返回博客 | 威胁情报播报


360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL
fb66abd7a3d6f14fee26094115b0cb07 2022-05-16 08:37:44 安全事件周报 (05.09-05.16) 详情
f2f40e27fe16636b0d782bbb2b255af3 2022-05-11 07:04:18 2022-05 补丁日:微软多个漏洞安全更新通告 详情
936cf72cc38fb6e1679e4f30124016d5 2022-05-09 06:18:57 安全事件周报 (04.25-05.08) 详情
10191c5c70179ec2e0a6487b13389bef CVE-2022-1388 2022-05-06 07:09:23 CVE-2022-1388:F5 BIG-IP iControl REST身份验证绕过漏洞 详情
e2a962f9ffebd7d5a97382cd030ba8d2 CVE-2022-24706 2022-04-27 09:24:38 CVE-2022-24706:Apache CouchDB 远程代码执行漏洞通告 详情
42f7b238e3fcf3ff6591aece7b0693da 2022-04-25 08:24:24 安全事件周报 (04.18-04.24) 详情
794b588b98e3c8865de32c3b6fa6f8bd CVE-2022-0540 2022-04-21 07:45:57 CVE-2022-0540:Jira 身份验证绕过漏洞风险通告 详情
6269f651513b7b6a74ce8e6b15a6cb40 CVE-2022-0540 2022-04-21 07:15:38 CVE-2022-0540:Jira 身份认证绕过漏洞风险通告 详情
7eb322a673ef3c0b19410bdc96ba293b 2022-04-20 08:34:00 2022-04 补丁日: Oracle多个产品漏洞安全风险通告 详情
976cf8c971c9110deb43a103d5871c8a 2022-04-18 07:45:49 安全事件周报 (04.11-04.17) 详情
50e765bbe0968ff4c8d0119a3006a697 CVE-2022-1364 2022-04-15 10:41:15 CVE-2022-1364:Google Chrome V8类型混淆漏洞 详情
eb9f978360abd857f1444312ba91b859 2022-04-13 03:27:21 2022-04 补丁日: 微软多个漏洞安全更新通告 详情
b35a4f0535638825028460eb19b81973 CVE-2021-31805 2022-04-13 02:19:24 CVE-2021-31805:Apache Struts2远程代码执行漏洞通告 详情
6d56b9c4c8aa793989e3b840c3138cb9 2022-04-11 07:42:43 双平台挖矿僵尸网络Sysrv-hello加持新漏洞再度来袭 详情
7f540b1dbbe25045f70683a01ea68166 2022-04-11 07:07:10 安全事件周报 (04-04 ~ 04-10) 详情
9c88cce7f283abbe0d2ca73f017c7cca CVE-2022-1162 2022-04-07 09:40:36 Gitlab 硬编码漏洞通告 详情
e7c1b670f81a9e6ec46db927363c7420 2022-04-06 08:50:12 安全事件周报 (03-28 ~ 04-03) 详情
e4765c9e52e2c09c66d06d82bc951934 2022-03-28 07:28:54 安全事件周报 (03.21-03.27) 详情
b480f0dcd7c82903d3098dcebc62ff77 2022-03-21 08:26:27 安全事件周报 (03.14-03.20) 详情
5f06340967a86f5719d30bb06786f218 2022-03-14 09:15:05 安全事件周报 (03.07-03.13) 详情
f92217cd078fa7deaa7c43c613c00070 2022-03-07 03:02:25 安全事件周报 (02.28-03.06) 详情
50321d22a99c8f9f1bedd33bce8924af 2022-02-28 06:59:18 安全事件周报 (02.21-02.27) 详情
43000e60105fe6ae26efb80beb50a929 2022-02-21 05:32:27 安全事件周报 (02.14-02.20) 详情
de4fed4ad47b9fa9d4d01d97f02c10da 2022-02-14 07:19:41 安全事件周报 (02.07-02.13) 详情
ba8b5777ff0c6bf791df681d82febe84 CVE-2021-4034 2022-01-26 06:29:49 Linux Polkit 权限提升漏洞通告 详情
2cf83319963ff4f2522e77a59d725257 2022-01-24 03:38:37 安全事件周报 (01.17-01.23) 详情
4002db1ad42f160666e73332e87be0d0 2022-01-20 09:02:00 Apache Log4j多个安全漏洞通告 详情
0dd2b4e54c1e7d58b6a543d5cd6168ce 2022-01-04 09:42:59 安全事件周报 (12.27-01.02) 详情
1f4414b232828031852a1c0ccd0338a8 CVE-2021-45232 2021-12-28 11:53:57 Apache APISIX Dashboard 未授权访问漏洞通告 详情
7e8a20ef23aa18ec6a4d4db37ac4c3b2 2021-12-27 10:23:48 安全事件周报 (12.20-12.26) 详情

Tenable (Nessus) [TOP 30] CVES TIME TITLE URL
94896b34c5887141e4185c163a56465f CVE-2022-23670 2022-05-16 21:15:00 A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 详情
8f3562663988a0da72b1de6771d723c6 CVE-2022-23668 2022-05-16 21:15:00 A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability. 详情
a04ae74cc3e0e77a234479981c0a4d36 CVE-2022-23667 2022-05-16 21:15:00 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 详情
55ddc7b38e826c1cefb2c8c31528784d CVE-2022-1587 2022-05-16 21:15:00 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. 详情
fa4b1428ac75cc9f3c500d91c9fb1d63 CVE-2022-1586 2022-05-16 21:15:00 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. 详情
