返回博客 | 威胁情报播报


360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL
4ad53fb76838f4a82d7e011825d5934b CVE-2023-29059 2023-03-31 07:37:06 CVE-2023-29059:3CXDesktop App 代码执行漏洞通告 详情
c8989d2e807ceb53d24ad02bd54fbe60 CVE-2023-22809 2023-03-30 08:49:36 CVE-2023-22809:Sudo权限提升漏洞通告 详情
55fd37b2456c87556f03a593901b743a 2023-03-27 08:47:34 安全事件周报 2023-03-20 第12周 详情
c571983fae71cfe11b5bb86c67159080 CVE-2023-28432 2023-03-23 09:46:17 MinIO信息泄露漏洞通告 详情
96f44e31e7ad34d978d34d8fa828b8a5 CVE-2023-20860 2023-03-22 09:19:30 CVE-2023-20860:Spring Framework身份验证绕过漏洞通告 详情
464f9bbd749d9b7e63993ae0384582d1 2023-03-20 07:23:23 安全事件周报 2023-03-13 第11周 详情
f3125d3ed890f0d54c88b1ded2feee81 CVE-2023-23397 2023-03-17 02:06:29 Microsoft Outlook权限提升漏洞通告 详情
2401d255767cdbab18ab0add4cda39f8 2023-03-15 08:13:10 2023-03 补丁日: 微软多个漏洞安全更新通告 详情
ae733c9e19d8a91d1e36ae4ef7dbcdde CVE-2023-23638 2023-03-14 07:05:15 CVE-2023-23638:Apache Dubbo反序列化漏洞通告 详情
f5c4a287130244d1e00dc124d7d36c78 2023-03-13 07:48:11 安全事件周报 2023-03-06 第10周 详情
0ff6a0a7187480b2f5160f7e877b6e7b CVE-2023-21768 2023-03-10 08:45:13 CVE-2023-21768:Windows Ancillary Function 本地权限提升漏洞通告 详情
02017e32ba80b6610ea0ebe823a8307c CVE-2023-25610 2023-03-10 08:41:35 CVE-2023-25610:FortiOS / FortiProxy 远程代码执行漏洞通告 详情
5b0b816d287d6b909f202e0ae78dd4f2 CVE-2023-21768 2023-03-10 08:04:10 CVE-2023-21768:Windows Ancillary Function Driver for WinSock 权限提升漏洞通告 详情
3f300836f1101aac33c8a0d2e3a13b15 CVE-2023-27898 2023-03-09 08:30:01 CVE-2023-27898/27905:Jenkins跨站脚本漏洞通告 详情
e789b5055a4a30fd3f2f81447efc91c0 CVE-2023-21716 2023-03-07 09:38:55 Microsoft Word 远程代码执行漏洞通告 详情
62f500b7a9dc87c0935c4a1ac8f0c990 2023-03-06 09:25:36 Smartbi远程命令执行漏洞通告 详情
45330254ad5d2642f0fa82225aefaefb 2023-03-06 08:02:09 安全事件周报 2023-02-27 第9周 详情
8111f2d99a389337e2d5c308e941c8e5 2023-03-06 07:23:41 安全事件周报 2023-02-27 第9周 详情
98a5b68d96d5541e9781ff32ec966a13 CVE-2023-0050 2023-03-03 07:22:27 CVE-2023-0050:GitLab跨站脚本漏洞通告 详情
0b4545f346ae941fb86499887e937bfa 2023-02-27 06:56:34 安全事件周报 (02.20-02.26) 详情
24580b4fb69a1db8407211e2cb3464c9 2023-02-24 08:21:55 泛微e-cology9 SQL注入漏洞通告 详情
4d1dee02cae7d8cde565f47645ac229b CVE-2023-20858 2023-02-23 07:15:41 CVE-2023-20858:VMware Carbon Black App Control 远程代码执行漏洞通告 详情
bd7e6380055dd5778eb26c10474562a1 CVE-2023-23752 2023-02-21 08:50:11 CVE-2023-23752:Joomla未授权访问漏洞通告 详情
5209a8ffed474d179b8a882d62ec3a80 CVE-2023-24998 2023-02-21 08:02:29 CVE-2023-24998:Apache Commons FileUpload拒绝服务漏洞通告 详情
e4126033e6653e8f5d84595554a2ba3a CVE-2023-23752 2023-02-21 07:01:19 CVE-2023-23752:Joomla未授权访问漏洞通告 详情
90fffab9d66d505311596a71af6abbb9 2023-02-20 09:55:02 安全事件周报 (02.13-02.19) 详情
