsbaarheid in de Apache Tika framework die de PDF-parsing functionaliteit be\u00efnvloedt, wat kan leiden tot gevoelige informatie openbaarmaking of zelfs remote code execution.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Commerce",
"tracking": {
"current_release_date": "2026-01-21T09:18:16.268788Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0020",
"initial_release_date": "2026-01-21T09:18:16.268788Z",
"revision_history": [
{
"date": "2026-01-21T09:18:16.268788Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Commerce"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Guided Search"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Platform"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-50059",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates for various Java platforms, including OpenJDK and IBM, address critical security vulnerabilities related to heap corruption and TLS protections, while also enhancing scripting support and HTTP client handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50059 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50059.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-50059"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-66516"
}
]
}
NCSC-2026-0023
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:27 - Updated: 2026-01-21 09:27Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Recent vulnerabilities in Oracle JD Edwards and Node.js expose critical data and sensitive information, with CVSS scores indicating significant risk, particularly for Windows users and specific device names.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Push Notifications component affects versions 8.60, 8.61, and 8.62, allowing low-privileged attackers to exploit it via HTTP, potentially leading to unauthorized data access and modifications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing significant risks to data confidentiality and integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Integration Broker component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise HCM Human Resources product (version 9.2) allows unauthenticated attackers to compromise the system, with a CVSS score of 6.1 indicating risks to confidentiality and integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 allows low-privileged attackers to compromise the system, potentially leading to unauthorized data access and modifications, with a CVSS score of 5.4.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en deze te wijzigen. Dit kan leiden tot ongeautoriseerde toegang en aanpassingen aan kritieke data, met CVSS-scores vari\u00ebrend van 5.4 tot 10.0, wat wijst op een gematigd tot significant risico voor de vertrouwelijkheid en integriteit van de gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle PeopleSoft",
"tracking": {
"current_release_date": "2026-01-21T09:27:58.715578Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0023",
"initial_release_date": "2026-01-21T09:27:58.715578Z",
"revision_history": [
{
"date": "2026-01-21T09:27:58.715578Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "PeopleSoft"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise HCM Human Resources"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise PeopleTools"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise SCM Purchasing"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-27210",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards and Node.js expose critical data and sensitive information, with CVSS scores indicating significant risk, particularly for Windows users and specific device names.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27210 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-27210"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2026-21934",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Push Notifications component affects versions 8.60, 8.61, and 8.62, allowing low-privileged attackers to exploit it via HTTP, potentially leading to unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21934 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21934.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21934"
},
{
"cve": "CVE-2026-21938",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing significant risks to data confidentiality and integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21938 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21938"
},
{
"cve": "CVE-2026-21951",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Integration Broker component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21951 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21951.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21951"
},
{
"cve": "CVE-2026-21961",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise HCM Human Resources product (version 9.2) allows unauthenticated attackers to compromise the system, with a CVSS score of 6.1 indicating risks to confidentiality and integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21961 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21961"
},
{
"cve": "CVE-2026-21971",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 allows low-privileged attackers to compromise the system, potentially leading to unauthorized data access and modifications, with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21971 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21971.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21971"
}
]
}
NCSC-2026-0032
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:12 - Updated: 2026-01-21 10:12Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to potentially cause a denial of service by crashing the server, with a CVSS score of 5.3 indicating availability impacts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL's InnoDB component affects specific versions, allowing high-privileged attackers to crash the MySQL Server, with a CVSS score of 4.9 indicating availability impacts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to cause denial of service via network access, with a CVSS score of 4.9.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers to cause denial of service, leading to server crashes, with a CVSS 3.1 Base Score of 4.9.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL's Server: Thread Pooling component affects specific versions, allowing high-privileged attackers to remotely exploit it, potentially leading to denial of service with a CVSS score of 4.9.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers with network access to potentially cause a partial denial of service, rated with a CVSS 3.1 Base Score of 2.7.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows low-privileged attackers to cause denial of service via network access, with a CVSS score of 6.5.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse Oracle MySQL componenten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen hooggeprivilegieerde aanvallers in staat om de server op afstand te exploiteren, wat kan leiden tot servercrashes en Denial of Service. Dit probleem kan worden misbruikt door aanvallers met netwerktoegang, wat de noodzaak van aandacht van beveiligingsbeheerders onderstreept.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle MySQL",
