Merge pull request #1142 from e-m-b-a/known_exploited_update

CISA known exploited database update

config/known_exploited_vulnerabilities.csv

@@ -1098,3 +1098,7 @@ CVE-2024-29745,Android,Pixel,"Android Pixel Information Disclosure Vulnerability
 CVE-2024-3273,D-Link,"Multiple NAS Devices","D-Link Multiple NAS Devices Command Injection Vulnerability",2024-04-11,"D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.","This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.",2024-05-02,Unknown,https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
 CVE-2024-3272,D-Link,"Multiple NAS Devices","D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability",2024-04-11,"D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.","This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.",2024-05-02,Unknown,https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
 CVE-2024-3400,"Palo Alto Networks",PAN-OS,"Palo Alto Networks PAN-OS Command Injection Vulnerability",2024-04-12,"Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.","Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.",2024-04-19,Unknown,https://security.paloaltonetworks.com/CVE-2024-3400
+CVE-2022-38028,Microsoft,Windows,"Microsoft Windows Print Spooler Privilege Escalation Vulnerability ",2024-04-23,"Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-05-14,Unknown,https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38028
+CVE-2024-4040,CrushFTP,CrushFTP,"CrushFTP VFS Sandbox Escape Vulnerability",2024-04-24,"CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-05-01,Unknown,https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update&version=34
+CVE-2024-20359,Cisco,"Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)","Cisco ASA and FTD Privilege Escalation Vulnerability",2024-04-24,"Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-05-01,Unknown,https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
+CVE-2024-20353,Cisco,"Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)","Cisco ASA and FTD Denial of Service Vulnerability",2024-04-24,"Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-05-01,Unknown,https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2