Mozilla 產品多個漏洞

發佈日期: 2022年06月29日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、彷冒、遠端執行任意程式碼、洩露敏感資料、資料篡改及繞過保安限制。

---

影響

• 遠端執行程式碼
• 繞過保安限制
• 資料洩露
• 仿冒
• 阻斷服務
• 篡改

---

受影響之系統或技術

以下版本之前的版本﹕

 

• Firefox 102
• Firefox ESR 91.11
• Thunderbird 102
• Thunderbird 91.11

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

更新至版本:

 

• Firefox 102
• Firefox ESR 91.11
• Thunderbird 102
• Thunderbird 91.11

---

漏洞識別碼

• CVE-2022-2200
• CVE-2022-2226
• CVE-2022-31744
• CVE-2022-34468
• CVE-2022-34469
• CVE-2022-34470
• CVE-2022-34471
• CVE-2022-34472
• CVE-2022-34473
• CVE-2022-34474
• CVE-2022-34475
• CVE-2022-34476
• CVE-2022-34477
• CVE-2022-34478
• CVE-2022-34479
• CVE-2022-34480
• CVE-2022-34481
• CVE-2022-34482
• CVE-2022-34483
• CVE-2022-34484
• CVE-2022-34485

---

資料來源

• Mozilla

---

相關連結

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/

Mozilla Products Multiple Vulnerabilities

Release Date: 29 Jun 2022

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Spoofing
• Denial of Service
• Data Manipulation

---

System / Technologies affected

Versions prior to:

 

• Firefox 102
• Firefox ESR 91.11
• Thunderbird 102
• Thunderbird 91.11

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Firefox 102
• Firefox ESR 91.11
• Thunderbird 102
• Thunderbird 91.11

---

Vulnerability Identifier

• CVE-2022-2200
• CVE-2022-2226
• CVE-2022-31744
• CVE-2022-34468
• CVE-2022-34469
• CVE-2022-34470
• CVE-2022-34471
• CVE-2022-34472
• CVE-2022-34473
• CVE-2022-34474
• CVE-2022-34475
• CVE-2022-34476
• CVE-2022-34477
• CVE-2022-34478
• CVE-2022-34479
• CVE-2022-34480
• CVE-2022-34481
• CVE-2022-34482
• CVE-2022-34483
• CVE-2022-34484
• CVE-2022-34485

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/

Red Hat 內核多個漏洞

發佈日期: 2022年06月29日

風險: 中度風險

類型: 操作系統 - LINUX

於 Red Hat 內核發現多個漏洞，遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行程式碼、洩露敏感資料及權限提升。

---

影響

• 遠端執行程式碼
• 資料洩露
• 權限提升

---

受影響之系統或技術

• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64
• Red Hat Enterprise Linux Desktop 7 x86_64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
• Red Hat Enterprise Linux for IBM z Systems 7 s390x
• Red Hat Enterprise Linux for Power, big endian 7 ppc64
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
• Red Hat Enterprise Linux for Power, little endian 7 ppc64le
• Red Hat Enterprise Linux for Scientific Computing 7 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
• Red Hat Enterprise Linux Server - AUS 8.2 x86_64
• Red Hat Enterprise Linux Server - TUS 8.2 x86_64
• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
• Red Hat Enterprise Linux Workstation 7 x86_64
• Red Hat Virtualization Host 4 for RHEL 7 x86_64

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

• 安裝供應商提供的修補程式, 詳情請參閱以下連結:
  https://access.redhat.com/errata/RHSA-2022:5220
  https://access.redhat.com/errata/RHSA-2022:5232

---

漏洞識別碼

• CVE-2020-29368
• CVE-2022-1012
• CVE-2022-1729
• CVE-2022-1966
• CVE-2022-27666

---

資料來源

• Red Hat
• AusCERT

---

相關連結

• https://access.redhat.com/errata/RHSA-2022:5220
• https://access.redhat.com/errata/RHSA-2022:5232
• https://www.auscert.org.au/bulletins/ESB-2022.3129
• https://www.auscert.org.au/bulletins/ESB-2022.3127

Red Hat Kernel Multiple Vulnerabilities

Release Date: 29 Jun 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities have been identified in Red Hat Kernel. A remote attacker can exploit these vulnerabilities to trigger remote code execution, sensitive information disclosure and elevation of privilege on the targeted system.