"tracking": {
"current_release_date": "2026-01-21T10:12:24.844869Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0032",
"initial_release_date": "2026-01-21T10:12:24.844869Z",
"revision_history": [
{
"date": "2026-01-21T10:12:24.844869Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "MySQL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "MySQL Cluster"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "MySQL Connectors"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "MySQL Enterprise Backup"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "MySQL Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "MySQL Workbench"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65018 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2026-21929",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to potentially cause a denial of service by crashing the server, with a CVSS score of 5.3 indicating availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21929 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21929.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21929"
},
{
"cve": "CVE-2026-21936",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL\u0027s InnoDB component affects specific versions, allowing high-privileged attackers to crash the MySQL Server, with a CVSS score of 4.9 indicating availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21936 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21936.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21936"
},
{
"cve": "CVE-2026-21937",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to cause denial of service via network access, with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21937 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21937.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21937"
},
{
"cve": "CVE-2026-21941",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21941 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21941.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21941"
},
{
"cve": "CVE-2026-21948",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21948"
},
{
"cve": "CVE-2026-21949",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21949"
},
{
"cve": "CVE-2026-21950",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21950 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21950.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21950"
},
{
"cve": "CVE-2026-21952",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers to cause denial of service, leading to server crashes, with a CVSS 3.1 Base Score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21952 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21952.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21952"
},
{
"cve": "CVE-2026-21964",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL\u0027s Server: Thread Pooling component affects specific versions, allowing high-privileged attackers to remotely exploit it, potentially leading to denial of service with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21964 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21964.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21964"
},
{
"cve": "CVE-2026-21965",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers with network access to potentially cause a partial denial of service, rated with a CVSS 3.1 Base Score of 2.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21965"
},
{
"cve": "CVE-2026-21968",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows low-privileged attackers to cause denial of service via network access, with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21968 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21968.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21968"
}
]
}
OPENSUSE-SU-2025-20090-1
Vulnerability from csaf_opensuse - Published: 2025-11-26 14:30 - Updated: 2025-11-26 14:30| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for curl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for curl fixes the following issues:\n\n- CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191)\n- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)\n- CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348)\n\nOther fixes:\n- tool_operate: fix return code when --retry is used but not\n triggered (bsc#1249367)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-57",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025-20090-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1249191",
"url": "https://bugzilla.suse.com/1249191"
},
{
"category": "self",
"summary": "SUSE Bug 1249348",
"url": "https://bugzilla.suse.com/1249348"
},
{
"category": "self",
"summary": "SUSE Bug 1249367",
"url": "https://bugzilla.suse.com/1249367"
},
{
"category": "self",
"summary": "SUSE Bug 1253757",
"url": "https://bugzilla.suse.com/1253757"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-10148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-10148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11563 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9086 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9086/"
}
],
"title": "Security update for curl",
"tracking": {
"current_release_date": "2025-11-26T14:30:14Z",
"generator": {
"date": "2025-11-26T14:30:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025-20090-1",
"initial_release_date": "2025-11-26T14:30:14Z",
"revision_history": [
{
"date": "2025-11-26T14:30:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "curl-8.14.1-160000.3.1.aarch64",
"product": {
"name": "curl-8.14.1-160000.3.1.aarch64",
"product_id": "curl-8.14.1-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.14.1-160000.3.1.aarch64",
