Microsoft Edge 多個漏洞

發佈日期: 2022年04月29日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發權限提升、遠端執行任意程式碼、洩露敏感資料、繞過保安限制及仿冒。

---

影響

• 權限提升
• 遠端執行程式碼
• 資料洩露
• 繞過保安限制
• 仿冒

---

受影響之系統或技術

• Microsoft Edge 101.0.1210.32 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 101.0.1210.32 版本

---

漏洞識別碼

• CVE-2022-1477
• CVE-2022-1478
• CVE-2022-1479
• CVE-2022-1480
• CVE-2022-1481
• CVE-2022-1482
• CVE-2022-1483
• CVE-2022-1484
• CVE-2022-1485
• CVE-2022-1486
• CVE-2022-1487
• CVE-2022-1488
• CVE-2022-1490
• CVE-2022-1491
• CVE-2022-1492
• CVE-2022-1493
• CVE-2022-1494
• CVE-2022-1495
• CVE-2022-1497
• CVE-2022-1498
• CVE-2022-1499
• CVE-2022-1500
• CVE-2022-1501
• CVE-2022-29146
• CVE-2022-29147

---

資料來源

• Microsoft Edge
• AusCERT

---

相關連結

• https://msrc.microsoft.com/update-guide
• https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
• https://www.auscert.org.au/bulletins/ASB-2022.0119

Microsoft Edge Multiple Vulnerabilities

Release Date: 29 Apr 2022

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution, sensitive information disclosure, security restriction bypass and spoofing on the targeted system.

---

Impact

• Elevation of Privilege
• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass
• Spoofing

---

System / Technologies affected

• Microsoft Edge prior to 101.0.1210.32

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 101.0.1210.32

---

Vulnerability Identifier

• CVE-2022-1477
• CVE-2022-1478
• CVE-2022-1479
• CVE-2022-1480
• CVE-2022-1481
• CVE-2022-1482
• CVE-2022-1483
• CVE-2022-1484
• CVE-2022-1485
• CVE-2022-1486
• CVE-2022-1487
• CVE-2022-1488
• CVE-2022-1490
• CVE-2022-1491
• CVE-2022-1492
• CVE-2022-1493
• CVE-2022-1494
• CVE-2022-1495
• CVE-2022-1497
• CVE-2022-1498
• CVE-2022-1499
• CVE-2022-1500
• CVE-2022-1501
• CVE-2022-29146
• CVE-2022-29147

---

Source

• Microsoft Edge
• AusCERT

---

Related Link

• https://msrc.microsoft.com/update-guide
• https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
• https://www.auscert.org.au/bulletins/ASB-2022.0119

Linux 核心多個漏洞

發佈日期: 2022年04月28日

風險: 中度風險

類型: 操作系統 - LINUX

於 Linux 核心發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料及繞過保安限制。

---

影響

• 阻斷服務
• 權限提升
• 遠端執行程式碼
• 資料洩露
• 繞過保安限制

---

受影響之系統或技術

• SUSE Linux Enterprise High Performance Computing 15
• SUSE Linux Enterprise High Performance Computing 15-SP1
• SUSE Linux Enterprise High Performance Computing 15-SP2
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise Live Patching 12-SP4
• SUSE Linux Enterprise Live Patching 12-SP5
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Live Patching 15
• SUSE Linux Enterprise Module for Live Patching 15-SP1
• SUSE Linux Enterprise Module for Live Patching 15-SP2
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Realtime 15-SP3
• SUSE Linux Enterprise Real Time 15-SP3
• SUSE Linux Enterprise Real Time Extension 12-SP5
• SUSE Linux Enterprise Server 15
• SUSE Linux Enterprise Server 15-SP1
• SUSE Linux Enterprise Server 15-SP2
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server for SAP Applications 15
• SUSE Linux Enterprise Server for SAP Applications 15-SP1
• SUSE Linux Enterprise Server for SAP Applications 15-SP2
• SUSE Linux Enterprise Server for SAP Applications 15-SP3

