Merge pull request #1370 from e-m-b-a/known_exploited_update

CISA known exploited database update
e-m-b-a · Nov 10, 2024 · 79c035d · 79c035d
2 parents bb549bb + 8246819
commit 79c035d
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv
@@ -1,4 +1,10 @@
 cveID,vendorProject,product,vulnerabilityName,dateAdded,shortDescription,requiredAction,dueDate,knownRansomwareCampaignUse,notes,cwes
+CVE-2019-16278,Nostromo,nhttpd,"Nostromo nhttpd Directory Traversal Vulnerability",2024-11-07,"Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd server allowing for remote code execution.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-28,Unknown,"https://www.nazgul.ch/dev/nostromo_cl.txt ; https://nvd.nist.gov/vuln/detail/CVE-2019-16278",CWE-22
+CVE-2024-51567,CyberPersons,CyberPanel,"CyberPanel Incorrect Default Permissions Vulnerability",2024-11-07,"CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-28,Unknown,"https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel ; https://nvd.nist.gov/vuln/detail/CVE-2024-51567",CWE-276
+CVE-2024-43093,Android,Framework,"Android Framework Privilege Escalation Vulnerability",2024-11-07,"Android Framework contains an unspecified vulnerability that allows for privilege escalation.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-28,Unknown,"https://source.android.com/docs/security/bulletin/2024-11-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43093",
+CVE-2024-5910,"Palo Alto",Expedition,"Palo Alto Expedition Missing Authentication Vulnerability",2024-11-07,"Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-28,Unknown,"https://security.paloaltonetworks.com/CVE-2024-5910 ; https://nvd.nist.gov/vuln/detail/CVE-2024-5910",CWE-306
+CVE-2024-8956,PTZOptics,"PT30X-SDI/NDI Cameras","PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability",2024-11-04,"PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-25,Unknown,"https://ptzoptics.com/firmware-changelog/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-8956",CWE-287
+CVE-2024-8957,PTZOptics,"PT30X-SDI/NDI Cameras","PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability",2024-11-04,"PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script. ","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-25,Unknown,"https://ptzoptics.com/firmware-changelog/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-8957",CWE-78
 CVE-2024-37383,Roundcube,Webmail,"RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability",2024-10-24,"RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-14,Unknown,"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7, https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37383",CWE-79
 CVE-2024-20481,Cisco,"Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)","Cisco ASA and FTD Denial-of-Service Vulnerability",2024-10-24,"Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-14,Unknown,"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW ; https://nvd.nist.gov/vuln/detail/CVE-2024-20481",CWE-772
 CVE-2024-47575,Fortinet,FortiManager,"Fortinet FortiManager Missing Authentication Vulnerability",2024-10-23,"Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-13,Unknown,"https://fortiguard.fortinet.com/psirt/FG-IR-24-423 ; https://nvd.nist.gov/vuln/detail/CVE-2024-47575",CWE-306
@@ -17,7 +23,6 @@ CVE-2024-43047,Qualcomm,"Multiple Chipsets ","Qualcomm Multiple Chipsets Use-Aft
 CVE-2024-45519,Synacor,"Zimbra Collaboration","Synacor Zimbra Collaboration Command Execution Vulnerability",2024-10-03,"Synacor Zimbra Collaboration contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-24,Unknown,"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2024-45519",
 CVE-2024-29824,Ivanti,"Endpoint Manager (EPM)","Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability",2024-10-02,"Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code. ","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-23,Unknown,"https://forums.ivanti.com/s/article/Security-Advisory-May-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29824",CWE-89
 CVE-2019-0344,SAP,"Commerce Cloud","SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability",2024-09-30,"SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-21,Unknown,"https://web.archive.org/web/20191214053020/https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 ; https://nvd.nist.gov/vuln/detail/CVE-2019-0344",CWE-502
-CVE-2021-4043,"Motion Spell",GPAC,"Motion Spell GPAC Null Pointer Dereference Vulnerability",2024-09-30,"Motion Spell GPAC contains a null pointer dereference vulnerability that could allow a local attacker to cause a denial-of-service (DoS) condition.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-21,Unknown,"This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db ; https://nvd.nist.gov/vuln/detail/CVE-2021-4043",CWE-476
 CVE-2020-15415,DrayTek,"Multiple Vigor Routers","DrayTek Multiple Vigor Routers OS Command Injection Vulnerability",2024-09-30,"DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-21,Unknown,"https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-14472) ; https://nvd.nist.gov/vuln/detail/CVE-2020-15415",CWE-78
 CVE-2023-25280,D-Link,"DIR-820 Router","D-Link DIR-820 Router OS Command Injection Vulnerability",2024-09-30,"D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.","The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.",2024-10-21,Unknown,"https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10358 ; https://nvd.nist.gov/vuln/detail/CVE-2023-25280",CWE-78
 CVE-2024-7593,Ivanti,"Virtual Traffic Manager","Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability",2024-09-24,"Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-15,Unknown,"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593 ; https://nvd.nist.gov/vuln/detail/CVE-2024-7593","CWE-287, CWE-303"