by Artie Kaye
The Cybersecurity and Infrastructure Agency (CISA) added a host of new exploits over the last two months which are must patch issues. While these instructions are meant for governmental agencies, it would be prudent to address them if they apply. Below are the CVE numbers, what products are affected, and official links the various companies have provided highlighting the problem or their solutions.
All links are off-site references that open in news tabs or windows.
Adobe
ColdFusion
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
Android
Framework
https://source.android.com/docs/security/bulletin/2023-03-01
Apache
Log4j2
https://logging.apache.org/log4j/2.x/security.html
Spark
https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
Apple
macOS
https://support.apple.com/en-us/HT209600
Multiple Products
https://support.apple.com/en-us/HT213720
https://support.apple.com/en-us/HT213721
https://support.apple.com/en-us/HT213722
https://support.apple.com/en-us/HT213723
https://support.apple.com/en-us/HT213720
https://support.apple.com/en-us/HT213721
https://support.apple.com/en-us/HT21286
https://support.apple.com/en-us/HT212868
https://support.apple.com/kb/HT212872
Arm
Mali Graphics Processing Unit
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Cisco
IOS and IOS XE Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Fortinet
FortiOS
https://www.fortiguard.com/psirt/FG-IR-22-369
Fortra
Cobalt Strike
https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/
https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/
Chrome
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
Chromium V8 Engine
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
Linux
Kernel
Microsoft
Win32k
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336
Windows
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252
Internet Explorer
https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055
Office
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397
https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability
MinIO
https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q
Novi Survey
https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx
Oracle
WebLogic Server
https://www.oracle.com/security-alerts/cpujan2023.html
PaperCut
MF/NG
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
Plex
Media Server
https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819
Samba
https://www.samba.org/samba/security/CVE-2017-7494.html
Techlib
GLPI
Summary of fixes covered in vendor link below:
https://glpi-project.org/new-version-glpi-10-0-7/
TP-Link
Archer AX21
https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware
Veritas
Backup Exec Agent
https://www.veritas.com/support/en_US/security/VTS21-001
XStream
https://www.vmware.com/security/advisories/VMSA-2022-0027.html
https://x-stream.github.io/CVE-2021-39144.html
Zimbra
Collaboration
https://wiki.zimbra.com/wiki/Security_Center
Zoho
Manage Engine
https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28810.html
Third-Party References:
Click the links below to learn more details. (Opens in a new tab/window.)