920484737cd9fc0121ce5697641c88f8 CVE-2021-42756 2023-02-20 08:20:26 CVE-2021-42756/CVE-2022-39952:Fortinet 多个漏洞通告 详情
ab482fa4d4be6a2f06a3f918ef245b7f CVE-2023-25725 2023-02-17 07:03:52 HAProxy请求走私漏洞通告 详情
e38bcb9d859fdc4496254a7425d4d8bc 2023-02-15 07:13:41 2023-02 补丁日: 微软多个漏洞安全更新通告 详情
0df664a9520ae1e14777320ae303a2ed CVE-2023-23529 2023-02-14 07:40:35 CVE-2023-23529:Apple WebKit任意代码执行漏洞通告 详情

Tenable (Nessus) [TOP 30] CVES TIME TITLE URL
e18c2e6fdbc4a6f2354ee59d5ee4e0c2 CVE-2023-1790 2023-04-01 09:15:00 A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724. 详情
a04f0c0d03e5f912e255e917ac4ad671 CVE-2023-0198 2023-04-01 05:15:00 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. 详情
c20b093044388e29befe56e7b3e65e45 CVE-2023-0197 2023-04-01 05:15:00 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service. 详情
10c1aeac49005a25e29b86dd5e5cebeb CVE-2023-0195 2023-04-01 05:15:00 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver 详情
25db4d1614d395ddbd7abd34db9a2000 CVE-2023-0194 2023-04-01 05:15:00 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. 详情
9d242e7c68ac63a178fbddc5405b2260 CVE-2023-0192 2023-04-01 05:15:00 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. 详情
e40704393b9e3f4a56ae2bdb907bf9b2 CVE-2023-0191 2023-04-01 05:15:00 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. 详情
882db94653bf83eea4f7a9b8003dfb9d CVE-2023-0189 2023-04-01 05:15:00 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. 详情
6c0aa5a132d4d40e1048d8958df99da0 CVE-2023-0188 2023-04-01 05:15:00 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. 详情
087277e6f09bb93f912243e21f0a8e6f CVE-2023-0187 2023-04-01 05:15:00 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. 详情
d7a478df17d9e78334381495920e3b41 CVE-2023-0208 2023-04-01 04:15:00 NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. 详情
8b58b754340f593c3bcebe46e0a2585e CVE-2023-1789 2023-04-01 02:15:00 Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. 详情
f38d68c489ecff8e5584db7e6e332544 CVE-2023-28845 2023-03-31 23:15:00 Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability. 详情
95387da0e38ca45c05c337977fa45567 CVE-2023-28844 2023-03-31 23:15:00 Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. 详情
c2763574908bd16447adc0faa0bd702b CVE-2023-28645 2023-03-31 23:15:00 Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud. 详情
