風險: 中度風險
類型: 伺服器 - 其他伺服器
於 GitLab 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、繞過保安限制及敏感資料洩露。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit these vulnerabilities to trigger denial of service, elevation of privilege, security restriction bypass, and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in F5 Products, attacker can exploit this vulnerability to trigger denial of service condition and data manipulation on the targeted system.
Note:
No patch or mitigation is currently available for CVE-2023-34410 and CVE-2023-32573 of the affected products. Hence, the risk level is rated as High Risk.
BIG-IP (all modules)
風險: 中度風險
類型: 伺服器 - 互聯網應用伺服器
於 Jenkins 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發繞過保安限制、跨網站指令碼及阻斷服務。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, cross-site scripting and denial of service on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發跨網站指令碼、阻斷服務狀況、敏感資料洩露、遠端執行任意程式碼、繞過保安限制、篡改及彷冒。
以下版本之前的版本﹕
在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。
更新至版本:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, denial of service condition, sensitive information disclosure, remote code execution, security restriction bypass, data manipulation and spoofing on the targeted system.
Versions prior to:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - LINUX
於 Debian Linux 內核發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及洩露敏感資料。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in Debian Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and spoofing on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 QNAP NAS 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及資料篡改。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and data manipulation on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 Drupal Core 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發跨網站指令碼、遠端執行程式碼、繞過保安限制及資料篡改。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
注意:10.2 之前的所有 Drupal 10 版本均已結束生命週期,供應商已停止為這些產品提供修補程式。 (Drupal 8 和 Drupal 9 版本生命週期已結束。)
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in Drupal Core. A remote attacker could exploit these vulnerabilities to trigger cross-site scripting, remote code execution, security restriction bypass and data manipulation on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Note: All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in PHP. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, sensitive information disclosure and security restriction bypass on the targeted system.
Before installation of the software, please visit the software manufacturer web-site for more details.
The vendor has issued a fix:
風險: 極高度風險
類型: 操作系統 - 流動裝置及操作系統
於蘋果產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼及跨網站指令碼。
注意:
CVE-2024-44308 和 CVE-2024-44309 已被廣泛利用。攻擊者可以分別通過特製的惡意網頁內容,利用這些漏洞實現任意程式碼執行和跨網站腳本攻擊。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Extremely High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and cross-site scripting on the targeted system.
Note:
CVE-2024-44308 and CVE-2024-44309 are actively exploited in the wild. Attacker can exploit these vulnerabilities to achieve arbitrary code execution and cross-site scripting attack through malicious crafted web content respectively.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發阻斷服務狀況。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 網站伺服器
於 Apache Tomcat 發現多個漏洞,遠端攻擊者可利用這些漏洞,於目標系統觸發繞過保安限制、跨網站指令碼及資料洩露。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Web Servers
Multiple vulnerabilities were identified in Apache Tomcat, a remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, cross-site scripting and information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 高度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於 Palo Alto PAN-OS 發現多個漏洞,遠端攻擊者可利用這些漏洞,於目標系統觸發權限提升及繞過保安限制。
注意:CVE-2024-0012 和 CVE-2024-9474 已被廣泛利用。
CVE-2024-9474 允許擁有管理 web 介面存取權限的 PAN-OS 管理員,以根權限在防火牆上執行動作。
CVE-2024-0012 可讓未認證的攻擊者透過網路存取管理 Web 介面,取得 PAN-OS 管理員權限,以執行管理動作、竄改組態或利用其他認證權限升級漏洞 (如 CVE-2024-9474)。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Palo Alto PAN-OS. A remote user could exploit these vulnerabilities to trigger elevation of privilege and security restriction bypass on the targeted system.
Note: CVE-2024-0012 and CVE-2024-9474 are actively exploited in the wild.
CVE-2024-9474 allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
CVE-2024-0012 enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474.
Before installation of the software, please visit the vendor web-site for more details.
風險: 中度風險
類型: 操作系統 - Network
於 Ruckus 產品發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發遠端執行任意程式碼漏洞。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
注意: 所有停止支援的產品,不會再獲得保安更新。
Note: No CVE information is available for this vulnerability