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.suse.com/support/update/announcement/2022/suse-su-20221335-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221329-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221369-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221402-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221407-1

---

漏洞識別碼

• CVE-2021-39713
• CVE-2021-45868
• CVE-2022-0812
• CVE-2022-0850
• CVE-2022-0854
• CVE-2022-1011
• CVE-2022-1016
• CVE-2022-1048
• CVE-2022-1055
• CVE-2022-1195
• CVE-2022-1198
• CVE-2022-1199
• CVE-2022-1205
• CVE-2022-23036
• CVE-2022-23037
• CVE-2022-23038
• CVE-2022-23039
• CVE-2022-23040
• CVE-2022-23041
• CVE-2022-23042
• CVE-2022-26490
• CVE-2022-26966
• CVE-2022-27666
• CVE-2022-28356
• CVE-2022-28388
• CVE-2022-28389
• CVE-2022-28390

---

資料來源

• AusCERT
• SUSE

---

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.1853
• https://www.auscert.org.au/bulletins/ESB-2022.1852
• https://www.auscert.org.au/bulletins/ESB-2022.1851
• https://www.auscert.org.au/bulletins/ESB-2022.1850
• https://www.auscert.org.au/bulletins/ESB-2022.1849
• https://www.suse.com/support/update/announcement/2022/suse-su-20221335-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221329-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221369-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221402-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221407-1

Linux Kernel Multiple Vulnerabilities

Release Date: 28 Apr 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass

---

System / Technologies affected

• SUSE Linux Enterprise High Performance Computing 15
• SUSE Linux Enterprise High Performance Computing 15-SP1
• SUSE Linux Enterprise High Performance Computing 15-SP2
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise Live Patching 12-SP4
• SUSE Linux Enterprise Live Patching 12-SP5
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Live Patching 15
• SUSE Linux Enterprise Module for Live Patching 15-SP1
• SUSE Linux Enterprise Module for Live Patching 15-SP2
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Realtime 15-SP3
• SUSE Linux Enterprise Real Time 15-SP3
• SUSE Linux Enterprise Real Time Extension 12-SP5
• SUSE Linux Enterprise Server 15
• SUSE Linux Enterprise Server 15-SP1
• SUSE Linux Enterprise Server 15-SP2
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server for SAP Applications 15
• SUSE Linux Enterprise Server for SAP Applications 15-SP1
• SUSE Linux Enterprise Server for SAP Applications 15-SP2
• SUSE Linux Enterprise Server for SAP Applications 15-SP3

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.suse.com/support/update/announcement/2022/suse-su-20221335-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221329-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221369-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221402-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221407-1

---

Vulnerability Identifier

• CVE-2021-39713
• CVE-2021-45868
• CVE-2022-0812
• CVE-2022-0850
• CVE-2022-0854
• CVE-2022-1011
• CVE-2022-1016
• CVE-2022-1048
• CVE-2022-1055
• CVE-2022-1195
• CVE-2022-1198
• CVE-2022-1199
• CVE-2022-1205
• CVE-2022-23036
• CVE-2022-23037
• CVE-2022-23038
• CVE-2022-23039
• CVE-2022-23040
• CVE-2022-23041
• CVE-2022-23042
• CVE-2022-26490
• CVE-2022-26966
• CVE-2022-27666
• CVE-2022-28356
• CVE-2022-28388
• CVE-2022-28389
• CVE-2022-28390

---

Source

• AusCERT
• SUSE

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.1853
• https://www.auscert.org.au/bulletins/ESB-2022.1852
• https://www.auscert.org.au/bulletins/ESB-2022.1851
• https://www.auscert.org.au/bulletins/ESB-2022.1850
• https://www.auscert.org.au/bulletins/ESB-2022.1849
• https://www.suse.com/support/update/announcement/2022/suse-su-20221335-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221329-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221369-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221402-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221407-1