fac9e169445903cb79c8559de10e3c4f CVE-2023-26485 2023-03-31 23:15:00 cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. ### Impact A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. ### Proof of concept ``` $ ~/cmark-gfm$ python3 -c 'pad = "_" * 100000; print(pad + "." + pad, end="")' | time ./build/src/cmark-gfm --to plaintext ``` Increasing the number 10000 in the above commands causes the running time to increase quadratically. ### Patches This vulnerability have been patched in 0.29.0.gfm.10. ### Note on cmark and cmark-gfm XXX: TBD [cmark-gfm](https://github.com/github/cmark-gfm) is a fork of [cmark](https://github.com/commonmark/cmark) that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both `cmark` and `cmark-gfm`. ### Credit We would like to thank @gravypod for reporting this vulnerability. ### References https://en.wikipedia.org/wiki/Time_complexity ### For more information If you have any questions or comments about this advisory: * Open an issue in [github/cmark-gfm](https://github.com/github/cmark-gfm) 详情
9fb03b31e9366e64fbd4ce9a06365e10 CVE-2023-24824 2023-03-31 23:15:00 cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. 详情
0cda98f8f9df66f8b398780598224964 CVE-2022-47192 2023-03-31 22:15:00 Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password. 详情
8532304c93e5dd8f407d403bee101c68 CVE-2022-47191 2023-03-31 22:15:00 Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. 详情
78bceb72d5da92157d7995ea5d04431a CVE-2022-47190 2023-03-31 22:15:00 Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. 详情
9d5d4699821213cb62fd2e913847cc71 CVE-2022-47189 2023-03-31 22:15:00 Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. 详情
06b6b684419003d7b5042ec6f4d6abd7 CVE-2022-47188 2023-03-31 22:15:00 There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. 详情
e7ed87d114b5396b18720522254833d2 CVE-2023-27163 2023-03-31 20:15:00 request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. 详情
f5c87d0ed0030a4b4338cb6d18f62649 CVE-2023-27162 2023-03-31 20:15:00 openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. 详情
7ef0ade01ceee2907fe2c1d4ae02e018 CVE-2023-26858 2023-03-31 20:15:00 SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. 详情
592e3e63c33896cf802c78f31457f9d8 CVE-2023-1785 2023-03-31 20:15:00 A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700. 详情
91ffef8b036fd1b6e898778eb7bc7700 CVE-2023-1784 2023-03-31 20:15:00 A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699. 详情
88d08b21c6ea57532b32cdd1a286a229 CVE-2022-4899 2023-03-31 20:15:00 A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. 详情
848579f26907f7c43b9ee2987a527949 CVE-2023-29141 2023-03-31 19:15:00 An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. 详情
a4c39bdfe14d39a32d4219f861ddd5ab CVE-2023-29140 2023-03-31 19:15:00 An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted. 详情

