Update KEV: Tue Dec 17 00:12:10 UTC 2024

Signed-off-by: AboutCode Automation <[email protected]>
aboutcode-org · Dec 17, 2024 · 1a042b8 · 1a042b8
1 parent 7e7cbce
commit 1a042b8
Showing 1 changed file with 34 additions and 4 deletions.
diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json
@@ -1,9 +1,39 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2024.12.13",
-    "dateReleased": "2024-12-13T19:00:59.4534Z",
-    "count": 1229,
+    "catalogVersion": "2024.12.16",
+    "dateReleased": "2024-12-16T15:01:34.5147Z",
+    "count": 1231,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2024-35250",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability ",
+            "dateAdded": "2024-12-16",
+            "shortDescription": "Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-01-06",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-35250 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-35250",
+            "cwes": [
+                "CWE-822"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-20767",
+            "vendorProject": "Adobe",
+            "product": "ColdFusion",
+            "vulnerabilityName": "Adobe ColdFusion Improper Access Control Vulnerability",
+            "dateAdded": "2024-12-16",
+            "shortDescription": "Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-01-06",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/helpx.adobe.com\/security\/products\/coldfusion\/apsb24-14.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-20767",
+            "cwes": [
+                "CWE-284"
+            ]
+        },
         {
             "cveID": "CVE-2024-50623",
             "vendorProject": "Cleo",
@@ -16,7 +46,7 @@
             "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/support.cleo.com\/hc\/en-us\/articles\/28408134019735-Cleo-Product-Security-Update ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-50623",
             "cwes": [
-                "CVE-434"
+                "CWE-434"
             ]
         },
         {