RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - 流動裝置及操作系統
於蘋果產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發權限提升、阻斷服務、資料洩露、繞過保安限制、仿冒及遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, denial of service, information disclosure, security restriction bypass, spoofing and remote code execution on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
A vulnerability was identified in F5 BIG-IP. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
BIG-IP
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 互聯網應用伺服器
於 IBM WebSphere Application Server發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Internet App Servers
A vulnerability was identified in IBM WebSphere Application Server. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
RISK: Medium Risk
TYPE: Servers - Network Management
Multiple vulnerabilities have been identified in VMware vCenter Server. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and remote code execution on the targeted system.
Before installation of the software, please visit the software manufacturer web-site for more details.
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability was identified in OpenSSL. A remote attacker could exploit this vulnerability to trigger denial of service condition.
Before installation of the software, please visit the software manufacturer web-site for more details.
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發觸發跨網站指令碼、洩露敏感資料、仿冒、阻斷服務及遠端執行任意程式碼。
以下版本之前的版本﹕
在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。
更新至版本:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to cross-site scripting, sensitive information disclosure, spoofing, denial of service and remote code execution on the targeted system.
Versions prior to:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現一個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
A vulnerability has been identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 高度風險
類型: 操作系統 - 網絡操作系統
於 VMware Aria Operations for Logs 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發任意程式碼及繞過保安限制。
注意:
CVE-2023-34051 的概念驗證碼已被公開。
vRealize Log Insight(現稱為 VMware Aria Operations for Logs)
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: High Risk
TYPE: Operating Systems - VM Ware
Multiple vulnerabilities were identified in VMware Aria Operations for Logs. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.
Note:
Proof of Concept exploit code is publicly available for CVE-2023-34051.
vRealize Log Insight (now known as VMware Aria Operations for Logs)
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Servers - Web Servers
Multiple vulnerabilities were identified in Apache HTTP Server. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Operating Systems - Others OS
Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, denial of service condition and remote code execution on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor. For detail, please refer to the link below:
風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
在 Sophos 防火牆發現一個漏洞。遠端使用者可利用此漏洞,於目標系統觸發洩露敏感資料。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password
注意:已啟用了“允許自動安裝修補程序”功能的 Sophos Firewall 客戶無需執行任何操作。預設設置是已啟用。
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability has been identified in Sophos Firewall. A remote user can exploit this vulnerability to trigger sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password
Note: There is no action required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.
風險: 中度風險
類型: 伺服器 - 數據庫伺服器
於甲骨文產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料、資料篡改及繞過保安限制。
有關其他 甲骨文 產品,請參閱以下連結:
https://www.oracle.com/security-alerts/cpuoct2023.html
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
https://www.oracle.com/security-alerts/cpuoct2023.html
RISK: Medium Risk
TYPE: Servers - Database Servers
Multiple vulnerabilities were identified in Oracle Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
For other Oracle products, please refer to the link below:
https://www.oracle.com/security-alerts/cpuoct2023.html
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://www.oracle.com/security-alerts/cpuoct2023.html
風險: 中度風險
類型: 伺服器 - 互聯網應用伺服器
於 Wordpress 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發資料洩露、遠端執行任意程式碼、跨網站指令碼及阻斷服務狀況。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
要獲取此版本,請你到網站管理區域的儀表板 > 更新選單內執行更新,或訪問 https://wordpress.org/download/release-archive/。
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in Wordpress. A remote attacker could exploit some of these vulnerabilities to trigger information disclosure, remote code execution, cross-site scripting and denial of service condition on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
To get this version, update from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
風險: 極高度風險
類型: 操作系統 - Network
於 思科 IOS XE 發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發權限提升。
注意﹕
CVE-2023-20198 漏洞正被廣泛利用。
思科發現當 Cisco IOS XE 軟體的 Web UI 功能暴露在互聯網或不受信任的網路中時,Web UI 中的一個先前未知的漏洞(CVE-2023-20198)會被主動利用。
Web UI 和管理服務不應暴露在互聯網或不受信任的網路中。
[更新於 2023-10-17]
暫無可修補 CVE-2023-20198 的修補程式。
請瀏覽供應商之網站,以獲得更多詳細資料。
思科強烈建議客戶在所有面向互聯網的系統上停用 HTTP 伺服器功能。若要停用 HTTP 伺服器功能,請在全域設定模式下使用 no ip http server 或 no ip http secure-server 指令。如果同時使用 HTTP 伺服器和 HTTPS 伺服器,則需要同時使用這兩個指令來停用 HTTP 伺服器功能。
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
A vulnerability was identified in Cisco IOS XE. A remote attacker could exploit this vulnerability to trigger elevation of privilege on the targeted system.
Note:
CVE-2023-20198 is being exploited in the wild.
Cisco is aware of active exploitation of a previously unknown vulnerability (CVE-2023-20198) in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.
The web UI and management services should not be exposed to the internet or to untrusted networks.
[Updated at 2023-10-17]
No patch is currently available for CVE-2023-20198.
Please visit the vendor web-site for more details.
Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 QNAP NAS 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務及資料洩露。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service and information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