QNAP NAS 遠端執行程式碼漏洞

發佈日期: 2022年04月28日

風險: 高度風險

類型: 伺服器 - 其他伺服器

於 QNAP NAS 發現多個漏洞。遠端使用者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼。

---

影響

• 遠端執行程式碼

---

受影響之系統或技術

• QTS 5.0.x 及之後的版本
• QTS 4.5.4 及之後的版本
• QTS 4.3.6 及之後的版本
• QTS 4.3.4 及之後的版本
• QTS 4.3.3 及之後的版本
• QTS 4.2.6 及之後的版本
• QuTS hero h5.0.x 及之後的版本
• QuTS hero h4.5.4 及之後的版本
• QuTScloud c5.0.x

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

• QNAP 正在調查事件及將會發布安全更新。詳情請參閱 https://www.qnap.com/en/security-advisory/qsa-22-12

---

漏洞識別碼

• CVE-2021-31439
• CVE-2022-0194
• CVE-2022-23121
• CVE-2022-23122
• CVE-2022-23123
• CVE-2022-23124
• CVE-2022-23125

---

資料來源

• QNAP

---

相關連結

• https://www.qnap.com/en/security-advisory/qsa-22-12

QNAP NAS Remote Code Execution Vulnerabilities

Release Date: 28 Apr 2022

RISK: High Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in QNAP NAS. A remote user can exploit these vulnerabilities to trigger remote code execution on the targeted system.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• QTS 5.0.x and later
• QTS 4.5.4 and later
• QTS 4.3.6 and later
• QTS 4.3.4 and later
• QTS 4.3.3 and later
• QTS 4.2.6 and later
• QuTS hero h5.0.x and later
• QuTS hero h4.5.4 and later
• QuTScloud c5.0.x

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• QNAP is investigating the case and will release security updates. For detail, please reference https://www.qnap.com/en/security-advisory/qsa-22-12

---

Vulnerability Identifier

• CVE-2021-31439
• CVE-2022-0194
• CVE-2022-23121
• CVE-2022-23122
• CVE-2022-23123
• CVE-2022-23124
• CVE-2022-23125

---

Source

• QNAP

---

Related Link

• https://www.qnap.com/en/security-advisory/qsa-22-12

Google Chrome 多個漏洞

發佈日期: 2022年04月27日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼，繞過保安限制及資料洩露。

---

影響

• 遠端執行程式碼
• 資料洩露
• 繞過保安限制

---

受影響之系統或技術

• Google Chrome 101.0.4951.41 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 101.0.4951.41 版本

---

漏洞識別碼

• CVE-2022-1477
• CVE-2022-1478
• CVE-2022-1479
• CVE-2022-1480
• CVE-2022-1481
• CVE-2022-1482
• CVE-2022-1483
• CVE-2022-1484
• CVE-2022-1485
• CVE-2022-1486
• CVE-2022-1487
• CVE-2022-1488
• CVE-2022-1489
• CVE-2022-1490
• CVE-2022-1491
• CVE-2022-1492
• CVE-2022-1493
• CVE-2022-1494
• CVE-2022-1495
• CVE-2022-1496
• CVE-2022-1497
• CVE-2022-1498
• CVE-2022-1499
• CVE-2022-1500
• CVE-2022-1501

---

資料來源

• Google Chrome

---

相關連結

• https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html

Google Chrome Multiple Vulnerabilities

Release Date: 27 Apr 2022

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass and information disclosure on the targeted system.

---

Impact

• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass

---

System / Technologies affected

• Google Chrome prior to 101.0.4951.41

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 101.0.4951.41

---

Vulnerability Identifier

• CVE-2022-1477
• CVE-2022-1478
• CVE-2022-1479
• CVE-2022-1480
• CVE-2022-1481
• CVE-2022-1482
• CVE-2022-1483
• CVE-2022-1484
• CVE-2022-1485
• CVE-2022-1486
• CVE-2022-1487
• CVE-2022-1488
• CVE-2022-1489
• CVE-2022-1490
• CVE-2022-1491
• CVE-2022-1492
• CVE-2022-1493
• CVE-2022-1494
• CVE-2022-1495
• CVE-2022-1496
• CVE-2022-1497
• CVE-2022-1498
• CVE-2022-1499
• CVE-2022-1500
• CVE-2022-1501