---

Impact

• Remote Code Execution
• Information Disclosure
• Elevation of Privilege

---

System / Technologies affected

• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64
• Red Hat Enterprise Linux Desktop 7 x86_64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
• Red Hat Enterprise Linux for IBM z Systems 7 s390x
• Red Hat Enterprise Linux for Power, big endian 7 ppc64
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
• Red Hat Enterprise Linux for Power, little endian 7 ppc64le
• Red Hat Enterprise Linux for Scientific Computing 7 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
• Red Hat Enterprise Linux Server - AUS 8.2 x86_64
• Red Hat Enterprise Linux Server - TUS 8.2 x86_64
• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
• Red Hat Enterprise Linux Workstation 7 x86_64
• Red Hat Virtualization Host 4 for RHEL 7 x86_64

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Apply fixes issued by the vendor:
  https://access.redhat.com/errata/RHSA-2022:5220
  https://access.redhat.com/errata/RHSA-2022:5232

---

Vulnerability Identifier

• CVE-2020-29368
• CVE-2022-1012
• CVE-2022-1729
• CVE-2022-1966
• CVE-2022-27666

---

Source

• Red Hat
• AusCERT

---

Related Link

• https://access.redhat.com/errata/RHSA-2022:5220
• https://access.redhat.com/errata/RHSA-2022:5232
• https://www.auscert.org.au/bulletins/ESB-2022.3129
• https://www.auscert.org.au/bulletins/ESB-2022.3127

SUSE Linux 內核多個漏洞

發佈日期: 2022年06月28日

風險: 中度風險

類型: 操作系統 - LINUX

於 SUSE Linux 內核發現多個漏洞。攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、權限提升、洩露敏感資料及繞過保安限制。

---

影響

• 權限提升
• 繞過保安限制
• 資料洩露
• 阻斷服務

---

受影響之系統或技術

• openSUSE Leap 15.3
• openSUSE Leap 15.4
• SUSE Linux Enterprise Desktop 15-SP3
• SUSE Linux Enterprise High Availability 15-SP3
• SUSE Linux Enterprise High Performance Computing
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Basesystem 15-SP3
• SUSE Linux Enterprise Module for Development Tools 15-SP3
• SUSE Linux Enterprise Module for Legacy Software 15-SP3
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Public Cloud 15-SP3
• SUSE Linux Enterprise Module for Realtime 15-SP3
• SUSE Linux Enterprise Real Time 15-SP3
• SUSE Linux Enterprise Server
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server for SAP Applications
• SUSE Linux Enterprise Server for SAP Applications 15-SP3
• SUSE Linux Enterprise Workstation Extension 15-SP3
• SUSE Manager Proxy 4.2
• SUSE Manager Retail Branch Server 4.2
• SUSE Manager Server 4.2

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.suse.com/support/update/announcement/2022/suse-su-20222172-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222173-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222177-1

---

漏洞識別碼

• CVE-2019-19377
• CVE-2020-26541
• CVE-2021-33061
• CVE-2022-0168
• CVE-2022-1012
• CVE-2022-1184
• CVE-2022-1652
• CVE-2022-1729
• CVE-2022-1966
• CVE-2022-1972
• CVE-2022-1974
• CVE-2022-1975
• CVE-2022-20008
• CVE-2022-20141
• CVE-2022-21123
• CVE-2022-21125
• CVE-2022-21127
• CVE-2022-21166
• CVE-2022-21180
• CVE-2022-30594
• CVE-2022-32250

---

資料來源

• AusCERT
• SUSE

---

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.3106
• https://www.auscert.org.au/bulletins/ESB-2022.3105
• https://www.auscert.org.au/bulletins/ESB-2022.3104
• https://www.suse.com/support/update/announcement/2022/suse-su-20222172-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222173-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222177-1

SUSE Linux Kernel Multiple Vulnerabilities

Release Date: 28 Jun 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in SUSE Linux Kernel. A attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, sensitive information disclosure and security restriction bypass on the targeted system.

