風險: 中度風險
類型: 操作系統 - 其他操作系統
於 ChromeOS 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發繞過保安限制、遠端執行程式碼及資料洩露。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式,詳情請參閱以下連結:
RISK: Medium Risk
TYPE: Operating Systems - Others OS
Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, remote code execution and information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor. For detail, please refer to the link below:
RISK: Medium Risk
TYPE: Servers - Other Servers
A vulnerability was identified in a NetApp Product. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
A vulnerability was identified in TP-Link router. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2023-1389 is being exploited in the wild.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Operating Systems - VM Ware
Multiple vulnerabilities were identified in VMware Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution, denial of service and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 極高度風險
類型: 用戶端 - 瀏覽器
於 Microsoft Edge 發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發遠端執行程式碼。
注意:
CVE-2023-2136 漏洞正被廣泛利用。這個漏洞是 Skia 中的整數溢出所導致。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Extremely High Risk
TYPE: Clients - Browsers
A vulnerability was identified in Microsoft Edge. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2023-2136 is being exploited in the wild. The vulnerability is caused due to a Integer overflow in Skia.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Operating Systems - Others OS
Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor. For detail, please refer to the link below:
風險: 極高度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及洩露敏感資料。
注意:
CVE-2023-2136 漏洞正被廣泛利用。這個漏洞是 Skia 中的整數溢出所導致。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Extremely High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.
Note:
CVE-2023-2136 is being exploited in the wild. The vulnerability is caused due to a Integer overflow in Skia.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 數據庫伺服器
於甲骨文產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料、資料篡改及繞過保安限制。
有關其他 甲骨文 產品,請參閱以下連結:
https://www.oracle.com/security-alerts/cpuapr2023.html
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
https://www.oracle.com/security-alerts/cpuapr2023.html
RISK: Medium Risk
TYPE: Servers - Database Servers
Multiple vulnerabilities were identified in Oracle Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
For other Oracle products, please refer to the link below:
https://www.oracle.com/security-alerts/cpuapr2023.html
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://www.oracle.com/security-alerts/cpuapr2023.html
風險: 極高度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發遠端執行程式碼。
注意:
CVE-2023-2033 漏洞正被廣泛利用。這個漏洞是從 V8 JavaScript 引擎類型混淆錯誤所導致,漏洞可被通過惡意構造的 HTML 頁面執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Extremely High Risk
TYPE: Clients - Browsers
A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2023-2033 is being exploited in the wild. The vulnerability is caused due to a type confusion error in V8 JavaScript engine and can be exploited to execute arbitrary code via a crafted HTML page.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 極高度風險
類型: 用戶端 - 瀏覽器
於 Microsoft Edge 發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發遠端執行程式碼。
注意:
CVE-2023-2033 漏洞正被廣泛利用。這個漏洞是從 V8 JavaScript 引擎類型混淆錯誤所導致,漏洞可被通過惡意構造的 HTML 頁面執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Extremely High Risk
TYPE: Clients - Browsers
A vulnerability was identified in Microsoft Edge. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2023-2033 is being exploited in the wild. The vulnerability is caused due to a type confusion error in V8 JavaScript engine and can be exploited to execute arbitrary code via a crafted HTML page.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - Network
