360 网络安全响应中心 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
fb66abd7a3d6f14fee26094115b0cb07 | 2022-05-16 08:37:44 ![]() |
安全事件周报 (05.09-05.16) | 详情 | |
f2f40e27fe16636b0d782bbb2b255af3 | 2022-05-11 07:04:18 | 2022-05 补丁日:微软多个漏洞安全更新通告 | 详情 | |
936cf72cc38fb6e1679e4f30124016d5 | 2022-05-09 06:18:57 | 安全事件周报 (04.25-05.08) | 详情 | |
10191c5c70179ec2e0a6487b13389bef | CVE-2022-1388 | 2022-05-06 07:09:23 | CVE-2022-1388:F5 BIG-IP iControl REST身份验证绕过漏洞 | 详情 |
e2a962f9ffebd7d5a97382cd030ba8d2 | CVE-2022-24706 | 2022-04-27 09:24:38 | CVE-2022-24706:Apache CouchDB 远程代码执行漏洞通告 | 详情 |
42f7b238e3fcf3ff6591aece7b0693da | 2022-04-25 08:24:24 | 安全事件周报 (04.18-04.24) | 详情 | |
794b588b98e3c8865de32c3b6fa6f8bd | CVE-2022-0540 | 2022-04-21 07:45:57 | CVE-2022-0540:Jira 身份验证绕过漏洞风险通告 | 详情 |
6269f651513b7b6a74ce8e6b15a6cb40 | CVE-2022-0540 | 2022-04-21 07:15:38 | CVE-2022-0540:Jira 身份认证绕过漏洞风险通告 | 详情 |
7eb322a673ef3c0b19410bdc96ba293b | 2022-04-20 08:34:00 | 2022-04 补丁日: Oracle多个产品漏洞安全风险通告 | 详情 | |
976cf8c971c9110deb43a103d5871c8a | 2022-04-18 07:45:49 | 安全事件周报 (04.11-04.17) | 详情 | |
50e765bbe0968ff4c8d0119a3006a697 | CVE-2022-1364 | 2022-04-15 10:41:15 | CVE-2022-1364:Google Chrome V8类型混淆漏洞 | 详情 |
eb9f978360abd857f1444312ba91b859 | 2022-04-13 03:27:21 | 2022-04 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
b35a4f0535638825028460eb19b81973 | CVE-2021-31805 | 2022-04-13 02:19:24 | CVE-2021-31805:Apache Struts2远程代码执行漏洞通告 | 详情 |
6d56b9c4c8aa793989e3b840c3138cb9 | 2022-04-11 07:42:43 | 双平台挖矿僵尸网络Sysrv-hello加持新漏洞再度来袭 | 详情 | |
7f540b1dbbe25045f70683a01ea68166 | 2022-04-11 07:07:10 | 安全事件周报 (04-04 ~ 04-10) | 详情 | |
9c88cce7f283abbe0d2ca73f017c7cca | CVE-2022-1162 | 2022-04-07 09:40:36 | Gitlab 硬编码漏洞通告 | 详情 |
e7c1b670f81a9e6ec46db927363c7420 | 2022-04-06 08:50:12 | 安全事件周报 (03-28 ~ 04-03) | 详情 | |
e4765c9e52e2c09c66d06d82bc951934 | 2022-03-28 07:28:54 | 安全事件周报 (03.21-03.27) | 详情 | |
b480f0dcd7c82903d3098dcebc62ff77 | 2022-03-21 08:26:27 | 安全事件周报 (03.14-03.20) | 详情 | |
5f06340967a86f5719d30bb06786f218 | 2022-03-14 09:15:05 | 安全事件周报 (03.07-03.13) | 详情 | |
f92217cd078fa7deaa7c43c613c00070 | 2022-03-07 03:02:25 | 安全事件周报 (02.28-03.06) | 详情 | |
50321d22a99c8f9f1bedd33bce8924af | 2022-02-28 06:59:18 | 安全事件周报 (02.21-02.27) | 详情 | |
43000e60105fe6ae26efb80beb50a929 | 2022-02-21 05:32:27 | 安全事件周报 (02.14-02.20) | 详情 | |
de4fed4ad47b9fa9d4d01d97f02c10da | 2022-02-14 07:19:41 | 安全事件周报 (02.07-02.13) | 详情 | |
ba8b5777ff0c6bf791df681d82febe84 | CVE-2021-4034 | 2022-01-26 06:29:49 | Linux Polkit 权限提升漏洞通告 | 详情 |
2cf83319963ff4f2522e77a59d725257 | 2022-01-24 03:38:37 | 安全事件周报 (01.17-01.23) | 详情 | |
4002db1ad42f160666e73332e87be0d0 | 2022-01-20 09:02:00 | Apache Log4j多个安全漏洞通告 | 详情 | |
0dd2b4e54c1e7d58b6a543d5cd6168ce | 2022-01-04 09:42:59 | 安全事件周报 (12.27-01.02) | 详情 | |
1f4414b232828031852a1c0ccd0338a8 | CVE-2021-45232 | 2021-12-28 11:53:57 | Apache APISIX Dashboard 未授权访问漏洞通告 | 详情 |
7e8a20ef23aa18ec6a4d4db37ac4c3b2 | 2021-12-27 10:23:48 | 安全事件周报 (12.20-12.26) | 详情 |
Tenable (Nessus) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
94896b34c5887141e4185c163a56465f | CVE-2022-23670 | 2022-05-16 21:15:00 ![]() |
A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | 详情 |
8f3562663988a0da72b1de6771d723c6 | CVE-2022-23668 | 2022-05-16 21:15:00 ![]() |
A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability. | 详情 |
a04ae74cc3e0e77a234479981c0a4d36 | CVE-2022-23667 | 2022-05-16 21:15:00 ![]() |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | 详情 |
55ddc7b38e826c1cefb2c8c31528784d | CVE-2022-1587 | 2022-05-16 21:15:00 ![]() |
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. | 详情 |
fa4b1428ac75cc9f3c500d91c9fb1d63 | CVE-2022-1586 | 2022-05-16 21:15:00 ![]() |
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. | 详情 |
4925a87831b84d87d7f9d1efc8502982 | CVE-2022-23666 | 2022-05-16 20:15:00 ![]() |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | 详情 |
8fd3f7122fde39348655bef93122a3c1 | CVE-2022-23665 | 2022-05-16 20:15:00 ![]() |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | 详情 |
1d5a63efdf27db63a307e264c3976e3d | CVE-2022-23664 | 2022-05-16 20:15:00 ![]() |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | 详情 |
ddca93d780e0a88ee59260bcbac80798 | CVE-2022-23663 | 2022-05-16 20:15:00 ![]() |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | 详情 |
