CISA Active Exploit List Updated December 2, 2022


by Artie Kaye

The US Cybersecurity and Infrastructure Security Agency have added several items to their list of must address exploits.  As these are actively being used by attackers in the wild it is recommended to resolve the issues.  Below are the companies, CVE numbers, and links to the solutions for said problems.

Oracle
CVE-2021-35587
https://www.oracle.com/security-alerts/cpujan2022.html

Google
CVE-2022-4135
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html

Microsoft
CVE-2022-41049
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41049

CVE-2022-41091
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41091

CVE-2022-41073
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41073

CVE-2022-41125
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41125

CVE-2022-41128
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128

Samsung
CVE-2021-25337
CVE-2021-25369
CVE-2021-25370
https://security.samsungmobile.com/securityUpdate.smsb