2025年7月4日星期五

Citrix XenServer 阻斷服務漏洞

Citrix XenServer 阻斷服務漏洞

發佈日期: 2025年07月04日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 Citrix XenServer 發現一個漏洞。遠端攻擊者可利用此漏洞,於目標系統觸發阻斷服務狀況。

影響

  • 阻斷服務

受影響之系統或技術

  • XenServer 8.4

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

Citrix XenServer Denial of Service Vulnerability

Citrix XenServer Denial of Service Vulnerability

Release Date: 4 Jul 2025

RISK: Medium Risk

TYPE: Servers - Other Servers

A vulnerability was identified in Citrix XenServer. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

Impact

  • Denial of Service

System / Technologies affected

  • XenServer 8.4

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

2025年7月2日星期三

Google Chrome 產品篡改漏洞

Google Chrome 產品篡改漏洞

發佈日期: 2025年07月02日

風險: 高度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發篡改及洩露敏感資料。

 

注意:

CVE-2025-6554 正被廣泛利用。遠端攻擊者可利用這個漏洞,於目標系統觸發篡改及洩露敏感資料。因此,風險等級被評為高度風險。

影響

  • 資料洩露
  • 篡改

受影響之系統或技術

  • Google Chrome 138.0.7204.92 (Linux) 之前的版本
  • Google Chrome 138.0.7204.92/.93 (Mac) 之前的版本
  • Google Chrome 138.0.7204.96/.97 (Windows) 之前的版本
  • Google Chrome 138.0.7204.63 (Android) 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

  • 更新至 138.0.7204.92 (Linux) 或之後版本
  • 更新至 138.0.7204.92/.93 (Mac) 或之後版本
  • 更新至 138.0.7204.96/.97 (Windows) 或之後版本
  • 更新至 138.0.7204.63 (Android) 或之後版本

漏洞識別碼

資料來源

相關連結

沒有留言:

Google Chrome Data Manipulation Vulnerability

Google Chrome Data Manipulation Vulnerability

Release Date: 2 Jul 2025

RISK: High Risk

TYPE: Clients - Browsers

A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger data manipulation and sensitive information disclosure on the targeted system.

 

Note:

CVE-2025-6554 is being exploited in the wild. A remote attacker could exploit this vulnerability to trigger data manipulation and sensitive information disclosure on the targeted system. Hence, the risk level is rated as High Risk.

Impact

  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • Google Chrome prior to 138.0.7204.92 (Linux)
  • Google Chrome prior to 138.0.7204.92/.93 (Mac)
  • Google Chrome prior to 138.0.7204.96/.97 (Windows)
  • Google Chrome prior to 138.0.7204.63 (Android)

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to version 138.0.7204.92 (Linux) or later
  • Update to version 138.0.7204.92/.93 (Mac) or later
  • Update to version 138.0.7204.96/.97 (Windows) or later
  • Update to version 138.0.7204.63 (Android) or later

Vulnerability Identifier

Source

Related Link

沒有留言:

Microsoft Edge 多個漏洞

Microsoft Edge 多個漏洞

發佈日期: 2025年07月02日

風險: 高度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發篡改及洩露敏感資料。

 

注意:

CVE-2025-6554 正被廣泛利用。遠端攻擊者可利用這個漏洞,於目標系統觸發篡改及洩露敏感資料。因此,風險等級被評為高度風險。

影響

  • 資料洩露
  • 篡改

受影響之系統或技術

  • Microsoft Edge 138.0.3351.65 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

  • 更新至 138.0.3351.65 或之後版本

漏洞識別碼

資料來源

相關連結

沒有留言:

Microsoft Edge Multiple Vulnerabilities

Microsoft Edge Multiple Vulnerabilities

Release Date: 2 Jul 2025

RISK: High Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation and sensitive information disclosure on the targeted system.

 

Note:

CVE-2025-6554 is being exploited in the wild. A remote attacker could exploit this vulnerability to trigger data manipulation and sensitive information disclosure on the targeted system. Hence, the risk level is rated as High Risk.

