The US CISA added below vulnerabilities to the Known Exploited Vulnerability Catalog based on the evidence of active exploitation
CVE-2024-40766
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
CVE-2017-1000253
Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges
CVE-2016-3714
ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.
CISA set 30 September 2024 as a due date for federal agencies to remediate the vulnerabilities
