CISA KEV Updates

NucleiList.txt

@@ -2335,6 +2335,7 @@ CVE-2023-40752
 CVE-2023-40753
 CVE-2023-40755
 CVE-2023-40779
+CVE-2023-40931
 CVE-2023-4110
 CVE-2023-41109
 CVE-2023-4111

cisa-kev.csv

@@ -1,4 +1,6 @@
 cveID,vendorProject,product,vulnerabilityName,dateAdded,shortDescription,requiredAction,dueDate,knownRansomwareCampaignUse,notes,cwes
+CVE-2024-37383,Roundcube,Webmail,"RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability",2024-10-24,"RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-14,Unknown,"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7, https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37383",CWE-79
+CVE-2024-20481,Cisco,"Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)","Cisco ASA and FTD Denial-of-Service Vulnerability",2024-10-24,"Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-14,Unknown,"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW ; https://nvd.nist.gov/vuln/detail/CVE-2024-20481",CWE-772
 CVE-2024-47575,Fortinet,FortiManager,"Fortinet FortiManager Missing Authentication Vulnerability",2024-10-23,"Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-13,Unknown,"https://fortiguard.fortinet.com/psirt/FG-IR-24-423 ; https://nvd.nist.gov/vuln/detail/CVE-2024-47575",CWE-306
 CVE-2024-38094,Microsoft,SharePoint,"Microsoft SharePoint Deserialization Vulnerability",2024-10-22,"Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-12,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38094",CWE-502
 CVE-2024-9537,ScienceLogic,SL1,"ScienceLogic SL1 Unspecified Vulnerability",2024-10-21,"ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-11-11,Unknown,"https://support.sciencelogic.com/s/article/15527 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9537",