 

Impact

  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • Microsoft Edge version prior to 138.0.3351.65

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to version 138.0.3351.65 or later

Vulnerability Identifier

Source

Related Link

沒有留言:

RedHat Linux 核心多個漏洞

RedHat Linux 核心多個漏洞

發佈日期: 2025年07月02日

風險: 中度風險

類型: 操作系統 - LINUX

於 RedHat Linux核心發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、洩露敏感資料、阻斷服務狀況、資料篡改、權限提升及繞過保安限制。

 

影響

  • 阻斷服務
  • 權限提升
  • 繞過保安限制
  • 資料洩露
  • 遠端執行程式碼
  • 篡改

受影響之系統或技術

  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 10 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat OpenShift Container Platform 4.19 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.19 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform for ARM 64 4.19 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.19 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.19 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.19 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for Power 4.19 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.19 for RHEL 9 ppc64le

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

沒有留言:

RedHat Linux Kernel Multiple Vulnerabilities

RedHat Linux Kernel Multiple Vulnerabilities

Release Date: 2 Jul 2025

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in RedHat Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, denial of service condition, data manipulation, elevation of privilege and security restriction bypass on the targeted system.

Impact

  • Denial of Service
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure
  • Remote Code Execution
  • Data Manipulation

System / Technologies affected

  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 10 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat OpenShift Container Platform 4.19 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.19 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform for ARM 64 4.19 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.19 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.19 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.19 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for Power 4.19 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.19 for RHEL 9 ppc64le

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

SUSE Linux 內核多個漏洞

SUSE Linux 內核多個漏洞

發佈日期: 2025年07月02日

風險: 中度風險

類型: 操作系統 - LINUX

於 SUSE Linux 內核發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行程式碼、阻斷服務狀況、洩露敏感資料及繞過保安限制。

影響

  • 遠端執行程式碼
  • 阻斷服務
  • 資料洩露
  • 繞過保安限制

受影響之系統或技術

  • openSUSE Leap 15.3
  • openSUSE Leap 15.4
  • openSUSE Leap 15.5
  • openSUSE Leap 15.6
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  • SUSE Linux Enterprise Live Patching 15-SP3
  • SUSE Linux Enterprise Live Patching 15-SP4
  • SUSE Linux Enterprise Live Patching 15-SP5
  • SUSE Linux Enterprise Live Patching 15-SP6
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Micro 5.3
  • SUSE Linux Enterprise Micro 5.4
  • SUSE Linux Enterprise Micro 5.5
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Real Time 15 SP5
  • SUSE Linux Enterprise Real Time 15 SP6
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server 15 SP5 LTSS
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP6
  • SUSE Linux Micro 6.1

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

SUSE Linux Kernel Multiple Vulnerabilities

SUSE Linux Kernel Multiple Vulnerabilities

Release Date: 2 Jul 2025

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, sensitive information disclosure and security restriction bypass on the targeted system.

Impact

  • Remote Code Execution
  • Denial of Service
  • Information Disclosure
  • Security Restriction Bypass

System / Technologies affected

  • openSUSE Leap 15.3
  • openSUSE Leap 15.4
  • openSUSE Leap 15.5
  • openSUSE Leap 15.6
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  • SUSE Linux Enterprise Live Patching 15-SP3
  • SUSE Linux Enterprise Live Patching 15-SP4
  • SUSE Linux Enterprise Live Patching 15-SP5
  • SUSE Linux Enterprise Live Patching 15-SP6
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Micro 5.3
  • SUSE Linux Enterprise Micro 5.4
  • SUSE Linux Enterprise Micro 5.5
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Real Time 15 SP5
  • SUSE Linux Enterprise Real Time 15 SP6
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server 15 SP5 LTSS
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP6
  • SUSE Linux Micro 6.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:
訂閱: 文章 (Atom)

Citrix XenServer 阻斷服務漏洞

Citrix XenServer 阻斷服務漏洞 發佈日期: 2025年07月04日 風險: 中度風險 類型: 伺服器 - 其他伺服器 於 Cit...