RSS HKCERT

  • VMWare Products Multiple Vulnerabilities October 31, 2025
    Multiple vulnerabilities were identified in VMware products.  A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, sensitive information disclosure and security restriction bypass on the targeted system.   Note: CVE-2025-41244 is actively exploited in the wild. ... Impact Information Disclosure Security Restriction Bypass Elevation of Privilege System / Technologies affected VMware Aria […]
  • Apache Products Multiple Vulnerabilities October 30, 2025
    Multiple vulnerabilities were identified in Apache products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing and security restriction bypass on the targeted system. Impact Denial of Service Security Restriction Bypass Spoofing System / Technologies affected Apache Tomcat versions from 9.0.0.M1 to 9.0.109 Apache Tomcat versions from 10.1.0-M1 […]
  • Mozilla Firefox Remote Code Execution Vulnerability October 30, 2025
    A vulnerability was identified in Mozilla Firefox . A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Impact Remote Code Execution System / Technologies affected Versions prior to:   Firefox 144.0.2 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by […]
  • Google Chrome Multiple Vulnerabilities October 30, 2025
    Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, security restriction bypass, spoofing and remote code execution on the targeted system. Impact Remote Code Execution Information Disclosure Security Restriction Bypass Spoofing System / Technologies affected Google Chrome prior to 142.0.7444.59 (Linux) Google Chrome […]
  • ISC BIND Multiple Vulnerabilities October 23, 2025
    Multiple vulnerabilities were identified in ISC BIND. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, data manipulation and security restriction bypass on the targeted system.   Note: Proof of Concept exploit code is publicly available for CVE... Impact Denial of Service Data Manipulation Security Restriction Bypass Spoofing System […]
  • Google Chrome Remote Code Execution Vulnerability October 23, 2025
    A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger denial of service condition and remote code execution on the targeted system. Impact Remote Code Execution Denial of Service System / Technologies affected Google Chrome prior to 141.0.7390.122 (Linux) Google Chrome prior to 141.0.7390.122/.123  (Mac) Google Chrome prior to 141.0.7390.122/.123  (Windows) Solutions […]
  • GitLab Multiple Vulnerabilities October 23, 2025
    Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, denial of service condition and security restriction bypass on the targeted system. Impact Denial of Service Security Restriction Bypass Information Disclosure Remote Code Execution System / Technologies affected GitLab Community Edition (CE) versions […]
  • Oracle Products Multiple Vulnerabilities October 22, 2025
    Multiple vulnerabilities were identified in Oracle Products, a remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, denial of service condition, remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system. Impact Denial of Service Remote Code Execution Security Restriction Bypass Information Disclosure Elevation of Privilege Data […]
  • Microsoft Edge Remote Code Execution Vulnerability October 21, 2025
    A vulnerability was identified in Microsoft Edge. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.     Impact Remote Code Execution System / Technologies affected Microsoft Edge Stable Channel version prior to 141.0.3537.85 Solutions Before installation of the software, please visit the software vendor web-site for more […]
  • Squid Information Disclosure Vulnerability October 20, 2025
    A vulnerability was identified in Squid. A remote user could exploit this vulnerability to trigger sensitive information disclosure and security restriction bypass on the targeted system. Impact Information Disclosure Security Restriction Bypass System / Technologies affected Squid versions 7 below 7.2   Solutions Before installation of the software, please visit the official vendor web-site for more details.   […]