---

Source

• Google Chrome

---

Related Link

• https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html

VMWare 產品多個漏洞

最後更新 2022年04月26日 發佈日期: 2022年04月07日

風險: 極高度風險

類型: 操作系統 - 網絡操作系統

於 VMware 產品發現多個漏洞，攻擊者可利用這些漏洞，於目標系統觸發跨網站指令碼、權限提升、遠端執行程式碼、繞過保安限制及資料洩露。

 

[更新於 2022-04-26] CVE-2022-22954 和 CVE-2022-22960 漏洞正被廣泛利用。CVE-2022-22954 漏洞可觸發遠端執行程式碼，而CVE-2022-22960 漏洞可觸發權限提升， 風險程度相應地由中度風險升級到極高度風險。HKCERT呼籲用戶和管理員應到訪受影響系統的保安更新頁面了解詳情，並儘快更新相關系統。

---

影響

• 跨網站指令碼
• 權限提升
• 遠端執行程式碼
• 繞過保安限制
• 資料洩露

---

受影響之系統或技術

請瀏覽供應商之網站，以獲得更多詳細資料。

• https://www.vmware.com/security/advisories/VMSA-2022-0011.html

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

• 安裝供應商提供的修補程式：
  https://www.vmware.com/security/advisories/VMSA-2022-0011.html

---

漏洞識別碼

• CVE-2022-22954
• CVE-2022-22955
• CVE-2022-22956
• CVE-2022-22957
• CVE-2022-22958
• CVE-2022-22959
• CVE-2022-22960
• CVE-2022-22961

---

資料來源

• VMware

---

相關連結

• https://www.vmware.com/security/advisories/VMSA-2022-0011.html

VMWare Products Multiple Vulnerabilities

Last Update Date: 26 Apr 2022 Release Date: 7 Apr 2022

RISK: Extremely High Risk

TYPE: Operating Systems - VM Ware

Multiple vulnerabilities were identified in VMware products. An attacker could exploit some of these vulnerabilities to trigger cross site scripting, elevation of privilege, remote code execution, security restriction bypass and information disclosure.

 

[Updated on 2022-04-26] CVE-2022-22954 and CVE-2022-22960 are being exploited in the wild. Exploitation of CVE-2022-22954 may trigger remote code execution vulnerability while exploitation of CVE-2022-22960 may trigger elevation of privilege vulnerability. The risk level is changed from medium risk to extremely high risk correspondingly. HKCERT urges users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.

---

Impact

• Cross-Site Scripting
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure

---

System / Technologies affected

Please visit the vendor web-site for more details.

• https://www.vmware.com/security/advisories/VMSA-2022-0011.html

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• Apply fixes issued by the vendor:
  https://www.vmware.com/security/advisories/VMSA-2022-0011.html

---

Vulnerability Identifier

• CVE-2022-22954
• CVE-2022-22955
• CVE-2022-22956
• CVE-2022-22957
• CVE-2022-22958
• CVE-2022-22959
• CVE-2022-22960
• CVE-2022-22961

---

Source

• VMware

---

Related Link

• https://www.vmware.com/security/advisories/VMSA-2022-0011.html

Red Hat 內核多個漏洞

發佈日期: 2022年04月25日

風險: 中度風險

類型: 操作系統 - LINUX

於 Red Hat 內核發現多個漏洞，遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行程式碼、洩露敏感資料及權限提升。

---

影響

• 遠端執行程式碼
• 資料洩露
• 權限提升

---

受影響之系統或技術

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
• Red Hat Enterprise Linux Server - AUS 8.4 x86_64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
• Red Hat Enterprise Linux Server - TUS 8.4 x86_64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le
• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