国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL
8686fda9b2b49e4e1666b54e2248f935 CNVD-2021-74882 2021-11-14 16:43:52 四创科技有限公司建站系统存在SQL注入漏洞 详情
8f6972d84ad188b05ff9cc14d4334949 CNVD-2021-87021 (CVE-2020-4690) 2021-11-12 12:43:14 IBM Security Guardium硬编码凭证漏洞 详情
3bfe7b053a0c59d8a3d38c18f86aa143 CNVD-2021-87022 (CVE-2021-38870) 2021-11-12 12:43:12 IBM Aspera跨站脚本漏洞 详情
a4649bb17f4db4d1c7f879ebceb46ed0 CNVD-2021-87011 (CVE-2021-29753) 2021-11-12 12:43:11 IBM Business Automation Workflow存在未明漏洞 详情
094c613f9ed4b8b9d887dc912789043c CNVD-2021-87025 (CVE-2021-20563) 2021-11-12 12:43:10 IBM Sterling File Gateway信息泄露漏洞 详情
41c47f01a4c65dcb6efc9ebf483fe762 CNVD-2021-87010 (CVE-2021-38887) 2021-11-12 12:43:08 IBM InfoSphere Information Server信息泄露漏洞 详情
f51d33e7a09fd61ca90ede453515a830 CNVD-2021-87016 (CVE-2021-29764) 2021-11-12 12:43:07 IBM Sterling B2B Integrator跨站脚本漏洞 详情
33615a5f78df822e82e6d3436045c48c CNVD-2021-87026 (CVE-2021-38877) 2021-11-12 12:43:06 IBM Jazz for Service Management跨站脚本漏洞 详情
8e729177bcb4105dd831fb1e123ed1bb CNVD-2021-87014 (CVE-2021-29679) 2021-11-12 12:43:04 IBM Cognos Analytics远程代码执行漏洞 详情
1a3b856f78e9fbdca12aeddc7d665aca CNVD-2021-87029 (CVE-2021-29752) 2021-11-12 12:43:03 IBM Db2信息泄露漏洞 详情
6f1aa3a0cb819d97519baa47fd0232d5 CNVD-2021-87015 (CVE-2021-29745) 2021-11-12 12:43:02 IBM Cognos Analytics权限提升漏洞 详情
cbcb12f5f51d6e7d6d8a9fa581aa863a CNVD-2021-73908 2021-11-11 16:42:44 泛微e-cology存在SQL注入漏洞 详情
ae6fd467da55de31aa7219187cf5c2d4 CNVD-2021-86904 (CVE-2021-20351) 2021-11-11 08:31:46 IBM Engineering跨站脚本漏洞 详情
412a15b40959ed9cf9330ee79f99e079 CNVD-2021-86903 (CVE-2021-31173) 2021-11-11 08:31:44 Microsoft SharePoint Server信息泄露漏洞 详情
1cbc5d5faac431d3e82c9e5ea9588b5f CNVD-2021-86902 (CVE-2021-31172) 2021-11-11 08:31:43 Microsoft SharePoint欺骗漏洞 详情
686c7cfb20933b41c3d679cbba79a2ad CNVD-2021-86901 (CVE-2021-31181) 2021-11-11 08:31:42 Microsoft SharePoint远程代码执行漏洞 详情
72fdfb2d44c0d41d638e4632bdfc10b8 CNVD-2021-86900 (CVE-2021-3561) 2021-11-11 08:31:41 fig2dev缓冲区溢出漏洞 详情
3ba6f0e9394f9414e2cadb9495e2d5f5 CNVD-2021-85884 (CVE-2021-41210) 2021-11-10 07:24:57 Google TensorFlow堆分配数组越界读取漏洞 详情
4d8c4744ea972fb2fcb9673fea1fc7b7 CNVD-2021-85883 (CVE-2021-41226) 2021-11-10 07:24:56 Google TensorFlow堆越界访问漏洞 详情
8778f9cd924cae585ca5e2e0b8be3b3f CNVD-2021-85882 (CVE-2021-41224) 2021-11-10 07:24:54 Google TensorFlow堆越界访问漏洞 详情
e1b2722e6d5c509c680b584416d9cb20 CNVD-2021-85881 (CVE-2021-42770) 2021-11-10 07:24:53 OPNsense跨站脚本漏洞 详情
ed09c9fa5586e2d4d9b4e95fe3b447a0 CNVD-2021-85880 (CVE-2021-28024) 2021-11-10 07:24:52 ServiceTonic访问控制不当漏洞 详情
