360 网络安全响应中心 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
4ad53fb76838f4a82d7e011825d5934b | CVE-2023-29059 | 2023-03-31 07:37:06 ![]() |
CVE-2023-29059:3CXDesktop App 代码执行漏洞通告 | 详情 |
c8989d2e807ceb53d24ad02bd54fbe60 | CVE-2023-22809 | 2023-03-30 08:49:36 | CVE-2023-22809:Sudo权限提升漏洞通告 | 详情 |
55fd37b2456c87556f03a593901b743a | 2023-03-27 08:47:34 | 安全事件周报 2023-03-20 第12周 | 详情 | |
c571983fae71cfe11b5bb86c67159080 | CVE-2023-28432 | 2023-03-23 09:46:17 | MinIO信息泄露漏洞通告 | 详情 |
96f44e31e7ad34d978d34d8fa828b8a5 | CVE-2023-20860 | 2023-03-22 09:19:30 | CVE-2023-20860:Spring Framework身份验证绕过漏洞通告 | 详情 |
464f9bbd749d9b7e63993ae0384582d1 | 2023-03-20 07:23:23 | 安全事件周报 2023-03-13 第11周 | 详情 | |
f3125d3ed890f0d54c88b1ded2feee81 | CVE-2023-23397 | 2023-03-17 02:06:29 | Microsoft Outlook权限提升漏洞通告 | 详情 |
2401d255767cdbab18ab0add4cda39f8 | 2023-03-15 08:13:10 | 2023-03 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
ae733c9e19d8a91d1e36ae4ef7dbcdde | CVE-2023-23638 | 2023-03-14 07:05:15 | CVE-2023-23638:Apache Dubbo反序列化漏洞通告 | 详情 |
f5c4a287130244d1e00dc124d7d36c78 | 2023-03-13 07:48:11 | 安全事件周报 2023-03-06 第10周 | 详情 | |
0ff6a0a7187480b2f5160f7e877b6e7b | CVE-2023-21768 | 2023-03-10 08:45:13 | CVE-2023-21768:Windows Ancillary Function 本地权限提升漏洞通告 | 详情 |
02017e32ba80b6610ea0ebe823a8307c | CVE-2023-25610 | 2023-03-10 08:41:35 | CVE-2023-25610:FortiOS / FortiProxy 远程代码执行漏洞通告 | 详情 |
5b0b816d287d6b909f202e0ae78dd4f2 | CVE-2023-21768 | 2023-03-10 08:04:10 | CVE-2023-21768:Windows Ancillary Function Driver for WinSock 权限提升漏洞通告 | 详情 |
3f300836f1101aac33c8a0d2e3a13b15 | CVE-2023-27898 | 2023-03-09 08:30:01 | CVE-2023-27898/27905:Jenkins跨站脚本漏洞通告 | 详情 |
e789b5055a4a30fd3f2f81447efc91c0 | CVE-2023-21716 | 2023-03-07 09:38:55 | Microsoft Word 远程代码执行漏洞通告 | 详情 |
62f500b7a9dc87c0935c4a1ac8f0c990 | 2023-03-06 09:25:36 | Smartbi远程命令执行漏洞通告 | 详情 | |
45330254ad5d2642f0fa82225aefaefb | 2023-03-06 08:02:09 | 安全事件周报 2023-02-27 第9周 | 详情 | |
8111f2d99a389337e2d5c308e941c8e5 | 2023-03-06 07:23:41 | 安全事件周报 2023-02-27 第9周 | 详情 | |
98a5b68d96d5541e9781ff32ec966a13 | CVE-2023-0050 | 2023-03-03 07:22:27 | CVE-2023-0050:GitLab跨站脚本漏洞通告 | 详情 |
0b4545f346ae941fb86499887e937bfa | 2023-02-27 06:56:34 | 安全事件周报 (02.20-02.26) | 详情 | |
24580b4fb69a1db8407211e2cb3464c9 | 2023-02-24 08:21:55 | 泛微e-cology9 SQL注入漏洞通告 | 详情 | |
4d1dee02cae7d8cde565f47645ac229b | CVE-2023-20858 | 2023-02-23 07:15:41 | CVE-2023-20858:VMware Carbon Black App Control 远程代码执行漏洞通告 | 详情 |
bd7e6380055dd5778eb26c10474562a1 | CVE-2023-23752 | 2023-02-21 08:50:11 | CVE-2023-23752:Joomla未授权访问漏洞通告 | 详情 |
5209a8ffed474d179b8a882d62ec3a80 | CVE-2023-24998 | 2023-02-21 08:02:29 | CVE-2023-24998:Apache Commons FileUpload拒绝服务漏洞通告 | 详情 |
e4126033e6653e8f5d84595554a2ba3a | CVE-2023-23752 | 2023-02-21 07:01:19 | CVE-2023-23752:Joomla未授权访问漏洞通告 | 详情 |
90fffab9d66d505311596a71af6abbb9 | 2023-02-20 09:55:02 | 安全事件周报 (02.13-02.19) | 详情 | |
920484737cd9fc0121ce5697641c88f8 | CVE-2021-42756 | 2023-02-20 08:20:26 | CVE-2021-42756/CVE-2022-39952:Fortinet 多个漏洞通告 | 详情 |
ab482fa4d4be6a2f06a3f918ef245b7f | CVE-2023-25725 | 2023-02-17 07:03:52 | HAProxy请求走私漏洞通告 | 详情 |
e38bcb9d859fdc4496254a7425d4d8bc | 2023-02-15 07:13:41 | 2023-02 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
0df664a9520ae1e14777320ae303a2ed | CVE-2023-23529 | 2023-02-14 07:40:35 | CVE-2023-23529:Apple WebKit任意代码执行漏洞通告 | 详情 |
Tenable (Nessus) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
e18c2e6fdbc4a6f2354ee59d5ee4e0c2 | CVE-2023-1790 | 2023-04-01 09:15:00 ![]() |
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724. | 详情 |
a04f0c0d03e5f912e255e917ac4ad671 | CVE-2023-0198 | 2023-04-01 05:15:00 ![]() |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. | 详情 |
c20b093044388e29befe56e7b3e65e45 | CVE-2023-0197 | 2023-04-01 05:15:00 ![]() |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service. | 详情 |
10c1aeac49005a25e29b86dd5e5cebeb | CVE-2023-0195 | 2023-04-01 05:15:00 ![]() |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver | 详情 |
25db4d1614d395ddbd7abd34db9a2000 | CVE-2023-0194 | 2023-04-01 05:15:00 ![]() |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. | 详情 |
9d242e7c68ac63a178fbddc5405b2260 | CVE-2023-0192 | 2023-04-01 05:15:00 ![]() |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. | 详情 |
e40704393b9e3f4a56ae2bdb907bf9b2 | CVE-2023-0191 | 2023-04-01 05:15:00 ![]() |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. | 详情 |
882db94653bf83eea4f7a9b8003dfb9d | CVE-2023-0189 | 2023-04-01 05:15:00 ![]() |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 详情 |
6c0aa5a132d4d40e1048d8958df99da0 | CVE-2023-0188 | 2023-04-01 05:15:00 ![]() |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. | 详情 |
087277e6f09bb93f912243e21f0a8e6f | CVE-2023-0187 | 2023-04-01 05:15:00 ![]() |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. | 详情 |
d7a478df17d9e78334381495920e3b41 | CVE-2023-0208 | 2023-04-01 04:15:00 ![]() |
NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. | 详情 |
8b58b754340f593c3bcebe46e0a2585e | CVE-2023-1789 | 2023-04-01 02:15:00 ![]() |
Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. | 详情 |
f38d68c489ecff8e5584db7e6e332544 | CVE-2023-28845 | 2023-03-31 23:15:00 ![]() |
Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability. | 详情 |
95387da0e38ca45c05c337977fa45567 | CVE-2023-28844 | 2023-03-31 23:15:00 ![]() |
Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 详情 |
c2763574908bd16447adc0faa0bd702b | CVE-2023-28645 | 2023-03-31 23:15:00 ![]() |
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud. | 详情 |
fac9e169445903cb79c8559de10e3c4f | CVE-2023-26485 | 2023-03-31 23:15:00 ![]() |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. ### Impact A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. ### Proof of concept ``` $ ~/cmark-gfm$ python3 -c 'pad = "_" * 100000; print(pad + "." + pad, end="")' | time ./build/src/cmark-gfm --to plaintext ``` Increasing the number 10000 in the above commands causes the running time to increase quadratically. ### Patches This vulnerability have been patched in 0.29.0.gfm.10. ### Note on cmark and cmark-gfm XXX: TBD [cmark-gfm](https://github.com/github/cmark-gfm) is a fork of [cmark](https://github.com/commonmark/cmark) that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both `cmark` and `cmark-gfm`. ### Credit We would like to thank @gravypod for reporting this vulnerability. ### References https://en.wikipedia.org/wiki/Time_complexity ### For more information If you have any questions or comments about this advisory: * Open an issue in [github/cmark-gfm](https://github.com/github/cmark-gfm) | 详情 |
9fb03b31e9366e64fbd4ce9a06365e10 | CVE-2023-24824 | 2023-03-31 23:15:00 ![]() |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. | 详情 |
0cda98f8f9df66f8b398780598224964 | CVE-2022-47192 | 2023-03-31 22:15:00 ![]() |
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password. | 详情 |
8532304c93e5dd8f407d403bee101c68 | CVE-2022-47191 | 2023-03-31 22:15:00 ![]() |
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. | 详情 |
78bceb72d5da92157d7995ea5d04431a | CVE-2022-47190 | 2023-03-31 22:15:00 ![]() |
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | 详情 |
9d5d4699821213cb62fd2e913847cc71 | CVE-2022-47189 | 2023-03-31 22:15:00 ![]() |
Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. | 详情 |
06b6b684419003d7b5042ec6f4d6abd7 | CVE-2022-47188 | 2023-03-31 22:15:00 ![]() |
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. | 详情 |
e7ed87d114b5396b18720522254833d2 | CVE-2023-27163 | 2023-03-31 20:15:00 ![]() |
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. | 详情 |
f5c87d0ed0030a4b4338cb6d18f62649 | CVE-2023-27162 | 2023-03-31 20:15:00 ![]() |
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. | 详情 |
7ef0ade01ceee2907fe2c1d4ae02e018 | CVE-2023-26858 | 2023-03-31 20:15:00 ![]() |
SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. | 详情 |
592e3e63c33896cf802c78f31457f9d8 | CVE-2023-1785 | 2023-03-31 20:15:00 ![]() |
A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700. | 详情 |
91ffef8b036fd1b6e898778eb7bc7700 | CVE-2023-1784 | 2023-03-31 20:15:00 ![]() |
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699. | 详情 |
88d08b21c6ea57532b32cdd1a286a229 | CVE-2022-4899 | 2023-03-31 20:15:00 ![]() |
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. | 详情 |
848579f26907f7c43b9ee2987a527949 | CVE-2023-29141 | 2023-03-31 19:15:00 ![]() |
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. | 详情 |
a4c39bdfe14d39a32d4219f861ddd5ab | CVE-2023-29140 | 2023-03-31 19:15:00 ![]() |
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted. | 详情 |
国家信息安全漏洞共享平台(CNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
8686fda9b2b49e4e1666b54e2248f935 | CNVD-2021-74882 | 2021-11-14 16:43:52 | 四创科技有限公司建站系统存在SQL注入漏洞 | 详情 |
8f6972d84ad188b05ff9cc14d4334949 | CNVD-2021-87021 (CVE-2020-4690) | 2021-11-12 12:43:14 | IBM Security Guardium硬编码凭证漏洞 | 详情 |
3bfe7b053a0c59d8a3d38c18f86aa143 | CNVD-2021-87022 (CVE-2021-38870) | 2021-11-12 12:43:12 | IBM Aspera跨站脚本漏洞 | 详情 |
a4649bb17f4db4d1c7f879ebceb46ed0 | CNVD-2021-87011 (CVE-2021-29753) | 2021-11-12 12:43:11 | IBM Business Automation Workflow存在未明漏洞 | 详情 |
094c613f9ed4b8b9d887dc912789043c | CNVD-2021-87025 (CVE-2021-20563) | 2021-11-12 12:43:10 | IBM Sterling File Gateway信息泄露漏洞 | 详情 |
41c47f01a4c65dcb6efc9ebf483fe762 | CNVD-2021-87010 (CVE-2021-38887) | 2021-11-12 12:43:08 | IBM InfoSphere Information Server信息泄露漏洞 | 详情 |
f51d33e7a09fd61ca90ede453515a830 | CNVD-2021-87016 (CVE-2021-29764) | 2021-11-12 12:43:07 | IBM Sterling B2B Integrator跨站脚本漏洞 | 详情 |
33615a5f78df822e82e6d3436045c48c | CNVD-2021-87026 (CVE-2021-38877) | 2021-11-12 12:43:06 | IBM Jazz for Service Management跨站脚本漏洞 | 详情 |
8e729177bcb4105dd831fb1e123ed1bb | CNVD-2021-87014 (CVE-2021-29679) | 2021-11-12 12:43:04 | IBM Cognos Analytics远程代码执行漏洞 | 详情 |
1a3b856f78e9fbdca12aeddc7d665aca | CNVD-2021-87029 (CVE-2021-29752) | 2021-11-12 12:43:03 | IBM Db2信息泄露漏洞 | 详情 |
6f1aa3a0cb819d97519baa47fd0232d5 | CNVD-2021-87015 (CVE-2021-29745) | 2021-11-12 12:43:02 | IBM Cognos Analytics权限提升漏洞 | 详情 |
cbcb12f5f51d6e7d6d8a9fa581aa863a | CNVD-2021-73908 | 2021-11-11 16:42:44 | 泛微e-cology存在SQL注入漏洞 | 详情 |
ae6fd467da55de31aa7219187cf5c2d4 | CNVD-2021-86904 (CVE-2021-20351) | 2021-11-11 08:31:46 | IBM Engineering跨站脚本漏洞 | 详情 |
412a15b40959ed9cf9330ee79f99e079 | CNVD-2021-86903 (CVE-2021-31173) | 2021-11-11 08:31:44 | Microsoft SharePoint Server信息泄露漏洞 | 详情 |
1cbc5d5faac431d3e82c9e5ea9588b5f | CNVD-2021-86902 (CVE-2021-31172) | 2021-11-11 08:31:43 | Microsoft SharePoint欺骗漏洞 | 详情 |
686c7cfb20933b41c3d679cbba79a2ad | CNVD-2021-86901 (CVE-2021-31181) | 2021-11-11 08:31:42 | Microsoft SharePoint远程代码执行漏洞 | 详情 |
72fdfb2d44c0d41d638e4632bdfc10b8 | CNVD-2021-86900 (CVE-2021-3561) | 2021-11-11 08:31:41 | fig2dev缓冲区溢出漏洞 | 详情 |
3ba6f0e9394f9414e2cadb9495e2d5f5 | CNVD-2021-85884 (CVE-2021-41210) | 2021-11-10 07:24:57 | Google TensorFlow堆分配数组越界读取漏洞 | 详情 |
4d8c4744ea972fb2fcb9673fea1fc7b7 | CNVD-2021-85883 (CVE-2021-41226) | 2021-11-10 07:24:56 | Google TensorFlow堆越界访问漏洞 | 详情 |
8778f9cd924cae585ca5e2e0b8be3b3f | CNVD-2021-85882 (CVE-2021-41224) | 2021-11-10 07:24:54 | Google TensorFlow堆越界访问漏洞 | 详情 |
e1b2722e6d5c509c680b584416d9cb20 | CNVD-2021-85881 (CVE-2021-42770) | 2021-11-10 07:24:53 | OPNsense跨站脚本漏洞 | 详情 |
ed09c9fa5586e2d4d9b4e95fe3b447a0 | CNVD-2021-85880 (CVE-2021-28024) | 2021-11-10 07:24:52 | ServiceTonic访问控制不当漏洞 | 详情 |
8a642f0922f7f915e81b2b947276a96c | CNVD-2021-85879 (CVE-2021-28023) | 2021-11-10 07:24:50 | ServiceTonic任意文件上传漏洞 | 详情 |
c00b061c2cfdee4016a869a188135db5 | CNVD-2021-85878 (CVE-2021-28022) | 2021-11-10 07:24:49 | ServiceTonic SQL注入漏洞 | 详情 |
9c4b20a28ad2bd4ab916448f0e1272bd | CNVD-2021-85877 (CVE-2021-32483) | 2021-11-10 07:24:48 | Cloudera Manager不正确访问控制漏洞 | 详情 |
4d4423857b7b1f38e49738f00e8949ba | CNVD-2021-85876 (CVE-2021-32481) | 2021-11-10 07:24:46 | Cloudera Hue跨站脚本漏洞 | 详情 |
6b12b7fc216d603e8e07351603851c86 | CNVD-2021-85875 (CVE-2021-29994) | 2021-11-10 07:24:45 | Cloudera Hue跨站脚本漏洞 | 详情 |
72894fb3a3538de240d2f6810aae63c9 | CNVD-2021-85892 (CVE-2021-42701) | 2021-11-10 02:38:27 | DAQFactory中间人攻击漏洞 | 详情 |
94a1f99a64ba24540cc1594d0a0b3152 | CNVD-2021-85893 (CVE-2021-42699) | 2021-11-10 02:38:26 | DAQFactory明文传输漏洞 | 详情 |
5d9bac33be8f2f88391f6de02fb89c73 | CNVD-2021-85894 (CVE-2021-42698) | 2021-11-10 02:38:24 | DAQFactory反序列化漏洞 | 详情 |
国家信息安全漏洞库(CNNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
56358b73280e18ed2eaf62bf4b7fba5f | CNNVD-202210-1696 (CVE-2021-44776) | 2022-10-24 13:13:44 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
07eddc3a7e5e3731956c02a50f538970 | CNNVD-202210-1697 (CVE-2021-26732) | 2022-10-24 13:13:42 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
4b051d50f18e2bb4a1f272b12f873223 | CNNVD-202210-1698 (CVE-2021-26731) | 2022-10-24 13:13:40 | Lanner IAC-AST2500A 缓冲区错误漏洞 | 详情 |
0d79d7ad89e7b6f52a89de2e3762a492 | CNNVD-202210-1699 (CVE-2021-42010) | 2022-10-24 13:13:38 | Apache Heron 注入漏洞 | 详情 |
9596051a8fb75da90bf94bd495b53e94 | CNNVD-202210-1700 (CVE-2021-26733) | 2022-10-24 13:13:36 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
883bec62dd4552d68130c0f925873e93 | CNNVD-202210-1701 (CVE-2022-42432) | 2022-10-24 13:13:34 | Linux kernel 安全漏洞 | 详情 |
755328fe5484ce3f71a4940d10f50b34 | CNNVD-202210-1702 (CVE-2021-44769) | 2022-10-24 13:13:31 | Lanner IAC-AST2500A 输入验证错误漏洞 | 详情 |
9c53a984103cd446d6e447c12c9c66c6 | CNNVD-202210-1703 (CVE-2021-44467) | 2022-10-24 13:13:29 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
30dfa903ed49845732fc6cef266206e9 | CNNVD-202210-1704 (CVE-2022-41974) | 2022-10-24 13:13:27 | Red Hat device-mapper-multipath 安全漏洞 | 详情 |
9c6324677d17c72db81aec2e1797791f | CNNVD-202210-1705 (CVE-2022-41973) | 2022-10-24 13:13:25 | Red Hat device-mapper-multipath 安全漏洞 | 详情 |
4ec5a4ccefd5879e573cd53c2123dd3a | CNNVD-202210-1612 (CVE-2022-39272) | 2022-10-22 13:10:57 | Flux2 安全漏洞 | 详情 |
c3846b92a4965777ef3e53a1f4618717 | CNNVD-202210-1600 (CVE-2022-3646) | 2022-10-21 13:11:18 | Linux kernel 安全漏洞 | 详情 |
9a761144255ce6f90bb54e219ea40282 | CNNVD-202210-1601 (CVE-2022-34438) | 2022-10-21 13:11:15 | Dell PowerScale OneFS 安全漏洞 | 详情 |
44290d228b51ffbf0aab6efd4d6e678e | CNNVD-202210-1602 (CVE-2022-31239) | 2022-10-21 13:11:13 | Dell PowerScale OneFS 安全漏洞 | 详情 |
9ca9cbb2a337c33899bcdf19d91d7d78 | CNNVD-202210-1603 (CVE-2022-34437) | 2022-10-21 13:11:11 | Dell PowerScale OneFS 安全漏洞 | 详情 |
0a96e1daad10fc7b842abaa350831db2 | CNNVD-202210-1605 (CVE-2022-26870) | 2022-10-21 13:11:09 | Dell EMC PowerStore 安全漏洞 | 详情 |
35f41caeb97feaaa8373f4dbbbd7a249 | CNNVD-202210-1606 (CVE-2020-5355) | 2022-10-21 13:11:06 | Dell EMC Isilon OneFS 安全漏洞 | 详情 |
d314bbe34de68aa67eddd75a9f4ce40c | CNNVD-202210-1609 (CVE-2022-3649) | 2022-10-21 13:11:04 | Linux kernel 资源管理错误漏洞 | 详情 |
351642a659185d5b0604973397c7fa3b | CNNVD-202210-1610 (CVE-2022-39259) | 2022-10-21 13:11:02 | Skylot Jadx 安全漏洞 | 详情 |
ebbdab47bb0184312da10141d7d010e7 | CNNVD-202210-1611 (CVE-2022-23462) | 2022-10-21 13:10:59 | Softmotions IOWOW 安全漏洞 | 详情 |
8c86f10ec92b3124f4395faa27ee8ae3 | CNNVD-202210-1517 (CVE-2022-29477) | 2022-10-20 13:11:07 | Adobe Iota 信任管理问题漏洞 | 详情 |
3c33a32472c03f27b2b606714eb74e0a | CNNVD-202210-1518 (CVE-2022-36966) | 2022-10-20 13:11:02 | SolarWinds Platform 安全漏洞 | 详情 |
280b662d6c30e683e90c26748fa86a26 | CNNVD-202210-1519 (CVE-2022-36958) | 2022-10-20 13:10:53 | SolarWinds Platform 代码问题漏洞 | 详情 |
1d1787e08b1093c5bd9723a8b9465e0f | CNNVD-202210-1520 (CVE-2022-27805) | 2022-10-20 13:10:47 | Adobe Iota 访问控制错误漏洞 | 详情 |
632da31aee8b02c08d2e63767809782a | CNNVD-202210-1521 (CVE-2022-36957) | 2022-10-20 13:10:44 | SolarWinds Platform 安全漏洞 | 详情 |
28743e448b695bd2eee529e66954d3c4 | CNNVD-202210-1522 (CVE-2022-3623) | 2022-10-20 13:10:36 | Linux kernel 竞争条件问题漏洞 | 详情 |
92679bd487d2a90451cf297905a8f3c3 | CNNVD-202210-1523 (CVE-2022-32586) | 2022-10-20 13:10:34 | Adobe Iota 操作系统命令注入漏洞 | 详情 |
bcd4eca45c95707bab85d60a3c30d643 | CNNVD-202210-1524 (CVE-2022-3619) | 2022-10-20 13:10:32 | Linux kernel 安全漏洞 | 详情 |
95cdab65f668ebae996fbf3df854d1e9 | CNNVD-202210-1525 (CVE-2022-3620) | 2022-10-20 13:10:27 | Exim 资源管理错误漏洞 | 详情 |
9e701d3b09a7f774ceea498474bc4d40 | CNNVD-202210-1526 (CVE-2022-3621) | 2022-10-20 13:10:25 | Linux kernel 安全漏洞 | 详情 |
奇安信 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
45ab4afdafe578698bcfccccd65d833e | yt | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
74691465618764c64d52a2ff58013ac4 | yt | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 | |
6bd01daffa85191c80698354fc8e252f | wt | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 | |
7010355bb6ffff38cb1a885acf784ca7 | ft | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 | |
5edb21a58a7e21692bd0ddd622d39279 | St | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 | |
f749eac58b87d0954f0e4a84b5d67057 | CVE-2020-1350 | 2020-07-15 15:57:00 | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 |
90b93cb7073fe73b17746ac166a09637 | CVE-2020-6819, CVE-2020-6820 | 2020-04-08 10:34:35 | QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 | 详情 |
e318a5efa4803b50cdef480b90b1784d | 2020-03-25 13:58:51 | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
cffc3035f7899495cfeae521451f91b2 | CVE-2020-0796 | 2020-03-12 10:32:09 | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 |
3e6175d47d17c6f94bd9ba10d81c3717 | CVE-2020-0674 | 2020-03-02 14:52:46 | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 |
d99d073afb7d248a8a62fb068921997f | CVE-2020-0601 | 2020-01-15 14:11:41 | QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 | 详情 |
b7b45b14a3af1225ef6eec72d74964df | CVE-2019-1367 | 2019-09-25 17:23:00 | QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 | 详情 |
504fc79f0123db109a11b149c334b75c | CVE-2019-0708 | 2019-09-09 10:20:47 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
5b727692d583d4a6e7cdb0f670eac12a | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 | 2019-08-14 11:09:05 | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 |
54b48d765fccbc8dcfa3de0920459f8d | CVE-2019-11707 | 2019-06-19 16:53:47 | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 |
5b4d5fea09fbc2dca45be53f162d39de | CVE-2019-0708 | 2019-05-31 17:03:19 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
安全客 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
03afa8b4eaf4a0160784152fca5465b2 | CVE-2021-27308 | 2021-07-11 14:22:05 | 4images 跨站脚本漏洞 | 详情 |
8b0ace4c54a7fc20a99d21e294152a99 | CVE-2020-15261 | 2021-07-11 14:22:05 | Veyon Service 安全漏洞 | 详情 |
d4f12de949590ab346b61986a29d8b4d | CVE-2021-35039 | 2021-07-09 17:30:13 | Linux kernel 安全漏洞 | 详情 |
f790e7ef3b5de3774d42ee32b9b10c01 | CVE-2021-34626 | 2021-07-09 17:30:13 | WordPress 访问控制错误漏洞 | 详情 |
71bf261eb2113d5ff870ab9bafd29f55 | CVE-2021-25952 | 2021-07-09 17:30:13 | just-safe-set 安全漏洞 | 详情 |
152793cbc104933584f5f227606f433d | CVE-2021-0597 | 2021-07-09 17:30:13 | Google Android 信息泄露漏洞 | 详情 |
75f153c327984fdfdd2d9c463a91371d | CVE-2021-34430 | 2021-07-09 17:30:13 | Eclipse TinyDTLS 安全特征问题漏洞 | 详情 |
9610336f1a41241cc8edea22a2780ec5 | CVE-2021-3638 | 2021-07-09 17:30:13 | QEMU 安全漏洞 | 详情 |
92fe450ae5c5dfa48072aca79d64ba63 | CVE-2021-34614 | 2021-07-09 14:24:32 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
680a4218fc32922746717210664a3d62 | CVE-2021-22144 | 2021-07-09 13:28:16 | Elasticsearch 安全漏洞 | 详情 |
373930f669f2c1f7b61101a925304779 | CVE-2021-24022 | 2021-07-09 13:28:16 | Fortinet FortiManager 安全漏洞 | 详情 |
8556f9cd0699f88c1f6cca9a43463bdd | CVE-2021-33012 | 2021-07-09 13:28:16 | Allen Bradley Micrologix 1100输入验证错误漏洞 | 详情 |
480ae713cc88cc0985e1ebc079974d83 | CVE-2021-0592 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8ef4dbefa6604ea2312621401c3ec0b9 | CVE-2021-1598 | 2021-07-09 13:28:16 | Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 | 详情 |
d6e8714c32df7a0dcc2f3910ec68b42d | CVE-2021-20782 | 2021-07-09 13:28:16 | Software License Manager 跨站请求伪造漏洞 | 详情 |
4e60b22611b8bb0fd7e532896498af29 | CVE-2021-20781 | 2021-07-09 13:28:16 | WordPress 跨站请求伪造漏洞 | 详情 |
5ca48ad58fb499c069ae0800c3b39875 | CVE-2021-32961 | 2021-07-09 13:28:16 | MDT AutoSave代码问题漏洞 | 详情 |
2ed854890b43f08e52340a1e8fe6d39f | CVE-2021-0577 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8d63110e1475bbd245715b2ee1824d13 | CVE-2021-31816 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
72bef2ae2f5db7dd066e1cdefa618dc5 | CVE-2021-31817 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
1f7369b2609dbd2cd40d091f7de540cd | CVE-2020-20217 | 2021-07-09 13:28:16 | Mikrotik RouterOs 安全漏洞 | 详情 |
1793176eecc5813c3348f026dc9909c9 | CVE-2020-28598 | 2021-07-09 13:28:16 | PrusaSlicer 安全漏洞 | 详情 |
7f4cf34ceb545548dcfcc3c0e7120268 | CVE-2021-32945 | 2021-07-09 13:28:16 | MDT AutoSave加密问题漏洞 | 详情 |
58553eb00d6e3e83b633f09464c4e98a | CVE-2021-29712 | 2021-07-09 13:28:16 | IBM InfoSphere Information Server 跨站脚本漏洞 | 详情 |
d8e27ec42fb0b89998fcc006f49b249b | CVE-2021-25432 | 2021-07-09 13:28:16 | Samsung Members 信息泄露漏洞 | 详情 |
8f2adc6c247725bf2eb7f53256c93ea7 | CVE-2021-25433 | 2021-07-09 13:28:16 | Samsung Tizen安全漏洞 | 详情 |
8f949676124339eb6f64f9c607af5470 | CVE-2021-25431 | 2021-07-09 13:28:16 | Samsung Mobile Device Cameralyzer 访问控制错误漏洞 | 详情 |
069818a8958f9c158fcb0956ee32fc03 | CVE-2021-25434 | 2021-07-09 13:28:16 | Samsung Tizen 代码注入漏洞 | 详情 |
55b9126220b9722ff5d730d3996877e9 | CVE-2021-32949 | 2021-07-09 13:28:16 | MDT AutoSave 路径遍历漏洞 | 详情 |
ebab009fffdee3d360dcdff74b0ed061 | CVE-2021-25435 | 2021-07-09 13:28:16 | Samsung Tizen代码注入漏洞 | 详情 |
斗象 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
096b6298d82574500dc1a14c9dba4065 | CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 | 2022-07-15 00:38:28 | 微软2022年7月补丁日漏洞通告 | 详情 |
6018f718b2d751478bf1ce069ac65f0d | CVE-2022-2185 | 2022-07-01 09:02:05 | GitLab 远程代码执行漏洞(CVE-2022-2185) | 详情 |
844719cf0bb4843aff73d2f33cc6dd0b | CVE-2022-30190, CVE-2022-30136 | 2022-06-15 05:48:12 | 微软2022年6月补丁日漏洞通告 | 详情 |
8b47000e1abfbacdadb7df6f09152d89 | CVE-2022-26134 | 2022-06-03 05:48:38 | Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) | 详情 |
eebe93468b36d2ca24cf4b82136a5635 | CVE-2022-30190 | 2022-05-31 13:57:17 | Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) | 详情 |
95525e3f5907a776dc7cd4f87f2e2154 | 2022-05-23 07:11:04 | Fastjson 反序列化漏洞 | 详情 | |
945fd6e612634d9721f861833f1ecb75 | CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 | 2022-05-11 03:45:48 | 微软2022年5月补丁日漏洞通告 | 详情 |
e2938ff82d0cc152508e0240697def4c | CVE-2022-1388 | 2022-05-06 05:53:04 | F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) | 详情 |
bcf7253d2ee580c618737de137d370c4 | CVE-2022-29464 | 2022-04-22 02:21:17 | WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) | 详情 |
07c09799b08afb04c63a9de750b70aca | CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 | 2022-04-13 07:51:00 | 微软2022年4月补丁日漏洞通告 | 详情 |
f5b543501ed5679d423411edac502e24 | CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 | 2022-04-08 03:49:31 | VMware 产品多个高危漏洞通告 | 详情 |
f421bcdb306e2bc1ffbf58fcb024a0dd | 2022-03-29 17:11:30 | Spring 框架远程代码执行漏洞 | 详情 | |
0473358d95e58c7c3f2e7db0109f56f4 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 | |
a888c948ca1172f8a06a3879479f1de4 | CVE-2022-22965 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 |
71ed541bb737196268b75c7ba435e1a9 | 2022-03-28 04:57:30 | Spring Cloud Function SpEL表达式注入漏洞 | 详情 | |
f7a5dcd376be777c6593a29b8ebd411a | CVE-2022-0778 | 2022-03-18 07:09:22 | OpenSSL拒绝服务漏洞(CVE-2022-0778) | 详情 |
6c4124fed44906a79843cd2dd383c695 | CVE-2022-0847 | 2022-03-15 03:32:03 | Linux Kernel本地提权漏洞(CVE-2022-0847) | 详情 |
a2795e4829bff16f108cf191eba663c3 | CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 | 2022-03-11 02:14:56 | 微软2022年3月补丁日漏洞通告 | 详情 |
d09f0641bf65c64a16d802cd78e14097 | CVE-2022-0847 | 2022-03-08 08:23:08 | Linux 内核本地提权漏洞(CVE-2022-0847) | 详情 |
69052e2a8c09416f5df674f92cba25a6 | CVE-2022-22947 | 2022-03-02 11:42:55 | Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) | 详情 |
5f42b6f584a9ace426787dc8dfd6e6e5 | 2022-02-16 10:44:18 | 向日葵远程命令执行漏洞(CNVD-2022-10270) | 详情 | |
79556071f6236ab4674f75b3beee4d79 | CVE-2022-24112 | 2022-02-11 06:13:35 | Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) | 详情 |
485f2c57713f4a39830e8c2d01e43cfe | CVE-2021-4034 | 2022-01-26 06:19:16 | Linux Polkit 权限提升漏洞(CVE-2021-4034) | 详情 |
0aa6eab412c0318b74c6a470ee774df1 | CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 | 2022-01-12 03:44:50 | 微软2022年1月补丁日漏洞通告 | 详情 |
88a8c676b52a739c0335d7c21ca810a9 | 2022-01-06 08:19:17 | MeterSphere 远程代码执行漏洞 | 详情 | |
9cd742f4839806e40f42c6e7ea492590 | 2021-12-28 10:31:16 | APISIX Dashboard 未授权访问漏洞风险通告(CVE-2021-45232) | 详情 | |
76cad61d2d5a8750a6a714ab2c6dbc97 | CVE-2021-45232 | 2021-12-28 10:31:16 | Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) | 详情 |
af4f5f63390eb00de8705b5029d8c376 | CVE-2021-44228, CVE-2021-45046 | 2021-12-14 01:56:52 | Apache Log4j 远程代码执行漏洞 | 详情 |
43456ae172e45c12087c40c03d925e0e | CVE-2021-44228 | 2021-12-11 03:21:34 | Apache Log4j 远程代码执行漏洞 | 详情 |
392b133d98d6f61aee36ce6c8784f4df | 2021-12-09 15:20:54 | Apache Log4j 远程代码执行漏洞 | 详情 |
红后 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
8f90b1c5ee2683604ab2a28d9c92b434 | CVE-2021-43312 | 2023-03-31 20:22:43 ![]() |
UPX_PROJECT UPX Vulnerability | 详情 |
103609a0f0521ba3fe331cccc7419488 | CVE-2022-38745 | 2023-03-31 20:22:37 ![]() |
APACHE OPENOFFICE Vulnerability | 详情 |
a2fb3f477a9e295c8464e30ced7652aa | CVE-2021-43311 | 2023-03-31 20:22:32 ![]() |
UPX_PROJECT UPX Vulnerability | 详情 |
5039a501f20cd682b341cdf03b3e755a | CVE-2021-43315 | 2023-03-31 20:22:25 ![]() |
UPX_PROJECT UPX Vulnerability | 详情 |
98f37e33c797a3a872d358f912dc5bd4 | CVE-2021-43313 | 2023-03-31 20:22:19 ![]() |
UPX_PROJECT UPX Vulnerability | 详情 |
6cdeba08a614bbcdfec3a314506af559 | CVE-2021-43314 | 2023-03-31 20:22:12 ![]() |
UPX_PROJECT UPX Vulnerability | 详情 |
78de597007daf9a66d599918a7911c6d | CVE-2021-43317 | 2023-03-31 20:22:05 ![]() |
UPX_PROJECT UPX Vulnerability | 详情 |
e8d8f052b5b39eb2d24008f6e4b4699c | CVE-2021-43316 | 2023-03-31 20:21:59 ![]() |
UPX_PROJECT UPX Vulnerability | 详情 |
4e6c229fed4b1f7ac116f4f5c44b4827 | CVE-2022-20467 | 2023-03-31 20:21:52 ![]() |
GOOGLE ANDROID Vulnerability | 详情 |
567f63268db066de881cdb7a29f1c957 | CVE-2022-42498 | 2023-03-31 20:21:46 ![]() |
GOOGLE ANDROID Vulnerability | 详情 |
53b690a28d2ea5e77b307af5c3938c95 | CVE-2023-22257 | 2023-03-30 20:19:12 | ADOBE Multiple product Vulnerability | 详情 |
b19d7328e6d72b567acb2e4e8fc05e7d | CVE-2023-22260 | 2023-03-30 20:18:59 | ADOBE Multiple product Vulnerability | 详情 |
bbe4700a9d0a09788c3442e35fa28218 | CVE-2023-22263 | 2023-03-30 20:18:39 | ADOBE Multiple product Vulnerability | 详情 |
b750b6e45ac7eabaab8e6bf300e889c7 | CVE-2023-1578 | 2023-03-27 20:15:48 | PIMCORE PIMCORE Vulnerability | 详情 |
14b405203a13b260ceb4c02fd813ebe2 | CVE-2022-4095 | 2023-03-27 20:15:26 | LINUX LINUX_KERNEL Vulnerability | 详情 |
f4ec00f87612b2f5a10f3754bb4920d5 | CVE-2023-1281 | 2023-03-27 20:15:14 | LINUX LINUX_KERNEL Vulnerability | 详情 |
e25299fe365efd88f565a37cb606e1fb | CVE-2023-22253 | 2023-03-27 20:14:47 | ADOBE Multiple product Vulnerability | 详情 |
f44197baed3cf9e9e86a11a554ddcaae | CVE-2023-22252 | 2023-03-26 20:14:56 | ADOBE Multiple product Vulnerability | 详情 |
3aea705a7dda1b3476c1f290afd1e7cd | CVE-2023-21616 | 2023-03-26 20:14:50 | ADOBE Multiple product Vulnerability | 详情 |
02c0d5fa18dbf41c94c1573123aa6ca0 | CVE-2023-22256 | 2023-03-26 20:14:43 | ADOBE Multiple product Vulnerability | 详情 |
bca3008ce57a7d623ab6066418107524 | CVE-2023-22254 | 2023-03-26 20:14:37 | ADOBE Multiple product Vulnerability | 详情 |
43d27ef5f528e333a8a5c9ac7d7dfe0a | CVE-2023-22259 | 2023-03-26 20:14:30 | ADOBE Multiple product Vulnerability | 详情 |
36ed4a170d1dfb5b6e3f2b3d9885ac87 | CVE-2023-22258 | 2023-03-26 20:14:24 | ADOBE Multiple product Vulnerability | 详情 |
e7bef22d5ba20873684169da2a070084 | CVE-2023-22262 | 2023-03-26 20:14:17 | ADOBE Multiple product Vulnerability | 详情 |
25c1e98d5b9f56a67e137e79e5506723 | CVE-2023-22261 | 2023-03-26 20:14:11 | ADOBE Multiple product Vulnerability | 详情 |
0402f712b5e0b21dddd780c48e20264a | CVE-2023-22265 | 2023-03-26 20:14:04 | ADOBE Multiple product Vulnerability | 详情 |
9a08eefa9c6c8d02d2b8fc81162e68d3 | CVE-2023-21615 | 2023-03-26 20:13:58 | ADOBE Multiple product Vulnerability | 详情 |
fc84d8494981a72a0c15a499d519a8bb | CVE-2023-1429 | 2023-03-25 20:18:51 | PIMCORE PIMCORE Vulnerability | 详情 |
5d1b1ab3c409333c63237ab6ff74bcd1 | CVE-2023-27130 | 2023-03-25 20:18:39 | TYPECHO TYPECHO Vulnerability | 详情 |
02800cd9328c8e97995315edff908ba0 | CVE-2023-28100 | 2023-03-25 20:18:12 | FLATPAK FLATPAK Vulnerability | 详情 |
绿盟 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
0a693651f16cc76acae7181beb9b639d | CVE-2022-45867 | 2023-03-31 09:23:10 ![]() |
MyBB路径遍历漏洞 | 详情 |
f2b7c4881bd01fda315a7230f5b4e75a | CVE-2022-42471 | 2023-03-31 09:23:10 ![]() |
Fortinet FortiWeb HTTP响应标头注入漏洞 | 详情 |
4aa39080d5b1af1396dde14fcfc20c5f | CVE-2022-45143 | 2023-03-31 09:23:10 ![]() |
Apache Tomcat注入漏洞 | 详情 |
dd6b9e1dd7ca747216d8804d6979431f | CVE-2023-0640 | 2023-03-31 09:23:10 ![]() |
TRENDnet TEW-652BRP命令注入漏洞 | 详情 |
0593493522338132997b14a16aa155f0 | CVE-2023-0639 | 2023-03-31 09:23:10 ![]() |
TRENDnet TEW-652BRP跨站脚本漏洞 | 详情 |
3a061574b21ff2402c00687e068afbb6 | CVE-2023-22456 | 2023-03-31 09:23:10 ![]() |
ViewVC跨站脚本漏洞 | 详情 |
5c715b1a215056d07f1b284eaecaf5a7 | CVE-2023-23119 | 2023-03-31 09:23:10 ![]() |
Ubiquiti airFiber AF2X Radio固件修改漏洞 | 详情 |
e5089f26e3223ef66bca5dea9d21a98e | CVE-2023-0637 | 2023-03-31 09:23:10 ![]() |
TRENDnet TEW-811DRU内存破坏漏洞 | 详情 |
b8fb3ada4ae26a352a0e8fe2f1dcdda5 | CVE-2022-48079 | 2023-03-31 09:23:10 ![]() |
Monnai aaPanel访问控制错误漏洞 | 详情 |
afae849b7246873ca223924da04e8aed | CVE-2022-41336 | 2023-03-31 09:23:10 ![]() |
Fortinet FortiPortal跨站脚本漏洞 | 详情 |
772fe6ad94b81ae915b438d0eb3823f1 | CVE-2022-46604 | 2023-03-31 09:23:10 ![]() |
Tecrail Responsive FileManager任意代码执行漏洞 | 详情 |
485536fccffbcb10161e682ec9e49174 | CVE-2022-22486 | 2023-03-31 09:23:10 ![]() |
IBM Tivoli Workload Scheduler XML外部实体注入漏洞 | 详情 |
e3c382d10057904fbeab45da0d80689e | CVE-2023-24574 | 2023-03-31 09:23:10 ![]() |
Dell Enterprise SONiC OS不受控制的资源消耗漏洞 | 详情 |
0066be12dbcb6f57eac69fd481cb86b1 | CVE-2023-0253 | 2023-03-31 09:23:10 ![]() |
WordPress Plugin Real Media Library跨站脚本漏洞 | 详情 |
40ecd547bb228c7dd0437e7d36e4326f | CVE-2022-3560 | 2023-03-31 09:23:10 ![]() |
pesign路径遍历漏洞 | 详情 |
566dc9ace3e396821a7704df772229b7 | CVE-2022-43665 | 2023-03-31 07:21:31 ![]() |
ESTsoft Alyac拒绝服务漏洞 | 详情 |
6e495e01997937778f84a1af62924570 | CVE-2023-0749 | 2023-03-30 07:21:31 | WordPress Ocean Extra Plugin跨站脚本漏洞 | 详情 |
a9989e237afbff3ab9003c3f16f8b06e | CVE-2023-27063 | 2023-03-30 07:21:31 | Tenda W15E缓冲区溢出漏洞 | 详情 |
861ff2120eddc743c338d2602ad6e3a6 | CVE-2023-0066 | 2023-03-30 07:21:31 | WordPress Companion Sitemap Generator Plugin跨站脚本漏洞 | 详情 |
0afbf567c66986a590911fc4a7ed12ab | CVE-2022-45782 | 2023-03-30 07:21:31 | dotCMS core忘记口令恢复机制弱漏洞 | 详情 |
2855838858c70d06985c28a86993974c | CVE-2022-3614 | 2023-03-30 07:21:31 | Octopus Deploy开放重定向漏洞 | 详情 |
8236a90ef4d55daa0cfae8ac26c4ab5a | CVE-2023-0038 | 2023-03-30 07:21:31 | WordPress Survey Maker Plugin跨站脚本漏洞 | 详情 |
177e7c2f25e0f18cb3eb0d8d0b14efa5 | CVE-2022-4109 | 2023-03-30 07:21:31 | WordPress Wholesale Market for WooCommerce Plugin路径遍历漏洞 | 详情 |
089731755e480ce5862081eb79435137 | CVE-2022-40740 | 2023-03-30 07:21:31 | Realtek GPON Router操作系统命令注入漏洞 | 详情 |
b357bf402a59310db292785f9c99dc7f | CVE-2022-31364 | 2023-03-30 07:21:31 | Cypress Bluetooth Mesh SDK越界写入漏洞 | 详情 |
e864211884137c69d8d1e8fc4a79425f | CVE-2022-31363 | 2023-03-30 07:21:31 | Cypress Bluetooth Mesh SDK越界写入漏洞 | 详情 |
c71b68d9fde6e3ba1e5d985fc3bcc07f | CVE-2022-45783 | 2023-03-30 07:21:31 | dotCMS core目录遍历漏洞 | 详情 |
46766aa391026c5f920bd33c8089e59e | CVE-2023-22326 | 2023-03-30 07:21:31 | F5 BIG-IP权限分配错误漏洞 | 详情 |
e9687ad1c3c83c0a11c7b7e3195753d8 | CVE-2022-39042 | 2023-03-30 07:21:31 | aEnrich a+HRD身份验证错误漏洞 | 详情 |
ac65e1f8821f3740d936aeaeb2b2ef10 | CVE-2022-4359 | 2023-03-30 07:21:31 | WordPress WP RSS By Publishers Plugin SQL注入漏洞 | 详情 |
美国国家漏洞数据库(NVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
a6602af107af95d4b796792b1eea4032 | CVE-2023-1575 | 2023-03-29 15:15:07 | The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 详情 |