• 安裝供應商提供的修補程式, 詳情請參閱以下連結:
  https://access.redhat.com/errata/RHSA-2022:1455

---

漏洞識別碼

• CVE-2021-4083
• CVE-2022-0492
• CVE-2022-25636

---

資料來源

• Red Hat
• AusCERT

---

相關連結

• https://access.redhat.com/errata/RHSA-2022:0958
• https://www.auscert.org.au/bulletins/ESB-2022.1764

Red Hat Kernel Multiple Vulnerabilities

Release Date: 25 Apr 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities have been identified in Red Hat Kernel. A remote attacker can exploit these vulnerabilities to trigger remote code execution,  sensitive information disclosure and elevation of privilege on the targeted system.

---

Impact

• Remote Code Execution
• Information Disclosure
• Elevation of Privilege

---

System / Technologies affected

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
• Red Hat Enterprise Linux Server - AUS 8.4 x86_64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
• Red Hat Enterprise Linux Server - TUS 8.4 x86_64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le
• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Apply fixes issued by the vendor:
  https://access.redhat.com/errata/RHSA-2022:1455

---

Vulnerability Identifier

• CVE-2021-4083
• CVE-2022-0492
• CVE-2022-25636

---

Source

• Red Hat
• AusCERT

---

Related Link

• https://access.redhat.com/errata/RHSA-2022:0958
• https://www.auscert.org.au/bulletins/ESB-2022.1764

Apache HTTP Server 多個漏洞

最後更新 2022年04月25日 發佈日期: 2022年03月15日

風險: 中度風險

類型: 伺服器 - 網站伺服器

於 Apache HTTP Server 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況及繞過保安限制。

 

[更新於 2022-04-25]

更新 QNAP 產品於受影響之系統或技術及解決方案。

---

影響

• 阻斷服務
• 繞過保安限制

---

受影響之系統或技術

• Apache HTTP Server 2.4.53 之前的版本

 

[更新於 2022-04-25]

 

對於QNAP產品

詳情請參閱以下連結:

https://www.qnap.com/en/security-advisory/qsa-22-11

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• Apache HTTP Server 2.4.53 版本

 

[更新於 2022-04-25]

 

對於QNAP產品

詳情請參閱以下連結:

https://www.qnap.com/en/security-advisory/qsa-22-11

---

漏洞識別碼

• CVE-2022-22719
• CVE-2022-22720
• CVE-2022-22721
• CVE-2022-23943

---

資料來源

• Apache

---

相關連結

• https://httpd.apache.org/security/vulnerabilities_24.html

Apache HTTP Server Multiple Vulnerabilities

Last Update Date: 25 Apr 2022 Release Date: 15 Mar 2022

RISK: Medium Risk

TYPE: Servers - Web Servers

Multiple vulnerabilities were identified in Apache HTTP Server. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and security restriction bypass on the targeted system.

 

[Updated on 2022-04-25]

Added QNAP products to the "System / Technologies affected" and "Solution" sections

---

Impact

• Denial of Service
• Security Restriction Bypass

---

System / Technologies affected

• Apache HTTP Server versions prior to 2.4.53

[Updated on 2022-04-25]

 

For QNAP Products

For detail, please refer to the links below:

https://www.qnap.com/en/security-advisory/qsa-22-11

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• Apache HTTP Server versions 2.4.53

[Updated on 2022-04-25]

 

For QNAP Products

For detail, please refer to the links below:

https://www.qnap.com/en/security-advisory/qsa-22-11

---

Vulnerability Identifier

• CVE-2022-22719
• CVE-2022-22720
• CVE-2022-22721
• CVE-2022-23943

---

Source

• Apache

---

Related Link

• https://httpd.apache.org/security/vulnerabilities_24.html

思科產品資料篡改漏洞

發佈日期: 2022年04月22日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

於思科產品發現一個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發仿冒及資料篡改。

---

影響

• 仿冒
• 篡改

---

受影響之系統或技術

• 思科 Umbrella

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c

---

漏洞識別碼

• CVE-2022-20773

---

資料來源

• Cisco

---

相關連結

https://tools.cisco.com/security/center/publicationListing.x

Cisco Product Data Manipulation Vulnerability

Release Date: 22 Apr 2022

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

A vulnerability was identified in Cisco Product. A remote attacker could exploit some of these vulnerabilities to trigger spoofing and data manipulation.