---

Impact

• Elevation of Privilege
• Security Restriction Bypass
• Information Disclosure
• Denial of Service

---

System / Technologies affected

• openSUSE Leap 15.3
• openSUSE Leap 15.4
• SUSE Linux Enterprise Desktop 15-SP3
• SUSE Linux Enterprise High Availability 15-SP3
• SUSE Linux Enterprise High Performance Computing
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Basesystem 15-SP3
• SUSE Linux Enterprise Module for Development Tools 15-SP3
• SUSE Linux Enterprise Module for Legacy Software 15-SP3
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Public Cloud 15-SP3
• SUSE Linux Enterprise Module for Realtime 15-SP3
• SUSE Linux Enterprise Real Time 15-SP3
• SUSE Linux Enterprise Server
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server for SAP Applications
• SUSE Linux Enterprise Server for SAP Applications 15-SP3
• SUSE Linux Enterprise Workstation Extension 15-SP3
• SUSE Manager Proxy 4.2
• SUSE Manager Retail Branch Server 4.2
• SUSE Manager Server 4.2

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.suse.com/support/update/announcement/2022/suse-su-20222172-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222173-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222177-1

---

Vulnerability Identifier

• CVE-2019-19377
• CVE-2020-26541
• CVE-2021-33061
• CVE-2022-0168
• CVE-2022-1012
• CVE-2022-1184
• CVE-2022-1652
• CVE-2022-1729
• CVE-2022-1966
• CVE-2022-1972
• CVE-2022-1974
• CVE-2022-1975
• CVE-2022-20008
• CVE-2022-20141
• CVE-2022-21123
• CVE-2022-21125
• CVE-2022-21127
• CVE-2022-21166
• CVE-2022-21180
• CVE-2022-30594
• CVE-2022-32250

---

Source

• AusCERT
• SUSE

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.3106
• https://www.auscert.org.au/bulletins/ESB-2022.3105
• https://www.auscert.org.au/bulletins/ESB-2022.3104
• https://www.suse.com/support/update/announcement/2022/suse-su-20222172-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222173-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222177-1

Citrix Hypervisor 多個漏洞

發佈日期: 2022年06月27日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 Citrix Hypervisor 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼。

---

影響

• 遠端執行程式碼

---

受影響之系統或技術

• Citrix Hypervisor 7.1 LTSR CU2

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update

---

漏洞識別碼

• CVE-2022-21123
• CVE-2022-21125
• CVE-2022-21127
• CVE-2022-21166
• CVE-2022-26362

---

資料來源

• AusCERT
• Citrix

---

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.3086
• https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update

Citrix Hypervisor Multiple Vulnerabilities

Release Date: 27 Jun 2022

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in Citrix Hypervisor. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• Citrix Hypervisor 7.1 LTSR CU2

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update

---

Vulnerability Identifier

• CVE-2022-21123
• CVE-2022-21125
• CVE-2022-21127
• CVE-2022-21166
• CVE-2022-26362

---

Source

• AusCERT
• Citrix

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.3086
• https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update

Google Chrome 多個漏洞

發佈日期: 2022年06月22日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼，繞過保安限制及敏感資料洩露。

---

影響

• 遠端執行程式碼
• 資料洩露
• 繞過保安限制

---

受影響之系統或技術

• Google Chrome 103.0.5060.53 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 103.0.5060.53 版本

---

漏洞識別碼

• CVE-2022-2156
• CVE-2022-2157
• CVE-2022-2158
• CVE-2022-2160
• CVE-2022-2161
• CVE-2022-2162
• CVE-2022-2163
• CVE-2022-2164
• CVE-2022-2165

---

資料來源

• Google Chrome

---

相關連結

• https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html

Google Chrome Multiple Vulnerabilities

Release Date: 22 Jun 2022

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

---

Impact

• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass

---

System / Technologies affected

• Google Chrome prior to 103.0.5060.53

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 103.0.5060.53

---

Vulnerability Identifier

• CVE-2022-2156
• CVE-2022-2157
• CVE-2022-2158
• CVE-2022-2160
• CVE-2022-2161
• CVE-2022-2162
• CVE-2022-2163
• CVE-2022-2164
• CVE-2022-2165

