2024年9月27日星期五

Aruba 產品多個漏洞

發佈日期: 2024年09月27日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

在Aruba產品發現多個漏洞。遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。

影響

  • 遠端執行程式碼

受影響之系統或技術

HPE Aruba Networking

  • Aruba Access Points running Instant AOS-8 and AOS 10

Affected Software Version(s):

  • AOS-10.6.x.x: 10.6.0.2 及之前版本
  • AOS-10.4.x.x: 10.4.1.3 及之前版本
  • Instant AOS-8.12.x.x: 8.12.0.1 及之前版本
  • Instant AOS-8.10.x.x: 8.10.0.13 及之前版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

Aruba Products Multiple Vulnerabilities

Release Date: 27 Sep 2024

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Aruba Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

Impact

  • Remote Code Execution

System / Technologies affected

HPE Aruba Networking

  • Aruba Access Points running Instant AOS-8 and AOS 10

Affected Software Version(s):

  • AOS-10.6.x.x: 10.6.0.2 and below
  • AOS-10.4.x.x: 10.4.1.3 and below
  • Instant AOS-8.12.x.x: 8.12.0.1 and below
  • Instant AOS-8.10.x.x: 8.10.0.13 and below

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

思科產品多個漏洞

發佈日期: 2024年09月27日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

於思科產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料、資料篡改、跨網站指令碼及繞過保安限制。

影響

  • 阻斷服務
  • 遠端執行程式碼
  • 繞過保安限制
  • 權限提升
  • 跨網站指令碼
  • 資料洩露
  • 篡改

受影響之系統或技術

  • 1000 Series Integrated Services Routers (ISRs) running a vulnerable release of Cisco IOS XE Software
  • 1000 Series Integrated Services Routers (ISRs) running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • 4000 Series ISRs running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Catalyst 8000v Edge Software running a vulnerable release of Cisco IOS XE Software
  • Catalyst 8000V Edge Software running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Catalyst 8200 Series Edge Platforms running a vulnerable release of Cisco IOS XE Software
  • Catalyst 8200 Series Edge Platforms running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Catalyst 8300 Series Edge Platforms running a vulnerable release of Cisco IOS XE Software
  • Catalyst 8300 Series Edge Platforms running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Catalyst 8500L Edge Platforms running a vulnerable release of Cisco IOS XE Software
  • Catalyst 8500L Series Edge Platforms running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Catalyst 9300X Series Switches running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9400X Supervisor Engines running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9500X Series Switches running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9600 Series Switches running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9800 Series Wireless Controllers running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9800-CL Wireless Controllers for Cloud running a vulnerable release of Cisco IOS XE Software
  • Catalyst IR8300 Rugged Series Routers running a vulnerable release of Cisco IOS XE Software
  • Catalyst IR8300 Rugged Series Routers running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 17.12.1 or 17.12.1a.
  • Cisco Catalyst Center
  • Cisco Catalyst SD-WAN Manager
  • Cisco cBR-8 Converged Broadband Routers running Cisco IOS XE Software Release 17.12.1 or 17.12.1a.
  • Cisco IOS and IOS XE Software
  • Crosswork NSO
  • Embedded Wireless Controllers on Catalyst Access Points running a vulnerable release of Cisco IOS XE Software
  • Industrial Ethernet 4000 Series Switches running Cisco IOS Software Release 15.2(8)E2 or later
  • Industrial Ethernet 4010 Series Switches running Cisco IOS Software Release 15.2(8)E2 or later
  • Industrial Ethernet 5000 Series Switches running Cisco IOS Software Release 15.2(8)E2 or later
  • Optical Site Manager
  • RV340 Dual WAN Gigabit VPN Routers
  • SD-WAN vEdge Cloud Routers
  • SD-WAN vEdge Routers

 