---

Impact

• Spoofing
• Data Manipulation

---

System / Technologies affected

• Cisco Umbrella

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c

---

Vulnerability Identifier

• CVE-2022-20773

---

Source

• Cisco

---

Related Link

https://tools.cisco.com/security/center/publicationListing.x

Drupal 多個漏洞

發佈日期: 2022年04月22日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 Drupal 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發繞過保安限制及篡改狀況。

---

影響

• 繞過保安限制
• 篡改

---

受影響之系統或技術

• Drupal 9.3.12 之前版本
• Drupal 9.2.18 之前版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。
 

安裝供應商提供的修補程式：

• 對於 Drupal 9.3，更新到 Drupal 9.3.12
• 對於 Drupal 9.2，更新到 Drupal 9.2.18

 

Drupal 9 之前的 9.2.x 版本生命週期已結束，供應商已停止為這些產品提供修補程式。

---

漏洞識別碼

• 暫無 CVE 可提供

---

資料來源

• Drupal
• US-CERT

---

相關連結

• https://www.drupal.org/sa-core-2022-008
• https://www.drupal.org/sa-core-2022-009
• https://www.cisa.gov/uscert/ncas/current-activity/2022/04/21/drupal-releases-security-updates

Drupal Multiple Vulnerabilities

Release Date: 22 Apr 2022

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in Drupal. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass and data manipulation condition on the targeted system.

---

Impact

• Security Restriction Bypass
• Data Manipulation

---

System / Technologies affected

• Drupal version prior to 9.3.12
• Drupal version prior to 9.2.18

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.
 

Apply fixes issued by the vendor:

• for Drupal 9.3, update to Drupal 9.3.12
• for Drupal 9.2, update to Drupal 9.2.18

 

All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage.

---

Vulnerability Identifier

• No CVE information is available

---

Source

• Drupal
• US-CERT

---

Related Link

• https://www.drupal.org/sa-core-2022-008
• https://www.drupal.org/sa-core-2022-009
• https://www.cisa.gov/uscert/ncas/current-activity/2022/04/21/drupal-releases-security-updates

Linux 核心多個漏洞

發佈日期: 2022年04月22日

風險: 中度風險

類型: 操作系統 - LINUX

在Linux 核心發現多個漏洞，遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行程式碼、阻斷服務、繞過保安限制及資料洩露。

---

影響

• 阻斷服務
• 遠端執行程式碼
• 繞過保安限制
• 資料洩露

---

受影響之系統或技術

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
• Red Hat Enterprise Linux Server - AUS 8.2 x86_64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
• Red Hat Enterprise Linux Server - TUS 8.2 x86_64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
• Ubuntu 20.04 LTS

 

詳情請參閱以下連結﹕

 

• https://access.redhat.com/errata/RHSA-2022:1443
• https://ubuntu.com/security/notices/USN-5381-1

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

對於 Red Hat

安裝供應商提供的修補程式：

 

• https://access.redhat.com/errata/RHSA-2022:1443

 

對於 Ubuntu

安裝供應商提供的修補程式：

 

• https://ubuntu.com/security/notices/USN-5381-1

---

漏洞識別碼

• CVE-2022-0494
• CVE-2022-0854
• CVE-2022-1011
• CVE-2022-1015
• CVE-2022-1016
• CVE-2022-1048
• CVE-2022-21426
• CVE-2022-21434
• CVE-2022-21443
• CVE-2022-21476
• CVE-2022-21496
• CVE-2022-24958
• CVE-2022-26490
• CVE-2022-26966
• CVE-2022-27223
• CVE-2022-28356