f6b7fe2f1c6d6b41d8653f865f639260 | CVE-2022-23662 | 2022-05-16 20:15:00 ![]() |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | 详情 |
d0be3bfd7740da432cee95c9b1d86563 | CVE-2022-1731 | 2022-05-16 19:15:00 ![]() |
Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist. | 详情 |
2bdbd9510c759708763041856f35945f | CVE-2022-30697 | 2022-05-16 18:15:00 ![]() |
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | 详情 |
2f0d9fd23063bec037f6c7cd10049edf | CVE-2022-30696 | 2022-05-16 18:15:00 ![]() |
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | 详情 |
75e5e4fcd3ff625106b3bfbf07998327 | CVE-2022-30695 | 2022-05-16 18:15:00 ![]() |
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | 详情 |
ced15df56382f0cec12a031478c55e1d | CVE-2022-1679 | 2022-05-16 18:15:00 ![]() |
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 详情 |
4e771d849475a8007aa2d1d9fbcfa704 | CVE-2021-33025 | 2022-05-16 18:15:00 ![]() |
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges. | 详情 |
bcbc2470026f72e2ab354a8f6fea99c4 | CVE-2021-33021 | 2022-05-16 18:15:00 ![]() |
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code. | 详情 |
15ab4edcde95129d2c4f911101848809 | CVE-2021-33001 | 2022-05-16 18:15:00 ![]() |
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code. | 详情 |
615d74a63d72a3db74be46fa42943ac7 | CVE-2021-27446 | 2022-05-16 18:15:00 ![]() |
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. | 详情 |
0a410a09d0158053a70c91e767810a0c | CVE-2021-27444 | 2022-05-16 18:15:00 ![]() |
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator. | 详情 |
2bef942578e6cd031d747d812d8eed48 | CVE-2022-30126 | 2022-05-16 17:15:00 ![]() |
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0 | 详情 |
a507f15a3e2b53f61b82d1e1f0808233 | CVE-2022-30055 | 2022-05-16 17:15:00 ![]() |
Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. | 详情 |
e190fd95875a4147eed8d703ee1d243a | CVE-2022-30050 | 2022-05-16 17:15:00 ![]() |
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. | 详情 |
3a16e56a1ce9665ca808fade3f032fc3 | CVE-2022-25169 | 2022-05-16 17:15:00 ![]() |
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. | 详情 |
0452db2a9512e53e649be373445e51a8 | CVE-2021-23267 | 2022-05-16 17:15:00 ![]() |
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods. | 详情 |
fd1a95c7476462a66e8feaaeb2adc7c4 | CVE-2021-23266 | 2022-05-16 17:15:00 ![]() |
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator. | 详情 |
7e263655a39870dd3cc44c50af70a130 | CVE-2021-23265 | 2022-05-16 17:15:00 ![]() |
A logged-in and authenticated user with a Reviewer Role may lock a content item. | 详情 |
1e432f4f0a57858cdab9f033ee7f88af | CVE-2021-33318 | 2022-05-16 16:15:00 ![]() |
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets. | 详情 |
611c22e5343c53c3174f4e3c01367b04 | CVE-2022-30523 | 2022-05-16 15:15:00 ![]() |
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. | 详情 |
a929aee2a5455d9128a1870df7e814a7 | CVE-2022-1728 | 2022-05-16 15:15:00 ![]() |
Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | 详情 |
国家信息安全漏洞共享平台(CNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
8686fda9b2b49e4e1666b54e2248f935 | CNVD-2021-74882 | 2021-11-14 16:43:52 | 四创科技有限公司建站系统存在SQL注入漏洞 | 详情 |
8f6972d84ad188b05ff9cc14d4334949 | CNVD-2021-87021 (CVE-2020-4690) | 2021-11-12 12:43:14 | IBM Security Guardium硬编码凭证漏洞 | 详情 |
3bfe7b053a0c59d8a3d38c18f86aa143 | CNVD-2021-87022 (CVE-2021-38870) | 2021-11-12 12:43:12 | IBM Aspera跨站脚本漏洞 | 详情 |
a4649bb17f4db4d1c7f879ebceb46ed0 | CNVD-2021-87011 (CVE-2021-29753) | 2021-11-12 12:43:11 | IBM Business Automation Workflow存在未明漏洞 | 详情 |
094c613f9ed4b8b9d887dc912789043c | CNVD-2021-87025 (CVE-2021-20563) | 2021-11-12 12:43:10 | IBM Sterling File Gateway信息泄露漏洞 | 详情 |
41c47f01a4c65dcb6efc9ebf483fe762 | CNVD-2021-87010 (CVE-2021-38887) | 2021-11-12 12:43:08 | IBM InfoSphere Information Server信息泄露漏洞 | 详情 |
f51d33e7a09fd61ca90ede453515a830 | CNVD-2021-87016 (CVE-2021-29764) | 2021-11-12 12:43:07 | IBM Sterling B2B Integrator跨站脚本漏洞 | 详情 |
33615a5f78df822e82e6d3436045c48c | CNVD-2021-87026 (CVE-2021-38877) | 2021-11-12 12:43:06 | IBM Jazz for Service Management跨站脚本漏洞 | 详情 |
8e729177bcb4105dd831fb1e123ed1bb | CNVD-2021-87014 (CVE-2021-29679) | 2021-11-12 12:43:04 | IBM Cognos Analytics远程代码执行漏洞 | 详情 |