---

Source

• Google Chrome

---

Related Link

• https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html

思科小型企業路由器阻斷服務漏洞

發佈日期: 2022年06月17日

風險: 高度風險

類型: 操作系統 - Network

於 思科小型企業路由器 發現一個漏洞。攻擊者可利用這漏洞，於目標系統觸發阻斷服務狀況。

 

注意﹕
由於受影響產品已經進入產品生命周期終止過程，供應商確認這些產品不會提供解決方案或軟件更新。

要確定產品是否受漏洞影響，請打開網路管理界面，然後選擇“基本設置”>“遠程管理”。 如果已剔選“啟用”，則代表設備受漏洞影響。

---

影響

• 阻斷服務

---

受影響之系統或技術

• Cisco RV110W Wireless-N VPN 防火牆
• Cisco RV130 VPN 路由器
• Cisco RV130W Wireless-N Multifunction VPN 路由器
• Cisco RV215W Wireless-N VPN 路由器

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

• 供應商確認這些受影響產品不會提供解決方案或軟件更新：
  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-overflow-s2r82P9v

---

漏洞識別碼

• CVE-2022-20825

---

資料來源

• Cisco

---

相關連結

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-overflow-s2r82P9v

Cisco Small Business Routers Denial Of Service Vulnerability

Release Date: 17 Jun 2022

RISK: High Risk

TYPE: Operating Systems - Networks OS

A vulnerability was identified in Cisco Cisco Small Business Routers. An attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

 

Note:

The vendor confirms there are no workarounds or fix as affected products have already entered end of life process. 

To determine whether the products is vulnerable, open the web-based management interface and choose Basic Settings > Remote Management. If the Enable check box is checked, the device is vulnerable.

---

Impact

• Denial of Service

---

System / Technologies affected

• Cisco RV110W Wireless-N VPN Firewall
• Cisco RV130 VPN Router
• Cisco RV130W Wireless-N Multifunction VPN Router
• Cisco RV215W Wireless-N VPN Router

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• The vendor confirms there are no workarounds or fix of the affected products:
  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-overflow-s2r82P9v

---

Vulnerability Identifier

• CVE-2022-20825

---

Source

• Cisco

---

Related Link

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-overflow-s2r82P9v

SUSE Linux 內核多個漏洞

發佈日期: 2022年06月17日

風險: 中度風險

類型: 操作系統 - LINUX

於 SUSE 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發權限提升、阻斷服務狀況、資料洩露、遠端執行程式碼、篡改及繞過保安限制。

---

影響

• 權限提升
• 繞過保安限制
• 篡改
• 資料洩露
• 阻斷服務
• 遠端執行程式碼

---

受影響之系統或技術

• HPE Helion Openstack 8
• SUSE Linux Enterprise Desktop 15-SP3
• SUSE Linux Enterprise High Availability 12-SP3
• SUSE Linux Enterprise High Availability 12-SP4
• SUSE Linux Enterprise High Availability 15-SP3
• SUSE Linux Enterprise High Performance Computing
• SUSE Linux Enterprise High Performance Computing 12-SP3
• SUSE Linux Enterprise High Performance Computing 12-SP4
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise Live Patching 12-SP4
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Basesystem 15-SP3
• SUSE Linux Enterprise Module for Development Tools 15-SP3
• SUSE Linux Enterprise Module for Legacy Software 15-SP3
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Public Cloud 15-SP3
• SUSE Linux Enterprise Server
• SUSE Linux Enterprise Server 12-SP2-BCL
• SUSE Linux Enterprise Server 12-SP3
• SUSE Linux Enterprise Server 12-SP3-BCL
• SUSE Linux Enterprise Server 12-SP3-LTSS
• SUSE Linux Enterprise Server 12-SP4
• SUSE Linux Enterprise Server 12-SP4-LTSS
• SUSE Linux Enterprise Server 12-SP5
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server for SAP 12-SP3
• SUSE Linux Enterprise Server for SAP 12-SP4
• SUSE Linux Enterprise Server for SAP Applications
• SUSE Linux Enterprise Server for SAP Applications 15-SP3
• SUSE Linux Enterprise Workstation Extension 15-SP3
• SUSE Manager Proxy 4.2
• SUSE Manager Retail Branch Server 4.2
• SUSE Manager Server 4.2
• SUSE OpenStack Cloud 8
• SUSE OpenStack Cloud 9
• SUSE OpenStack Cloud Crowbar 8
• SUSE OpenStack Cloud Crowbar 9
• openSUSE Leap 15.3
• openSUSE Leap 15.4