---

資料來源

• AusCERT
• Redhat
• Ubuntu

---

相關連結

• https://access.redhat.com/errata/RHSA-2022:1443
• https://ubuntu.com/security/notices/USN-5381-1
• https://www.auscert.org.au/bulletins/ESB-2022.1722
• https://www.auscert.org.au/bulletins/ESB-2022.1736

Linux Kernel Multiple Vulnerabilities

Release Date: 22 Apr 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities have been identified in Linux Kernal. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service, security restriction bypass and information disclosure on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure

---

System / Technologies affected

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
• Red Hat Enterprise Linux Server - AUS 8.2 x86_64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
• Red Hat Enterprise Linux Server - TUS 8.2 x86_64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
• Ubuntu 20.04 LTS

 

Please refer to the links below for detail:

 

• https://access.redhat.com/errata/RHSA-2022:1443
• https://ubuntu.com/security/notices/USN-5381-1

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

For Red Hat

Apply fixes issued by the vendor:

 

• https://access.redhat.com/errata/RHSA-2022:1443

 

For Ubuntu

Apply fixes issued by the vendor:

 

• https://ubuntu.com/security/notices/USN-5381-1

---

Vulnerability Identifier

• CVE-2022-0494
• CVE-2022-0854
• CVE-2022-1011
• CVE-2022-1015
• CVE-2022-1016
• CVE-2022-1048
• CVE-2022-21426
• CVE-2022-21434
• CVE-2022-21443
• CVE-2022-21476
• CVE-2022-21496
• CVE-2022-24958
• CVE-2022-26490
• CVE-2022-26966
• CVE-2022-27223
• CVE-2022-28356

---

Source

• AusCERT
• Redhat
• Ubuntu

---

Related Link

• https://access.redhat.com/errata/RHSA-2022:1443
• https://ubuntu.com/security/notices/USN-5381-1
• https://www.auscert.org.au/bulletins/ESB-2022.1722
• https://www.auscert.org.au/bulletins/ESB-2022.1736

F5 產品多個漏洞

發佈日期: 2022年04月21日

風險: 中度風險

類型: 操作系統 - Network

於 F5 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況及權限提升。

---

影響

• 阻斷服務
• 權限提升

---

受影響之系統或技術

BIG-IP (all modules)

• 版本 16.1.0 - 16.1.2
• 版本 15.1.0 - 15.1.5
• 版本 14.1.0 - 14.1.4

 

BIG-IQ Centralized Management

• 版本 8.0.0 - 8.1.0
• 版本 7.0.0 - 7.1.0

 

Traffix SDC

• 版本 5.2.0

 

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://support.f5.com/csp/article/K56105136
• https://support.f5.com/csp/article/K21054458

---

漏洞識別碼

• CVE-2017-7656
• CVE-2022-0396

---

資料來源

• AusCERT
• F5

---

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.1719
• https://www.auscert.org.au/bulletins/ESB-2022.1720
• https://support.f5.com/csp/article/K56105136
• https://support.f5.com/csp/article/K21054458

F5 Products Multiple Vulnerabilities

Release Date: 21 Apr 2022

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in F5 Products . A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and elevation of privilege on the targeted system.

---

Impact

• Denial of Service
• Elevation of Privilege

---

System / Technologies affected

BIG-IP (all modules)

• version 16.1.0 - 16.1.2
• version 15.1.0 - 15.1.5
• version 14.1.0 - 14.1.4

 

BIG-IQ Centralized Management

• version 8.0.0 - 8.1.0
• version 7.0.0 - 7.1.0

 

Traffix SDC

• version 5.2.0

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://support.f5.com/csp/article/K56105136
• https://support.f5.com/csp/article/K21054458

---

Vulnerability Identifier

• CVE-2017-7656
• CVE-2022-0396

---

Source

• AusCERT
• F5

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.1719
• https://www.auscert.org.au/bulletins/ESB-2022.1720
• https://support.f5.com/csp/article/K56105136
• https://support.f5.com/csp/article/K21054458

