by Artie Kaye
The US Cybersecurity and Infrastructure Security Agency have added several items to their list of must address exploits. As these are actively being used by attackers in the wild it is recommended to resolve the issues. Below are the companies, CVE numbers, and links to the solutions for said problems.
Oracle
CVE-2021-35587
https://www.oracle.com/security-alerts/cpujan2022.html
Google
CVE-2022-4135
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Microsoft
CVE-2022-41049
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41049
CVE-2022-41091
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41091
CVE-2022-41073
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41073
CVE-2022-41125
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41125
CVE-2022-41128
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128
Samsung
CVE-2021-25337
CVE-2021-25369
CVE-2021-25370
https://security.samsungmobile.com/securityUpdate.smsb