1a3b856f78e9fbdca12aeddc7d665aca | CNVD-2021-87029 (CVE-2021-29752) | 2021-11-12 12:43:03 | IBM Db2信息泄露漏洞 | 详情 |
6f1aa3a0cb819d97519baa47fd0232d5 | CNVD-2021-87015 (CVE-2021-29745) | 2021-11-12 12:43:02 | IBM Cognos Analytics权限提升漏洞 | 详情 |
cbcb12f5f51d6e7d6d8a9fa581aa863a | CNVD-2021-73908 | 2021-11-11 16:42:44 | 泛微e-cology存在SQL注入漏洞 | 详情 |
ae6fd467da55de31aa7219187cf5c2d4 | CNVD-2021-86904 (CVE-2021-20351) | 2021-11-11 08:31:46 | IBM Engineering跨站脚本漏洞 | 详情 |
412a15b40959ed9cf9330ee79f99e079 | CNVD-2021-86903 (CVE-2021-31173) | 2021-11-11 08:31:44 | Microsoft SharePoint Server信息泄露漏洞 | 详情 |
1cbc5d5faac431d3e82c9e5ea9588b5f | CNVD-2021-86902 (CVE-2021-31172) | 2021-11-11 08:31:43 | Microsoft SharePoint欺骗漏洞 | 详情 |
686c7cfb20933b41c3d679cbba79a2ad | CNVD-2021-86901 (CVE-2021-31181) | 2021-11-11 08:31:42 | Microsoft SharePoint远程代码执行漏洞 | 详情 |
72fdfb2d44c0d41d638e4632bdfc10b8 | CNVD-2021-86900 (CVE-2021-3561) | 2021-11-11 08:31:41 | fig2dev缓冲区溢出漏洞 | 详情 |
3ba6f0e9394f9414e2cadb9495e2d5f5 | CNVD-2021-85884 (CVE-2021-41210) | 2021-11-10 07:24:57 | Google TensorFlow堆分配数组越界读取漏洞 | 详情 |
4d8c4744ea972fb2fcb9673fea1fc7b7 | CNVD-2021-85883 (CVE-2021-41226) | 2021-11-10 07:24:56 | Google TensorFlow堆越界访问漏洞 | 详情 |
8778f9cd924cae585ca5e2e0b8be3b3f | CNVD-2021-85882 (CVE-2021-41224) | 2021-11-10 07:24:54 | Google TensorFlow堆越界访问漏洞 | 详情 |
e1b2722e6d5c509c680b584416d9cb20 | CNVD-2021-85881 (CVE-2021-42770) | 2021-11-10 07:24:53 | OPNsense跨站脚本漏洞 | 详情 |
ed09c9fa5586e2d4d9b4e95fe3b447a0 | CNVD-2021-85880 (CVE-2021-28024) | 2021-11-10 07:24:52 | ServiceTonic访问控制不当漏洞 | 详情 |
8a642f0922f7f915e81b2b947276a96c | CNVD-2021-85879 (CVE-2021-28023) | 2021-11-10 07:24:50 | ServiceTonic任意文件上传漏洞 | 详情 |
c00b061c2cfdee4016a869a188135db5 | CNVD-2021-85878 (CVE-2021-28022) | 2021-11-10 07:24:49 | ServiceTonic SQL注入漏洞 | 详情 |
9c4b20a28ad2bd4ab916448f0e1272bd | CNVD-2021-85877 (CVE-2021-32483) | 2021-11-10 07:24:48 | Cloudera Manager不正确访问控制漏洞 | 详情 |
4d4423857b7b1f38e49738f00e8949ba | CNVD-2021-85876 (CVE-2021-32481) | 2021-11-10 07:24:46 | Cloudera Hue跨站脚本漏洞 | 详情 |
6b12b7fc216d603e8e07351603851c86 | CNVD-2021-85875 (CVE-2021-29994) | 2021-11-10 07:24:45 | Cloudera Hue跨站脚本漏洞 | 详情 |
72894fb3a3538de240d2f6810aae63c9 | CNVD-2021-85892 (CVE-2021-42701) | 2021-11-10 02:38:27 | DAQFactory中间人攻击漏洞 | 详情 |
94a1f99a64ba24540cc1594d0a0b3152 | CNVD-2021-85893 (CVE-2021-42699) | 2021-11-10 02:38:26 | DAQFactory明文传输漏洞 | 详情 |
5d9bac33be8f2f88391f6de02fb89c73 | CNVD-2021-85894 (CVE-2021-42698) | 2021-11-10 02:38:24 | DAQFactory反序列化漏洞 | 详情 |
国家信息安全漏洞库(CNNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
e9031064656557f94b39821ee85bc8b2 | CNNVD-202205-3358 (CVE-2022-30708) | 2022-05-15 13:00:25 | Webmin 安全漏洞 | 详情 |
9a9598eac1240e93b2b09b3cfb7eb6ab | CNNVD-202205-3359 (CVE-2021-41965) | 2022-05-15 13:00:23 | ChurchCRM 安全漏洞 | 详情 |
7f3d9e4c2ec8cfd1f32ef5846002e1d5 | CNNVD-202205-3360 (CVE-2022-30049) | 2022-05-15 13:00:20 | Rebuild 安全漏洞 | 详情 |
0da93c6706d4a3244b6d95a2f229da74 | CNNVD-202205-3361 (CVE-2022-28930) | 2022-05-15 13:00:18 | ERP-Pro 安全漏洞 | 详情 |
791077dbbb0ca7d057561dc20a9d7276 | CNNVD-202205-3362 (CVE-2022-28937) | 2022-05-15 13:00:16 | FISCO-BCOS 安全漏洞 | 详情 |
873cae1028bbba88080e1c747ec97573 | CNNVD-202205-3363 (CVE-2022-28936) | 2022-05-15 13:00:14 | FISCO-BCOS 安全漏洞 | 详情 |
7c8f057f218e4e7de07d2c887137216a | CNNVD-202205-3364 (CVE-2022-28929) | 2022-05-15 13:00:12 | Hospital Management System 安全漏洞 | 详情 |
3185a96c40f9185642811901d6807658 | CNNVD-202205-3355 (CVE-2022-24831) | 2022-05-14 13:00:32 | OpenClinica 安全漏洞 | 详情 |
fe819ab7ca5323c528ac83e5c22cf28f | CNNVD-202205-3356 (CVE-2022-24830) | 2022-05-14 13:00:29 | OpenClinica 安全漏洞 | 详情 |
194f8ed3432368f2a0825f6c26022d43 | CNNVD-202205-3357 (CVE-2022-1379) | 2022-05-14 13:00:27 | PlantUML 安全漏洞 | 详情 |
bf815624010308ad0445c8327f92a7f0 | CNNVD-202205-3199 (CVE-2022-27134) | 2022-05-12 13:05:55 | batdappboomx 安全漏洞 | 详情 |
42daa32f68c425409d38600998755ec6 | CNNVD-202205-3200 (CVE-2021-27768) | 2022-05-12 13:05:53 | HCL Technologies HCL Verse 安全漏洞 | 详情 |
401b8775759c48ff87c8ec9acc7e2a94 | CNNVD-202205-3201 (CVE-2021-27769) | 2022-05-12 13:05:50 | HCL Technologies HCL Sametime 安全漏洞 | 详情 |
dc6d78ca155c6ab7cc601bc446c69f57 | CNNVD-202205-3202 (CVE-2021-27770) | 2022-05-12 13:05:48 | HCL Technologies HCL Sametime 安全漏洞 | 详情 |
