RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service and data manipulation on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行程式碼及資料篡改。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 網站伺服器
於 Apache Tomcat 發現一個漏洞。遠端攻擊者可利用此漏洞,於目標系統觸發敏感資料洩露。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Web Servers
A vulnerability has been identified in Apache Tomcat. A remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Servers - Network Management
Multiple vulnerabilities have been identified in VMware vCenter Server. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.
Before installation of the software, please visit the software manufacturer web-site for more details.
風險: 極高度風險
類型: 操作系統 - 流動裝置及操作系統
於蘋果產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼。
注意:
CVE-2023-32434, CVE-2023-32435 及 CVE-2023-32439 漏洞正被廣泛利用。 這些漏洞與內核和WebKit元件有關,可導致任意代碼執行。威脅者可利用內核的漏洞,以內核權限執行任意代碼。對於WebKit組件的漏洞,當WebKit元件處理惡意製作的網頁內容時,威脅者可在目標設備上執行任意代碼。卡巴斯基發現這些漏洞與 Operation Triangulation 攻擊有關。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Extremely High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.
Note:
CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439 are being exploited in the wild. These vulnerabilities are related to the Kernel and WebKit components that may lead to arbitrary code execution. Threat actors may exploit the kernel vulnerability to execute arbitrary code with kernel privileges. For vulnerabilities of WebKit component, threat actors may execute arbitrary code on target device when the WebKit component processes a maliciously crafted web content. Kaspersky discovered these vulnerabilities were related to Operation Triangulation attack campaign.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Operating Systems - Others OS
Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor. For detail, please refer to the link below:
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 Node.js 發現一些漏洞,遠端攻擊者可利用這些漏洞,於目標系統觸發繞過保安限制、權限提升及阻斷服務。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities have been identified in Node.js. A remote attacker can exploit these vulnerabilities to trigger security restriction bypass, elevation of privilege and denial of service on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/
風險: 中度風險
類型: 操作系統 - Network
在 ASUS 路由器發現多個漏洞。遠端攻擊者可利用這些漏洞在目標系統上觸發阻斷服務狀況、遠端執行任意程式碼、繞過保安限制及洩露敏感資料。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in ASUS Router. A remote attacker can exploit these vulnerabilities to trigger denial of service, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 NetApp 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料及資料篡改。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in NetApp Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and data manipulation on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 辦公室應用
Adobe已為產品提供本月保安更新:
| 受影響產品 | 風險程度 | 影響 | 備註 | 詳情(包括 CVE) |
| Adobe Experience Manager |  中度風險 | 跨網站指令碼 遠端執行程式碼 繞過保安限制 | APSB23-31 | |
| Magento | 中度風險 | 繞過保安限制 資料洩露 跨網站指令碼 遠端執行程式碼 | APSB23-35 | |
| Adobe Animate 2022 | 中度風險 | 遠端執行程式碼 | APSB23-36 | |
| Adobe Animate 2023 | 中度風險 | 遠端執行程式碼 | APSB23-36 | |
| Adobe Substance 3D Designer | 中度風險 | 遠端執行程式碼 | APSB23-39 | |
| Adobe Commerce | 中度風險 | 繞過保安限制 資料洩露 跨網站指令碼 遠端執行程式碼 | APSB23-35 |
「極高度風險」產品數目:0
「高度風險」產品數目:0
「中度風險」產品數目:6
「低度風險」產品數目:0
整體「風險程度」評估:中度風險
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
RISK: Medium Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe Experience Manager | Medium Risk | Cross-site Scripting Remote Code Execution Security Restriction Bypass | APSB23-31 | |
| Magento | Medium Risk | Security Restriction Bypass Information Disclosure Cross-site Scripting Remote Code Execution | APSB23-35 | |
| Adobe Animate 2022 | Medium Risk | Remote Code Execution | APSB23-36 | |
| Adobe Animate 2023 | Medium Risk | Remote Code Execution | APSB23-36 | |
| Adobe Substance 3D Designer | Medium Risk | Remote Code Execution | APSB23-39 | |
| Adobe Commerce | Medium Risk | Security Restriction Bypass Information Disclosure Cross-site Scripting Remote Code Execution | APSB23-35 |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 6
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': Medium Risk
Before installation of the software, please visit the vendor web-site for more details.
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行程式碼及資料篡改。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - 視窗操作系統
微軟已為產品提供本月保安更新:
| 受影響產品 | 風險程度 | 影響 | 備註 |
| 瀏覽器 | 中度風險 | 繞過保安限制 權限提升 資料洩露 | |
| Exchange Server | 中度風險 | 遠端執行程式碼 | |
| 微軟 Dynamics |  低度風險 | 仿冒 | |
| 開發者工具 | 中度風險 | 遠端執行程式碼 阻斷服務 資料洩露 仿冒 權限提升 | |
| 視窗 | 中度風險 | 阻斷服務 權限提升 繞過保安限制 資料洩露 遠端執行程式碼 仿冒 | |
| 微軟 Office | 中度風險 | 遠端執行程式碼 權限提升 阻斷服務 仿冒 | |
| Azure | 低度風險 | 仿冒 | |
| 延伸安全性更新 (ESU) | 中度風險 | 權限提升 遠端執行程式碼 阻斷服務 資料洩露 仿冒 |
「極高度風險」產品數目:0
「高度風險」產品數目:0
「中度風險」產品數目:6
「低度風險」產品數目:2
整體「風險程度」評估:中度風險
在安裝軟體之前,請先瀏覽軟體供應商之網站,以獲得更多詳細資料。
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Browser | Medium Risk | Security Restriction Bypass Elevation of Privilege Information Disclosure | |
| Exchange Server | Medium Risk | Remote Code Execution | |
| Microsoft Dynamics | Low Risk | Spoofing | |
| Developer Tools | Medium Risk | Remote Code Execution Denial of Service Information Disclosure Spoofing Elevation of Privilege | |
| Windows | Medium Risk | Denial of Service Elevation of Privilege Security Restriction Bypass Information Disclosure Remote Code Execution Spoofing | |
| Microsoft Office | Medium Risk | Remote Code Execution Elevation of Privilege Denial of Service Spoofing | |
| Azure | Low Risk | Spoofing | |
| Extended Security Updates (ESU) | Medium Risk | Elevation of Privilege Remote Code Execution Denial of Service Information Disclosure Spoofing |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 6
Number of 'Low Risk' product(s): 2
Evaluation of overall 'Risk Level': Medium Risk
Before installation of the software, please visit the vendor web-site for more details.