8a642f0922f7f915e81b2b947276a96c CNVD-2021-85879 (CVE-2021-28023) 2021-11-10 07:24:50 ServiceTonic任意文件上传漏洞 详情
c00b061c2cfdee4016a869a188135db5 CNVD-2021-85878 (CVE-2021-28022) 2021-11-10 07:24:49 ServiceTonic SQL注入漏洞 详情
9c4b20a28ad2bd4ab916448f0e1272bd CNVD-2021-85877 (CVE-2021-32483) 2021-11-10 07:24:48 Cloudera Manager不正确访问控制漏洞 详情
4d4423857b7b1f38e49738f00e8949ba CNVD-2021-85876 (CVE-2021-32481) 2021-11-10 07:24:46 Cloudera Hue跨站脚本漏洞 详情
6b12b7fc216d603e8e07351603851c86 CNVD-2021-85875 (CVE-2021-29994) 2021-11-10 07:24:45 Cloudera Hue跨站脚本漏洞 详情
72894fb3a3538de240d2f6810aae63c9 CNVD-2021-85892 (CVE-2021-42701) 2021-11-10 02:38:27 DAQFactory中间人攻击漏洞 详情
94a1f99a64ba24540cc1594d0a0b3152 CNVD-2021-85893 (CVE-2021-42699) 2021-11-10 02:38:26 DAQFactory明文传输漏洞 详情
5d9bac33be8f2f88391f6de02fb89c73 CNVD-2021-85894 (CVE-2021-42698) 2021-11-10 02:38:24 DAQFactory反序列化漏洞 详情

国家信息安全漏洞库(CNNVD) [TOP 30] CVES TIME TITLE URL
56358b73280e18ed2eaf62bf4b7fba5f CNNVD-202210-1696 (CVE-2021-44776) 2022-10-24 13:13:44 Lanner IAC-AST2500A 安全漏洞 详情
07eddc3a7e5e3731956c02a50f538970 CNNVD-202210-1697 (CVE-2021-26732) 2022-10-24 13:13:42 Lanner IAC-AST2500A 安全漏洞 详情
4b051d50f18e2bb4a1f272b12f873223 CNNVD-202210-1698 (CVE-2021-26731) 2022-10-24 13:13:40 Lanner IAC-AST2500A 缓冲区错误漏洞 详情
0d79d7ad89e7b6f52a89de2e3762a492 CNNVD-202210-1699 (CVE-2021-42010) 2022-10-24 13:13:38 Apache Heron 注入漏洞 详情
9596051a8fb75da90bf94bd495b53e94 CNNVD-202210-1700 (CVE-2021-26733) 2022-10-24 13:13:36 Lanner IAC-AST2500A 安全漏洞 详情
883bec62dd4552d68130c0f925873e93 CNNVD-202210-1701 (CVE-2022-42432) 2022-10-24 13:13:34 Linux kernel 安全漏洞 详情
755328fe5484ce3f71a4940d10f50b34 CNNVD-202210-1702 (CVE-2021-44769) 2022-10-24 13:13:31 Lanner IAC-AST2500A 输入验证错误漏洞 详情
9c53a984103cd446d6e447c12c9c66c6 CNNVD-202210-1703 (CVE-2021-44467) 2022-10-24 13:13:29 Lanner IAC-AST2500A 安全漏洞 详情
30dfa903ed49845732fc6cef266206e9 CNNVD-202210-1704 (CVE-2022-41974) 2022-10-24 13:13:27 Red Hat device-mapper-multipath 安全漏洞 详情
9c6324677d17c72db81aec2e1797791f CNNVD-202210-1705 (CVE-2022-41973) 2022-10-24 13:13:25 Red Hat device-mapper-multipath 安全漏洞 详情
4ec5a4ccefd5879e573cd53c2123dd3a CNNVD-202210-1612 (CVE-2022-39272) 2022-10-22 13:10:57 Flux2 安全漏洞 详情
c3846b92a4965777ef3e53a1f4618717 CNNVD-202210-1600 (CVE-2022-3646) 2022-10-21 13:11:18 Linux kernel 安全漏洞 详情
9a761144255ce6f90bb54e219ea40282 CNNVD-202210-1601 (CVE-2022-34438) 2022-10-21 13:11:15 Dell PowerScale OneFS 安全漏洞 详情
44290d228b51ffbf0aab6efd4d6e678e CNNVD-202210-1602 (CVE-2022-31239) 2022-10-21 13:11:13 Dell PowerScale OneFS 安全漏洞 详情
9ca9cbb2a337c33899bcdf19d91d7d78 CNNVD-202210-1603 (CVE-2022-34437) 2022-10-21 13:11:11 Dell PowerScale OneFS 安全漏洞 详情