於 Fortinet 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、洩露敏感資料、資料篡改及跨網站指令碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, data manipulation and cross-site scripting on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 辦公室應用
Adobe已為產品提供本月保安更新:
| 受影響產品 | 風險程度 | 影響 | 備註 | 詳情(包括 CVE) |
| Adobe Digital Editions |  中度風險 | 遠端執行程式碼 | APSB23-04 | |
| Adobe InCopy | 中度風險 | 遠端執行程式碼 | APSB23-13 | |
| Adobe Acrobat and Reader | 中度風險 | 遠端執行程式碼 權限提升 資料洩露 繞過保安限制 | APSB23-24 | |
| Adobe Substance 3D Stager | 中度風險 | 遠端執行程式碼 資料洩露 | APSB23-26 | |
| Adobe Dimension | 中度風險 | 遠端執行程式碼 資料洩露 | APSB23-27 | |
| Adobe Substance 3D Designer | 中度風險 | 遠端執行程式碼 | APSB23-28 |
「極高度風險」產品數目:0
「高度風險」產品數目:0
「中度風險」產品數目:6
「低度風險」產品數目:0
整體「風險程度」評估:中度風險
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
RISK: Medium Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe Digital Editions | Medium Risk | Remote Code Execution | APSB23-04 | |
| Adobe InCopy | Medium Risk | Remote Code Execution | APSB23-13 | |
| Adobe Acrobat and Reader | Medium Risk | Remote Code Execution Elevation of Privilege Information Disclosure Security Restriction Bypass | APSB23-24 | |
| Adobe Substance 3D Stager | Medium Risk | Remote Code Execution Information Disclosure | APSB23-26 | |
| Adobe Dimension | Medium Risk | Remote Code Execution Information Disclosure | APSB23-27 | |
| Adobe Substance 3D Designer | Medium Risk | Remote Code Execution | APSB23-28 |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 6
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': Medium Risk
Before installation of the software, please visit the vendor web-site for more details.
風險: 中度風險
類型: 操作系統 - 視窗操作系統
微軟已為產品提供本月保安更新:
| 受影響產品 | 風險程度 | 影響 | 備註 |
| 瀏覽器 | 中度風險 | 繞過保安限制 仿冒 篡改 | |
| 視窗 | 中度風險 | 遠端執行程式碼 資料洩露 阻斷服務 權限提升 繞過保安限制 仿冒 | 正被廣泛利用。 此漏洞可以通過使用Windows CLFS 驅動程式以觸發權限提升。此漏洞要求本地訪問,因此被評為中度風險。 |
| 延伸安全性更新 (ESU) | 中度風險 | 遠端執行程式碼 資料洩露 阻斷服務 權限提升 仿冒 繞過保安限制 | |
| SQL Server | 中度風險 | 遠端執行程式碼 | |
| 微軟 Office | 中度風險 | 遠端執行程式碼 仿冒 | |
| Azure | 中度風險 | 繞過保安限制 資料洩露 | |
| 微軟 Dynamics |  低度風險 | 仿冒 | |
| 開發者工具 | 中度風險 | 遠端執行程式碼 權限提升 資料洩露 仿冒 | |
| System Center | 中度風險 | 阻斷服務 |
「極高度風險」產品數目:0
「高度風險」產品數目:0
「中度風險」產品數目:8
「低度風險」產品數目:1
整體「風險程度」評估:中度風險
在安裝軟體之前,請先瀏覽軟體供應商之網站,以獲得更多詳細資料。
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Browser | Medium Risk | Security Restriction Bypass Spoofing Data Manipulation | |
| Windows | Medium Risk | Remote Code Execution Information Disclosure Denial of Service Elevation of Privilege Security Restriction Bypass Spoofing | is being exploited in the wild. The vulnerabliity can be exploited by using Windows CLFS driver to trigger elevation of privilege, but this CVE is required local access and it is rated as risk medium. |
| Extended Security Updates (ESU) | Medium Risk | Remote Code Execution Information Disclosure Denial of Service Elevation of Privilege Spoofing Security Restriction Bypass | |
| SQL Server | Medium Risk | Remote Code Execution | |
| Microsoft Office | Medium Risk | Remote Code Execution Spoofing | |
| Azure | Medium Risk | Security Restriction Bypass Information Disclosure | |
| Microsoft Dynamics | Low Risk | Spoofing | |
| Developer Tools | Medium Risk | Remote Code Execution Elevation of Privilege Information Disclosure Spoofing | |
| System Center | Medium Risk | Denial of Service |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 8
Number of 'Low Risk' product(s): 1
Evaluation of overall 'Risk Level': Medium Risk
Before installation of the software, please visit the vendor web-site for more details.