4925a87831b84d87d7f9d1efc8502982 CVE-2022-23666 2022-05-16 20:15:00 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 详情
8fd3f7122fde39348655bef93122a3c1 CVE-2022-23665 2022-05-16 20:15:00 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 详情
1d5a63efdf27db63a307e264c3976e3d CVE-2022-23664 2022-05-16 20:15:00 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 详情
ddca93d780e0a88ee59260bcbac80798 CVE-2022-23663 2022-05-16 20:15:00 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 详情
f6b7fe2f1c6d6b41d8653f865f639260 CVE-2022-23662 2022-05-16 20:15:00 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 详情
d0be3bfd7740da432cee95c9b1d86563 CVE-2022-1731 2022-05-16 19:15:00 Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist. 详情
2bdbd9510c759708763041856f35945f CVE-2022-30697 2022-05-16 18:15:00 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 详情
2f0d9fd23063bec037f6c7cd10049edf CVE-2022-30696 2022-05-16 18:15:00 Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 详情
75e5e4fcd3ff625106b3bfbf07998327 CVE-2022-30695 2022-05-16 18:15:00 Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 详情
ced15df56382f0cec12a031478c55e1d CVE-2022-1679 2022-05-16 18:15:00 A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. 详情
4e771d849475a8007aa2d1d9fbcfa704 CVE-2021-33025 2022-05-16 18:15:00 xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges. 详情
bcbc2470026f72e2ab354a8f6fea99c4 CVE-2021-33021 2022-05-16 18:15:00 xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code. 详情
15ab4edcde95129d2c4f911101848809 CVE-2021-33001 2022-05-16 18:15:00 xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code. 详情
615d74a63d72a3db74be46fa42943ac7 CVE-2021-27446 2022-05-16 18:15:00 The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. 详情
0a410a09d0158053a70c91e767810a0c CVE-2021-27444 2022-05-16 18:15:00 The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator. 详情
2bef942578e6cd031d747d812d8eed48 CVE-2022-30126 2022-05-16 17:15:00 In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0 详情
a507f15a3e2b53f61b82d1e1f0808233 CVE-2022-30055 2022-05-16 17:15:00 Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. 详情
e190fd95875a4147eed8d703ee1d243a CVE-2022-30050 2022-05-16 17:15:00 Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. 详情
3a16e56a1ce9665ca808fade3f032fc3 CVE-2022-25169 2022-05-16 17:15:00 The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. 详情
0452db2a9512e53e649be373445e51a8 CVE-2021-23267 2022-05-16 17:15:00 Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods. 详情
fd1a95c7476462a66e8feaaeb2adc7c4 CVE-2021-23266 2022-05-16 17:15:00 An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator. 详情
7e263655a39870dd3cc44c50af70a130 CVE-2021-23265 2022-05-16 17:15:00 A logged-in and authenticated user with a Reviewer Role may lock a content item. 详情
1e432f4f0a57858cdab9f033ee7f88af CVE-2021-33318 2022-05-16 16:15:00 An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets. 详情
611c22e5343c53c3174f4e3c01367b04 CVE-2022-30523 2022-05-16 15:15:00 Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. 详情
a929aee2a5455d9128a1870df7e814a7 CVE-2022-1728 2022-05-16 15:15:00 Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. 详情

国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL
8686fda9b2b49e4e1666b54e2248f935 CNVD-2021-74882 2021-11-14 16:43:52 四创科技有限公司建站系统存在SQL注入漏洞 详情
8f6972d84ad188b05ff9cc14d4334949 CNVD-2021-87021 (CVE-2020-4690) 2021-11-12 12:43:14 IBM Security Guardium硬编码凭证漏洞 详情
