Cybersecurity Updates For Week 5 of 2022

Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution – CVE-2022-44142

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.

Read more:
https://www.samba.org/samba/security/CVE-2021-44142.html

Libexpat CVE-2022-23852 & CVE-2022-23990

Two vulnerabilities have been found in Libexpat, this is a well known used XML parser in devices such as loadbalancers.
So make sure to double check if your vendor is affected and has updated.

Read more:
https://github.com/libexpat/libexpat/blob/master/expat/Changes

Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series, make sure to read the security advisory from ciso and update as soon as possible.

Read More:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Other news worth mentioning:

Google Patches 27 Vulnerabilities With Release of Chrome 98
MICROSOFT ONEDRIVE FOR MACOS LOCAL PRIVILEGE ESCALATION
Critical Flaw Impacts WordPress Plugin With 1 Million Installations
Linux kernel patches “performance can be harmful” bug in video driver