CISA Active Exploit List Updated November 1, 2022

November 1, 2022 Artie Kaye

by Artie Kaye

The US Cybersecurity and Infrastructure Security Agency have added several items to their list of must address exploits. As these are actively being used by attackers in the wild it is recommended to resolve the issues. Below are the companies, CVE numbers, and links to the solutions for said problems.

Company	CVE	Platform	Details
Apple	CVE-2022-32917	macOS iOS iPadOS	https://support.apple.com/en-us/HT213445 https://support.apple.com/en-us/HT213444
	CVE-2022-42827	iOS iPadOS	https://support.apple.com/en-us/HT213489
Atlassian	CVE-2022-36804	BitBucket	https://jira.atlassian.com/browse/BSERV-13438
Cisco	CVE-2020-3153 CVE-2020-3433	AnyConnect	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
Code Aurora	CVE-2013-2597	Code Aurora	https://web.archive.org/web/20161226013354/https:/www.codeaurora.org/news/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597
Fortinet	CVE-2022-40684	FortiOS	https://www.fortiguard.com/psirt/FG-IR-22-377
GIGABYTE	CVE-2018-19320 CVE-2018-19321	GIGABYTE APP Center	https://www.gigabyte.com/Support/Security/1801
	CVE-2018-19322 CVE-2018-19323	AORUS GRAPHICS ENGINE	https://www.gigabyte.com/Support/Security/1801
Google	CVE-2022-3723	Google Chrome	https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
Linux	CVE-2013-2094	Kernel	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f
	CVE-2013-2596 CVE-2013-6282	Android	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc9bbca8f650e5f738af8806317c0a041a48ae4a https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8404663f81d212918ff85f493649a7991209fa04
	CVE-2021-3493	Ubuntu	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52
Microsoft	CVE-2022-37969 CVE-2010-2568 CVE-2022-41033	Windows	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41033
	CVE-2022-41040 CVE-2022-41082	Exchange	https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Sohpos	CVE-2022-3236	Sophos Firewall	https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
Trend Micro	CVE-2022-40139	Apex One	https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US
Zimbra	CVE-2022-41352	ZCS	https://wiki.zimbra.com/wiki/Security_Center
Zoho	CVE-2022-35405	Password Manager Pro	https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html

For a more comprehensive list of all vulnerabilities, visit cisa.gov (Opens in a new tab/window.)

CISA.gov