3bfe7b053a0c59d8a3d38c18f86aa143 CNVD-2021-87022 (CVE-2021-38870) 2021-11-12 12:43:12 IBM Aspera跨站脚本漏洞 详情
a4649bb17f4db4d1c7f879ebceb46ed0 CNVD-2021-87011 (CVE-2021-29753) 2021-11-12 12:43:11 IBM Business Automation Workflow存在未明漏洞 详情
094c613f9ed4b8b9d887dc912789043c CNVD-2021-87025 (CVE-2021-20563) 2021-11-12 12:43:10 IBM Sterling File Gateway信息泄露漏洞 详情
41c47f01a4c65dcb6efc9ebf483fe762 CNVD-2021-87010 (CVE-2021-38887) 2021-11-12 12:43:08 IBM InfoSphere Information Server信息泄露漏洞 详情
f51d33e7a09fd61ca90ede453515a830 CNVD-2021-87016 (CVE-2021-29764) 2021-11-12 12:43:07 IBM Sterling B2B Integrator跨站脚本漏洞 详情
33615a5f78df822e82e6d3436045c48c CNVD-2021-87026 (CVE-2021-38877) 2021-11-12 12:43:06 IBM Jazz for Service Management跨站脚本漏洞 详情
8e729177bcb4105dd831fb1e123ed1bb CNVD-2021-87014 (CVE-2021-29679) 2021-11-12 12:43:04 IBM Cognos Analytics远程代码执行漏洞 详情
1a3b856f78e9fbdca12aeddc7d665aca CNVD-2021-87029 (CVE-2021-29752) 2021-11-12 12:43:03 IBM Db2信息泄露漏洞 详情
6f1aa3a0cb819d97519baa47fd0232d5 CNVD-2021-87015 (CVE-2021-29745) 2021-11-12 12:43:02 IBM Cognos Analytics权限提升漏洞 详情
cbcb12f5f51d6e7d6d8a9fa581aa863a CNVD-2021-73908 2021-11-11 16:42:44 泛微e-cology存在SQL注入漏洞 详情
ae6fd467da55de31aa7219187cf5c2d4 CNVD-2021-86904 (CVE-2021-20351) 2021-11-11 08:31:46 IBM Engineering跨站脚本漏洞 详情
412a15b40959ed9cf9330ee79f99e079 CNVD-2021-86903 (CVE-2021-31173) 2021-11-11 08:31:44 Microsoft SharePoint Server信息泄露漏洞 详情
1cbc5d5faac431d3e82c9e5ea9588b5f CNVD-2021-86902 (CVE-2021-31172) 2021-11-11 08:31:43 Microsoft SharePoint欺骗漏洞 详情
686c7cfb20933b41c3d679cbba79a2ad CNVD-2021-86901 (CVE-2021-31181) 2021-11-11 08:31:42 Microsoft SharePoint远程代码执行漏洞 详情
72fdfb2d44c0d41d638e4632bdfc10b8 CNVD-2021-86900 (CVE-2021-3561) 2021-11-11 08:31:41 fig2dev缓冲区溢出漏洞 详情
3ba6f0e9394f9414e2cadb9495e2d5f5 CNVD-2021-85884 (CVE-2021-41210) 2021-11-10 07:24:57 Google TensorFlow堆分配数组越界读取漏洞 详情
4d8c4744ea972fb2fcb9673fea1fc7b7 CNVD-2021-85883 (CVE-2021-41226) 2021-11-10 07:24:56 Google TensorFlow堆越界访问漏洞 详情
8778f9cd924cae585ca5e2e0b8be3b3f CNVD-2021-85882 (CVE-2021-41224) 2021-11-10 07:24:54 Google TensorFlow堆越界访问漏洞 详情
e1b2722e6d5c509c680b584416d9cb20 CNVD-2021-85881 (CVE-2021-42770) 2021-11-10 07:24:53 OPNsense跨站脚本漏洞 详情
ed09c9fa5586e2d4d9b4e95fe3b447a0 CNVD-2021-85880 (CVE-2021-28024) 2021-11-10 07:24:52 ServiceTonic访问控制不当漏洞 详情
8a642f0922f7f915e81b2b947276a96c CNVD-2021-85879 (CVE-2021-28023) 2021-11-10 07:24:50 ServiceTonic任意文件上传漏洞 详情
c00b061c2cfdee4016a869a188135db5 CNVD-2021-85878 (CVE-2021-28022) 2021-11-10 07:24:49 ServiceTonic SQL注入漏洞 详情
9c4b20a28ad2bd4ab916448f0e1272bd CNVD-2021-85877 (CVE-2021-32483) 2021-11-10 07:24:48 Cloudera Manager不正确访问控制漏洞 详情
4d4423857b7b1f38e49738f00e8949ba CNVD-2021-85876 (CVE-2021-32481) 2021-11-10 07:24:46 Cloudera Hue跨站脚本漏洞 详情
6b12b7fc216d603e8e07351603851c86 CNVD-2021-85875 (CVE-2021-29994) 2021-11-10 07:24:45 Cloudera Hue跨站脚本漏洞 详情
72894fb3a3538de240d2f6810aae63c9 CNVD-2021-85892 (CVE-2021-42701) 2021-11-10 02:38:27 DAQFactory中间人攻击漏洞 详情
94a1f99a64ba24540cc1594d0a0b3152 CNVD-2021-85893 (CVE-2021-42699) 2021-11-10 02:38:26 DAQFactory明文传输漏洞 详情
5d9bac33be8f2f88391f6de02fb89c73 CNVD-2021-85894 (CVE-2021-42698) 2021-11-10 02:38:24 DAQFactory反序列化漏洞 详情

国家信息安全漏洞库(CNNVD) [TOP 30] CVES TIME TITLE URL
e9031064656557f94b39821ee85bc8b2 CNNVD-202205-3358 (CVE-2022-30708) 2022-05-15 13:00:25 Webmin 安全漏洞 详情