詳情請參閱以下連結﹕

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

Cisco Products Multiple Vulnerabilities

Release Date: 27 Sep 2024

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure, data manipulation, cross-site scripting and security restriction bypass on the targeted system.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Elevation of Privilege
  • Cross-Site Scripting
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • 1000 Series Integrated Services Routers (ISRs) running a vulnerable release of Cisco IOS XE Software
  • 1000 Series Integrated Services Routers (ISRs) running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • 4000 Series ISRs running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Catalyst 8000v Edge Software running a vulnerable release of Cisco IOS XE Software
  • Catalyst 8000V Edge Software running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Catalyst 8200 Series Edge Platforms running a vulnerable release of Cisco IOS XE Software
  • Catalyst 8200 Series Edge Platforms running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Catalyst 8300 Series Edge Platforms running a vulnerable release of Cisco IOS XE Software
  • Catalyst 8300 Series Edge Platforms running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Catalyst 8500L Edge Platforms running a vulnerable release of Cisco IOS XE Software
  • Catalyst 8500L Series Edge Platforms running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Catalyst 9300X Series Switches running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9400X Supervisor Engines running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9500X Series Switches running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9600 Series Switches running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9800 Series Wireless Controllers running a vulnerable release of Cisco IOS XE Software
  • Catalyst 9800-CL Wireless Controllers for Cloud running a vulnerable release of Cisco IOS XE Software
  • Catalyst IR8300 Rugged Series Routers running a vulnerable release of Cisco IOS XE Software
  • Catalyst IR8300 Rugged Series Routers running a vulnerable release of Cisco UTD Snort IPS Engine for Cisco IOS XE Software
  • Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 17.12.1 or 17.12.1a.
  • Cisco Catalyst Center
  • Cisco Catalyst SD-WAN Manager
  • Cisco cBR-8 Converged Broadband Routers running Cisco IOS XE Software Release 17.12.1 or 17.12.1a.
  • Cisco IOS and IOS XE Software
  • Crosswork NSO
  • Embedded Wireless Controllers on Catalyst Access Points running a vulnerable release of Cisco IOS XE Software
  • Industrial Ethernet 4000 Series Switches running Cisco IOS Software Release 15.2(8)E2 or later
  • Industrial Ethernet 4010 Series Switches running Cisco IOS Software Release 15.2(8)E2 or later
  • Industrial Ethernet 5000 Series Switches running Cisco IOS Software Release 15.2(8)E2 or later
  • Optical Site Manager
  • RV340 Dual WAN Gigabit VPN Routers
  • SD-WAN vEdge Cloud Routers
  • SD-WAN vEdge Routers

 

Please refer to the link below for detail:

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

Microsoft Edge 多個漏洞

發佈日期: 2024年09月27日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、彷冒、遠端執行任意程式碼及繞過保安限制。

影響

  • 阻斷服務
  • 遠端執行程式碼
  • 繞過保安限制
  • 仿冒

受影響之系統或技術

  • Microsoft Edge (Stable) 129.0.2792.65 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

  • 更新至 Microsoft Edge (Stable) 129.0.2792.65 或之後版本

漏洞識別碼

資料來源

相關連結

沒有留言:

Microsoft Edge Multiple Vulnerabilities

Release Date: 27 Sep 2024

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, remote code execution and security restriction bypass on the targeted system.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Microsoft Edge (Stable) prior to 129.0.2792.65

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to Microsoft Edge (Stable) version 129.0.2792.65 or later

Vulnerability Identifier

Source

Related Link

沒有留言:

PHP 多個漏洞

發佈日期: 2024年09月27日

風險: 中度風險

類型: 伺服器 - 互聯網應用伺服器

於 PHP 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發資料篡改及繞過保安限制。

影響

  • 繞過保安限制
  • 篡改

受影響之系統或技術

  • PHP 8.3.12 之前的版本
  • PHP 8.2.24 之前的版本
  • PHP 8.1.30 之前的版本

解決方案

在安裝軟體之前,請先瀏覽軟體供應商之網站,以獲得更多詳細資料。

 

供應商已提供修補程式:

  • PHP 8.3.12
  • PHP 8.2.24
  • PHP 8.1.30

漏洞識別碼

資料來源

相關連結

沒有留言:

PHP Multiple Vulnerabilities

Release Date: 27 Sep 2024

RISK: Medium Risk

TYPE: Servers - Internet App Servers

Multiple vulnerabilities were identified in PHP. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation and security restriction bypass on the targeted system.

Impact

  • Security Restriction Bypass
  • Data Manipulation

System / Technologies affected

  • PHP version prior to 8.3.12
  • PHP version prior to 8.2.24
  • PHP version prior to 8.1.30

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

The vendor has issued a fix: 

  • PHP 8.3.12
  • PHP 8.2.24
  • PHP 8.1.30

Vulnerability Identifier

Source

Related Link

沒有留言:

2024年9月26日星期四

Citrix 產品阻斷服務漏洞

發佈日期: 2024年09月26日

風險: 中度風險

類型: 操作系統 - Network

於 Citrix 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況。

 

影響

  • 阻斷服務

受影響之系統或技術

  • XenServer 8
  • Citrix Hypervisor 8.2 CU1 LTSR

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

Citrix Products Denial of Service Vulnerabilities

Release Date: 26 Sep 2024

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition on the targeted system.

 

Impact

  • Denial of Service

System / Technologies affected

  • XenServer 8
  • Citrix Hypervisor 8.2 CU1 LTSR

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

Google Chrome 多個漏洞

發佈日期: 2024年09月26日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、彷冒、遠端執行任意程式碼及繞過保安限制。

影響

  • 阻斷服務
  • 遠端執行程式碼
  • 仿冒
  • 繞過保安限制

受影響之系統或技術

  • Google Chrome 129.0.6668.70 (Linux) 之前的版本
  • Google Chrome 129.0.6668.70/.71 (Mac) 之前的版本
  • Google Chrome 129.0.6668.70/.71 (Windows) 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

  • 升級 129.0.6668.70 (Linux) 或之後的版本
  • 升級 129.0.6668.70/.71 (Mac) 或之後的版本
  • 升級 129.0.6668.70/.71 (Windows) 或之後的版本

漏洞識別碼

資料來源

相關連結

沒有留言:

Google Chrome Multiple Vulnerabilities

Release Date: 26 Sep 2024

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, remote code execution and security restriction bypass on the targeted system.