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.suse.com/support/update/announcement/2022/suse-su-20222077-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222078-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222079-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222080-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222082-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222083-1/

---

漏洞識別碼

• CVE-2017-13695
• CVE-2018-7755
• CVE-2018-20784
• CVE-2019-19377
• CVE-2019-20811
• CVE-2020-10769
• CVE-2021-20292
• CVE-2021-20321
• CVE-2021-28688
• CVE-2021-33061
• CVE-2021-38208
• CVE-2021-39711
• CVE-2021-43389
• CVE-2022-0168
• CVE-2022-1011
• CVE-2022-1184
• CVE-2022-1353
• CVE-2022-1419
• CVE-2022-1516
• CVE-2022-1652
• CVE-2022-1729
• CVE-2022-1734
• CVE-2022-1966
• CVE-2022-1972
• CVE-2022-1974
• CVE-2022-1975
• CVE-2022-20008
• CVE-2022-21123
• CVE-2022-21125
• CVE-2022-21127
• CVE-2022-21166
• CVE-2022-21180
• CVE-2022-21499
• CVE-2022-24448
• CVE-2022-28388
• CVE-2022-28390
• CVE-2022-30594

---

資料來源

• AusCERT
• SUSE

---

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.2955
• https://www.auscert.org.au/bulletins/ESB-2022.2956
• https://www.auscert.org.au/bulletins/ESB-2022.2957
• https://www.auscert.org.au/bulletins/ESB-2022.2958
• https://www.auscert.org.au/bulletins/ESB-2022.2972
• https://www.auscert.org.au/bulletins/ESB-2022.2973
• https://www.suse.com/support/update/announcement/2022/suse-su-20222077-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222078-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222079-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222080-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222082-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222083-1/

SUSE Linux Kernel Multiple Vulnerabilities

Release Date: 17 Jun 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in SUSE Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, denial of service condition, information disclosure, remote code execution, data manipulation and security restriction bypass on the targeted system.

---

Impact

• Elevation of Privilege
• Security Restriction Bypass
• Data Manipulation
• Information Disclosure
• Denial of Service
• Remote Code Execution

---

System / Technologies affected

• HPE Helion Openstack 8
• SUSE Linux Enterprise Desktop 15-SP3
• SUSE Linux Enterprise High Availability 12-SP3
• SUSE Linux Enterprise High Availability 12-SP4
• SUSE Linux Enterprise High Availability 15-SP3
• SUSE Linux Enterprise High Performance Computing
• SUSE Linux Enterprise High Performance Computing 12-SP3
• SUSE Linux Enterprise High Performance Computing 12-SP4
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise Live Patching 12-SP4
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Basesystem 15-SP3
• SUSE Linux Enterprise Module for Development Tools 15-SP3
• SUSE Linux Enterprise Module for Legacy Software 15-SP3
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Public Cloud 15-SP3
• SUSE Linux Enterprise Server
• SUSE Linux Enterprise Server 12-SP2-BCL
• SUSE Linux Enterprise Server 12-SP3
• SUSE Linux Enterprise Server 12-SP3-BCL
• SUSE Linux Enterprise Server 12-SP3-LTSS
• SUSE Linux Enterprise Server 12-SP4
• SUSE Linux Enterprise Server 12-SP4-LTSS
• SUSE Linux Enterprise Server 12-SP5
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server for SAP 12-SP3
• SUSE Linux Enterprise Server for SAP 12-SP4
• SUSE Linux Enterprise Server for SAP Applications
• SUSE Linux Enterprise Server for SAP Applications 15-SP3
• SUSE Linux Enterprise Workstation Extension 15-SP3
• SUSE Manager Proxy 4.2
• SUSE Manager Retail Branch Server 4.2
• SUSE Manager Server 4.2
• SUSE OpenStack Cloud 8
• SUSE OpenStack Cloud 9
• SUSE OpenStack Cloud Crowbar 8
• SUSE OpenStack Cloud Crowbar 9
• openSUSE Leap 15.3
• openSUSE Leap 15.4