9a9598eac1240e93b2b09b3cfb7eb6ab CNNVD-202205-3359 (CVE-2021-41965) 2022-05-15 13:00:23 ChurchCRM 安全漏洞 详情
7f3d9e4c2ec8cfd1f32ef5846002e1d5 CNNVD-202205-3360 (CVE-2022-30049) 2022-05-15 13:00:20 Rebuild 安全漏洞 详情
0da93c6706d4a3244b6d95a2f229da74 CNNVD-202205-3361 (CVE-2022-28930) 2022-05-15 13:00:18 ERP-Pro 安全漏洞 详情
791077dbbb0ca7d057561dc20a9d7276 CNNVD-202205-3362 (CVE-2022-28937) 2022-05-15 13:00:16 FISCO-BCOS 安全漏洞 详情
873cae1028bbba88080e1c747ec97573 CNNVD-202205-3363 (CVE-2022-28936) 2022-05-15 13:00:14 FISCO-BCOS 安全漏洞 详情
7c8f057f218e4e7de07d2c887137216a CNNVD-202205-3364 (CVE-2022-28929) 2022-05-15 13:00:12 Hospital Management System 安全漏洞 详情
3185a96c40f9185642811901d6807658 CNNVD-202205-3355 (CVE-2022-24831) 2022-05-14 13:00:32 OpenClinica 安全漏洞 详情
fe819ab7ca5323c528ac83e5c22cf28f CNNVD-202205-3356 (CVE-2022-24830) 2022-05-14 13:00:29 OpenClinica 安全漏洞 详情
194f8ed3432368f2a0825f6c26022d43 CNNVD-202205-3357 (CVE-2022-1379) 2022-05-14 13:00:27 PlantUML 安全漏洞 详情
bf815624010308ad0445c8327f92a7f0 CNNVD-202205-3199 (CVE-2022-27134) 2022-05-12 13:05:55 batdappboomx 安全漏洞 详情
42daa32f68c425409d38600998755ec6 CNNVD-202205-3200 (CVE-2021-27768) 2022-05-12 13:05:53 HCL Technologies HCL Verse 安全漏洞 详情
401b8775759c48ff87c8ec9acc7e2a94 CNNVD-202205-3201 (CVE-2021-27769) 2022-05-12 13:05:50 HCL Technologies HCL Sametime 安全漏洞 详情
dc6d78ca155c6ab7cc601bc446c69f57 CNNVD-202205-3202 (CVE-2021-27770) 2022-05-12 13:05:48 HCL Technologies HCL Sametime 安全漏洞 详情
bbd6cfd6fa511f280010e5c4cf2f2484 CNNVD-202205-3203 (CVE-2022-22393) 2022-05-12 13:05:46 IBM WebSphere Application Server Liberty 安全漏洞 详情
80d98d539046c0d8d9a57d3f9398c7ab CNNVD-202205-3204 (CVE-2021-27771) 2022-05-12 13:05:44 HCL Technologies HCL Sametime 安全漏洞 详情
483076778ae0be58f7f33f595c5b30ed CNNVD-202205-3205 (CVE-2021-27773) 2022-05-12 13:05:41 HCL Technologies HCL Sametime 安全漏洞 详情
39d0b964e3b572e7605d46f90f8659e0 CNNVD-202205-3206 (CVE-2021-27777) 2022-05-12 13:05:39 HCL Technologies HCL Unica Platform 安全漏洞 详情
057ba693d98356ac31a105ff1f57a9fe CNNVD-202205-3207 (CVE-2021-27772) 2022-05-12 13:05:37 HCL Technologies HCL Sametime 授权问题漏洞 详情
971b93fc45999699118042c2d69c0868 CNNVD-202205-3208 (CVE-2022-30138) 2022-05-12 13:05:35 Microsoft Windows Print Spooler Components 缓冲区错误漏洞 详情
dde96d2d257309f9612d440e12e5f743 CNNVD-202205-3042 (CVE-2022-21136) 2022-05-12 13:00:23 Intel Xeon Processors 安全漏洞 详情
2f6c33a0b9f9d17e2c6101f79487cbe4 CNNVD-202205-3043 (CVE-2021-33135) 2022-05-12 13:00:21 Intel Software Guard Extensions(SGX) 安全漏洞 详情
828c04d94edcf2404babe7d3f8ae5949 CNNVD-202205-3044 (CVE-2022-22139) 2022-05-12 13:00:19 Intel Extreme Tuning Utility 安全漏洞 详情
c79d6574d076e6be1badfa0748893b85 CNNVD-202205-3045 (CVE-2021-33117) 2022-05-12 13:00:17 Intel 3rd Generation Xeon Scalable Processors 安全漏洞 详情
7b773f24b285bf05c9a05964f27b683d CNNVD-202205-3046 (CVE-2022-21128) 2022-05-12 13:00:15 Intel Advisor software 安全漏洞 详情
f275ca480e8d715da2707db6795c0768 CNNVD-202205-3047 (CVE-2022-21237) 2022-05-12 13:00:12 Intel NUC 安全漏洞 详情
bb42d1e3a5fd6d5de95e5aa01d1111a1 CNNVD-202205-3048 (CVE-2022-24297) 2022-05-12 13:00:10 Intel NUC 安全漏洞 详情
746c5ea0cc6481f31062bfd784b958e7 CNNVD-202205-3049 (CVE-2022-24382) 2022-05-12 13:00:08 Intel NUC 安全漏洞 详情
db6edc60d0c01815321c11cea2d571b2 CNNVD-202205-3050 (CVE-2021-26258) 2022-05-12 13:00:06 Intel Killer Control Center 安全漏洞 详情
fd8faf922bee793861e362bbf186a317 CNNVD-202205-3051 (CVE-2021-33130) 2022-05-12 13:00:04 Intel RealSense ID Solution F450 安全漏洞 详情

