The U.S. CISA added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog following the massive exploitation in wild.
CVE-2024-43093 Android Framework Privilege Escalation Vulnerability
The vulnerability is a privileged escalation issue in the Android Framework component. Successful exploitation of the vulnerability could lead to unauthorized access to sensitive directories and associated sub-directories.
CVE-2024-5910 Palo Alto Expedition Missing Authentication Vulnerability
With a CVSS score of 9.3, , a missing authentication for a critical function in Palo Alto Networks Expedition that can lead to an admin account takeover. The tool is designed to assist with the migration of configurations from other firewall vendors and legacy Palo Alto Networks devices to newer models. The vulnerability affects expedition versions before 1.2.92
CVE-2024-51567 CyberPanel Incorrect Default Permissions
With a CVSS score of 10, this is an incorrect default permissions vulnerability in CyberPanel (prior to patch 5b08cd6) that allows remote attackers to bypass authentication and execute arbitrary commands Versions up to 2.3.6 and unpatched 2.3.7 are affected, with active exploitation reported in October 2024 by PSAUX.
CVE-2019-16278 Nostromo nhttpd Directory Traversal Vulnerability
With a CVSS score of 9.8 is a directory traversal issue in the function http_verify in nostromo nhttpd through 1.9.6 that allows an attacker to achieve remote code execution via a crafted HTTP
The CISA set on November 28, 2024, as the deadline for the federal agencies to remediate
