Sunday, November 24, 2024
CISA Exploit List

CISA Update October 2023

Artie

by Artie Kaye

Your monthly update of high severity flaws which are actively being exploited. If you are using any of the programs or devices listed below it is advised to take the recommended steps to address the problem. Wyo Support News may have reported on some of these vulnerabilities in the past. Below are the items added in September.

    Company                  CVE                        Platform                                                                  Details                                                        
AdobeCVE-2023-26369Acrobat and Readerhttps://helpx.adobe.com/security/products/acrobat/apsb23-34.html
AndroidCVE-2023-35674Frameworkhttps://source.android.com/docs/security/bulletin/2023-09-01
ApacheCVE-2023-33246RocketMQhttps://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp
AppleCVE-2023-41991
CVE-2023-41992
CVE-2023-41993
CVE-2023-41064
CVE-2023-41061		iOS and iPadOShttps://support.apple.com/en-us/HT213926
https://support.apple.com/en-us/HT213927
https://support.apple.com/en-us/HT213905
watchOShttps://support.apple.com/en-us/HT213928
https://support.apple.com/en-us/HT213929
https://support.apple.com/kb/HT213907
Safarihttps://support.apple.com/en-us/HT213930
macOS Venturahttps://support.apple.com/en-us/HT213931
https://support.apple.com/en-us/HT213906
macOS Montereyhttps://support.apple.com/en-us/HT213932
CiscoCVE-2023-20269Adaptive Security Appliance and Firepower Threat Defensehttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC
GoogleCVE-2023-5217Chrome libvpx https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
CVE-2023-4863Chromium WebPhttps://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1
LaravelCVE-2021-3129Ignitionhttps://github.com/facade/ignition/releases/tag/2.5.2
MicrosoftCVE-2023-36761Wordhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761
CVE-2023-36802Streaming Service Proxyhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802
MiniOCVE-2023-28434MinIO Security Feature Bypass Vulnerabilityhttps://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c
Owl LabsCVE-2022-31459
CVE-2022-31461
CVE-2022-31462
CVE-2022-31463		Meeting Owlhttps://resources.owllabs.com/blog/owl-labs-update
The Owl Labs CVE’s have been removed due to lack of evidence of active exploitation.
RealtekCVE-2014-8361SDKhttps://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
Red Hat LinuxCVE-2018-14667JBoss RichFaces Frameworkhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667
SamsungCVE-2022-22265Mobile Deviceshttps://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1
Trend MicroCVE-2023-41179Apex One and Worry-Free Business Securityhttps://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
ZyxelCVE-2017-6884https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe
https://www.zyxelguard.com/Zyxel-EOL.asp

For a more comprehensive list of all vulnerabilities, visit cisa.gov (Opens in a new tab/window.)

CISA.gov