0a96e1daad10fc7b842abaa350831db2 CNNVD-202210-1605 (CVE-2022-26870) 2022-10-21 13:11:09 Dell EMC PowerStore 安全漏洞 详情
35f41caeb97feaaa8373f4dbbbd7a249 CNNVD-202210-1606 (CVE-2020-5355) 2022-10-21 13:11:06 Dell EMC Isilon OneFS 安全漏洞 详情
d314bbe34de68aa67eddd75a9f4ce40c CNNVD-202210-1609 (CVE-2022-3649) 2022-10-21 13:11:04 Linux kernel 资源管理错误漏洞 详情
351642a659185d5b0604973397c7fa3b CNNVD-202210-1610 (CVE-2022-39259) 2022-10-21 13:11:02 Skylot Jadx 安全漏洞 详情
ebbdab47bb0184312da10141d7d010e7 CNNVD-202210-1611 (CVE-2022-23462) 2022-10-21 13:10:59 Softmotions IOWOW 安全漏洞 详情
8c86f10ec92b3124f4395faa27ee8ae3 CNNVD-202210-1517 (CVE-2022-29477) 2022-10-20 13:11:07 Adobe Iota 信任管理问题漏洞 详情
3c33a32472c03f27b2b606714eb74e0a CNNVD-202210-1518 (CVE-2022-36966) 2022-10-20 13:11:02 SolarWinds Platform 安全漏洞 详情
280b662d6c30e683e90c26748fa86a26 CNNVD-202210-1519 (CVE-2022-36958) 2022-10-20 13:10:53 SolarWinds Platform 代码问题漏洞 详情
1d1787e08b1093c5bd9723a8b9465e0f CNNVD-202210-1520 (CVE-2022-27805) 2022-10-20 13:10:47 Adobe Iota 访问控制错误漏洞 详情
632da31aee8b02c08d2e63767809782a CNNVD-202210-1521 (CVE-2022-36957) 2022-10-20 13:10:44 SolarWinds Platform 安全漏洞 详情
28743e448b695bd2eee529e66954d3c4 CNNVD-202210-1522 (CVE-2022-3623) 2022-10-20 13:10:36 Linux kernel 竞争条件问题漏洞 详情
92679bd487d2a90451cf297905a8f3c3 CNNVD-202210-1523 (CVE-2022-32586) 2022-10-20 13:10:34 Adobe Iota 操作系统命令注入漏洞 详情
bcd4eca45c95707bab85d60a3c30d643 CNNVD-202210-1524 (CVE-2022-3619) 2022-10-20 13:10:32 Linux kernel 安全漏洞 详情
95cdab65f668ebae996fbf3df854d1e9 CNNVD-202210-1525 (CVE-2022-3620) 2022-10-20 13:10:27 Exim 资源管理错误漏洞 详情
9e701d3b09a7f774ceea498474bc4d40 CNNVD-202210-1526 (CVE-2022-3621) 2022-10-20 13:10:25 Linux kernel 安全漏洞 详情

奇安信 [TOP 30] CVES TIME TITLE URL
45ab4afdafe578698bcfccccd65d833e yt QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
74691465618764c64d52a2ff58013ac4 yt QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
7010355bb6ffff38cb1a885acf784ca7 ft QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
5edb21a58a7e21692bd0ddd622d39279 St QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情

安全客 [TOP 30] CVES TIME TITLE URL
03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情

斗象 [TOP 30] CVES TIME TITLE URL
096b6298d82574500dc1a14c9dba4065 CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 2022-07-15 00:38:28 微软2022年7月补丁日漏洞通告 详情
6018f718b2d751478bf1ce069ac65f0d CVE-2022-2185 2022-07-01 09:02:05 GitLab 远程代码执行漏洞(CVE-2022-2185) 详情
844719cf0bb4843aff73d2f33cc6dd0b CVE-2022-30190, CVE-2022-30136 2022-06-15 05:48:12 微软2022年6月补丁日漏洞通告 详情
