CISA Update October 2023 – Wyo Support News

by Artie Kaye

Your monthly update of high severity flaws which are actively being exploited. If you are using any of the programs or devices listed below it is advised to take the recommended steps to address the problem. Wyo Support News may have reported on some of these vulnerabilities in the past. Below are the items added in September.

Company	CVE	Platform	Details
Adobe	CVE-2023-26369	Acrobat and Reader	https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
Android	CVE-2023-35674	Framework	https://source.android.com/docs/security/bulletin/2023-09-01
Apache	CVE-2023-33246	RocketMQ	https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp
Apple	CVE-2023-41991 CVE-2023-41992 CVE-2023-41993 CVE-2023-41064 CVE-2023-41061	iOS and iPadOS	https://support.apple.com/en-us/HT213926 https://support.apple.com/en-us/HT213927 https://support.apple.com/en-us/HT213905
		watchOS	https://support.apple.com/en-us/HT213928 https://support.apple.com/en-us/HT213929 https://support.apple.com/kb/HT213907
		Safari	https://support.apple.com/en-us/HT213930
		macOS Ventura	https://support.apple.com/en-us/HT213931 https://support.apple.com/en-us/HT213906
		macOS Monterey	https://support.apple.com/en-us/HT213932
Cisco	CVE-2023-20269	Adaptive Security Appliance and Firepower Threat Defense	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC
Google	CVE-2023-5217	Chrome libvpx	https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
	CVE-2023-4863	Chromium WebP	https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1
Laravel	CVE-2021-3129	Ignition	https://github.com/facade/ignition/releases/tag/2.5.2
Microsoft	CVE-2023-36761	Word	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761
	CVE-2023-36802	Streaming Service Proxy	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802
MiniO	CVE-2023-28434	MinIO Security Feature Bypass Vulnerability	https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c
~~Owl Labs~~ The Owl Labs CVE’s have been removed due to lack of evidence of active exploitation.	~~CVE-2022-31459 CVE-2022-31461 CVE-2022-31462 CVE-2022-31463~~	~~Meeting Owl~~	~~https://resources.owllabs.com/blog/owl-labs-update~~
Realtek	CVE-2014-8361	SDK	https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
Red Hat Linux	CVE-2018-14667	JBoss RichFaces Framework	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667
Samsung	CVE-2022-22265	Mobile Devices	https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1
Trend Micro	CVE-2023-41179	Apex One and Worry-Free Business Security	https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
Zyxel	CVE-2017-6884		https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe https://www.zyxelguard.com/Zyxel-EOL.asp