奇安信 [TOP 30] CVES TIME TITLE URL
6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情

安全客 [TOP 30] CVES TIME TITLE URL
03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情

斗象 [TOP 30] CVES TIME TITLE URL
945fd6e612634d9721f861833f1ecb75 CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 2022-05-11 03:45:48 微软2022年5月补丁日漏洞通告 详情
e2938ff82d0cc152508e0240697def4c CVE-2022-1388 2022-05-06 05:53:04 F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) 详情
bcf7253d2ee580c618737de137d370c4 CVE-2022-29464 2022-04-22 02:21:17 WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) 详情
07c09799b08afb04c63a9de750b70aca CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 2022-04-13 07:51:00 微软2022年4月补丁日漏洞通告 详情
f5b543501ed5679d423411edac502e24 CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 2022-04-08 03:49:31 VMware 产品多个高危漏洞通告 详情
f421bcdb306e2bc1ffbf58fcb024a0dd 2022-03-29 17:11:30 Spring 框架远程代码执行漏洞 详情
0473358d95e58c7c3f2e7db0109f56f4 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
a888c948ca1172f8a06a3879479f1de4 CVE-2022-22965 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
71ed541bb737196268b75c7ba435e1a9 2022-03-28 04:57:30 Spring Cloud Function SpEL表达式注入漏洞 详情
f7a5dcd376be777c6593a29b8ebd411a CVE-2022-0778 2022-03-18 07:09:22 OpenSSL拒绝服务漏洞(CVE-2022-0778) 详情
6c4124fed44906a79843cd2dd383c695 CVE-2022-0847 2022-03-15 03:32:03 Linux Kernel本地提权漏洞(CVE-2022-0847) 详情
a2795e4829bff16f108cf191eba663c3 CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 2022-03-11 02:14:56 微软2022年3月补丁日漏洞通告 详情
d09f0641bf65c64a16d802cd78e14097 CVE-2022-0847 2022-03-08 08:23:08 Linux 内核本地提权漏洞(CVE-2022-0847) 详情
69052e2a8c09416f5df674f92cba25a6 CVE-2022-22947 2022-03-02 11:42:55 Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) 详情
5f42b6f584a9ace426787dc8dfd6e6e5 2022-02-16 10:44:18 向日葵远程命令执行漏洞(CNVD-2022-10270) 详情
79556071f6236ab4674f75b3beee4d79 CVE-2022-24112 2022-02-11 06:13:35 Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) 详情
485f2c57713f4a39830e8c2d01e43cfe CVE-2021-4034 2022-01-26 06:19:16 Linux Polkit 权限提升漏洞(CVE-2021-4034) 详情
0aa6eab412c0318b74c6a470ee774df1 CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 2022-01-12 03:44:50 微软2022年1月补丁日漏洞通告 详情
88a8c676b52a739c0335d7c21ca810a9 2022-01-06 08:19:17 MeterSphere 远程代码执行漏洞 详情
9cd742f4839806e40f42c6e7ea492590 2021-12-28 10:31:16 APISIX Dashboard 未授权访问漏洞风险通告(CVE-2021-45232) 详情
76cad61d2d5a8750a6a714ab2c6dbc97 CVE-2021-45232 2021-12-28 10:31:16 Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) 详情
af4f5f63390eb00de8705b5029d8c376 CVE-2021-44228, CVE-2021-45046 2021-12-14 01:56:52 Apache Log4j 远程代码执行漏洞 详情
43456ae172e45c12087c40c03d925e0e CVE-2021-44228 2021-12-11 03:21:34 Apache Log4j 远程代码执行漏洞 详情
392b133d98d6f61aee36ce6c8784f4df 2021-12-09 15:20:54 Apache Log4j 远程代码执行漏洞 详情
1e193280a8f45427c06cb4945be4f126 2021-12-07 06:48:55 Grafana 任意文件读取漏洞 详情
1911c90c4cf886d9867ff81b4756eb3f 2021-12-02 06:37:58 VMware vCenter 服务端请求伪造漏洞 详情
45a46bc77eb26e67020f43cf08f1fcc6 CVE-2021-21980, CVE-2021-22049 2021-11-26 03:52:06 VMware vCenter Server多个高危漏洞通告 详情
c1d2650c12cb12d9ee21f53d0f087be8 CVE-2021-42321, CVE-2021-42292, CVE-2021-38666 2021-11-10 12:03:45 微软2021年11月补丁日漏洞通告 详情
6b34ab872bd97043b7699554194da23f CVE-2021-22205 2021-11-02 03:38:34 GitLab CE/EE远程代码执行漏洞(CVE-2021-22205) 详情