8b47000e1abfbacdadb7df6f09152d89 CVE-2022-26134 2022-06-03 05:48:38 Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) 详情
eebe93468b36d2ca24cf4b82136a5635 CVE-2022-30190 2022-05-31 13:57:17 Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) 详情
95525e3f5907a776dc7cd4f87f2e2154 2022-05-23 07:11:04 Fastjson 反序列化漏洞 详情
945fd6e612634d9721f861833f1ecb75 CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 2022-05-11 03:45:48 微软2022年5月补丁日漏洞通告 详情
e2938ff82d0cc152508e0240697def4c CVE-2022-1388 2022-05-06 05:53:04 F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) 详情
bcf7253d2ee580c618737de137d370c4 CVE-2022-29464 2022-04-22 02:21:17 WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) 详情
07c09799b08afb04c63a9de750b70aca CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 2022-04-13 07:51:00 微软2022年4月补丁日漏洞通告 详情
f5b543501ed5679d423411edac502e24 CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 2022-04-08 03:49:31 VMware 产品多个高危漏洞通告 详情
f421bcdb306e2bc1ffbf58fcb024a0dd 2022-03-29 17:11:30 Spring 框架远程代码执行漏洞 详情
0473358d95e58c7c3f2e7db0109f56f4 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
a888c948ca1172f8a06a3879479f1de4 CVE-2022-22965 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
71ed541bb737196268b75c7ba435e1a9 2022-03-28 04:57:30 Spring Cloud Function SpEL表达式注入漏洞 详情
f7a5dcd376be777c6593a29b8ebd411a CVE-2022-0778 2022-03-18 07:09:22 OpenSSL拒绝服务漏洞(CVE-2022-0778) 详情
6c4124fed44906a79843cd2dd383c695 CVE-2022-0847 2022-03-15 03:32:03 Linux Kernel本地提权漏洞(CVE-2022-0847) 详情
a2795e4829bff16f108cf191eba663c3 CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 2022-03-11 02:14:56 微软2022年3月补丁日漏洞通告 详情
d09f0641bf65c64a16d802cd78e14097 CVE-2022-0847 2022-03-08 08:23:08 Linux 内核本地提权漏洞(CVE-2022-0847) 详情
69052e2a8c09416f5df674f92cba25a6 CVE-2022-22947 2022-03-02 11:42:55 Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) 详情
5f42b6f584a9ace426787dc8dfd6e6e5 2022-02-16 10:44:18 向日葵远程命令执行漏洞(CNVD-2022-10270) 详情
79556071f6236ab4674f75b3beee4d79 CVE-2022-24112 2022-02-11 06:13:35 Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) 详情
485f2c57713f4a39830e8c2d01e43cfe CVE-2021-4034 2022-01-26 06:19:16 Linux Polkit 权限提升漏洞(CVE-2021-4034) 详情
0aa6eab412c0318b74c6a470ee774df1 CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 2022-01-12 03:44:50 微软2022年1月补丁日漏洞通告 详情
88a8c676b52a739c0335d7c21ca810a9 2022-01-06 08:19:17 MeterSphere 远程代码执行漏洞 详情
9cd742f4839806e40f42c6e7ea492590 2021-12-28 10:31:16 APISIX Dashboard 未授权访问漏洞风险通告(CVE-2021-45232) 详情
76cad61d2d5a8750a6a714ab2c6dbc97 CVE-2021-45232 2021-12-28 10:31:16 Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) 详情