bbd6cfd6fa511f280010e5c4cf2f2484 | CNNVD-202205-3203 (CVE-2022-22393) | 2022-05-12 13:05:46 | IBM WebSphere Application Server Liberty 安全漏洞 | 详情 |
80d98d539046c0d8d9a57d3f9398c7ab | CNNVD-202205-3204 (CVE-2021-27771) | 2022-05-12 13:05:44 | HCL Technologies HCL Sametime 安全漏洞 | 详情 |
483076778ae0be58f7f33f595c5b30ed | CNNVD-202205-3205 (CVE-2021-27773) | 2022-05-12 13:05:41 | HCL Technologies HCL Sametime 安全漏洞 | 详情 |
39d0b964e3b572e7605d46f90f8659e0 | CNNVD-202205-3206 (CVE-2021-27777) | 2022-05-12 13:05:39 | HCL Technologies HCL Unica Platform 安全漏洞 | 详情 |
057ba693d98356ac31a105ff1f57a9fe | CNNVD-202205-3207 (CVE-2021-27772) | 2022-05-12 13:05:37 | HCL Technologies HCL Sametime 授权问题漏洞 | 详情 |
971b93fc45999699118042c2d69c0868 | CNNVD-202205-3208 (CVE-2022-30138) | 2022-05-12 13:05:35 | Microsoft Windows Print Spooler Components 缓冲区错误漏洞 | 详情 |
dde96d2d257309f9612d440e12e5f743 | CNNVD-202205-3042 (CVE-2022-21136) | 2022-05-12 13:00:23 | Intel Xeon Processors 安全漏洞 | 详情 |
2f6c33a0b9f9d17e2c6101f79487cbe4 | CNNVD-202205-3043 (CVE-2021-33135) | 2022-05-12 13:00:21 | Intel Software Guard Extensions(SGX) 安全漏洞 | 详情 |
828c04d94edcf2404babe7d3f8ae5949 | CNNVD-202205-3044 (CVE-2022-22139) | 2022-05-12 13:00:19 | Intel Extreme Tuning Utility 安全漏洞 | 详情 |
c79d6574d076e6be1badfa0748893b85 | CNNVD-202205-3045 (CVE-2021-33117) | 2022-05-12 13:00:17 | Intel 3rd Generation Xeon Scalable Processors 安全漏洞 | 详情 |
7b773f24b285bf05c9a05964f27b683d | CNNVD-202205-3046 (CVE-2022-21128) | 2022-05-12 13:00:15 | Intel Advisor software 安全漏洞 | 详情 |
f275ca480e8d715da2707db6795c0768 | CNNVD-202205-3047 (CVE-2022-21237) | 2022-05-12 13:00:12 | Intel NUC 安全漏洞 | 详情 |
bb42d1e3a5fd6d5de95e5aa01d1111a1 | CNNVD-202205-3048 (CVE-2022-24297) | 2022-05-12 13:00:10 | Intel NUC 安全漏洞 | 详情 |
746c5ea0cc6481f31062bfd784b958e7 | CNNVD-202205-3049 (CVE-2022-24382) | 2022-05-12 13:00:08 | Intel NUC 安全漏洞 | 详情 |
db6edc60d0c01815321c11cea2d571b2 | CNNVD-202205-3050 (CVE-2021-26258) | 2022-05-12 13:00:06 | Intel Killer Control Center 安全漏洞 | 详情 |
fd8faf922bee793861e362bbf186a317 | CNNVD-202205-3051 (CVE-2021-33130) | 2022-05-12 13:00:04 | Intel RealSense ID Solution F450 安全漏洞 | 详情 |
奇安信 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
6bd01daffa85191c80698354fc8e252f | wt | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 | |
f749eac58b87d0954f0e4a84b5d67057 | CVE-2020-1350 | 2020-07-15 15:57:00 | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 |
90b93cb7073fe73b17746ac166a09637 | CVE-2020-6819, CVE-2020-6820 | 2020-04-08 10:34:35 | QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 | 详情 |
e318a5efa4803b50cdef480b90b1784d | 2020-03-25 13:58:51 | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
cffc3035f7899495cfeae521451f91b2 | CVE-2020-0796 | 2020-03-12 10:32:09 | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 |
3e6175d47d17c6f94bd9ba10d81c3717 | CVE-2020-0674 | 2020-03-02 14:52:46 | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 |
d99d073afb7d248a8a62fb068921997f | CVE-2020-0601 | 2020-01-15 14:11:41 | QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 | 详情 |
b7b45b14a3af1225ef6eec72d74964df | CVE-2019-1367 | 2019-09-25 17:23:00 | QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 | 详情 |
504fc79f0123db109a11b149c334b75c | CVE-2019-0708 | 2019-09-09 10:20:47 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
5b727692d583d4a6e7cdb0f670eac12a | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 | 2019-08-14 11:09:05 | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 |
54b48d765fccbc8dcfa3de0920459f8d | CVE-2019-11707 | 2019-06-19 16:53:47 | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 |
5b4d5fea09fbc2dca45be53f162d39de | CVE-2019-0708 | 2019-05-31 17:03:19 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
安全客 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
03afa8b4eaf4a0160784152fca5465b2 | CVE-2021-27308 | 2021-07-11 14:22:05 | 4images 跨站脚本漏洞 | 详情 |
8b0ace4c54a7fc20a99d21e294152a99 | CVE-2020-15261 | 2021-07-11 14:22:05 | Veyon Service 安全漏洞 | 详情 |
d4f12de949590ab346b61986a29d8b4d | CVE-2021-35039 | 2021-07-09 17:30:13 | Linux kernel 安全漏洞 | 详情 |
f790e7ef3b5de3774d42ee32b9b10c01 | CVE-2021-34626 | 2021-07-09 17:30:13 | WordPress 访问控制错误漏洞 | 详情 |
71bf261eb2113d5ff870ab9bafd29f55 | CVE-2021-25952 | 2021-07-09 17:30:13 | just-safe-set 安全漏洞 | 详情 |