a418a10f7f4a1694a2293e895b24de6a CVE-2021-35617, CVE-2021-35620 2021-10-20 03:07:34 Oracle WebLogic 多个高危漏洞通告 详情

红后 [TOP 30] CVES TIME TITLE URL
0ca9df374bdd9d708980985e6cccf1f4 CVE-2022-28163 2022-05-16 20:24:23 Broadcom Brocade SANnav SQL注入漏洞 详情
4b24083c1187822dae0067680238de39 CVE-2022-23205 2022-05-16 20:24:19 Adobe Photoshop 缓冲区错误漏洞 详情
2da2e34790b5303aa37a499a3e9471dc CVE-2022-24105 2022-05-16 20:24:14 Adobe Photoshop 缓冲区错误漏洞 详情
35eb54bf3f46c47f650fbd88890921e4 CVE-2022-28270 2022-05-16 20:24:10 Adobe Photoshop 缓冲区错误漏洞 详情
406a2f76e9aaa883568c2ca1c575d83c CVE-2022-27183 2022-05-16 20:24:05 Splunk Enterprise 安全漏洞 详情
628f7b7550308ce9ec2f3bcd5720bfda CVE-2022-28274 2022-05-16 20:24:01 Adobe Photoshop 缓冲区错误漏洞 详情
2385f765f86d39a2768ef367996b2ccf CVE-2022-24099 2022-05-16 20:23:56 Adobe Photoshop 缓冲区错误漏洞 详情
926e11a8f72c86bbee4b44a402d29098 CVE-2022-28277 2022-05-16 20:23:52 Adobe Photoshop 缓冲区错误漏洞 详情
0aa0a1052f9f1989e3d323f63e06f123 CVE-2022-27784 2022-05-16 20:23:47 Adobe After Effects 安全漏洞 详情
58f240709a5301b53e923781184b23dd CVE-2022-29340 2022-05-16 20:23:43 GPAC 安全漏洞 详情
fd2998b692effee6aea2d9dc1eddafa6 CVE-2022-29940 2022-05-15 20:30:32 LibreHealth EHR 跨站脚本漏洞 详情
5a8c41803c501f42689bc42acbd48d26 CVE-2022-27634 2022-05-15 20:30:27 F5 BIG-IP APM 输入验证错误漏洞 详情
c46ecd9195b5fff4bcba016c3652f415 CVE-2022-28695 2022-05-15 20:30:23 F5 BIG-IP AFM 代码问题漏洞 详情
5f636af20df90aaa375dfb70a747f5ee CVE-2022-28706 2022-05-15 20:30:18 F5 BIG-IP 代码问题漏洞 详情
157af27a988948dbf0ffa787b604f1bc CVE-2022-29263 2022-05-15 20:30:13 F5 BIG-IP APM 安全漏洞 详情
22efe9bdf901924fa3879095083a2fd2 CVE-2022-29479 2022-05-15 20:30:08 F5 BIG-IP 输入验证错误漏洞 详情
26276f4f3b8542abd2097a7b81073b59 CVE-2022-29938 2022-05-15 20:30:03 LibreHealth EHR SQL注入漏洞 详情
6182aef4a0eade163816e613fcdb7d3f CVE-2022-29500 2022-05-15 20:30:03 SchedMD Slurm 访问控制错误漏洞 详情
0773493868387e3e3d05dfde4f14e036 CVE-2022-28508 2022-05-15 20:29:52 MantisBT 跨站脚本漏洞 详情
8397f5a3245c9d88b8a9e7d3a5737675 CVE-2022-20734 2022-05-14 20:19:45 Cisco SD-WAN vManage Software 信息泄露漏洞 详情
11531f19ffa6d912e8aca1cb448955ce CVE-2022-20777 2022-05-14 20:19:41 Cisco Enterprise NFV Infrastructure Software 权限许可和访问控制问题漏洞 详情
07c4516fadb7df967132e74d45500a1e CVE-2022-20794 2022-05-14 20:19:36 Cisco RoomOS Software和Cisco TelePresence Collaboration Endpoint Software 输入验证错误漏洞 详情
5678b482095fe2c817c8f70ce6621ce8 CVE-2022-1584 2022-05-14 20:19:32 Microweber 跨站脚本漏洞 详情
11c0b54c54cc825a6fa663d01a712e4e CVE-2022-20753 2022-05-14 20:19:28 Cisco Small Business RV Series Routers 缓冲区错误漏洞 详情
44d436a0fc5b246091bdcde9a0a95bac CVE-2022-20779 2022-05-14 20:19:19 Cisco Enterprise NFV Infrastructure Software 输入验证错误漏洞 详情
adbf9a0046f4e9b3929a5c1e786951e5 CVE-2022-0882 2022-05-14 20:19:15 Fuchsia kernel 信息泄露漏洞 详情
ad34ba4bb1a8c8d105419e1d9ee21591 CVE-2022-20799 2022-05-14 20:19:11 Cisco Small Business RV Series Routers 命令注入漏洞 详情
8b618051ed64fbcd178e736b0a41e0ec CVE-2021-41959 2022-05-13 20:11:59 JerryScript Git 安全漏洞 详情
15f2aaa220d9a5fb008fcbb44f0e617d CVE-2021-22573 2022-05-13 20:11:55 Google google-oauth-java-client 数据伪造问题漏洞 详情
27a967b55ae00f205af9f27f3f97e4ef CVE-2022-28589 2022-05-13 20:11:46 Pixelimity 跨站脚本漏洞 详情

绿盟 [TOP 30] CVES TIME TITLE URL
1bb144b106695a199028c515870431e7 CVE-2021-39987 2022-05-13 09:31:33 Huawei HarmonyOS数据处理错误漏洞 详情
854b330aba7d9897b2dab78755cfdeba CVE-2021-39980 2022-05-13 09:31:33 Huawei HarmonyOS信息泄露漏洞 详情
be2ae238304f09b07497169d12fe7475 CVE-2021-39973 2022-05-13 09:31:33 Huawei HarmonyOS空指针解引用漏洞 详情