Linux 內核多個漏洞

發佈日期: 2022年04月20日

風險: 中度風險

類型: 操作系統 - LINUX

於 Linux 內核發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發權限提升、遠端執行任意程式碼、洩露敏感資料及資料篡改。

---

影響

• 資料洩露
• 權限提升
• 篡改
• 遠端執行程式碼

---

受影響之系統或技術

• openSUSE Leap 15.3
• openSUSE Leap 15.4
• SUSE Enterprise Storage 7
• SUSE Linux Enterprise Desktop 12-SP5
• SUSE Linux Enterprise Desktop 15-SP3
• SUSE Linux Enterprise High Availability 12-SP5
• SUSE Linux Enterprise High Availability 15-SP2
• SUSE Linux Enterprise High Availability 15-SP3
• SUSE Linux Enterprise High Performance Computing
• SUSE Linux Enterprise High Performance Computing 12-SP5
• SUSE Linux Enterprise High Performance Computing 15-SP2
• SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
• SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise Live Patching 12-SP5
• SUSE Linux Enterprise Micro 5.0
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Basesystem 15-SP3
• SUSE Linux Enterprise Module for Development Tools 15-SP3
• SUSE Linux Enterprise Module for Legacy Software 15-SP3
• SUSE Linux Enterprise Module for Live Patching 15-SP2
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Realtime Extension 15-SP2
• SUSE Linux Enterprise Server
• SUSE Linux Enterprise Server 12-SP5
• SUSE Linux Enterprise Server 15-SP2
• SUSE Linux Enterprise Server 15-SP2-BCL
• SUSE Linux Enterprise Server 15-SP2-LTSS
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server for SAP 15-SP2
• SUSE Linux Enterprise Server for SAP Applications
• SUSE Linux Enterprise Server for SAP Applications 12-SP5
• SUSE Linux Enterprise Server for SAP Applications 15-SP2
• SUSE Linux Enterprise Server for SAP Applications 15-SP3
• SUSE Linux Enterprise Software Development Kit 12-SP5
• SUSE Linux Enterprise Workstation Extension 12-SP5
• SUSE Linux Enterprise Workstation Extension 15-SP3
• SUSE Manager Proxy 4.1
• SUSE Manager Proxy 4.2
• SUSE Manager Retail Branch Server 4.1
• SUSE Manager Retail Branch Server 4.2
• SUSE Manager Server 4.1
• SUSE Manager Server 4.2

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.suse.com/support/update/announcement/2022/suse-su-20221197-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221196-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221183-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221223-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221224-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221194-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221246-1

---

漏洞識別碼

• CVE-2021-0920
• CVE-2021-39698
• CVE-2021-39713
• CVE-2021-45868
• CVE-2022-0001
• CVE-2022-0002
• CVE-2022-0812
• CVE-2022-0850
• CVE-2022-0854
• CVE-2022-1011
• CVE-2022-1016
• CVE-2022-1048
• CVE-2022-1055
• CVE-2022-1195
• CVE-2022-1198
• CVE-2022-1199
• CVE-2022-1205
• CVE-2022-22942
• CVE-2022-23036
• CVE-2022-23037
• CVE-2022-23038
• CVE-2022-23039
• CVE-2022-23040
• CVE-2022-23041
• CVE-2022-23042
• CVE-2022-23960
• CVE-2022-26490
• CVE-2022-26966
• CVE-2022-27666
• CVE-2022-28388
• CVE-2022-28389
• CVE-2022-28390

---

資料來源

• AusCERT
• SUSE

---

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.1664
• https://www.auscert.org.au/bulletins/ESB-2022.1663
• https://www.auscert.org.au/bulletins/ESB-2022.1662
• https://www.auscert.org.au/bulletins/ESB-2022.1661
• https://www.auscert.org.au/bulletins/ESB-2022.1660
• https://www.auscert.org.au/bulletins/ESB-2022.1659
• https://www.auscert.org.au/bulletins/ESB-2022.1649
• https://www.suse.com/support/update/announcement/2022/suse-su-20221197-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221196-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221183-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221223-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221224-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221194-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20221246-1