CISA KEV Updates

rxerium · Sep 25, 2024 · 76d378f · 76d378f
1 parent be2217d
commit 76d378f
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/NucleiList.txt b/NucleiList.txt
@@ -465,6 +465,8 @@ CVE-2017-18565
 CVE-2017-18566
 CVE-2017-18598
 CVE-2017-18638
+CVE-2017-3131
+CVE-2017-3133
 CVE-2017-3506
 CVE-2017-3528
 CVE-2017-3881
@@ -794,6 +796,7 @@ CVE-2019-5434
 CVE-2019-6112
 CVE-2019-6340
 CVE-2019-6715
+CVE-2019-6793
 CVE-2019-6799
 CVE-2019-6802
 CVE-2019-7139
@@ -841,6 +844,7 @@ CVE-2020-10770
 CVE-2020-10973
 CVE-2020-11034
 CVE-2020-11110
+CVE-2020-11441
 CVE-2020-11450
 CVE-2020-11455
 CVE-2020-11529
@@ -2675,4 +2679,5 @@ CVE-2024-8503
 CVE-2024-8517
 CVE-2024-8522
 CVE-2024-8752
+CVE-2024-8883
 spring4shell-CVE-2022-22965
diff --git a/cisa-kev.csv b/cisa-kev.csv
@@ -1166,7 +1166,6 @@ CVE-2017-1000253,Linux,Kernel,"Linux Kernel PIE Stack Buffer Corruption Vulnerab
 CVE-2016-3714,ImageMagick,ImageMagick,"ImageMagick Improper Input Validation Vulnerability",2024-09-09,"ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-09-30,Unknown,"This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726, https://imagemagick.org/archive/releases/; https://nvd.nist.gov/vuln/detail/CVE-2016-3714",CWE-20
 CVE-2024-38217,Microsoft,Windows,"Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability",2024-09-10,"Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-01,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217; https://nvd.nist.gov/vuln/detail/CVE-2024-38217",CWE-693
 CVE-2024-38014,Microsoft,Windows,"Microsoft Windows Installer Improper Privilege Management Vulnerability",2024-09-10,"Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-01,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014; https://nvd.nist.gov/vuln/detail/CVE-2024-38014",CWE-269
-CVE-2024-43491,Microsoft,Windows,"Microsoft Windows Update Use-After-Free Vulnerability",2024-09-10,"Microsoft Windows Update contains a use-after-free vulnerability that allows for remote code execution.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-01,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491; https://nvd.nist.gov/vuln/detail/CVE-2024-43491",CWE-416
 CVE-2024-38226,Microsoft,Publisher,"Microsoft Publisher Protection Mechanism Failure Vulnerability",2024-09-10,"Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-01,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226; https://nvd.nist.gov/vuln/detail/CVE-2024-38226",CWE-693
 CVE-2024-8190,Ivanti,"Cloud Services Appliance","Ivanti Cloud Services Appliance OS Command Injection Vulnerability",2024-09-13,"Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.","As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.",2024-10-04,Unknown,"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190; https://nvd.nist.gov/vuln/detail/CVE-2024-8190",CWE-78
 CVE-2024-6670,Progress,"WhatsUp Gold","Progress WhatsUp Gold SQL Injection Vulnerability",2024-09-16,"Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-07,Known,"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-6670",CWE-89

diff --git a/nuclei-templates b/nuclei-templates