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.suse.com/support/update/announcement/2022/suse-su-20222077-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222078-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222079-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222080-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222082-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222083-1/

---

Vulnerability Identifier

• CVE-2017-13695
• CVE-2018-7755
• CVE-2018-20784
• CVE-2019-19377
• CVE-2019-20811
• CVE-2020-10769
• CVE-2021-20292
• CVE-2021-20321
• CVE-2021-28688
• CVE-2021-33061
• CVE-2021-38208
• CVE-2021-39711
• CVE-2021-43389
• CVE-2022-0168
• CVE-2022-1011
• CVE-2022-1184
• CVE-2022-1353
• CVE-2022-1419
• CVE-2022-1516
• CVE-2022-1652
• CVE-2022-1729
• CVE-2022-1734
• CVE-2022-1966
• CVE-2022-1972
• CVE-2022-1974
• CVE-2022-1975
• CVE-2022-20008
• CVE-2022-21123
• CVE-2022-21125
• CVE-2022-21127
• CVE-2022-21166
• CVE-2022-21180
• CVE-2022-21499
• CVE-2022-24448
• CVE-2022-28388
• CVE-2022-28390
• CVE-2022-30594

---

Source

• AusCERT
• SUSE

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.2955
• https://www.auscert.org.au/bulletins/ESB-2022.2956
• https://www.auscert.org.au/bulletins/ESB-2022.2957
• https://www.auscert.org.au/bulletins/ESB-2022.2958
• https://www.auscert.org.au/bulletins/ESB-2022.2972
• https://www.auscert.org.au/bulletins/ESB-2022.2973
• https://www.suse.com/support/update/announcement/2022/suse-su-20222077-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222078-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222079-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222080-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222082-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222083-1/

Adobe 每月保安更新 (2022年6月)

發佈日期: 2022年06月15日

風險: 中度風險

類型: 用戶端 - 辦公室應用

Adobe已為產品提供本月保安更新：

 

受影響產品	風險程度	影響	備註	詳情（包括 CVE）
Adobe Animate	中度風險	遠端執行程式碼		APSB22-24
Adobe Bridge	中度風險	遠端執行程式碼 篡改 資料洩露		APSB22-25
Adobe Illustrator	中度風險	遠端執行程式碼 資料洩露		APSB22-26
Adobe InCopy	中度風險	遠端執行程式碼		APSB22-29
Adobe InDesign	中度風險	遠端執行程式碼		APSB22-30
RoboHelp Server	中度風險	權限提升		APSB22-31

 

「極高度風險」產品數目：0

「高度風險」產品數目：0

「中度風險」產品數目：6

「低度風險」產品數目：0

整體「風險程度」評估：中度風險

---

影響

• 篡改
• 權限提升
• 遠端執行程式碼
• 資料洩露

---

受影響之系統或技術

• Adobe Animate 22.0.5 及以前版本
• Adobe Bridge  12.0.1 及以前版本
• Illustrator 2022 26.0.2 及以前版本
• Illustrator 2021 25.4.5 及以前版本
• Adobe InCopy  17.2 及以前版本
• Adobe InCopy  16.4.1 及以前版本
• Adobe InDesign 17.2.1 及以前版本
• Adobe InDesign 16.4.1 及以前版本
• RoboHelp Server RHS 11 Update 3 及以前版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

• 安裝供應商提供的修補程式。個別產品詳情可參考上表「詳情」一欄或執行軟件更新。

---

漏洞識別碼

•  https://www.cvedetails.com/vulnerability-list.php?vendor_id=53&year=2022&month=06

---

資料來源

• Adobe

---

相關連結

• https://helpx.adobe.com/security/security-bulletin.html

Adobe Monthly Security Update (June 2022)

Release Date: 15 Jun 2022

RISK: Medium Risk

TYPE: Clients - Productivity Products

Adobe has released monthly security update for their products:

 

Vulnerable Product	Risk Level	Impacts	Notes	Details (including CVE)
Adobe Animate	Medium Risk	Remote Code Execution		APSB22-24
Adobe Bridge	Medium Risk	Remote Code Execution Data Manipulation Information Disclosure		APSB22-25
Adobe Illustrator	Medium Risk	Remote Code Execution Information Disclosure		APSB22-26
Adobe InCopy	Medium Risk	Remote Code Execution		APSB22-29
Adobe InDesign	Medium Risk	Remote Code Execution		APSB22-30
RoboHelp Server	Medium Risk	Elevation of Privilege		APSB22-31

