CISA KEV Updates

rxerium · Oct 4, 2024 · fd3e560 · fd3e560
1 parent 65f9c64
commit fd3e560
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 1 deletion.
diff --git a/CISA-Scannable-List.txt b/CISA-Scannable-List.txt
@@ -249,6 +249,7 @@ CVE-2024-36401
 CVE-2024-38856
 CVE-2024-4040
 CVE-2024-4358
+CVE-2024-45519
 CVE-2024-4577
 CVE-2024-4879
 CVE-2024-5217

diff --git a/cisa-kev.csv b/cisa-kev.csv
@@ -1,4 +1,5 @@
 cveID,vendorProject,product,vulnerabilityName,dateAdded,shortDescription,requiredAction,dueDate,knownRansomwareCampaignUse,notes,cwes
+CVE-2024-45519,Synacor,"Zimbra Collaboration","Synacor Zimbra Collaboration Command Execution Vulnerability",2024-10-03,"Synacor Zimbra Collaboration contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-24,Unknown,"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2024-45519",
 CVE-2024-29824,Ivanti,"Endpoint Manager (EPM)","Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability",2024-10-02,"Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code. ","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-23,Unknown,"https://forums.ivanti.com/s/article/Security-Advisory-May-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29824",CWE-89
 CVE-2019-0344,SAP,"Commerce Cloud","SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability",2024-09-30,"SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-21,Unknown,"https://web.archive.org/web/20191214053020/https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 ; https://nvd.nist.gov/vuln/detail/CVE-2019-0344",CWE-502
 CVE-2021-4043,"Motion Spell",GPAC,"Motion Spell GPAC Null Pointer Dereference Vulnerability",2024-09-30,"Motion Spell GPAC contains a null pointer dereference vulnerability that could allow a local attacker to cause a denial-of-service (DoS) condition.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-21,Unknown,"This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db ; https://nvd.nist.gov/vuln/detail/CVE-2021-4043",CWE-476

diff --git a/nuclei-templates b/nuclei-templates