RSS HKCERT

  • Mozilla Products Multiple Vulnerabilities April 30, 2025
    Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, elevation of privilege, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system. Impact Elevation of Privilege Remote Code Execution Information Disclosure Security Restriction Bypass Cross-Site Scripting System / Technologies affected Versions […]
  • Google Chrome Multiple Vulnerabilities April 30, 2025
    Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass and sensitive information disclosure on the targeted system. Impact Security Restriction Bypass Information Disclosure System / Technologies affected Google Chrome prior to 136.0.7103.59 (Linux) Google Chrome prior to 136.0.7103.48/49 (Mac) Google Chrome prior to 136.0.7103.48/49 (Windows) Solutions […]
  • Apache Tomcat Multiple Vulnerabilities April 30, 2025
    Multiple vulnerabilities were identified in Apache Tomcat. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass and denial of service condition on the targeted system. Impact Denial of Service Security Restriction Bypass System / Technologies affected Apache Tomcat version 11.0.0-M2 to 11.0.5 Apache Tomcat version 10.1.10 to 10.1.39 Apache Tomcat version 9.0.76 to 9.0.102 Solutions Before […]
  • GitLab Multiple Vulnerabilities April 24, 2025
    Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, cross-site scripting, sensitive information disclosure and security restriction bypass on the targeted system. Impact Denial of Service Security Restriction Bypass Information Disclosure Cross-Site Scripting System / Technologies affected GitLab Community Edition (CE) versions prior […]
  • Erlang/OTP Remote Code Execution Vulnerability April 23, 2025
    A vulnerability has been identified in Erlang/OTP.  A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.   Note: Proof Of Concept exploit code is publicly available for CVE-2025-32433. The vulnerability allows for unauthenticated remote... Impact Remote Code Execution System / Technologies affected Versions equal or prior to OTP-27.3.2 […]
  • Microsoft Edge Multiple Vulnerabilities April 22, 2025
    Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system.   Impact Remote Code Execution Denial of Service System / Technologies affected Microsoft Edge version prior to 135.0.3179.85 Solutions Before installation of the software, please […]
  • SonicWall Products Remote Code Execution Vulnerability April 22, 2025
    A vulnerability was identified in SonicWall Products.  A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.   Note: Exploit in the wild has been detected for CVE-2021-20035 that allows remote code execution in certain... Impact Remote Code Execution System / Technologies affected SonicWall SMA 100 Series (SMA 200, SMA 210, SMA […]
  • F5 Products Denial of Service Vulnerability April 22, 2025
    A vulnerability was identified in F5 Products, a remote attacker could exploit this vulnerabilities to trigger denial of service on the targeted system.   Note: No patch is currently available for  CVE-2025-26466 of the affected products. Hence, the risk... Impact Denial of Service System / Technologies affected BIG-IP Next (all modules) version 20.2.0 - 20.3.0 BIG-IP Next […]
  • Cisco Products Multiple Vulnerabilities April 22, 2025
    Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and remote code execution on the targeted system. Impact Remote Code Execution Information Disclosure System / Technologies affected Cisco Webex App Release 44.6 and 44.7 Cisco Secure Network Analytics Release 7.5.0, 7.5.1 and 7.5.2 […]
  • ChromeOS Multiple Vulnerabilities April 21, 2025
    Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, spoofing, elevation of privilege and denial of service condition on the targeted system. Impact Security Restriction Bypass Denial of Service Spoofing Elevation of Privilege System / Technologies affected ChromeOS version 16209.50.0 (Browser version 135.0.7049.104) Solutions Before installation of […]