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk

---

Impact

• Data Manipulation
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure

---

System / Technologies affected

• Adobe Animate 22.0.5 and earlier versions
• Adobe Bridge  12.0.1 and earlier versions
• Illustrator 2022 26.0.2 and earlier versions
• Illustrator 2021 25.4.5 and earlier versions
• Adobe InCopy  17.2 and earlier versions
• Adobe InCopy  16.4.1 and earlier versions
• Adobe InDesign 17.2.1 and earlier versions
• Adobe InDesign 16.4.1 and earlier versions
• RoboHelp Server RHS 11 Update 3 and earlier versions

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update

---

Vulnerability Identifier

•  https://www.cvedetails.com/vulnerability-list.php?vendor_id=53&year=2022&month=06

---

Source

• Adobe

---

Related Link

• https://helpx.adobe.com/security/security-bulletin.html

微軟每月保安更新 (2022年6月)

發佈日期: 2022年06月15日

風險: 極高度風險

類型: 操作系統 - 視窗操作系統

微軟已為產品提供本月保安更新：

 

受影響產品	風險程度	影響	備註
視窗	極高度風險	資料洩露 遠端執行程式碼 權限提升 阻斷服務 繞過保安限制 仿冒	CVE-2022-30190 正被廣泛利用
延伸安全性更新 (ESU)	中度風險	資料洩露 權限提升 遠端執行程式碼 阻斷服務
Azure	中度風險	權限提升 遠端執行程式碼 資料洩露
System Center	中度風險	權限提升
瀏覽器	中度風險	遠端執行程式碼
微軟 Office	中度風險	遠端執行程式碼 資料洩露
開發者工具	中度風險	資料洩露
SQL Server	中度風險	遠端執行程式碼
Apps	中度風險	遠端執行程式碼

 

「極高度風險」產品數目：1

「高度風險」產品數目：0

「中度風險」產品數目：8

「低度風險」產品數目：0

整體「風險程度」評估：極高度風險

---

影響

• 阻斷服務
• 權限提升
• 遠端執行程式碼
• 繞過保安限制
• 資料洩露
• 仿冒

---

受影響之系統或技術

• 視窗
• 延伸安全性更新 (ESU)
• Azure
• System Center
• 瀏覽器
• 微軟 Office
• 開發者工具
• SQL Server
• Apps

---

解決方案

在安裝軟體之前，請先瀏覽軟體供應商之網站，以獲得更多詳細資料。

• 安裝軟件供應商提供的修補程式。

---

漏洞識別碼

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2022&month=06

---

資料來源

• Microsoft

---

相關連結

• https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun

Microsoft Monthly Security Update (June 2022)

Release Date: 15 Jun 2022

RISK: Extremely High Risk

TYPE: Operating Systems - Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable Product	Risk Level	Impacts	Notes
Windows	Extremely High Risk	Information Disclosure Remote Code Execution Elevation of Privilege Denial of Service Security Restriction Bypass Spoofing	CVE-2022-30190 is being explioted in the wild
Extended Security Updates (ESU)	Medium Risk	Information Disclosure Elevation of Privilege Remote Code Execution Denial of Service
Azure	Medium Risk	Elevation of Privilege Remote Code Execution Information Disclosure
System Center	Medium Risk	Elevation of Privilege
Browser	Medium Risk	Remote Code Execution
Microsoft Office	Medium Risk	Remote Code Execution Information Disclosure
Developer Tools	Medium Risk	Information Disclosure
SQL Server	Medium Risk	Remote Code Execution
Apps	Medium Risk	Remote Code Execution

 

Number of 'Extremely High Risk' product(s): 1

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 8

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Extremely High Risk

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Spoofing

---

System / Technologies affected

• Windows
• Extended Security Updates (ESU)
• Azure
• System Center
• Browser
• Microsoft Office
• Developer Tools
• SQL Server
• Apps

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

•  Apply fixes issued by the vendor.

---

Vulnerability Identifier

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2022&month=06

---

Source

• Microsoft

---

Related Link

• https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun