【雲智維資安預警通知】漏洞分享 - Veeam產品存在多個漏洞Veeam產品存在多個漏洞,將允許遠端攻擊者利用這些漏洞,於目標系統觸發繞過身份驗證、遠端執行程式碼及權限提升。受影響之系統/漏洞描述:Veeam Backup & ReplicationCVE編號:CVE-2024-40711、CVE-2024-40713、CVE-2024-40710、CVE-2024-39718、CVE-2024-40714、CVE-2024-40712漏洞描述:Veeam Backup & Replication存在多種漏洞,將允許攻擊者在易受影響之系統進行攻擊,並導致遠端執行代碼、繞過多因子驗證、存取敏感資訊(憑證、密碼)。影響系統/版本: Veeam Backup & Replication 12.1.2.172 and all earlier version 12 builds。Veeam Agent for LinuxCVE編號:CVE-2024-40709漏洞描述:Veeam Agent for Linux存在漏洞,將允許取得低權限的攻擊者在易受影響系統上進行提權。影響系統/版本:Veeam Agent for Linux 6.1.2.1781 and all earlier version 6 builds。Veeam ONECVE編號:CVE-2024-42024、CVE-2024-42019、CVE-2024-42023、CVE-2024-42021、CVE-2024-42022、CVE-2024-42020漏洞描述:Veeam ONE存在多種漏洞,將允許攻擊者於易受影響之系統利用該漏洞,並導致遠端執行程式碼、存取NTLM hash、存取機敏資料、更改檔案配置、執行HTML Injection。影響系統/版本:Veeam ONE 12.1.0.3208 and all earlier version 12 builds。Veeam Service Provider ConsoleCVE編號:CVE-2024-38650、CVE-2024-39714、CVE-2024-39715、CVE-2024-38651漏洞描述:Veeam Service Provider Console存在多種漏洞,將允許攻擊者於易受影響之系統利用該漏洞,並導致遠端執行程式碼、任意上傳檔案。影響系統/版本:Veeam Service Provider Console 8.0.0.19552 and all earlier version 8 builds。Veeam Backup for Nutanix AHV、Veeam Backup for Oracle Linux Virtualization Manager and Red Hat VirtualizationCVE編號:CVE-2024-40718漏洞描述:Veeam Backup for Nutanix AHV & Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization存在漏洞,將允許取的低權限的攻擊者,透過利用SSRF漏洞,進而提升權限。影響系統/版本:Veeam Backup for Nutanix AHV Plug-In 12.5.1.8 and all earlier verion 12 builds。Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In 12.4.1.45 and all earlier version 12 builds。https://www.kjintelligent.com/hot_499035.html[資安漏洞通知] Veeam2024-09-182025-09-18
【雲智維資安預警通知】
漏洞分享 - Google Chrome 存在多個漏洞
Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、篡改及遠端執行任意程式碼。受影響之系統/漏洞描述:Google Chrome 128.0.6613.119 (Linux) 之前的版本Google Chrome 128.0.6613.119/.120 (Mac) 之前的版本Google Chrome 128.0.6613.119/.120 (Windows) 之前的版本
漏洞分享 - 三星產品存在多個漏洞
三星產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及洩露敏感資料。受影響之系統/漏洞描述:Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930
漏洞分享 - Ubuntu Linux 內核存在多個漏洞
Ubuntu Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況。受影響之系統/漏洞描述:Ubuntu 18.04 ESM
漏洞分享 - RedHat Linux核心存在多個漏洞
RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料、繞過身份驗證及仿冒。受影響之系統/漏洞描述:Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.2 aarch64Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.2 s390xRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.2 ppc64leRed Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.2 x86_64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390xRed Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64leRed Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64Red Hat Enterprise Linux Server - AUS 8.4 x86_64Red Hat Enterprise Linux Server - AUS 9.2 x86_64Red Hat Enterprise Linux Server - TUS 8.4 x86_64Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
漏洞分享 - SUSE Linux 內核存在多個漏洞
SUSE Linux 內核存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發繞過身份驗證。受影響之系統/漏洞描述:Basesystem Module 15-SP5openSUSE Leap 15.5openSUSE Leap Micro 5.5SUSE Linux Enterprise Desktop 15 SP5SUSE Linux Enterprise High Performance Computing 15 SP5SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Real Time 15 SP5SUSE Linux Enterprise Server 15 SP5SUSE Linux Enterprise Server for SAP Applications 15 SP5
漏洞分享 - 兆勤揭露無線基地台和資安路由器設備存在命令注入漏洞
於9月3日兆勤科技(Zyxel Networks)發布資安公告,其說明旗下部分部分Wi-Fi路由器設備存在重大層級漏洞(CVE-2024-7261),導致原因是在於路由器CGI程式,host參數的特殊元素出現處理不當(improper neutralization),故讓攻擊者有機會藉由發送特定cookie並在未經授權下執行作業系統命令。https://www.kjintelligent.com/hot_498345.html[資安漏洞通知] Google Chrome、三星、Ubuntu Linux、RedHat Linux、SUSE Linux、兆勤2024-09-182025-09-18