152793cbc104933584f5f227606f433d | CVE-2021-0597 | 2021-07-09 17:30:13 | Google Android 信息泄露漏洞 | 详情 |
75f153c327984fdfdd2d9c463a91371d | CVE-2021-34430 | 2021-07-09 17:30:13 | Eclipse TinyDTLS 安全特征问题漏洞 | 详情 |
9610336f1a41241cc8edea22a2780ec5 | CVE-2021-3638 | 2021-07-09 17:30:13 | QEMU 安全漏洞 | 详情 |
92fe450ae5c5dfa48072aca79d64ba63 | CVE-2021-34614 | 2021-07-09 14:24:32 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
680a4218fc32922746717210664a3d62 | CVE-2021-22144 | 2021-07-09 13:28:16 | Elasticsearch 安全漏洞 | 详情 |
373930f669f2c1f7b61101a925304779 | CVE-2021-24022 | 2021-07-09 13:28:16 | Fortinet FortiManager 安全漏洞 | 详情 |
8556f9cd0699f88c1f6cca9a43463bdd | CVE-2021-33012 | 2021-07-09 13:28:16 | Allen Bradley Micrologix 1100输入验证错误漏洞 | 详情 |
480ae713cc88cc0985e1ebc079974d83 | CVE-2021-0592 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8ef4dbefa6604ea2312621401c3ec0b9 | CVE-2021-1598 | 2021-07-09 13:28:16 | Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 | 详情 |
d6e8714c32df7a0dcc2f3910ec68b42d | CVE-2021-20782 | 2021-07-09 13:28:16 | Software License Manager 跨站请求伪造漏洞 | 详情 |
4e60b22611b8bb0fd7e532896498af29 | CVE-2021-20781 | 2021-07-09 13:28:16 | WordPress 跨站请求伪造漏洞 | 详情 |
5ca48ad58fb499c069ae0800c3b39875 | CVE-2021-32961 | 2021-07-09 13:28:16 | MDT AutoSave代码问题漏洞 | 详情 |
2ed854890b43f08e52340a1e8fe6d39f | CVE-2021-0577 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8d63110e1475bbd245715b2ee1824d13 | CVE-2021-31816 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
72bef2ae2f5db7dd066e1cdefa618dc5 | CVE-2021-31817 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
1f7369b2609dbd2cd40d091f7de540cd | CVE-2020-20217 | 2021-07-09 13:28:16 | Mikrotik RouterOs 安全漏洞 | 详情 |
1793176eecc5813c3348f026dc9909c9 | CVE-2020-28598 | 2021-07-09 13:28:16 | PrusaSlicer 安全漏洞 | 详情 |
7f4cf34ceb545548dcfcc3c0e7120268 | CVE-2021-32945 | 2021-07-09 13:28:16 | MDT AutoSave加密问题漏洞 | 详情 |
58553eb00d6e3e83b633f09464c4e98a | CVE-2021-29712 | 2021-07-09 13:28:16 | IBM InfoSphere Information Server 跨站脚本漏洞 | 详情 |
d8e27ec42fb0b89998fcc006f49b249b | CVE-2021-25432 | 2021-07-09 13:28:16 | Samsung Members 信息泄露漏洞 | 详情 |
8f2adc6c247725bf2eb7f53256c93ea7 | CVE-2021-25433 | 2021-07-09 13:28:16 | Samsung Tizen安全漏洞 | 详情 |
8f949676124339eb6f64f9c607af5470 | CVE-2021-25431 | 2021-07-09 13:28:16 | Samsung Mobile Device Cameralyzer 访问控制错误漏洞 | 详情 |
069818a8958f9c158fcb0956ee32fc03 | CVE-2021-25434 | 2021-07-09 13:28:16 | Samsung Tizen 代码注入漏洞 | 详情 |
55b9126220b9722ff5d730d3996877e9 | CVE-2021-32949 | 2021-07-09 13:28:16 | MDT AutoSave 路径遍历漏洞 | 详情 |
ebab009fffdee3d360dcdff74b0ed061 | CVE-2021-25435 | 2021-07-09 13:28:16 | Samsung Tizen代码注入漏洞 | 详情 |
斗象 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
945fd6e612634d9721f861833f1ecb75 | CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 | 2022-05-11 03:45:48 | 微软2022年5月补丁日漏洞通告 | 详情 |
e2938ff82d0cc152508e0240697def4c | CVE-2022-1388 | 2022-05-06 05:53:04 | F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) | 详情 |
bcf7253d2ee580c618737de137d370c4 | CVE-2022-29464 | 2022-04-22 02:21:17 | WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) | 详情 |
07c09799b08afb04c63a9de750b70aca | CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 | 2022-04-13 07:51:00 | 微软2022年4月补丁日漏洞通告 | 详情 |
f5b543501ed5679d423411edac502e24 | CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 | 2022-04-08 03:49:31 | VMware 产品多个高危漏洞通告 | 详情 |
f421bcdb306e2bc1ffbf58fcb024a0dd | 2022-03-29 17:11:30 | Spring 框架远程代码执行漏洞 | 详情 | |
0473358d95e58c7c3f2e7db0109f56f4 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 | |
a888c948ca1172f8a06a3879479f1de4 | CVE-2022-22965 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 |
71ed541bb737196268b75c7ba435e1a9 | 2022-03-28 04:57:30 | Spring Cloud Function SpEL表达式注入漏洞 | 详情 | |
f7a5dcd376be777c6593a29b8ebd411a | CVE-2022-0778 | 2022-03-18 07:09:22 | OpenSSL拒绝服务漏洞(CVE-2022-0778) | 详情 |
6c4124fed44906a79843cd2dd383c695 | CVE-2022-0847 | 2022-03-15 03:32:03 | Linux Kernel本地提权漏洞(CVE-2022-0847) | 详情 |
a2795e4829bff16f108cf191eba663c3 | CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 | 2022-03-11 02:14:56 | 微软2022年3月补丁日漏洞通告 | 详情 |
d09f0641bf65c64a16d802cd78e14097 | CVE-2022-0847 | 2022-03-08 08:23:08 | Linux 内核本地提权漏洞(CVE-2022-0847) | 详情 |
69052e2a8c09416f5df674f92cba25a6 | CVE-2022-22947 | 2022-03-02 11:42:55 | Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) | 详情 |
5f42b6f584a9ace426787dc8dfd6e6e5 | 2022-02-16 10:44:18 | 向日葵远程命令执行漏洞(CNVD-2022-10270) | 详情 | |
79556071f6236ab4674f75b3beee4d79 | CVE-2022-24112 | 2022-02-11 06:13:35 | Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) | 详情 |
485f2c57713f4a39830e8c2d01e43cfe | CVE-2021-4034 | 2022-01-26 06:19:16 | Linux Polkit 权限提升漏洞(CVE-2021-4034) | 详情 |
0aa6eab412c0318b74c6a470ee774df1 | CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 | 2022-01-12 03:44:50 | 微软2022年1月补丁日漏洞通告 | 详情 |
88a8c676b52a739c0335d7c21ca810a9 | 2022-01-06 08:19:17 | MeterSphere 远程代码执行漏洞 | 详情 | |
9cd742f4839806e40f42c6e7ea492590 | 2021-12-28 10:31:16 | APISIX Dashboard 未授权访问漏洞风险通告(CVE-2021-45232) | 详情 | |
76cad61d2d5a8750a6a714ab2c6dbc97 | CVE-2021-45232 | 2021-12-28 10:31:16 | Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) | 详情 |
af4f5f63390eb00de8705b5029d8c376 | CVE-2021-44228, CVE-2021-45046 | 2021-12-14 01:56:52 | Apache Log4j 远程代码执行漏洞 | 详情 |
43456ae172e45c12087c40c03d925e0e | CVE-2021-44228 | 2021-12-11 03:21:34 | Apache Log4j 远程代码执行漏洞 | 详情 |
392b133d98d6f61aee36ce6c8784f4df | 2021-12-09 15:20:54 | Apache Log4j 远程代码执行漏洞 | 详情 | |
1e193280a8f45427c06cb4945be4f126 | 2021-12-07 06:48:55 | Grafana 任意文件读取漏洞 | 详情 | |
1911c90c4cf886d9867ff81b4756eb3f | 2021-12-02 06:37:58 | VMware vCenter 服务端请求伪造漏洞 | 详情 | |
45a46bc77eb26e67020f43cf08f1fcc6 | CVE-2021-21980, CVE-2021-22049 | 2021-11-26 03:52:06 | VMware vCenter Server多个高危漏洞通告 | 详情 |
c1d2650c12cb12d9ee21f53d0f087be8 | CVE-2021-42321, CVE-2021-42292, CVE-2021-38666 | 2021-11-10 12:03:45 | 微软2021年11月补丁日漏洞通告 | 详情 |
6b34ab872bd97043b7699554194da23f | CVE-2021-22205 | 2021-11-02 03:38:34 | GitLab CE/EE远程代码执行漏洞(CVE-2021-22205) | 详情 |
a418a10f7f4a1694a2293e895b24de6a | CVE-2021-35617, CVE-2021-35620 | 2021-10-20 03:07:34 | Oracle WebLogic 多个高危漏洞通告 | 详情 |
红后 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
0ca9df374bdd9d708980985e6cccf1f4 | CVE-2022-28163 | 2022-05-16 20:24:23 ![]() |
Broadcom Brocade SANnav SQL注入漏洞 | 详情 |
4b24083c1187822dae0067680238de39 | CVE-2022-23205 | 2022-05-16 20:24:19 ![]() |
Adobe Photoshop 缓冲区错误漏洞 | 详情 |
2da2e34790b5303aa37a499a3e9471dc | CVE-2022-24105 | 2022-05-16 20:24:14 ![]() |
Adobe Photoshop 缓冲区错误漏洞 | 详情 |
35eb54bf3f46c47f650fbd88890921e4 | CVE-2022-28270 | 2022-05-16 20:24:10 ![]() |
Adobe Photoshop 缓冲区错误漏洞 | 详情 |
406a2f76e9aaa883568c2ca1c575d83c | CVE-2022-27183 | 2022-05-16 20:24:05 ![]() |
Splunk Enterprise 安全漏洞 | 详情 |
628f7b7550308ce9ec2f3bcd5720bfda | CVE-2022-28274 | 2022-05-16 20:24:01 ![]() |
Adobe Photoshop 缓冲区错误漏洞 | 详情 |
2385f765f86d39a2768ef367996b2ccf | CVE-2022-24099 | 2022-05-16 20:23:56 ![]() |
Adobe Photoshop 缓冲区错误漏洞 | 详情 |
926e11a8f72c86bbee4b44a402d29098 | CVE-2022-28277 | 2022-05-16 20:23:52 ![]() |
Adobe Photoshop 缓冲区错误漏洞 | 详情 |
0aa0a1052f9f1989e3d323f63e06f123 | CVE-2022-27784 | 2022-05-16 20:23:47 ![]() |
Adobe After Effects 安全漏洞 | 详情 |
58f240709a5301b53e923781184b23dd | CVE-2022-29340 | 2022-05-16 20:23:43 ![]() |
GPAC 安全漏洞 | 详情 |
fd2998b692effee6aea2d9dc1eddafa6 | CVE-2022-29940 | 2022-05-15 20:30:32 | LibreHealth EHR 跨站脚本漏洞 | 详情 |
5a8c41803c501f42689bc42acbd48d26 | CVE-2022-27634 | 2022-05-15 20:30:27 | F5 BIG-IP APM 输入验证错误漏洞 | 详情 |
c46ecd9195b5fff4bcba016c3652f415 | CVE-2022-28695 | 2022-05-15 20:30:23 | F5 BIG-IP AFM 代码问题漏洞 | 详情 |
5f636af20df90aaa375dfb70a747f5ee | CVE-2022-28706 | 2022-05-15 20:30:18 | F5 BIG-IP 代码问题漏洞 | 详情 |
157af27a988948dbf0ffa787b604f1bc | CVE-2022-29263 | 2022-05-15 20:30:13 | F5 BIG-IP APM 安全漏洞 | 详情 |
22efe9bdf901924fa3879095083a2fd2 | CVE-2022-29479 | 2022-05-15 20:30:08 | F5 BIG-IP 输入验证错误漏洞 | 详情 |
26276f4f3b8542abd2097a7b81073b59 | CVE-2022-29938 | 2022-05-15 20:30:03 | LibreHealth EHR SQL注入漏洞 | 详情 |
6182aef4a0eade163816e613fcdb7d3f | CVE-2022-29500 | 2022-05-15 20:30:03 | SchedMD Slurm 访问控制错误漏洞 | 详情 |
0773493868387e3e3d05dfde4f14e036 | CVE-2022-28508 | 2022-05-15 20:29:52 | MantisBT 跨站脚本漏洞 | 详情 |
8397f5a3245c9d88b8a9e7d3a5737675 | CVE-2022-20734 | 2022-05-14 20:19:45 | Cisco SD-WAN vManage Software 信息泄露漏洞 | 详情 |
11531f19ffa6d912e8aca1cb448955ce | CVE-2022-20777 | 2022-05-14 20:19:41 | Cisco Enterprise NFV Infrastructure Software 权限许可和访问控制问题漏洞 | 详情 |
07c4516fadb7df967132e74d45500a1e | CVE-2022-20794 | 2022-05-14 20:19:36 | Cisco RoomOS Software和Cisco TelePresence Collaboration Endpoint Software 输入验证错误漏洞 | 详情 |
