風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於 Aruba Products 發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發資料篡改。
注意:
利用漏洞 CVE-2022-47522 需要經過身份驗證。產品供應商目前沒有提供解決方法/解決方案。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability was identified in Aruba Products. A remote attacker could exploit this vulnerability to trigger data manipulation on the targeted system.
Note:
To exploit the vulnerability CVE-2022-47522 requires authenticated permission. Product vendor has not yet released workaround / resolution at this moment.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - 視窗操作系統
於 Microsoft Windows Snipping Tool 發現一個漏洞,遠端使用者可利用此漏洞,於目標系統觸發資料洩露。
注意﹕
CVE-2023-28303 的概念驗證碼已被公開。
詳情請參閱以下連結﹕
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303
在安裝軟體之前,請先瀏覽軟體供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式。
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
A vulnerability has been identified in Microsoft Windows Snipping Tool, a remote user can exploit this vulnerability to trigger information disclosure on the targeted system.
Note:
Proof of Concept exploit code is publicly available for CVE-2023-28303.
Please refer to the link below for detail:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor.
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 QNAP NAS 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼及洩露敏感資料。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
RISK: Medium Risk
TYPE: Clients - Email Clients
A vulnerability was identified in Mozilla Thunderbird. A remote attacker can exploit this vulnerability to trigger denial of service on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
風險: 極高度風險
類型: 操作系統 - 流動裝置及操作系統
於蘋果產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、篡改、仿冒、遠端執行任意程式碼、洩露敏感資料及繞過保安限制。
注意:
CVE-2023-23529 (WebKit Bugzilla: 251944) 漏洞正被廣泛利用。該漏洞與WebKit元件有關,當元件處理惡意構造的網頁內容時 ,可能會導致執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Extremely High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, data manipulation, spoofing, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.
Note:
CVE-2023-23529 (WebKit Bugzilla: 251944) is being exploited in the wild. The vulnerability is related to the WebKit component when processing maliciously crafted web content that may lead to arbitrary code execution.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Operating Systems - Others OS
Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor. For detail, please refer to the link below:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - LINUX
於 Ubuntu Products 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及洩露敏感資料。
[更新於 2023-03-07]
更新受影響之系統或技術、解決方案、漏洞識別碼及相關連結。
[更新於 2023-03-09]
更新解決方案及相關連結。
[更新於 2023-03-10]
更新解決方案、漏洞識別碼及相關連結。
[更新於 2023-03-16]
更新解決方案、漏洞識別碼及相關連結。
[更新於 2023-03-27]
更新解決方案、漏洞識別碼及相關連結。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in Ubuntu Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.
[Updated on 2023-03-07]
Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
[Updated on 2023-03-09]
Updated Solutions and Related Links.
[Updated on 2023-03-10]
Updated Solutions, Vulnerability Identifier and Related Links.
[Updated on 2023-03-16]
Updated Solutions, Vulnerability Identifier and Related Links.
[Updated on 2023-03-27]
Updated Solutions, Vulnerability Identifier and Related Links.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
