The U.S. CISA added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:
- CVE-2024-32896 Android Pixel Privilege Escalation Vulnerability is an elevation of privilege vulnerability in Pixel Firmware, which has been exploited in the wild as a zero-day.
- CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability is an elevation of privilege issue in the Microsoft Windows Error Reporting Service that can be exploited to could gain SYSTEM privileges.
- CVE-2024-4358 Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability is an authentication bypass vulnerability that an unauthenticated attacker can exploit to gain access to Telerik Report Server restricted functionality.
CISA orders federal agencies to fix this vulnerability by July 4, 2024.