5678b482095fe2c817c8f70ce6621ce8 | CVE-2022-1584 | 2022-05-14 20:19:32 | Microweber 跨站脚本漏洞 | 详情 |
11c0b54c54cc825a6fa663d01a712e4e | CVE-2022-20753 | 2022-05-14 20:19:28 | Cisco Small Business RV Series Routers 缓冲区错误漏洞 | 详情 |
44d436a0fc5b246091bdcde9a0a95bac | CVE-2022-20779 | 2022-05-14 20:19:19 | Cisco Enterprise NFV Infrastructure Software 输入验证错误漏洞 | 详情 |
adbf9a0046f4e9b3929a5c1e786951e5 | CVE-2022-0882 | 2022-05-14 20:19:15 | Fuchsia kernel 信息泄露漏洞 | 详情 |
ad34ba4bb1a8c8d105419e1d9ee21591 | CVE-2022-20799 | 2022-05-14 20:19:11 | Cisco Small Business RV Series Routers 命令注入漏洞 | 详情 |
8b618051ed64fbcd178e736b0a41e0ec | CVE-2021-41959 | 2022-05-13 20:11:59 | JerryScript Git 安全漏洞 | 详情 |
15f2aaa220d9a5fb008fcbb44f0e617d | CVE-2021-22573 | 2022-05-13 20:11:55 | Google google-oauth-java-client 数据伪造问题漏洞 | 详情 |
27a967b55ae00f205af9f27f3f97e4ef | CVE-2022-28589 | 2022-05-13 20:11:46 | Pixelimity 跨站脚本漏洞 | 详情 |
绿盟 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
1bb144b106695a199028c515870431e7 | CVE-2021-39987 | 2022-05-13 09:31:33 | Huawei HarmonyOS数据处理错误漏洞 | 详情 |
854b330aba7d9897b2dab78755cfdeba | CVE-2021-39980 | 2022-05-13 09:31:33 | Huawei HarmonyOS信息泄露漏洞 | 详情 |
be2ae238304f09b07497169d12fe7475 | CVE-2021-39973 | 2022-05-13 09:31:33 | Huawei HarmonyOS空指针解引用漏洞 | 详情 |
aefb064eeac2a02a08988eafbc31d792 | CVE-2021-39967 | 2022-05-13 09:31:33 | Huawei HarmonyOS默认权限错误漏洞 | 详情 |
e6e00bef61bce9242260f392664ba64b | CVE-2021-37128 | 2022-05-13 09:31:33 | Huawei HarmonyOS路径遍历漏洞 | 详情 |
8cdbd17b507e0a77f3f3fc4e9afcbdeb | CVE-2021-37118 | 2022-05-13 09:31:33 | Huawei HarmonyOS异常情况处理错误漏洞 | 详情 |
92912ac05802f49ccdf3fff980365a9d | CVE-2021-37111 | 2022-05-13 09:31:33 | Huawei HarmonyOS内存泄露漏洞 | 详情 |
0703f77fd4a82b9ad805a168406a871f | CVE-2021-44392 | 2022-05-13 09:31:33 | Reolink Rlc-410W拒绝服务漏洞 | 详情 |
96386c6febdb600762cae7f53f8388e2 | CVE-2021-44386 | 2022-05-13 09:31:33 | Reolink Rlc-410W拒绝服务漏洞 | 详情 |
15173c65674f64262b5a1f2d9dd74dd0 | CVE-2021-44380 | 2022-05-13 09:31:33 | Reolink Rlc-410W拒绝服务漏洞 | 详情 |
c0bbd763abbe27a0b9bb3a78d85b770f | CVE-2021-44373 | 2022-05-13 09:31:33 | Reolink Rlc-410W拒绝服务漏洞 | 详情 |
7f77e6078b30b6f001de39445caf8943 | CVE-2021-44367 | 2022-05-13 09:31:33 | Reolink Rlc-410W拒绝服务漏洞 | 详情 |
1c257b653484dd698a535a4b264e1a9b | CVE-2021-44360 | 2022-05-13 09:31:33 | Reolink Rlc-410W拒绝服务漏洞 | 详情 |
8a9c56d69af1130f353d1d2e22c22fdd | CVE-2021-22825 | 2022-05-13 09:31:33 | Schneider Electric Rack PDU信息泄露漏洞 | 详情 |
5d988a931e3edf019ab4a04228a664d6 | CVE-2021-22816 | 2022-05-13 09:31:33 | Schneider Electric SCADAPack异常情况处理错误漏洞 | 详情 |
a3dd3abff7532117fb122a7884169302 | CVE-2022-30138 | 2022-05-13 04:17:22 | Microsoft Windows Print Spooler权限提升漏洞 | 详情 |
c36e78932701f499a52d9702d148f385 | CVE-2022-29972 | 2022-05-11 03:59:05 | Magnitude Simba Amazon Redshift ODBC Driver参数注入漏洞 | 详情 |
adbb2196ad1d2577d2d917c5830fcf1a | CVE-2022-29109 | 2022-05-11 03:59:05 | Microsoft Excel远程代码执行漏洞 | 详情 |
e17eb75b554dd90a92fa049f8b6d4c42 | CVE-2022-26936 | 2022-05-11 03:59:05 | Microsoft Windows Server Service信息泄露漏洞 | 详情 |
88b89004a72dd35bdc7a080102b0e853 | CVE-2022-22019 | 2022-05-11 03:59:05 | Microsoft Remote Procedure Call Runtime远程代码执行漏洞 | 详情 |
7cece90c6a3ddaf25d3759fe36bf8148 | CVE-2022-26939 | 2022-05-11 03:59:05 | Microsoft Storage Spaces Direct权限提升漏洞 | 详情 |
43ccd1a640a08a80cdb8a3cec298ca00 | CVE-2022-26932 | 2022-05-11 03:59:05 | Microsoft Storage Spaces Direct权限提升漏洞 | 详情 |
33f37cef79e40dd9f921cb6fff1757e0 | CVE-2022-22016 | 2022-05-11 03:59:05 | Microsoft Windows PlayToManager权限提升漏洞 | 详情 |
fcb4418a7018f7f38c93926b70007a43 | CVE-2022-29113 | 2022-05-11 03:59:05 | Microsoft Windows Digital Media Receiver权限提升漏洞 | 详情 |
dfe2b19f1e04fa675534f0ff9eeb11cb | CVE-2022-29105 | 2022-05-11 03:59:05 | Microsoft Windows Media Foundation远程代码执行漏洞 | 详情 |
fca2475eed7b78d0c21abb7a48604378 | CVE-2022-26937 | 2022-05-11 03:59:05 | Microsoft Windows Network File System远程代码执行漏洞 | 详情 |
b802ce4fb870ebc7dc55786adb90f452 | CVE-2022-26933 | 2022-05-11 03:59:05 | Microsoft Windows NTFS信息泄露漏洞 | 详情 |
f008f24f6dadb3bc5983a1931b061719 | CVE-2022-23270 | 2022-05-11 03:59:05 | Microsoft Point-to-Point Tunneling Protocol远程代码执行漏洞 | 详情 |
e2e57e1a0d4cde5d3f396660b79c801f | CVE-2022-21972 | 2022-05-11 03:59:05 | Microsoft Point-to-Point Tunneling Protocol远程代码执行漏洞 | 详情 |