Impact

  • Denial of Service
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Google Chrome prior to 129.0.6668.70 (Linux)
  • Google Chrome prior to 129.0.6668.70/.71(Mac)
  • Google Chrome prior to 129.0.6668.70/.71 (Windows)

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to version 129.0.6668.70 (Linux) or later
  • Update to version 129.0.6668.70/.71 (Mac) or later
  • Update to version 129.0.6668.70/.71 (Windows) or later

Vulnerability Identifier

Source

Related Link

沒有留言:

2024年9月23日星期一

F5 產品多個漏洞

發佈日期: 2024年09月23日

風險: 中度風險

類型: 操作系統 - Network

於 F5 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料及繞過保安限制。

 

影響

  • 阻斷服務
  • 繞過保安限制
  • 資料洩露

受影響之系統或技術

BIG-IP Next Central Manager

  • 20.2.0 - 20.2.1

 

BIG-IP Next SPK

  • 1.7.0 - 1.9.2

 

BIG-IP Next CNF

  • 1.1.0 - 1.3.1

 

F5OS-A

  • 1.7.0
  • 1.5.1 - 1.5.2

F5OS-C

  • 1.6.0 - 1.6.2

Traffix SDC

  • 5.1.0

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

F5 Products Multiple Vulnerabilities

Release Date: 23 Sep 2024

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and security restriction bypass on the targeted system.

 

Impact

  • Denial of Service
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

BIG-IP Next Central Manager

  • 20.2.0 - 20.2.1

 

BIG-IP Next SPK

  • 1.7.0 - 1.9.2

 

BIG-IP Next CNF

  • 1.1.0 - 1.3.1

 

F5OS-A

  • 1.7.0
  • 1.5.1 - 1.5.2

F5OS-C

  • 1.6.0 - 1.6.2

Traffix SDC

  • 5.1.0

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

2024年9月20日星期五

Microsoft Edge 多個漏洞

發佈日期: 2024年09月20日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、彷冒、遠端執行任意程式碼及跨網站指令碼。

影響

  • 遠端執行程式碼
  • 阻斷服務
  • 跨網站指令碼
  • 仿冒

受影響之系統或技術

  • Microsoft Edge (Stable) 129.0.2792.52 之前的版本
  • Microsoft Edge (Extended Stable) 128.0.2739.90 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

  • 更新至 Microsoft Edge (Stable) 129.0.2792.52 或之後版本
  • 更新至 Microsoft Edge (Extended Stable) 128.0.2739.90 或之後版本

漏洞識別碼

資料來源

相關連結

沒有留言:

Microsoft Edge Multiple Vulnerabilities

Release Date: 20 Sep 2024

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, remote code execution and cross-site scripting on the targeted system.

Impact

  • Remote Code Execution
  • Denial of Service
  • Cross-Site Scripting
  • Spoofing

System / Technologies affected

  • Microsoft Edge (Stable) prior to 129.0.2792.52
  • Microsoft Edge (Extended Stable) prior to 128.0.2739.90

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to Microsoft Edge (Stable) version 129.0.2792.52 or later
  • Update to Microsoft Edge (Extended Stable) version 128.0.2739.90 or later

Vulnerability Identifier

Source

Related Link

沒有留言:

2024年9月19日星期四

蘋果產品多個漏洞

發佈日期: 2024年09月19日

風險: 中度風險

類型: 操作系統 - 流動裝置及操作系統

於蘋果產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、彷冒、洩露敏感資料、資料篡改、跨網站指令碼及繞過保安限制。

影響

  • 阻斷服務
  • 權限提升
  • 繞過保安限制
  • 資料洩露
  • 篡改
  • 仿冒
  • 跨網站指令碼

受影響之系統或技術

  • iOS 18 及 iPadOS 18 以前的版本
  • macOS Sequoia 15 以前的版本
  • tvOS 18 以前的版本
  • watchOS 11 以前的版本
  • visionOS 2 以前的版本
  • Safari 18 以前的版本
  • Xcode 16 以前的版本
  • iOS 17.7 及 iPadOS 17.7 以前的版本
  • macOS Sonoma 14.7 以前的版本
  • macOS Ventura 13.7 以前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝供應商提供的修補程式:

 

  • iOS 18 及 iPadOS 18 
  • macOS Sequoia 15 
  • tvOS 18 
  • watchOS 11 
  • visionOS 2 
  • Safari 18
  • Xcode 16
  • iOS 17.7 及 iPadOS 17.7
  • macOS Sonoma 14.7 
  • macOS Ventura 13.7 

漏洞識別碼

資料來源

相關連結

沒有留言:
訂閱: 文章 (Atom)

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標 發佈日期: 2025年05月02日 類別: ...

  • Ubuntu Linux 核心多個漏洞
    Ubuntu Linux 核心多個漏洞 發佈日期: 2025年03月03日 風險: 中度風險 類型: 操作系統 - LINUX 於 Ubuntu...
  • Debian Linux 內核多個漏洞
    Debian Linux 內核多個漏洞 發佈日期: 2025年04月14日 風險: 中度風險 類型: 操作系統 - LINUX 於 Debian...