by Artie Kaye
The US Cybersecurity and Infrastructure Security Agency have added several items to their list of must address exploits. As these are actively being used by attackers in the wild it is recommended to resolve the issues. Below are the companies, CVE numbers, and links to the solutions for said problems.
Apple
CVE-2022-32917
https://support.apple.com/en-us/HT213445
https://support.apple.com/en-us/HT213444
CVE-2022-42827
https://support.apple.com/en-us/HT213489
Microsoft
CVE-2022-37969
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969
CVE-2010-2568
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046
CVE-2022-41040
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
CVE-2022-41082
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
CVE-2022-41033
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41033
Linux
CVE-2013-2094
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f
CVE-2013-2596
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc9bbca8f650e5f738af8806317c0a041a48ae4a
CVE-2013-6282
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8404663f81d212918ff85f493649a7991209fa04
CVE-2021-3493
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52
Code Aurora
CVE-2013-2597
https://web.archive.org/web/20161226013354/https:/www.codeaurora.org/news/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597
Trend Micro
CVE-2022-40139
https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US
Zoho
CVE-2022-35405
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html
Sophos
CVE-2022-3236
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
Atlassian
CVE-2022-36804
https://jira.atlassian.com/browse/BSERV-13438
Fortinet
CVE-2022-40684
https://www.fortiguard.com/psirt/FG-IR-22-377
Zimbra
CVE-2022-41352
https://wiki.zimbra.com/wiki/Security_Center
GIGABYTE
CVE-2018-19320
https://www.gigabyte.com/Support/Security/1801
CVE-2018-19321
https://www.gigabyte.com/Support/Security/1801
CVE-2018-19322
https://www.gigabyte.com/Support/Security/1801
CVE-2018-19323
https://www.gigabyte.com/Support/Security/1801
Cisco
CVE-2020-3153
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
CVE-2020-3433
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
Google
CVE-2022-3723
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog