返回博客 | 威胁情报播报
| 360 网络安全响应中心 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 76940954759f4d1122fd6cf1ba59354e | 2023-05-29 07:13:01 | 安全事件周报 2023-05-22 第21周 | 详情 | |
| ad4254fec631c297a09f71812f05a763 | CVE-2023-2825 | 2023-05-24 07:34:45 | CVE-2023-2825:GitLab 目录遍历漏洞通告 | 详情 |
| c22654761dfc4bd86106c5b7f1f5ab1c | 2023-05-22 08:52:33 | 安全事件周报 2023-05-15 第20周 | 详情 | |
| b13f7a6b041480cf34bb8732805b6230 | 2023-05-19 10:09:41 | Apple WebKit 多个漏洞通告 | 详情 | |
| db011599bbee4c7eaf7f5de90aace14f | 2023-05-17 08:59:38 | 泛微多个漏洞通告 | 详情 | |
| ff7b2a220ee1ae11386b5fede1c2884b | CVE-2023-32233 | 2023-05-17 08:58:18 | CVE-2023-32233:Linux Kernel 权限提升漏洞通告 | 详情 |
| 46c67d8b625a3844f6de918103d0f1be | 2023-05-15 06:57:11 | 安全事件周报 2023-05-08 第19周 | 详情 | |
| bd54dff060c7e58a91843c0e8e1b8c99 | CVE-2023-29324 | 2023-05-12 07:29:55 | CVE-2023-29324:Windows MSHTML Platform安全功能绕过漏洞通告 | 详情 |
| 0c30c8f97c81bc0c5862f2959e074cc9 | 2023-05-10 09:44:19 | 2023-05 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
| 51077656fe9fc37d4140d4ce8100cf7c | CVE-2023-2478 | 2023-05-08 09:58:45 | CVE-2023-2478:GitLab代码执行漏洞通告 | 详情 |
| 7b6e1c8a54653e59e6b19bc5e127c801 | 2023-05-08 08:59:54 | 安全事件周报 第17周 | 详情 | |
| be9e00aa3d8a28a4c078ee7b3fa4865b | CVE-2023-0386 | 2023-05-06 08:22:44 | CVE-2023-0386:Linux Kernel 权限提升漏洞通告 | 详情 |
| b6b572fb400edf12ce0e6a34938ea6f3 | CVE-2023-20869 | 2023-04-27 07:26:46 | CVE-2023-20869/20870:VMware Workstation/Fusion 漏洞通告 | 详情 |
| c7d9bbfa38870b35908acfd1e3942570 | CVE-2023-27524 | 2023-04-26 09:46:30 | CVE-2023-27524:Apache Superset身份认证绕过漏洞通告 | 详情 |
| 6ddbce6f8b25039edb7b13a95a2cb23e | 2023-04-24 09:44:49 | 安全事件周报 2023-04-17 第16周 | 详情 | |
| 9a6490d0223213fdea507a92b46e70c1 | CVE-2023-20864 | 2023-04-21 09:06:27 | VMware Aria Operations for Logs远程代码执行漏洞 | 详情 |
| 60b78b7988aacb38f5884e0fbab9c5b6 | 2023-04-19 06:30:30 | 2023-04 补丁日: Oracle多个产品漏洞安全风险通告 | 详情 | |
| d1a48a9c9af9070d037efc5d1b556420 | CVE-2023-2136 | 2023-04-19 04:10:07 | CVE-2023-2136:Google Chrome Skia整型溢出漏洞通告 | 详情 |
| 65289db6316398217acf197362db4989 | 2023-04-17 07:52:39 | 安全事件周报 2023-04-10 第15周 | 详情 | |
| bac04757fb29e6f5a68d734e1b55972d | CVE-2023-2033 | 2023-04-17 00:43:33 | CVE-2023-2033:Google Chrome V8类型混淆漏洞通告 | 详情 |
| 7b8df1f07a241983726b162aaec16e09 | 2023-04-12 08:26:21 | 2023-04 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
| e5210dc9430bc51ba2e6e406c4f32adb | 2023-04-11 07:09:42 | 瑞友天翼应用虚拟化系统远程代码执行漏洞通告 | 详情 | |
| d60717f31dc6a08a080990fcf8676fdc | CVE-2023-29017 | 2023-04-10 08:59:38 | vm2沙箱逃逸漏洞通告 | 详情 |
| 2b4c95f816268f18f5cb57a0071a4125 | 2023-04-10 06:58:16 | 安全事件周报 2023-04-03 第14周 | 详情 | |
| 638b08e6df884cc1a5c0dd7c8ce8c08d | 2023-04-03 09:32:42 | 安全事件周报 2023-03-27 第13周 | 详情 | |
| 4ad53fb76838f4a82d7e011825d5934b | CVE-2023-29059 | 2023-03-31 07:37:06 | CVE-2023-29059:3CXDesktop App 代码执行漏洞通告 | 详情 |
| c8989d2e807ceb53d24ad02bd54fbe60 | CVE-2023-22809 | 2023-03-30 08:49:36 | CVE-2023-22809:Sudo权限提升漏洞通告 | 详情 |
| 55fd37b2456c87556f03a593901b743a | 2023-03-27 08:47:34 | 安全事件周报 2023-03-20 第12周 | 详情 | |
| c571983fae71cfe11b5bb86c67159080 | CVE-2023-28432 | 2023-03-23 09:46:17 | MinIO信息泄露漏洞通告 | 详情 |
| 96f44e31e7ad34d978d34d8fa828b8a5 | CVE-2023-20860 | 2023-03-22 09:19:30 | CVE-2023-20860:Spring Framework身份验证绕过漏洞通告 | 详情 |
| Tenable (Nessus) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 075dfa7a7536b406798ae010b7c28d56 | CVE-2023-2836 | 2023-05-31 04:15:00  |
The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 详情 |
| 91f35f4de0d794e211ab1050f11066df | CVE-2023-2434 | 2023-05-31 04:15:00 |
The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings. | 详情 |
| 0372d45c15006c9e6e0da2918031e712 | CVE-2023-1661 | 2023-05-31 04:15:00 |
The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 详情 |
| f57448475fe119b6fa01a9c60355dbeb | CVE-2023-2987 | 2023-05-31 03:15:00 |
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. | 详情 |
| 9a3347ba02cafd326cb7a0b1d010e1a2 | CVE-2023-2549 | 2023-05-31 03:15:00 |
The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a new user with administrator role via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can leverage CVE-2023-2545 to get the login link or request a password reset to the new user's email address. | 详情 |
| 93e1c5eb268b40244fa2381c371bdf07 | CVE-2023-2547 | 2023-05-31 03:15:00 |
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the temp user generated by the plugin. | 详情 |
| d248ebc849c221de9f71da955bbd0356 | CVE-2023-2545 | 2023-05-31 03:15:00 |
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access the login links, which can be used for privilege escalation. | 详情 |
| 2a747662bb9366d59ba594d16f4e8d6e | CVE-2023-2436 | 2023-05-31 03:15:00 |
The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 详情 |
| d308c51f749ac449691159ddd2ebd50c | CVE-2023-2435 | 2023-05-31 03:15:00 |
The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 详情 |
| 8f2aafe23a677d2d94626ac89184a186 | CVE-2015-10107 | 2023-05-31 03:15:00 |
A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The name of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability. | 详情 |
| ba25c2a4e97e67e1ec285bd75c48921e | CVE-2023-29743 | 2023-05-30 23:15:00 |
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. | 详情 |
| 2ac9ba298d53c66cafb5b1c8999735ae | CVE-2023-29741 | 2023-05-30 23:15:00 |
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database. | 详情 |
| 22755873cff0a951d85c0831544c841e | CVE-2023-29740 | 2023-05-30 23:15:00 |
An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database. | 详情 |
| 9e93a1fe76fba4309357fb8441e8ec74 | CVE-2023-29739 | 2023-05-30 23:15:00 |
An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. | 详情 |
| e380fb93dc26833a613d6fdf2927124d | CVE-2023-29738 | 2023-05-30 23:15:00 |
An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files. | 详情 |
| e1b0c823db8191052effe1d776fa3017 | CVE-2023-29728 | 2023-05-30 23:15:00 |
The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack. | 详情 |
| 694309a0e01aa43b9343632a977d635f | CVE-2023-29727 | 2023-05-30 23:15:00 |
The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause an escalation of privilege attack. | 详情 |
| 713c7c0bb55a624b7aef5ca69e9faa1c | CVE-2023-29726 | 2023-05-30 23:15:00 |
The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, the application triggers an OOM error and crashes, resulting in a persistent denial of service. | 详情 |
| 869868223951dbdcc3a10e3ff800facf | CVE-2023-2952 | 2023-05-30 23:15:00 |
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file | 详情 |
| 0508885ca2cbd747e1db79cb32248727 | CVE-2022-39075 | 2023-05-30 23:15:00 |
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission. | 详情 |
| d0a3c74956cd0b7ee9a52c5154a6e1c0 | CVE-2023-32699 | 2023-05-30 19:15:00 |
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The `checkUserPassword` method is used to check whether the password provided by the user matches the password saved in the database, and the `CodingUtil.md5` method is used to encrypt the original password with MD5 to ensure that the password will not be saved in plain text when it is stored. If a user submits a very long password when logging in, the system will be forced to execute the long password MD5 encryption process, causing the server CPU and memory to be exhausted, thereby causing a denial of service attack on the server. This issue is fixed in version 2.10.0-lts with a maximum password length. | 详情 |
| 2eb1529eae4e0b191891e378174cc721 | CVE-2023-32696 | 2023-05-30 19:15:00 |
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch. | 详情 |
| 4676b78f0f20e7d43b1a2539f6d08b39 | CVE-2023-1711 | 2023-05-30 19:15:00 |
A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information.List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:* * * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:* | 详情 |
| 96507efa55db86fde71af57b52251196 | CVE-2023-33975 | 2023-05-30 18:15:00 |
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. This issue is fixed in pull request 19680. As a workaround, disable support for fragmented IP datagrams. | 详情 |
| 488f2659e2abd251d7973ed6dd02d239 | CVE-2023-33656 | 2023-05-30 18:15:00 |
A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources. | 详情 |
| c46c8972936c3439a04b45171a095de7 | CVE-2023-32689 | 2023-05-30 18:15:00 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for phishing attacks. The HTML page may seem legitimate because it is served under the internet domain where Parse Server is hosted, which may be the same as a company's official website domain.An additional security issue arises when the Parse JavaScript SDK is used. The SDK stores sessions in the internet browser's local storage, which usually restricts data access depending on the internet domain. A malicious HTML file could contain a script that retrieves the user's session token from local storage and then share it with the attacker.The fix included in versions 5.4.4 and 6.1.1 adds a new Parse Server option `fileUpload.fileExtensions` to restrict file upload on Parse Server by file extension. It is recommended to restrict file upload for HTML file extensions, which this fix disables by default. If an app requires upload of files with HTML file extensions, the option can be set to `['.*']` or another custom value to override the default. | 详情 |
| 7de4f2ad61fc7f506eb8ad4e447568ea | CVE-2023-32684 | 2023-05-30 18:15:00 |
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. To exploit this issue, the attacker has to embed the target file path (an absolute or a relative path from the instance directory) in a malicious disk image, as the qcow2 (or vmdk) backing file path string. As Lima refuses to run as the root, it is practically impossible for the attacker to read the entire host disk via `/dev/rdiskN`. Also, practically, the attacker cannot read at least the first 512 bytes (MBR) of the target file. The issue has been patched in Lima in version 0.16.0 by prohibiting using a backing file path in the VM base image. | 详情 |
| 5c581696dce501c95aeae63c0fa8d6be | CVE-2023-2994 | 2023-05-30 18:15:00 |
** REJECT ** This 2023 CVE was incorrectly assigned instead of a 2022 CVE. | 详情 |
| fe237923d4c61f490194cec754466a8c | CVE-2023-2968 | 2023-05-30 18:15:00 |
A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception. | 详情 |
| 1b8ca8aed9c4a4a0a1c0b5d64bc1feaf | CVE-2018-8661 | 2023-05-30 18:15:00 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | 详情 |
| 国家信息安全漏洞共享平台(CNVD) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 8686fda9b2b49e4e1666b54e2248f935 | CNVD-2021-74882 | 2021-11-14 16:43:52 | 四创科技有限公司建站系统存在SQL注入漏洞 | 详情 |
| 8f6972d84ad188b05ff9cc14d4334949 | CNVD-2021-87021 (CVE-2020-4690) | 2021-11-12 12:43:14 | IBM Security Guardium硬编码凭证漏洞 | 详情 |
| 3bfe7b053a0c59d8a3d38c18f86aa143 | CNVD-2021-87022 (CVE-2021-38870) | 2021-11-12 12:43:12 | IBM Aspera跨站脚本漏洞 | 详情 |
| a4649bb17f4db4d1c7f879ebceb46ed0 | CNVD-2021-87011 (CVE-2021-29753) | 2021-11-12 12:43:11 | IBM Business Automation Workflow存在未明漏洞 | 详情 |
| 094c613f9ed4b8b9d887dc912789043c | CNVD-2021-87025 (CVE-2021-20563) | 2021-11-12 12:43:10 | IBM Sterling File Gateway信息泄露漏洞 | 详情 |
| 41c47f01a4c65dcb6efc9ebf483fe762 | CNVD-2021-87010 (CVE-2021-38887) | 2021-11-12 12:43:08 | IBM InfoSphere Information Server信息泄露漏洞 | 详情 |
| f51d33e7a09fd61ca90ede453515a830 | CNVD-2021-87016 (CVE-2021-29764) | 2021-11-12 12:43:07 | IBM Sterling B2B Integrator跨站脚本漏洞 | 详情 |
| 33615a5f78df822e82e6d3436045c48c | CNVD-2021-87026 (CVE-2021-38877) | 2021-11-12 12:43:06 | IBM Jazz for Service Management跨站脚本漏洞 | 详情 |
| 8e729177bcb4105dd831fb1e123ed1bb | CNVD-2021-87014 (CVE-2021-29679) | 2021-11-12 12:43:04 | IBM Cognos Analytics远程代码执行漏洞 | 详情 |
| 1a3b856f78e9fbdca12aeddc7d665aca | CNVD-2021-87029 (CVE-2021-29752) | 2021-11-12 12:43:03 | IBM Db2信息泄露漏洞 | 详情 |
| 6f1aa3a0cb819d97519baa47fd0232d5 | CNVD-2021-87015 (CVE-2021-29745) | 2021-11-12 12:43:02 | IBM Cognos Analytics权限提升漏洞 | 详情 |
| cbcb12f5f51d6e7d6d8a9fa581aa863a | CNVD-2021-73908 | 2021-11-11 16:42:44 | 泛微e-cology存在SQL注入漏洞 | 详情 |
| ae6fd467da55de31aa7219187cf5c2d4 | CNVD-2021-86904 (CVE-2021-20351) | 2021-11-11 08:31:46 | IBM Engineering跨站脚本漏洞 | 详情 |
| 412a15b40959ed9cf9330ee79f99e079 | CNVD-2021-86903 (CVE-2021-31173) | 2021-11-11 08:31:44 | Microsoft SharePoint Server信息泄露漏洞 | 详情 |
| 1cbc5d5faac431d3e82c9e5ea9588b5f | CNVD-2021-86902 (CVE-2021-31172) | 2021-11-11 08:31:43 | Microsoft SharePoint欺骗漏洞 | 详情 |
| 686c7cfb20933b41c3d679cbba79a2ad | CNVD-2021-86901 (CVE-2021-31181) | 2021-11-11 08:31:42 | Microsoft SharePoint远程代码执行漏洞 | 详情 |
| 72fdfb2d44c0d41d638e4632bdfc10b8 | CNVD-2021-86900 (CVE-2021-3561) | 2021-11-11 08:31:41 | fig2dev缓冲区溢出漏洞 | 详情 |
| 3ba6f0e9394f9414e2cadb9495e2d5f5 | CNVD-2021-85884 (CVE-2021-41210) | 2021-11-10 07:24:57 | Google TensorFlow堆分配数组越界读取漏洞 | 详情 |
| 4d8c4744ea972fb2fcb9673fea1fc7b7 | CNVD-2021-85883 (CVE-2021-41226) | 2021-11-10 07:24:56 | Google TensorFlow堆越界访问漏洞 | 详情 |
| 8778f9cd924cae585ca5e2e0b8be3b3f | CNVD-2021-85882 (CVE-2021-41224) | 2021-11-10 07:24:54 | Google TensorFlow堆越界访问漏洞 | 详情 |
| e1b2722e6d5c509c680b584416d9cb20 | CNVD-2021-85881 (CVE-2021-42770) | 2021-11-10 07:24:53 | OPNsense跨站脚本漏洞 | 详情 |
| ed09c9fa5586e2d4d9b4e95fe3b447a0 | CNVD-2021-85880 (CVE-2021-28024) | 2021-11-10 07:24:52 | ServiceTonic访问控制不当漏洞 | 详情 |
| 8a642f0922f7f915e81b2b947276a96c | CNVD-2021-85879 (CVE-2021-28023) | 2021-11-10 07:24:50 | ServiceTonic任意文件上传漏洞 | 详情 |
| c00b061c2cfdee4016a869a188135db5 | CNVD-2021-85878 (CVE-2021-28022) | 2021-11-10 07:24:49 | ServiceTonic SQL注入漏洞 | 详情 |
| 9c4b20a28ad2bd4ab916448f0e1272bd | CNVD-2021-85877 (CVE-2021-32483) | 2021-11-10 07:24:48 | Cloudera Manager不正确访问控制漏洞 | 详情 |
| 4d4423857b7b1f38e49738f00e8949ba | CNVD-2021-85876 (CVE-2021-32481) | 2021-11-10 07:24:46 | Cloudera Hue跨站脚本漏洞 | 详情 |
| 6b12b7fc216d603e8e07351603851c86 | CNVD-2021-85875 (CVE-2021-29994) | 2021-11-10 07:24:45 | Cloudera Hue跨站脚本漏洞 | 详情 |
| 72894fb3a3538de240d2f6810aae63c9 | CNVD-2021-85892 (CVE-2021-42701) | 2021-11-10 02:38:27 | DAQFactory中间人攻击漏洞 | 详情 |
| 94a1f99a64ba24540cc1594d0a0b3152 | CNVD-2021-85893 (CVE-2021-42699) | 2021-11-10 02:38:26 | DAQFactory明文传输漏洞 | 详情 |
| 5d9bac33be8f2f88391f6de02fb89c73 | CNVD-2021-85894 (CVE-2021-42698) | 2021-11-10 02:38:24 | DAQFactory反序列化漏洞 | 详情 |
| 国家信息安全漏洞库(CNNVD) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 56358b73280e18ed2eaf62bf4b7fba5f | CNNVD-202210-1696 (CVE-2021-44776) | 2022-10-24 13:13:44 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
| 07eddc3a7e5e3731956c02a50f538970 | CNNVD-202210-1697 (CVE-2021-26732) | 2022-10-24 13:13:42 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
| 4b051d50f18e2bb4a1f272b12f873223 | CNNVD-202210-1698 (CVE-2021-26731) | 2022-10-24 13:13:40 | Lanner IAC-AST2500A 缓冲区错误漏洞 | 详情 |
| 0d79d7ad89e7b6f52a89de2e3762a492 | CNNVD-202210-1699 (CVE-2021-42010) | 2022-10-24 13:13:38 | Apache Heron 注入漏洞 | 详情 |
| 9596051a8fb75da90bf94bd495b53e94 | CNNVD-202210-1700 (CVE-2021-26733) | 2022-10-24 13:13:36 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
| 883bec62dd4552d68130c0f925873e93 | CNNVD-202210-1701 (CVE-2022-42432) | 2022-10-24 13:13:34 | Linux kernel 安全漏洞 | 详情 |
| 755328fe5484ce3f71a4940d10f50b34 | CNNVD-202210-1702 (CVE-2021-44769) | 2022-10-24 13:13:31 | Lanner IAC-AST2500A 输入验证错误漏洞 | 详情 |
| 9c53a984103cd446d6e447c12c9c66c6 | CNNVD-202210-1703 (CVE-2021-44467) | 2022-10-24 13:13:29 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
| 30dfa903ed49845732fc6cef266206e9 | CNNVD-202210-1704 (CVE-2022-41974) | 2022-10-24 13:13:27 | Red Hat device-mapper-multipath 安全漏洞 | 详情 |
| 9c6324677d17c72db81aec2e1797791f | CNNVD-202210-1705 (CVE-2022-41973) | 2022-10-24 13:13:25 | Red Hat device-mapper-multipath 安全漏洞 | 详情 |
| 4ec5a4ccefd5879e573cd53c2123dd3a | CNNVD-202210-1612 (CVE-2022-39272) | 2022-10-22 13:10:57 | Flux2 安全漏洞 | 详情 |
| c3846b92a4965777ef3e53a1f4618717 | CNNVD-202210-1600 (CVE-2022-3646) | 2022-10-21 13:11:18 | Linux kernel 安全漏洞 | 详情 |
| 9a761144255ce6f90bb54e219ea40282 | CNNVD-202210-1601 (CVE-2022-34438) | 2022-10-21 13:11:15 | Dell PowerScale OneFS 安全漏洞 | 详情 |
| 44290d228b51ffbf0aab6efd4d6e678e | CNNVD-202210-1602 (CVE-2022-31239) | 2022-10-21 13:11:13 | Dell PowerScale OneFS 安全漏洞 | 详情 |
| 9ca9cbb2a337c33899bcdf19d91d7d78 | CNNVD-202210-1603 (CVE-2022-34437) | 2022-10-21 13:11:11 | Dell PowerScale OneFS 安全漏洞 | 详情 |
| 0a96e1daad10fc7b842abaa350831db2 | CNNVD-202210-1605 (CVE-2022-26870) | 2022-10-21 13:11:09 | Dell EMC PowerStore 安全漏洞 | 详情 |
| 35f41caeb97feaaa8373f4dbbbd7a249 | CNNVD-202210-1606 (CVE-2020-5355) | 2022-10-21 13:11:06 | Dell EMC Isilon OneFS 安全漏洞 | 详情 |
| d314bbe34de68aa67eddd75a9f4ce40c | CNNVD-202210-1609 (CVE-2022-3649) | 2022-10-21 13:11:04 | Linux kernel 资源管理错误漏洞 | 详情 |
| 351642a659185d5b0604973397c7fa3b | CNNVD-202210-1610 (CVE-2022-39259) | 2022-10-21 13:11:02 | Skylot Jadx 安全漏洞 | 详情 |
| ebbdab47bb0184312da10141d7d010e7 | CNNVD-202210-1611 (CVE-2022-23462) | 2022-10-21 13:10:59 | Softmotions IOWOW 安全漏洞 | 详情 |
| 8c86f10ec92b3124f4395faa27ee8ae3 | CNNVD-202210-1517 (CVE-2022-29477) | 2022-10-20 13:11:07 | Adobe Iota 信任管理问题漏洞 | 详情 |
| 3c33a32472c03f27b2b606714eb74e0a | CNNVD-202210-1518 (CVE-2022-36966) | 2022-10-20 13:11:02 | SolarWinds Platform 安全漏洞 | 详情 |
| 280b662d6c30e683e90c26748fa86a26 | CNNVD-202210-1519 (CVE-2022-36958) | 2022-10-20 13:10:53 | SolarWinds Platform 代码问题漏洞 | 详情 |
| 1d1787e08b1093c5bd9723a8b9465e0f | CNNVD-202210-1520 (CVE-2022-27805) | 2022-10-20 13:10:47 | Adobe Iota 访问控制错误漏洞 | 详情 |
| 632da31aee8b02c08d2e63767809782a | CNNVD-202210-1521 (CVE-2022-36957) | 2022-10-20 13:10:44 | SolarWinds Platform 安全漏洞 | 详情 |
| 28743e448b695bd2eee529e66954d3c4 | CNNVD-202210-1522 (CVE-2022-3623) | 2022-10-20 13:10:36 | Linux kernel 竞争条件问题漏洞 | 详情 |
| 92679bd487d2a90451cf297905a8f3c3 | CNNVD-202210-1523 (CVE-2022-32586) | 2022-10-20 13:10:34 | Adobe Iota 操作系统命令注入漏洞 | 详情 |
| bcd4eca45c95707bab85d60a3c30d643 | CNNVD-202210-1524 (CVE-2022-3619) | 2022-10-20 13:10:32 | Linux kernel 安全漏洞 | 详情 |
| 95cdab65f668ebae996fbf3df854d1e9 | CNNVD-202210-1525 (CVE-2022-3620) | 2022-10-20 13:10:27 | Exim 资源管理错误漏洞 | 详情 |
| 9e701d3b09a7f774ceea498474bc4d40 | CNNVD-202210-1526 (CVE-2022-3621) | 2022-10-20 13:10:25 | Linux kernel 安全漏洞 | 详情 |
| 奇安信 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 45ab4afdafe578698bcfccccd65d833e | yt | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
| 74691465618764c64d52a2ff58013ac4 | yt | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 | |
| 6bd01daffa85191c80698354fc8e252f | wt | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 | |
| 7010355bb6ffff38cb1a885acf784ca7 | ft | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 | |
| 5edb21a58a7e21692bd0ddd622d39279 | St | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 | |
| 3e8973410ef7c04408d63fa10c230487 | St | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 | |
| f749eac58b87d0954f0e4a84b5d67057 | CVE-2020-1350 | 2020-07-15 15:57:00 | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 |
| 90b93cb7073fe73b17746ac166a09637 | CVE-2020-6819, CVE-2020-6820 | 2020-04-08 10:34:35 | QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 | 详情 |
| e318a5efa4803b50cdef480b90b1784d | 2020-03-25 13:58:51 | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
| cffc3035f7899495cfeae521451f91b2 | CVE-2020-0796 | 2020-03-12 10:32:09 | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 |
| 3e6175d47d17c6f94bd9ba10d81c3717 | CVE-2020-0674 | 2020-03-02 14:52:46 | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 |
| d99d073afb7d248a8a62fb068921997f | CVE-2020-0601 | 2020-01-15 14:11:41 | QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 | 详情 |
| b7b45b14a3af1225ef6eec72d74964df | CVE-2019-1367 | 2019-09-25 17:23:00 | QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 | 详情 |
| 504fc79f0123db109a11b149c334b75c | CVE-2019-0708 | 2019-09-09 10:20:47 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
| 5b727692d583d4a6e7cdb0f670eac12a | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 | 2019-08-14 11:09:05 | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 |
| 54b48d765fccbc8dcfa3de0920459f8d | CVE-2019-11707 | 2019-06-19 16:53:47 | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 |
| 5b4d5fea09fbc2dca45be53f162d39de | CVE-2019-0708 | 2019-05-31 17:03:19 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
| 安全客 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 03afa8b4eaf4a0160784152fca5465b2 | CVE-2021-27308 | 2021-07-11 14:22:05 | 4images 跨站脚本漏洞 | 详情 |
| 8b0ace4c54a7fc20a99d21e294152a99 | CVE-2020-15261 | 2021-07-11 14:22:05 | Veyon Service 安全漏洞 | 详情 |
| d4f12de949590ab346b61986a29d8b4d | CVE-2021-35039 | 2021-07-09 17:30:13 | Linux kernel 安全漏洞 | 详情 |
| f790e7ef3b5de3774d42ee32b9b10c01 | CVE-2021-34626 | 2021-07-09 17:30:13 | WordPress 访问控制错误漏洞 | 详情 |
| 71bf261eb2113d5ff870ab9bafd29f55 | CVE-2021-25952 | 2021-07-09 17:30:13 | just-safe-set 安全漏洞 | 详情 |
| 152793cbc104933584f5f227606f433d | CVE-2021-0597 | 2021-07-09 17:30:13 | Google Android 信息泄露漏洞 | 详情 |
| 75f153c327984fdfdd2d9c463a91371d | CVE-2021-34430 | 2021-07-09 17:30:13 | Eclipse TinyDTLS 安全特征问题漏洞 | 详情 |
| 9610336f1a41241cc8edea22a2780ec5 | CVE-2021-3638 | 2021-07-09 17:30:13 | QEMU 安全漏洞 | 详情 |
| 92fe450ae5c5dfa48072aca79d64ba63 | CVE-2021-34614 | 2021-07-09 14:24:32 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
| 680a4218fc32922746717210664a3d62 | CVE-2021-22144 | 2021-07-09 13:28:16 | Elasticsearch 安全漏洞 | 详情 |
| 373930f669f2c1f7b61101a925304779 | CVE-2021-24022 | 2021-07-09 13:28:16 | Fortinet FortiManager 安全漏洞 | 详情 |
| 8556f9cd0699f88c1f6cca9a43463bdd | CVE-2021-33012 | 2021-07-09 13:28:16 | Allen Bradley Micrologix 1100输入验证错误漏洞 | 详情 |
| 480ae713cc88cc0985e1ebc079974d83 | CVE-2021-0592 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
| 8ef4dbefa6604ea2312621401c3ec0b9 | CVE-2021-1598 | 2021-07-09 13:28:16 | Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 | 详情 |
| d6e8714c32df7a0dcc2f3910ec68b42d | CVE-2021-20782 | 2021-07-09 13:28:16 | Software License Manager 跨站请求伪造漏洞 | 详情 |
| 4e60b22611b8bb0fd7e532896498af29 | CVE-2021-20781 | 2021-07-09 13:28:16 | WordPress 跨站请求伪造漏洞 | 详情 |
| 5ca48ad58fb499c069ae0800c3b39875 | CVE-2021-32961 | 2021-07-09 13:28:16 | MDT AutoSave代码问题漏洞 | 详情 |
| 2ed854890b43f08e52340a1e8fe6d39f | CVE-2021-0577 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
| 8d63110e1475bbd245715b2ee1824d13 | CVE-2021-31816 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
| 72bef2ae2f5db7dd066e1cdefa618dc5 | CVE-2021-31817 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
| 1f7369b2609dbd2cd40d091f7de540cd | CVE-2020-20217 | 2021-07-09 13:28:16 | Mikrotik RouterOs 安全漏洞 | 详情 |
| 1793176eecc5813c3348f026dc9909c9 | CVE-2020-28598 | 2021-07-09 13:28:16 | PrusaSlicer 安全漏洞 | 详情 |
| 7f4cf34ceb545548dcfcc3c0e7120268 | CVE-2021-32945 | 2021-07-09 13:28:16 | MDT AutoSave加密问题漏洞 | 详情 |
| 58553eb00d6e3e83b633f09464c4e98a | CVE-2021-29712 | 2021-07-09 13:28:16 | IBM InfoSphere Information Server 跨站脚本漏洞 | 详情 |
| d8e27ec42fb0b89998fcc006f49b249b | CVE-2021-25432 | 2021-07-09 13:28:16 | Samsung Members 信息泄露漏洞 | 详情 |
| 8f2adc6c247725bf2eb7f53256c93ea7 | CVE-2021-25433 | 2021-07-09 13:28:16 | Samsung Tizen安全漏洞 | 详情 |
| 8f949676124339eb6f64f9c607af5470 | CVE-2021-25431 | 2021-07-09 13:28:16 | Samsung Mobile Device Cameralyzer 访问控制错误漏洞 | 详情 |
| 069818a8958f9c158fcb0956ee32fc03 | CVE-2021-25434 | 2021-07-09 13:28:16 | Samsung Tizen 代码注入漏洞 | 详情 |
| 55b9126220b9722ff5d730d3996877e9 | CVE-2021-32949 | 2021-07-09 13:28:16 | MDT AutoSave 路径遍历漏洞 | 详情 |
| ebab009fffdee3d360dcdff74b0ed061 | CVE-2021-25435 | 2021-07-09 13:28:16 | Samsung Tizen代码注入漏洞 | 详情 |
| 斗象 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 096b6298d82574500dc1a14c9dba4065 | CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 | 2022-07-15 00:38:28 | 微软2022年7月补丁日漏洞通告 | 详情 |
| 6018f718b2d751478bf1ce069ac65f0d | CVE-2022-2185 | 2022-07-01 09:02:05 | GitLab 远程代码执行漏洞(CVE-2022-2185) | 详情 |
| 844719cf0bb4843aff73d2f33cc6dd0b | CVE-2022-30190, CVE-2022-30136 | 2022-06-15 05:48:12 | 微软2022年6月补丁日漏洞通告 | 详情 |
| 8b47000e1abfbacdadb7df6f09152d89 | CVE-2022-26134 | 2022-06-03 05:48:38 | Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) | 详情 |
| eebe93468b36d2ca24cf4b82136a5635 | CVE-2022-30190 | 2022-05-31 13:57:17 | Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) | 详情 |
| 95525e3f5907a776dc7cd4f87f2e2154 | 2022-05-23 07:11:04 | Fastjson 反序列化漏洞 | 详情 | |
| 945fd6e612634d9721f861833f1ecb75 | CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 | 2022-05-11 03:45:48 | 微软2022年5月补丁日漏洞通告 | 详情 |
| e2938ff82d0cc152508e0240697def4c | CVE-2022-1388 | 2022-05-06 05:53:04 | F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) | 详情 |
| bcf7253d2ee580c618737de137d370c4 | CVE-2022-29464 | 2022-04-22 02:21:17 | WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) | 详情 |
| 07c09799b08afb04c63a9de750b70aca | CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 | 2022-04-13 07:51:00 | 微软2022年4月补丁日漏洞通告 | 详情 |
| f5b543501ed5679d423411edac502e24 | CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 | 2022-04-08 03:49:31 | VMware 产品多个高危漏洞通告 | 详情 |
| f421bcdb306e2bc1ffbf58fcb024a0dd | 2022-03-29 17:11:30 | Spring 框架远程代码执行漏洞 | 详情 | |
| 0473358d95e58c7c3f2e7db0109f56f4 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 | |
| a888c948ca1172f8a06a3879479f1de4 | CVE-2022-22965 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 |
| 71ed541bb737196268b75c7ba435e1a9 | 2022-03-28 04:57:30 | Spring Cloud Function SpEL表达式注入漏洞 | 详情 | |
| f7a5dcd376be777c6593a29b8ebd411a | CVE-2022-0778 | 2022-03-18 07:09:22 | OpenSSL拒绝服务漏洞(CVE-2022-0778) | 详情 |
| 6c4124fed44906a79843cd2dd383c695 | CVE-2022-0847 | 2022-03-15 03:32:03 | Linux Kernel本地提权漏洞(CVE-2022-0847) | 详情 |
| a2795e4829bff16f108cf191eba663c3 | CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 | 2022-03-11 02:14:56 | 微软2022年3月补丁日漏洞通告 | 详情 |
| d09f0641bf65c64a16d802cd78e14097 | CVE-2022-0847 | 2022-03-08 08:23:08 | Linux 内核本地提权漏洞(CVE-2022-0847) | 详情 |
| 69052e2a8c09416f5df674f92cba25a6 | CVE-2022-22947 | 2022-03-02 11:42:55 | Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) | 详情 |
| 5f42b6f584a9ace426787dc8dfd6e6e5 | 2022-02-16 10:44:18 | 向日葵远程命令执行漏洞(CNVD-2022-10270) | 详情 | |
| 79556071f6236ab4674f75b3beee4d79 | CVE-2022-24112 | 2022-02-11 06:13:35 | Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) | 详情 |
| 485f2c57713f4a39830e8c2d01e43cfe | CVE-2021-4034 | 2022-01-26 06:19:16 | Linux Polkit 权限提升漏洞(CVE-2021-4034) | 详情 |
| 0aa6eab412c0318b74c6a470ee774df1 | CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 | 2022-01-12 03:44:50 | 微软2022年1月补丁日漏洞通告 | 详情 |
| 88a8c676b52a739c0335d7c21ca810a9 | 2022-01-06 08:19:17 | MeterSphere 远程代码执行漏洞 | 详情 | |
| 9cd742f4839806e40f42c6e7ea492590 | 2021-12-28 10:31:16 | APISIX Dashboard 未授权访问漏洞风险通告(CVE-2021-45232) | 详情 | |
| 76cad61d2d5a8750a6a714ab2c6dbc97 | CVE-2021-45232 | 2021-12-28 10:31:16 | Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) | 详情 |
| af4f5f63390eb00de8705b5029d8c376 | CVE-2021-44228, CVE-2021-45046 | 2021-12-14 01:56:52 | Apache Log4j 远程代码执行漏洞 | 详情 |
| 43456ae172e45c12087c40c03d925e0e | CVE-2021-44228 | 2021-12-11 03:21:34 | Apache Log4j 远程代码执行漏洞 | 详情 |
| 392b133d98d6f61aee36ce6c8784f4df | 2021-12-09 15:20:54 | Apache Log4j 远程代码执行漏洞 | 详情 |
| 红后 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 9d0895b3e16e5991fb20671aba7e38f6 | CVE-2023-2839 | 2023-05-30 20:37:36 |
GPAC GPAC Vulnerability | 详情 |
| 70003dda0515e56e2f7523d638b86b76 | CVE-2023-32336 | 2023-05-30 20:37:22 |
IBM INFOSPHERE_INFORMATION_SERVER Vulnerability | 详情 |
| 9ba8d47a93fe971a974edb051d26553a | CVE-2023-31597 | 2023-05-30 20:37:01 |
ZAMMAD ZAMMAD Vulnerability | 详情 |
| 71c80643f28e639a471913d9c23f7fe2 | CVE-2023-33240 | 2023-05-30 20:36:54 |
FOXIT Multiple product Vulnerability | 详情 |
| 38269baec55793d21f82e1a71dc1589d | CVE-2023-30438 | 2023-05-30 20:36:47 |
IBM POWERVM_HYPERVISOR Vulnerability | 详情 |
| 917b04aef3636af1ebd9d147ad0c7f56 | CVE-2023-1972 | 2023-05-30 20:36:40 |
GNU BINUTILS Vulnerability | 详情 |
| 019f5061ecec0fad0f76dedd375c9ad1 | CVE-2022-45079 | 2023-05-29 20:34:43 | LOGINIZER LOGINIZER Vulnerability | 详情 |
| 47a80ce7095c68c039d9df2fa327fe80 | CVE-2023-25472 | 2023-05-29 20:34:38 | PODLOVE PODLOVE_PODCAST_PUBLISHER Vulnerability | 详情 |
| 5e1d300fec3023c1417b6daf26beff35 | CVE-2023-28709 | 2023-05-29 20:34:31 | APACHE TOMCAT Vulnerability | 详情 |
| 6fd19a3ba4b6070052e6737c0c3abf5a | CVE-2023-27067 | 2023-05-29 20:34:24 | SITECORE EXPERIENCE_PLATFORM Vulnerability | 详情 |
| 437160bd45e04775f3fa29b62de2fe08 | CVE-2023-27066 | 2023-05-29 20:34:17 | SITECORE EXPERIENCE_PLATFORM Vulnerability | 详情 |
| 9e33ea2fde3db79c8ec43ae4ba41ba65 | CVE-2023-28467 | 2023-05-29 20:34:10 | MYBB MYBB Vulnerability | 详情 |
| 0577754c0725ace2d03e06d0e8879928 | CVE-2023-1693 | 2023-05-29 20:34:02 | HUAWEI Multiple product Vulnerability | 详情 |
| 264b2d09cae2734d61322702f4367bc9 | CVE-2023-31689 | 2023-05-29 20:33:55 | WCMS WCMS Vulnerability | 详情 |
| 3a98b5c98779692e1d0d5f48aaea9044 | CVE-2023-1694 | 2023-05-29 20:33:47 | HUAWEI Multiple product Vulnerability | 详情 |
| c983da8dc08b5920d8450c3a77d8eb43 | CVE-2023-2837 | 2023-05-28 20:41:54 | GPAC GPAC Vulnerability | 详情 |
| 43c791961ce51de9f4f0f5e549200e82 | CVE-2023-2840 | 2023-05-28 20:41:47 | GPAC GPAC Vulnerability | 详情 |
| 6e560e0a60ada43321ab531c5920e053 | CVE-2023-33264 | 2023-05-28 20:41:40 | HAZELCAST HAZELCAST Vulnerability | 详情 |
| 60e194ff2e4b653ef8361ddd8b9970b2 | CVE-2023-2838 | 2023-05-28 20:41:34 | GPAC GPAC Vulnerability | 详情 |
| 7c2d9411fb8bb237cf9782710fabe0ad | CVE-2023-33288 | 2023-05-28 20:41:32 | LINUX LINUX_KERNEL Vulnerability | 详情 |
| 6d6880dd25f2c7b54b5d4b7e5dfc77d8 | CVE-2020-36694 | 2023-05-28 20:41:18 | LINUX LINUX_KERNEL Vulnerability | 详情 |
| fa88de765b8c482e56caab1d55dc5516 | CVE-2023-32680 | 2023-05-28 20:41:16 | METABASE METABASE Vulnerability | 详情 |
| 182dfb642a9ba4626f92b07f48ecc517 | CVE-2023-27233 | 2023-05-28 20:41:02 | PIWIGO PIWIGO Vulnerability | 详情 |
| 71c2f7ac9e108fb1bad9677492c3b5be | CVE-2023-32515 | 2023-05-28 20:41:01 | CUSTOM_FIELD_SUITE_PROJECT CUSTOM_FIELD_SUITE Vulnerability | 详情 |
| 5bd4b552cc45a0e7268f4f9a3797263a | CVE-2023-20106 | 2023-05-28 20:40:47 | CISCO IDENTITY_SERVICES_ENGINE Vulnerability | 详情 |
| eb86c0dccbb6beae772c782ad02b2306 | CVE-2021-22161 | 2023-05-27 20:32:53 | OpenWrt 安全漏洞 | 详情 |
| 591af80b56dd9e6d16af1524a32cef77 | CVE-2023-32979 | 2023-05-27 20:32:40 | JENKINS EMAIL_EXTENSION Vulnerability | 详情 |
| df98e511f62ccff6e37c610901ab4095 | CVE-2023-32980 | 2023-05-27 20:32:33 | JENKINS EMAIL_EXTENSION Vulnerability | 详情 |
| 2d04d3ebf5162146e524d637117447ee | CVE-2023-32982 | 2023-05-27 20:32:26 | JENKINS ANSIBLE Vulnerability | 详情 |
| b2a84f6dcd07257080f14b4473f96edd | CVE-2023-32983 | 2023-05-27 20:32:19 | JENKINS ANSIBLE Vulnerability | 详情 |
| 绿盟 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 92b12e101ca77469a29ee733b5f219ce | CVE-2023-21616 | 2023-06-01 09:22:59 |
Adobe Experience Manager跨站脚本漏洞 | 详情 |
| 9c2afa7374a8167b467ee29abd901ac9 | CVE-2023-22258 | 2023-06-01 09:22:59 |
Adobe Experience Manager开放重定向漏洞 | 详情 |
| 0b4ecda476e8025d97b14414515dbd13 | CVE-2022-42499 | 2023-06-01 09:22:59 |
Google Android Kernel越界写入漏洞 | 详情 |
| 835866aaf0aca452231ef2f108d917f1 | CVE-2022-20917 | 2023-06-01 09:22:59 |
Google Android权限提升漏洞 | 详情 |
| c0a223ef4c74f87d0d87391fde7e8742 | CVE-2022-20951 | 2023-06-01 09:22:59 |
Google Android越界写入漏洞 | 详情 |
| 514ea47eed4b3ded0b51a508ac246456 | CVE-2023-20957 | 2023-06-01 09:22:59 |
Google Android权限提升漏洞 | 详情 |
| 3af7c9d0e1dad3af958ef7a5108aca07 | CVE-2023-20964 | 2023-06-01 09:22:59 |
Google Android权限提升漏洞 | 详情 |
| 7f5a82e797e283c203fd719346f6de25 | CVE-2023-20972 | 2023-06-01 09:22:59 |
Google Android越界读取漏洞 | 详情 |
| 702a32aa1e2514f49231956ecd0148cd | CVE-2023-20979 | 2023-06-01 09:22:59 |
Google Android越界读取漏洞 | 详情 |
| 54a7abb70b9849d6414883ef70ad173a | CVE-2023-20985 | 2023-06-01 09:22:59 |
Google Android越界写入漏洞 | 详情 |
| 26615e72869f3ad1296df699341cb2d8 | CVE-2023-20991 | 2023-06-01 09:22:59 |
Google Android越界读取漏洞 | 详情 |
| 916939639d40a57ec884ffa70b07b986 | CVE-2023-20997 | 2023-06-01 09:22:59 |
Google Android无限循环漏洞 | 详情 |
| ec21fd10ff46b453e082a88add5c6cbc | CVE-2023-21003 | 2023-06-01 09:22:59 |
Google Android权限提升漏洞 | 详情 |
| 9e091cfcdcd1ba2d0142ac4ff71c36b3 | CVE-2023-21009 | 2023-06-01 09:22:59 |
Google Android越界读取漏洞 | 详情 |
| 45cb5503446175ffe18ef9e45f01e892 | CVE-2023-21015 | 2023-06-01 09:22:59 |
Google Android权限提升漏洞 | 详情 |
| 5b9f6f98c0b22b88ca212ce165aeb283 | CVE-2023-21465 | 2023-05-31 11:18:40 |
Samsung BixbyTouch访问控制错误漏洞 | 详情 |
| 6b6b5703eb597675ac59bdec50036e2b | CVE-2023-21453 | 2023-05-31 11:18:40 |
Samsung Mobile输入验证错误漏洞 | 详情 |
| a2b260132cbe8d041429a26558e04408 | CVE-2022-43604 | 2023-05-31 11:18:40 |
EIPStackGroup OpENer越界写入漏洞 | 详情 |
| 53bc7e2ec6394362e901df5292fb9d02 | CVE-2023-27787 | 2023-05-31 11:18:40 |
TCPprep空指针解引用漏洞 | 详情 |
| c28d4c6e859080c91e61ae719d4ad559 | CVE-2023-27709 | 2023-05-31 11:18:40 |
Desdev DedeCMS SQL注入漏洞 | 详情 |
| 16c0d5165cf233935d0529b975e17e64 | CVE-2023-26768 | 2023-05-31 11:18:40 |
Liblouis缓冲区溢出漏洞 | 详情 |
| fb17122f0e103ac80afdadecf9788026 | CVE-2023-27904 | 2023-05-31 09:21:46 |
Jenkins和Jenkins LTS信息泄露漏洞 | 详情 |
| b24e2a966968564fcaa23a30dd236536 | CVE-2023-27898 | 2023-05-31 09:21:46 |
Jenkins跨站脚本漏洞 | 详情 |
| 38cf8d211f0d3cb100f80e88cd37cdf0 | CVE-2022-46 | 2023-05-31 09:21:46 |
WordPress Widgets for WooCommerce Products on Elementor Plugin跨站脚本漏洞(CVE-2022-46 | 详情 |
| ec8088f732caa7bedd4af28cd8bab5f1 | CVE-2021-45423 | 2023-05-31 09:21:46 |
Pev缓冲区溢出漏洞 | 详情 |
| 8dd06ce5b0d2fcc98fb879c18791e4ce | CVE-2023-0354 | 2023-05-31 09:21:46 |
Akuvox E11信息泄露漏洞 | 详情 |
| 136d06b99d074dd4d6b1a131cb0dc7c2 | CVE-2023-25616 | 2023-05-31 09:21:46 |
SAP Business Objects Business Intelligence Platform代码注入漏洞 | 详情 |
| 901fb06e70178613b21b8daaf55748f2 | CVE-2023-26461 | 2023-05-31 09:21:46 |
SAP NetWeaver信息泄露漏洞 | 详情 |
| d724e26189ccbde456d54923afb6c275 | CVE-2023-27399 | 2023-05-31 09:21:46 |
Siemens Tecnomatix Plant Simulation越界写入漏洞 | 详情 |
| d80c07647ca31f6cc968b0958ea77095 | CVE-2021-46875 | 2023-05-31 09:21:46 |
Ez Systems eZ Platform Ibexa Kernel跨站脚本漏洞 | 详情 |
| 美国国家漏洞数据库(NVD) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| cc10207853182c78abe270d67e58a88b | CVE-2023-33829 | 2023-05-24 21:15:11 | A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. | 详情 |