f7cbe4193206552e4431f9b24b110dd6 | CVE-2023-1400 | 2023-03-27 16:15:09 | The Modern Events Calendar Lite WordPress plugin through 5.16.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 详情 |
4618cdb61ef66ed727b302839a228974 | CVE-2023-24840 | 2023-03-27 04:15:10 | HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database. | 详情 |
cc8a847fe297795e96959e34241a2a39 | CVE-2023-24839 | 2023-03-27 04:15:09 | HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack. | 详情 |
97b5fa763694c5b044668b335ab18dbc | CVE-2023-1457 | 2023-03-25 21:15:06 | ** DISPUTED ** A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities. | 详情 |
797d01c10a4294ebb5d0cb1dcf99c993 | CVE-2023-1456 | 2023-03-25 21:15:06 | A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities. | 详情 |
32524831039aa7631f3525010e676d4c | CVE-2023-1631 | 2023-03-25 12:15:07 | A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224013 was assigned to this vulnerability. | 详情 |
04c1354493034f456a559cfb70382e7f | CVE-2023-1630 | 2023-03-25 12:15:07 | A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012. | 详情 |
8f64c4034b5aadb416dfdff5daacb3c0 | CVE-2023-1628 | 2023-03-25 12:15:07 | A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Affected is an unknown function in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224010 is the identifier assigned to this vulnerability. | 详情 |
63253249831bc740e83cb8154818cf8a | CVE-2023-1629 | 2023-03-25 11:16:01 | A vulnerability classified as critical was found in JiangMin Antivirus 16.2.2022.418. Affected by this vulnerability is the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224011. | 详情 |
e39a29b1a6a0de6d20bf2acff0ae6db0 | CVE-2023-26864 | 2023-03-24 22:15:07 | SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent. | 详情 |
89c344c7df24a2e7bfe1f5e368eab6b5 | CVE-2023-1583 | 2023-03-24 22:15:07 | A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash. | 详情 |
a3254a6831ba6cc4cc64dcb69ba046ef | CVE-2023-22812 | 2023-03-24 20:15:15 | SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. | 详情 |
a980bddad36dae5cbb37a3e3b6b192e4 | CVE-2023-21067 | 2023-03-24 20:15:14 | Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/A | 详情 |
3a67ca286841be7398b761a9f10dd6b0 | CVE-2023-21065 | 2023-03-24 20:15:14 | In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630493References: N/A | 详情 |
8da17a7fd1599c7f2d3f499472d0b52f | CVE-2023-21064 | 2023-03-24 20:15:14 | In DoSetPinControl of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130078References: N/A | 详情 |
c05409c170bba425dcefc96b9564adad | CVE-2023-21063 | 2023-03-24 20:15:14 | In ParseWithAuthType of simdata.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243129862References: N/A | 详情 |
d66bcbc7fd07ebfb629781372c274b53 | CVE-2023-21061 | 2023-03-24 20:15:14 | Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A | 详情 |
c1098b359373f3ca12c4f8e1ef7aa641 | CVE-2023-21060 | 2023-03-24 20:15:14 | In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A | 详情 |
ac384e63f6075d314093ca300148c989 | CVE-2023-21059 | 2023-03-24 20:15:14 | In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-247564044References: N/A | 详情 |
8afb98a6b07f20bb82fd48c3699bbd1f | CVE-2023-21058 | 2023-03-24 20:15:14 | In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246169606References: N/A | 详情 |
8c557b88bde63750f533d4f864ab0087 | CVE-2023-21057 | 2023-03-24 20:15:14 | In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244450646References: N/A | 详情 |
52c17fe9dee1093d17be39c93ffc7d62 | CVE-2023-21056 | 2023-03-24 20:15:14 | In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A | 详情 |
2e319322dc32a5469ecf717080348625 | CVE-2023-21042 | 2023-03-24 20:15:14 | In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/A | 详情 |
31757d2c27be219ea79c0e715a2c8917 | CVE-2023-21041 | 2023-03-24 20:15:13 | In append_to_params of param_util.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-250123688References: N/A | 详情 |
395311989a04ac1019b193bed948ad7e | CVE-2023-21040 | 2023-03-24 20:15:13 | In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238420277References: N/A | 详情 |
f5574ca5a78a28970b3609b6235ced59 | CVE-2023-21039 | 2023-03-24 20:15:13 | In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783650References: N/A | 详情 |
5b22c9b252e0fd34662448afaaa921aa | CVE-2023-21038 | 2023-03-24 20:15:13 | In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224000736References: N/A | 详情 |
a8234a2f123a571507be9362c5644497 | CVE-2023-21036 | 2023-03-24 20:15:13 | In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A | 详情 |
29c87076ac883ab255a13e86dabe82c1 | CVE-2023-21035 | 2023-03-24 20:15:13 | In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184847040 | 详情 |