|
1 | 1 | { |
2 | 2 | "title": "CISA Catalog of Known Exploited Vulnerabilities", |
3 | | - "catalogVersion": "2025.01.29", |
4 | | - "dateReleased": "2025-01-29T17:02:51.9769Z", |
5 | | - "count": 1253, |
| 3 | + "catalogVersion": "2025.02.04", |
| 4 | + "dateReleased": "2025-02-04T15:00:47.717Z", |
| 5 | + "count": 1257, |
6 | 6 | "vulnerabilities": [ |
| 7 | + { |
| 8 | + "cveID": "CVE-2018-19410", |
| 9 | + "vendorProject": "Paessler", |
| 10 | + "product": "PTRG Network Monitor", |
| 11 | + "vulnerabilityName": "Paessler PRTG Network Monitor Local File Inclusion Vulnerability", |
| 12 | + "dateAdded": "2025-02-04", |
| 13 | + "shortDescription": "Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).", |
| 14 | + "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", |
| 15 | + "dueDate": "2025-02-25", |
| 16 | + "knownRansomwareCampaignUse": "Unknown", |
| 17 | + "notes": "https:\/\/www.paessler.com\/prtg\/history\/prtg-18#18.2.41.1652 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-19410", |
| 18 | + "cwes": [] |
| 19 | + }, |
| 20 | + { |
| 21 | + "cveID": "CVE-2018-9276", |
| 22 | + "vendorProject": "Paessler", |
| 23 | + "product": "PRTG Network Monitor", |
| 24 | + "vulnerabilityName": "Paessler PRTG Network Monitor OS Command Injection Vulnerability", |
| 25 | + "dateAdded": "2025-02-04", |
| 26 | + "shortDescription": "Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console.", |
| 27 | + "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", |
| 28 | + "dueDate": "2025-02-25", |
| 29 | + "knownRansomwareCampaignUse": "Unknown", |
| 30 | + "notes": "https:\/\/www.paessler.com\/prtg\/history\/prtg-18#18.2.39 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-9276", |
| 31 | + "cwes": [ |
| 32 | + "CWE-78" |
| 33 | + ] |
| 34 | + }, |
| 35 | + { |
| 36 | + "cveID": "CVE-2024-29059", |
| 37 | + "vendorProject": "Microsoft", |
| 38 | + "product": ".NET Framework", |
| 39 | + "vulnerabilityName": "Microsoft .NET Framework Information Disclosure Vulnerability", |
| 40 | + "dateAdded": "2025-02-04", |
| 41 | + "shortDescription": "Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.", |
| 42 | + "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", |
| 43 | + "dueDate": "2025-02-25", |
| 44 | + "knownRansomwareCampaignUse": "Unknown", |
| 45 | + "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29059 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-29059", |
| 46 | + "cwes": [ |
| 47 | + "CWE-209" |
| 48 | + ] |
| 49 | + }, |
| 50 | + { |
| 51 | + "cveID": "CVE-2024-45195", |
| 52 | + "vendorProject": "Apache", |
| 53 | + "product": "OFBiz", |
| 54 | + "vulnerabilityName": "Apache OFBiz Forced Browsing Vulnerability", |
| 55 | + "dateAdded": "2025-02-04", |
| 56 | + "shortDescription": "Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access.", |
| 57 | + "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", |
| 58 | + "dueDate": "2025-02-25", |
| 59 | + "knownRansomwareCampaignUse": "Unknown", |
| 60 | + "notes": "https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195", |
| 61 | + "cwes": [ |
| 62 | + "CWE-425" |
| 63 | + ] |
| 64 | + }, |
7 | 65 | { |
8 | 66 | "cveID": "CVE-2025-24085", |
9 | 67 | "vendorProject": "Apple", |
|
0 commit comments