The US CISA has added below vulnerabilities to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.
CVE-2024-30088
Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CVE-2024-9680
Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in animation timelines that allows for code execution in the content process. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CVE-2024-28987
SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA has set November 5, 2024, as a deadline for federal agencies to remediate
