CISA KEV Updates

rxerium · Dec 19, 2024 · ba92b94 · ba92b94
1 parent 5481b38
commit ba92b94
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/cisa-kev.csv b/cisa-kev.csv
@@ -1,4 +1,8 @@
 cveID,vendorProject,product,vulnerabilityName,dateAdded,shortDescription,requiredAction,dueDate,knownRansomwareCampaignUse,notes,cwes
+CVE-2021-40407,Reolink,"RLC-410W IP Camera","Reolink RLC-410W IP Camera OS Command Injection Vulnerability ",2024-12-18,"Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.","The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.",2025-01-08,Unknown,"https://reolink.com/product-eol/ ; https://reolink.com/download-center/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-40407",CWE-78
+CVE-2019-11001,Reolink,"Multiple IP Cameras","Reolink Multiple IP Cameras OS Command Injection Vulnerability",2024-12-18,"Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the ""TestEmail"" functionality to inject and run OS commands as root.","The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.",2025-01-08,Unknown,"https://reolink.com/product-eol/ ; https://reolink.com/download-center/ ; https://nvd.nist.gov/vuln/detail/CVE-2019-11001",CWE-78
+CVE-2022-23227,NUUO,"NVRmini2 Devices","NUUO NVRmini 2 Devices Missing Authentication Vulnerability ",2024-12-18,"NUUO NVRmini 2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users. ","The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.",2025-01-08,Unknown,"https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter＿NVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2022-23227",CWE-306
+CVE-2018-14933,NUUO,"NVRmini Devices","NUUO NVRmini Devices OS Command Injection Vulnerability ",2024-12-18,"NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.","The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.",2025-01-08,Unknown,"https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter＿NVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2018-14933",CWE-78
 CVE-2024-55956,Cleo,"Multiple Products","Cleo Multiple Products Unauthenticated File Upload Vulnerability",2024-12-17,"Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-01-07,Known,"https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update-CVE-2024-55956 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55956",
 CVE-2024-35250,Microsoft,Windows,"Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability ",2024-12-16,"Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-01-06,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250 ; https://nvd.nist.gov/vuln/detail/CVE-2024-35250",CWE-822
 CVE-2024-20767,Adobe,ColdFusion,"Adobe ColdFusion Improper Access Control Vulnerability",2024-12-16,"Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-01-06,Unknown,"https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20767",CWE-284

diff --git a/nuclei-templates b/nuclei-templates