diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json index 7952f9a..0609389 100644 --- a/known_exploited_vulnerabilities.json +++ b/known_exploited_vulnerabilities.json @@ -1,9 +1,24 @@ { "title": "CISA Catalog of Known Exploited Vulnerabilities", - "catalogVersion": "2024.12.03", - "dateReleased": "2024-12-03T20:48:27.9218Z", - "count": 1226, + "catalogVersion": "2024.12.04", + "dateReleased": "2024-12-04T17:12:50.5311Z", + "count": 1227, "vulnerabilities": [ + { + "cveID": "CVE-2024-51378", + "vendorProject": "CyberPersons", + "product": "CyberPanel", + "vulnerabilityName": "CyberPanel Incorrect Default Permissions Vulnerability", + "dateAdded": "2024-12-04", + "shortDescription": "CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property.", + "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "dueDate": "2024-12-25", + "knownRansomwareCampaignUse": "Known", + "notes": "https:\/\/cyberpanel.net\/KnowledgeBase\/home\/change-logs\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-51378", + "cwes": [ + "CWE-276" + ] + }, { "cveID": "CVE-2024-11667", "vendorProject": "Zyxel", @@ -13,7 +28,7 @@ "shortDescription": "Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL.", "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "dueDate": "2024-12-24", - "knownRansomwareCampaignUse": "Unknown", + "knownRansomwareCampaignUse": "Known", "notes": "https:\/\/www.zyxel.com\/global\/en\/support\/security-advisories\/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11667", "cwes": [ "CWE-22"