"product": {
"name": "libcurl-devel-8.14.1-160000.3.1.aarch64",
"product_id": "libcurl-devel-8.14.1-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-8.14.1-160000.3.1.aarch64",
"product": {
"name": "libcurl4-8.14.1-160000.3.1.aarch64",
"product_id": "libcurl4-8.14.1-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-fish-completion-8.14.1-160000.3.1.noarch",
"product": {
"name": "curl-fish-completion-8.14.1-160000.3.1.noarch",
"product_id": "curl-fish-completion-8.14.1-160000.3.1.noarch"
}
},
{
"category": "product_version",
"name": "curl-zsh-completion-8.14.1-160000.3.1.noarch",
"product": {
"name": "curl-zsh-completion-8.14.1-160000.3.1.noarch",
"product_id": "curl-zsh-completion-8.14.1-160000.3.1.noarch"
}
},
{
"category": "product_version",
"name": "libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"product": {
"name": "libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"product_id": "libcurl-devel-doc-8.14.1-160000.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.14.1-160000.3.1.ppc64le",
"product": {
"name": "curl-8.14.1-160000.3.1.ppc64le",
"product_id": "curl-8.14.1-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.14.1-160000.3.1.ppc64le",
"product": {
"name": "libcurl-devel-8.14.1-160000.3.1.ppc64le",
"product_id": "libcurl-devel-8.14.1-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-8.14.1-160000.3.1.ppc64le",
"product": {
"name": "libcurl4-8.14.1-160000.3.1.ppc64le",
"product_id": "libcurl4-8.14.1-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.14.1-160000.3.1.s390x",
"product": {
"name": "curl-8.14.1-160000.3.1.s390x",
"product_id": "curl-8.14.1-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.14.1-160000.3.1.s390x",
"product": {
"name": "libcurl-devel-8.14.1-160000.3.1.s390x",
"product_id": "libcurl-devel-8.14.1-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-8.14.1-160000.3.1.s390x",
"product": {
"name": "libcurl4-8.14.1-160000.3.1.s390x",
"product_id": "libcurl4-8.14.1-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.14.1-160000.3.1.x86_64",
"product": {
"name": "curl-8.14.1-160000.3.1.x86_64",
"product_id": "curl-8.14.1-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.14.1-160000.3.1.x86_64",
"product": {
"name": "libcurl-devel-8.14.1-160000.3.1.x86_64",
"product_id": "libcurl-devel-8.14.1-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-8.14.1-160000.3.1.x86_64",
"product": {
"name": "libcurl4-8.14.1-160000.3.1.x86_64",
"product_id": "libcurl4-8.14.1-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.14.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64"
},
"product_reference": "curl-8.14.1-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.14.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le"
},
"product_reference": "curl-8.14.1-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.14.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x"
},
"product_reference": "curl-8.14.1-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.14.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64"
},
"product_reference": "curl-8.14.1-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-fish-completion-8.14.1-160000.3.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch"
},
"product_reference": "curl-fish-completion-8.14.1-160000.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-zsh-completion-8.14.1-160000.3.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch"
},
"product_reference": "curl-zsh-completion-8.14.1-160000.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.14.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64"
},
"product_reference": "libcurl-devel-8.14.1-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.14.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le"
},
"product_reference": "libcurl-devel-8.14.1-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.14.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x"
},
"product_reference": "libcurl-devel-8.14.1-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.14.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64"
},
"product_reference": "libcurl-devel-8.14.1-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-doc-8.14.1-160000.3.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch"
},
"product_reference": "libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.14.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64"
},
"product_reference": "libcurl4-8.14.1-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.14.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le"
},
"product_reference": "libcurl4-8.14.1-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.14.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x"
},
"product_reference": "libcurl4-8.14.1-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.14.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
},
"product_reference": "libcurl4-8.14.1-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-10148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-10148"
}
],
"notes": [
{
"category": "general",
"text": "curl\u0027s websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-10148",
"url": "https://www.suse.com/security/cve/CVE-2025-10148"
},
{
"category": "external",
"summary": "SUSE Bug 1249348 for CVE-2025-10148",
"url": "https://bugzilla.suse.com/1249348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T14:30:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-10148"
},
{
"cve": "CVE-2025-11563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11563"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11563",
"url": "https://www.suse.com/security/cve/CVE-2025-11563"
},
{
"category": "external",
"summary": "SUSE Bug 1253757 for CVE-2025-11563",
"url": "https://bugzilla.suse.com/1253757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T14:30:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-11563"
},
{
"cve": "CVE-2025-9086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9086"
}
],
"notes": [
{
"category": "general",
"text": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path=\u0027/\u0027`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9086",
"url": "https://www.suse.com/security/cve/CVE-2025-9086"
},
{
"category": "external",
"summary": "SUSE Bug 1249191 for CVE-2025-9086",
"url": "https://bugzilla.suse.com/1249191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T14:30:14Z",
"details": "important"
}
],
"title": "CVE-2025-9086"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.