| 582aec680915afbc2b19a36b258a62b6 | CVE-2023-33800 | 2023-05-24 20:15:11 | A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 详情 |
| 9e6e8b517ab825798eda2f9ab092f971 | CVE-2023-33799 | 2023-05-24 20:15:11 | A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 详情 |
| 356eb3ad97b76ae84268ac5cfbddc62b | CVE-2023-33798 | 2023-05-24 20:15:10 | A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 详情 |
| bb0e30ffce60b4393ff8545919e4d33a | CVE-2023-33797 | 2023-05-24 20:15:10 | A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 详情 |
| 2b7c7c03a795ece9b3594342aafe1349 | CVE-2023-33796 | 2023-05-24 20:15:10 | A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. | 详情 |
| 7b95cf4f53be3446185c6a59d8c096fd | CVE-2023-33795 | 2023-05-24 20:15:10 | A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 详情 |
| 3a204900b91fa462cc519bef08e19057 | CVE-2023-33794 | 2023-05-24 20:15:10 | A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 详情 |
| 2dc8a9e7fb159bcb9379267845eee720 | CVE-2023-33793 | 2023-05-24 20:15:10 | A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 详情 |
| d4dc8b3d7f9c6026cd8217dba7c7a154 | CVE-2023-33792 | 2023-05-24 20:15:10 | A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 详情 |
| be0211ebff356cc9a42be140982c7712 | CVE-2023-33791 | 2023-05-24 20:15:10 | A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 详情 |
| 9b6cecc398ef38725a2345ba2d77160a | CVE-2023-33796 | 2023-05-24 20:15:10 | ** DISPUTED ** A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied. | 详情 |
| 58a16cb4b92b10a312518d430a406925 | CVE-2023-33937 | 2023-05-24 13:15:09 | Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field. | 详情 |
| 71e74c3d75be97395afcf291bb63825a | CVE-2023-31584 | 2023-05-22 19:15:10 | GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field. | 详情 |
| 2e5f495e11384dfb591e7f337109561f | CVE-2023-33288 | 2023-05-22 03:15:09 | An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition. | 详情 |
| 6c34ec440d945478d90a476dea83a822 | CVE-2023-33281 | 2023-05-22 02:15:11 | The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. | 详情 |
| 9e49a40c250ac7a8db1597aa03e3c437 | CVE-2023-33264 | 2023-05-22 01:15:44 | In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets. | 详情 |
| 07d6e234017ccf64b697fcf1933802b4 | CVE-2023-33254 | 2023-05-21 22:15:15 | There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials. | 详情 |
| eed443712fa5a24b865f45cdb42770d0 | CVE-2023-33250 | 2023-05-21 21:15:08 | The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. | 详情 |
| 35bd6cafe731c64e0adce7ee6d12c0a9 | CVE-2023-32589 | 2023-05-20 23:15:09 | Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <=Â 1.0.0 versions. | 详情 |
| 8ca80ab73cca7fe8a3bb5089a823a950 | CVE-2023-33244 | 2023-05-20 19:15:08 | Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. | 详情 |
| 9863063cec9f7aa39c8cc8af449b3e23 | CVE-2023-32700 | 2023-05-20 18:15:09 | LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. | 详情 |
| 4e7725b6bf7d0efe7ab7776a59a363ec | CVE-2023-32677 | 2023-05-19 21:15:08 | Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams. | 详情 |
| 98d27becca0f8ac67f9ed6a3a2c19fb3 | CVE-2023-32679 | 2023-05-19 20:15:09 | Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 详情 |
| 3933cefd8338fadd4dbd825b16144861 | CVE-2023-32675 | 2023-05-19 20:15:09 | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions. | 详情 |
| 33f8b7706dd59fa286339ee96e1fd149 | CVE-2023-30775 | 2023-05-19 15:15:08 | A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. | 详情 |
| fd32399afcadd5cda132a50cbf4a3ac4 | CVE-2023-30774 | 2023-05-19 15:15:08 | A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. | 详情 |
| 05d8240beeb404e18de3eb61dfdd629b | CVE-2023-30199 | 2023-05-19 14:15:09 | Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php. | 详情 |
| 1c2a7b33c57a03120e745829b6dea4df | CVE-2023-33240 | 2023-05-19 06:15:08 | Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. | 详情 |
| 7a9d87369e1b0769c0a0018a5f49fb3d | CVE-2023-32680 | 2023-05-18 23:15:09 | Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that: Anyone–including people in sandboxed groups–could edit SQL snippets. They could edit snippets via the API or, in the application UI, when editing the metadata for a model based on a SQL question, and people in sandboxed groups could edit a SQL snippet used in a query that creates their sandbox. If the snippet contained logic that restricted which data that person could see, they could potentially edit that snippet and change their level of data access. The permissions model for SQL snippets has been fixed in Metabase versions 0.46.3, 0.45.4, 0.44.7, 1.46.3, 1.45.4, and 1.44.7. Users are advised to upgrade. Users unable to upgrade should ensure that SQL queries used to create sandboxes exclude SQL snippets. | 详情 |