5c69148f826ae3c59aeef197dd886b59 | CVE-2022-29110 | 2022-05-11 03:59:05 | Microsoft Excel远程代码执行漏洞 | 详情 |
美国国家漏洞数据库(NVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
2ed4ce7e5687cfdc1324ae7d65876a51 | CVE-2022-20011 | 2022-05-10 20:15:09 | In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128 | 详情 |
24c65cc8b5e43bf755ad1090d1836a3b | CVE-2022-20010 | 2022-05-10 20:15:09 | In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213519176 | 详情 |
b66af2a1565ecc13d5d44d81c17039fb | CVE-2022-1537 | 2022-05-10 14:15:08 | file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. | 详情 |
103768027988800851fb2e9cb336c8b4 | CVE-2021-36912 | 2022-05-06 17:15:08 | Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. | 详情 |
15d8f798edfaf84db456fda4c985a523 | CVE-2021-44056 | 2022-05-05 17:15:10 | An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later | 详情 |
efdbc7b3085f83cfd20621db6d7fe529 | CVE-2021-44055 | 2022-05-05 17:15:10 | An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later | 详情 |
6288afea6b033958afd178a75542291b | CVE-2021-44054 | 2022-05-05 17:15:10 | An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later | 详情 |
d410ac096a6eeb9a3b8ac611daf84c6f | CVE-2021-44053 | 2022-05-05 17:15:10 | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later | 详情 |
040c7b55aae96032f5f45fe2bc7d59f2 | CVE-2021-44052 | 2022-05-05 17:15:10 | An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later | 详情 |
7120c9abac173150a34a97c9be2066da | CVE-2021-44051 | 2022-05-05 17:15:10 | A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later | 详情 |
aaa9f63dcaeb0cf76845d5598e898c24 | CVE-2021-43547 | 2022-05-05 17:15:10 | TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. | 详情 |
b59b482d88cdcf23cdc1dfa1bb7f9e67 | CVE-2022-1516 | 2022-05-05 15:15:07 | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. | 详情 |
c95977f90645fc309f1e32e5d34b08e9 | CVE-2021-42242 | 2022-05-05 13:15:07 | A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. | 详情 |
ab23f24403326a0b3b79e83dde3f69b5 | CVE-2022-1575 | 2022-05-05 12:15:07 | Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app. | 详情 |
103e0eabd332fa8cbbf6c62515a4728f | CVE-2022-1592 | 2022-05-05 11:15:08 | Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss... | 详情 |
ef8e6e93b43043d98dd8ae4e015d29fa | CVE-2022-1584 | 2022-05-04 18:15:08 | Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim | 详情 |
28fa53c148f3ea4dc4295e060260474f | CVE-2022-20796 | 2022-05-04 17:15:08 | On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. | 详情 |
1262054da101d581651af79ad1aa70f8 | CVE-2022-20794 | 2022-05-04 17:15:08 | Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. | 详情 |
9bec2be1116379c705612f4ed1549489 | CVE-2022-20785 | 2022-05-04 17:15:08 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 详情 |
d7e3302f65fe961c0b329a6d7dddd86e | CVE-2022-20780 | 2022-05-04 17:15:08 | Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | 详情 |
fef950b3e83c8854de49004741aa45f1 | CVE-2022-20779 | 2022-05-04 17:15:08 | Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | 详情 |
203f7afd60231c95e8ebf4bc7ccbea93 | CVE-2022-20777 | 2022-05-04 17:15:08 | Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | 详情 |
88ea98c1deee7137c9cf765ce69368fa | CVE-2022-20771 | 2022-05-04 17:15:08 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 详情 |
b87828be6d4f02edc81c210c31f5788b | CVE-2022-20770 | 2022-05-04 17:15:08 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 详情 |
8ba52264ec01e255af9caa62ab2e9076 | CVE-2022-20764 | 2022-05-04 17:15:08 | Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. | 详情 |
a7961abe34124b6fbfc71a8506936a81 | CVE-2022-20753 | 2022-05-04 17:15:08 | A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. | 详情 |
e2b4961adda92421a3f257cac85bf04f | CVE-2022-20734 | 2022-05-04 17:15:08 | A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. | 详情 |
e54c1e96a36bd90e9c30852f0c969dc5 | CVE-2021-42235 | 2022-05-04 17:15:08 | SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. | 详情 |
2f8aefb94705ec21b8b126b6865df472 | CVE-2021-43206 | 2022-05-04 16:15:08 | A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. | 详情 |
3d13c2ede75621bde7c79e8e51108227 | CVE-2022-25783 | 2022-05-04 14:15:08 | Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7. | 详情 |