The US CISA has added the following vulnerabilities to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation
CVE-2024-44308
With no CVSS score assigned yet, Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
CVE-2024-44309
With no CVSS score assigned yet, Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack
CVE-2024-21287
With a CVSS score of 7.5, Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure
CISA has set December 12, 2024, as a deadline for federal agencies to remediate the vulnerabilities