aefb064eeac2a02a08988eafbc31d792 CVE-2021-39967 2022-05-13 09:31:33 Huawei HarmonyOS默认权限错误漏洞 详情
e6e00bef61bce9242260f392664ba64b CVE-2021-37128 2022-05-13 09:31:33 Huawei HarmonyOS路径遍历漏洞 详情
8cdbd17b507e0a77f3f3fc4e9afcbdeb CVE-2021-37118 2022-05-13 09:31:33 Huawei HarmonyOS异常情况处理错误漏洞 详情
92912ac05802f49ccdf3fff980365a9d CVE-2021-37111 2022-05-13 09:31:33 Huawei HarmonyOS内存泄露漏洞 详情
0703f77fd4a82b9ad805a168406a871f CVE-2021-44392 2022-05-13 09:31:33 Reolink Rlc-410W拒绝服务漏洞 详情
96386c6febdb600762cae7f53f8388e2 CVE-2021-44386 2022-05-13 09:31:33 Reolink Rlc-410W拒绝服务漏洞 详情
15173c65674f64262b5a1f2d9dd74dd0 CVE-2021-44380 2022-05-13 09:31:33 Reolink Rlc-410W拒绝服务漏洞 详情
c0bbd763abbe27a0b9bb3a78d85b770f CVE-2021-44373 2022-05-13 09:31:33 Reolink Rlc-410W拒绝服务漏洞 详情
7f77e6078b30b6f001de39445caf8943 CVE-2021-44367 2022-05-13 09:31:33 Reolink Rlc-410W拒绝服务漏洞 详情
1c257b653484dd698a535a4b264e1a9b CVE-2021-44360 2022-05-13 09:31:33 Reolink Rlc-410W拒绝服务漏洞 详情
8a9c56d69af1130f353d1d2e22c22fdd CVE-2021-22825 2022-05-13 09:31:33 Schneider Electric Rack PDU信息泄露漏洞 详情
5d988a931e3edf019ab4a04228a664d6 CVE-2021-22816 2022-05-13 09:31:33 Schneider Electric SCADAPack异常情况处理错误漏洞 详情
a3dd3abff7532117fb122a7884169302 CVE-2022-30138 2022-05-13 04:17:22 Microsoft Windows Print Spooler权限提升漏洞 详情
c36e78932701f499a52d9702d148f385 CVE-2022-29972 2022-05-11 03:59:05 Magnitude Simba Amazon Redshift ODBC Driver参数注入漏洞 详情
adbb2196ad1d2577d2d917c5830fcf1a CVE-2022-29109 2022-05-11 03:59:05 Microsoft Excel远程代码执行漏洞 详情
e17eb75b554dd90a92fa049f8b6d4c42 CVE-2022-26936 2022-05-11 03:59:05 Microsoft Windows Server Service信息泄露漏洞 详情
88b89004a72dd35bdc7a080102b0e853 CVE-2022-22019 2022-05-11 03:59:05 Microsoft Remote Procedure Call Runtime远程代码执行漏洞 详情
7cece90c6a3ddaf25d3759fe36bf8148 CVE-2022-26939 2022-05-11 03:59:05 Microsoft Storage Spaces Direct权限提升漏洞 详情
43ccd1a640a08a80cdb8a3cec298ca00 CVE-2022-26932 2022-05-11 03:59:05 Microsoft Storage Spaces Direct权限提升漏洞 详情
33f37cef79e40dd9f921cb6fff1757e0 CVE-2022-22016 2022-05-11 03:59:05 Microsoft Windows PlayToManager权限提升漏洞 详情
fcb4418a7018f7f38c93926b70007a43 CVE-2022-29113 2022-05-11 03:59:05 Microsoft Windows Digital Media Receiver权限提升漏洞 详情
dfe2b19f1e04fa675534f0ff9eeb11cb CVE-2022-29105 2022-05-11 03:59:05 Microsoft Windows Media Foundation远程代码执行漏洞 详情
fca2475eed7b78d0c21abb7a48604378 CVE-2022-26937 2022-05-11 03:59:05 Microsoft Windows Network File System远程代码执行漏洞 详情
b802ce4fb870ebc7dc55786adb90f452 CVE-2022-26933 2022-05-11 03:59:05 Microsoft Windows NTFS信息泄露漏洞 详情
f008f24f6dadb3bc5983a1931b061719 CVE-2022-23270 2022-05-11 03:59:05 Microsoft Point-to-Point Tunneling Protocol远程代码执行漏洞 详情
e2e57e1a0d4cde5d3f396660b79c801f CVE-2022-21972 2022-05-11 03:59:05 Microsoft Point-to-Point Tunneling Protocol远程代码执行漏洞 详情
5c69148f826ae3c59aeef197dd886b59 CVE-2022-29110 2022-05-11 03:59:05 Microsoft Excel远程代码执行漏洞 详情

美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL
2ed4ce7e5687cfdc1324ae7d65876a51 CVE-2022-20011 2022-05-10 20:15:09 In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128 详情
24c65cc8b5e43bf755ad1090d1836a3b CVE-2022-20010 2022-05-10 20:15:09 In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213519176 详情
b66af2a1565ecc13d5d44d81c17039fb CVE-2022-1537 2022-05-10 14:15:08 file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. 详情
103768027988800851fb2e9cb336c8b4 CVE-2021-36912 2022-05-06 17:15:08 Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. 详情
