風險: 中度風險
類型: 伺服器 - 其他伺服器
於 NetApp 產品發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發阻斷服務狀況。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Other Servers
A vulnerability was identified in a NetApp Product. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - LINUX
於 RedHat Linux核心產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in RedHat Linux Kernel Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發觸發篡改、洩露敏感資料、權限提升、阻斷服務、繞過保安限制及遠端執行任意程式碼。
以下版本之前的版本﹕
在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。
更新至版本:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to data manipulation, sensitive information disclosure, elevation of privilege, denial of service, security restriction bypass and remote code execution on the targeted system.
Versions prior to:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 Splunk 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端跨網站指令碼及執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in Splunk products. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting and remote code execution on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Operating Systems - Others OS
A vulnerability has been identified in ChromeOS. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor. For detail, please refer to the link below:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發彷冒及遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger spoofing and remote code execution on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 極高度風險
類型: 伺服器 - 互聯網應用伺服器
於 IBM WebSphere 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及洩露敏感資料。
注意:
CVE-2023-44487 是 HTTP/2 協定中的阻斷服務 (DoS) 漏洞。 該漏洞被稱為“快速重置”,已被廣泛利用。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Extremely High Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in IBM WebSphere Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system.
Note:
CVE-2023-44487 is a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability known as Rapid Reset, has been exploited in the wild.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
在Aruba產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發資料篡改、阻斷服務狀況及遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Aruba Products. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, denial of service condition and remote code execution on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - Network
於 Fortinet Products 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發資料篡改、遠端執行任意程式碼、洩露敏感資料、阻斷服務、權限提升及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, remote code execution, sensitive information disclosure, denial of service, elevation of privilege and security restriction bypass on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 辦公室應用
Adobe已為產品提供本月保安更新:
| 受影響產品 | 風險程度 | 影響 | 備註 | 詳情(包括 CVE) |
| Adobe ColdFusion |  中度風險 | 遠端執行程式碼 繞過保安限制 跨網站指令碼 | APSB23-52 | |
| Adobe RoboHelp Server | 中度風險 | 資料洩露 遠端執行程式碼 | APSB23-53 | |
| Adobe Acrobat and Reader | 中度風險 | 遠端執行程式碼 資料洩露 | APSB23-54 | |
| Adobe InDesign | 中度風險 | 阻斷服務 資料洩露 | APSB23-55 | |
| Adobe Photoshop | 中度風險 | 遠端執行程式碼 資料洩露 | APSB23-56 | |
| Adobe Bridge | 中度風險 | 資料洩露 | APSB23-57 | |
| Adobe Framemaker | 中度風險 | 繞過保安限制 | APSB23-58 | |
| Adobe InCopy | 中度風險 | 遠端執行程式碼 | APSB23-60 | |
| Adobe Animate | 中度風險 | 資料洩露 | APSB23-61 | |
| Adobe Dimension | 中度風險 | 資料洩露 | APSB23-62 | |
| Adobe Media Encoder | 中度風險 | 遠端執行程式碼 資料洩露 | APSB23-63 | |
| Adobe Audition | 中度風險 | 遠端執行程式碼 資料洩露 | APSB23-64 | |
| Adobe Premiere Pro | 中度風險 | 遠端執行程式碼 資料洩露 | APSB23-65 | |
| Adobe After Effects | 中度風險 | 遠端執行程式碼 資料洩露 | APSB23-66 |
「極高度風險」產品數目:0
「高度風險」產品數目:0
「中度風險」產品數目:14
「低度風險」產品數目:0
整體「風險程度」評估:中度風險
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
RISK: Medium Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe ColdFusion | Medium Risk | Remote Code Execution Security Restriction Bypass Cross-site Scripting | APSB23-52 | |
| Adobe RoboHelp Server | Medium Risk | Information Disclosure Remote Code Execution | APSB23-53 | |
| Adobe Acrobat and Reader | Medium Risk | Remote Code Execution Information Disclosure | APSB23-54 | |
| Adobe InDesign | Medium Risk | Denial of Service Information Disclosure | APSB23-55 | |
| Adobe Photoshop | Medium Risk | Remote Code Execution Information Disclosure | APSB23-56 | |
| Adobe Bridge | Medium Risk | Information Disclosure | APSB23-57 | |
| Adobe Framemaker | Medium Risk | Security Restriction Bypass | APSB23-58 | |
| Adobe InCopy | Medium Risk | Remote Code Execution | APSB23-60 | |
| Adobe Animate | Medium Risk | Information Disclosure | APSB23-61 | |
| Adobe Dimension | Medium Risk | Information Disclosure | APSB23-62 | |
| Adobe Media Encoder | Medium Risk | Remote Code Execution Information Disclosure | APSB23-63 | |
| Adobe Audition | Medium Risk | Remote Code Execution Information Disclosure | APSB23-64 | |
| Adobe Premiere Pro | Medium Risk | Remote Code Execution Information Disclosure | APSB23-65 | |
| Adobe After Effects | Medium Risk | Remote Code Execution Information Disclosure | APSB23-66 |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 14
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': Medium Risk
Before installation of the software, please visit the vendor web-site for more details.
