Merge pull request #1450 from e-m-b-a/known_exploited_update

CISA known exploited database update
e-m-b-a · Feb 3, 2025 · bff9dd4 · bff9dd4
2 parents 77fd9b8 + 0c0e49a
commit bff9dd4
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv
@@ -1,4 +1,5 @@
 cveID,vendorProject,product,vulnerabilityName,dateAdded,shortDescription,requiredAction,dueDate,knownRansomwareCampaignUse,notes,cwes
+CVE-2025-24085,Apple,"Multiple Products","Apple Multiple Products Use-After-Free Vulnerability",2025-01-29,"Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-02-19,Unknown,"https://support.apple.com/en-us/122066 ; https://support.apple.com/en-us/122068 ; https://support.apple.com/en-us/122071 ; https://support.apple.com/en-us/122072 ; https://support.apple.com/en-us/122073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24085",CWE-416
 CVE-2025-23006,SonicWall,"SMA1000 Appliances","SonicWall SMA1000 Appliances Deserialization Vulnerability",2025-01-24,"SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-02-14,Unknown,"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 ; https://nvd.nist.gov/vuln/detail/CVE-2025-23006",CWE-502
 CVE-2020-11023,JQuery,JQuery,"JQuery Cross-Site Scripting (XSS) Vulnerability",2025-01-23,"JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-02-13,Unknown,"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023",CWE-79
 CVE-2024-50603,Aviatrix,Controllers,"Aviatrix Controllers OS Command Injection Vulnerability",2025-01-16,"Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-02-06,Unknown,"https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true ; https://nvd.nist.gov/vuln/detail/CVE-2024-50603",CWE-78