15d8f798edfaf84db456fda4c985a523 CVE-2021-44056 2022-05-05 17:15:10 An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later 详情
efdbc7b3085f83cfd20621db6d7fe529 CVE-2021-44055 2022-05-05 17:15:10 An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later 详情
6288afea6b033958afd178a75542291b CVE-2021-44054 2022-05-05 17:15:10 An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later 详情
d410ac096a6eeb9a3b8ac611daf84c6f CVE-2021-44053 2022-05-05 17:15:10 A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later 详情
040c7b55aae96032f5f45fe2bc7d59f2 CVE-2021-44052 2022-05-05 17:15:10 An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later 详情
7120c9abac173150a34a97c9be2066da CVE-2021-44051 2022-05-05 17:15:10 A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later 详情
aaa9f63dcaeb0cf76845d5598e898c24 CVE-2021-43547 2022-05-05 17:15:10 TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. 详情
b59b482d88cdcf23cdc1dfa1bb7f9e67 CVE-2022-1516 2022-05-05 15:15:07 A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. 详情
c95977f90645fc309f1e32e5d34b08e9 CVE-2021-42242 2022-05-05 13:15:07 A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. 详情
ab23f24403326a0b3b79e83dde3f69b5 CVE-2022-1575 2022-05-05 12:15:07 Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app. 详情
103e0eabd332fa8cbbf6c62515a4728f CVE-2022-1592 2022-05-05 11:15:08 Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss... 详情
ef8e6e93b43043d98dd8ae4e015d29fa CVE-2022-1584 2022-05-04 18:15:08 Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim 详情
28fa53c148f3ea4dc4295e060260474f CVE-2022-20796 2022-05-04 17:15:08 On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. 详情
1262054da101d581651af79ad1aa70f8 CVE-2022-20794 2022-05-04 17:15:08 Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. 详情
9bec2be1116379c705612f4ed1549489 CVE-2022-20785 2022-05-04 17:15:08 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. 详情
d7e3302f65fe961c0b329a6d7dddd86e CVE-2022-20780 2022-05-04 17:15:08 Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. 详情
fef950b3e83c8854de49004741aa45f1 CVE-2022-20779 2022-05-04 17:15:08 Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. 详情
203f7afd60231c95e8ebf4bc7ccbea93 CVE-2022-20777 2022-05-04 17:15:08 Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. 详情
88ea98c1deee7137c9cf765ce69368fa CVE-2022-20771 2022-05-04 17:15:08 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. 详情
b87828be6d4f02edc81c210c31f5788b CVE-2022-20770 2022-05-04 17:15:08 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. 详情
8ba52264ec01e255af9caa62ab2e9076 CVE-2022-20764 2022-05-04 17:15:08 Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. 详情
a7961abe34124b6fbfc71a8506936a81 CVE-2022-20753 2022-05-04 17:15:08 A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. 详情
e2b4961adda92421a3f257cac85bf04f CVE-2022-20734 2022-05-04 17:15:08 A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. 详情
e54c1e96a36bd90e9c30852f0c969dc5 CVE-2021-42235 2022-05-04 17:15:08 SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. 详情
2f8aefb94705ec21b8b126b6865df472 CVE-2021-43206 2022-05-04 16:15:08 A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. 详情
3d13c2ede75621bde7c79e8e51108227 CVE-2022-25783 2022-05-04 14:15:08 Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7. 详情