af4f5f63390eb00de8705b5029d8c376 CVE-2021-44228, CVE-2021-45046 2021-12-14 01:56:52 Apache Log4j 远程代码执行漏洞 详情
43456ae172e45c12087c40c03d925e0e CVE-2021-44228 2021-12-11 03:21:34 Apache Log4j 远程代码执行漏洞 详情
392b133d98d6f61aee36ce6c8784f4df 2021-12-09 15:20:54 Apache Log4j 远程代码执行漏洞 详情

红后 [TOP 30] CVES TIME TITLE URL
8f90b1c5ee2683604ab2a28d9c92b434 CVE-2021-43312 2023-03-31 20:22:43 UPX_PROJECT UPX Vulnerability 详情
103609a0f0521ba3fe331cccc7419488 CVE-2022-38745 2023-03-31 20:22:37 APACHE OPENOFFICE Vulnerability 详情
a2fb3f477a9e295c8464e30ced7652aa CVE-2021-43311 2023-03-31 20:22:32 UPX_PROJECT UPX Vulnerability 详情
5039a501f20cd682b341cdf03b3e755a CVE-2021-43315 2023-03-31 20:22:25 UPX_PROJECT UPX Vulnerability 详情
98f37e33c797a3a872d358f912dc5bd4 CVE-2021-43313 2023-03-31 20:22:19 UPX_PROJECT UPX Vulnerability 详情
6cdeba08a614bbcdfec3a314506af559 CVE-2021-43314 2023-03-31 20:22:12 UPX_PROJECT UPX Vulnerability 详情
78de597007daf9a66d599918a7911c6d CVE-2021-43317 2023-03-31 20:22:05 UPX_PROJECT UPX Vulnerability 详情
e8d8f052b5b39eb2d24008f6e4b4699c CVE-2021-43316 2023-03-31 20:21:59 UPX_PROJECT UPX Vulnerability 详情
4e6c229fed4b1f7ac116f4f5c44b4827 CVE-2022-20467 2023-03-31 20:21:52 GOOGLE ANDROID Vulnerability 详情
567f63268db066de881cdb7a29f1c957 CVE-2022-42498 2023-03-31 20:21:46 GOOGLE ANDROID Vulnerability 详情
53b690a28d2ea5e77b307af5c3938c95 CVE-2023-22257 2023-03-30 20:19:12 ADOBE Multiple product Vulnerability 详情
b19d7328e6d72b567acb2e4e8fc05e7d CVE-2023-22260 2023-03-30 20:18:59 ADOBE Multiple product Vulnerability 详情
bbe4700a9d0a09788c3442e35fa28218 CVE-2023-22263 2023-03-30 20:18:39 ADOBE Multiple product Vulnerability 详情
b750b6e45ac7eabaab8e6bf300e889c7 CVE-2023-1578 2023-03-27 20:15:48 PIMCORE PIMCORE Vulnerability 详情
14b405203a13b260ceb4c02fd813ebe2 CVE-2022-4095 2023-03-27 20:15:26 LINUX LINUX_KERNEL Vulnerability 详情
f4ec00f87612b2f5a10f3754bb4920d5 CVE-2023-1281 2023-03-27 20:15:14 LINUX LINUX_KERNEL Vulnerability 详情
e25299fe365efd88f565a37cb606e1fb CVE-2023-22253 2023-03-27 20:14:47 ADOBE Multiple product Vulnerability 详情
f44197baed3cf9e9e86a11a554ddcaae CVE-2023-22252 2023-03-26 20:14:56 ADOBE Multiple product Vulnerability 详情
3aea705a7dda1b3476c1f290afd1e7cd CVE-2023-21616 2023-03-26 20:14:50 ADOBE Multiple product Vulnerability 详情
02c0d5fa18dbf41c94c1573123aa6ca0 CVE-2023-22256 2023-03-26 20:14:43 ADOBE Multiple product Vulnerability 详情
bca3008ce57a7d623ab6066418107524 CVE-2023-22254 2023-03-26 20:14:37 ADOBE Multiple product Vulnerability 详情
43d27ef5f528e333a8a5c9ac7d7dfe0a CVE-2023-22259 2023-03-26 20:14:30 ADOBE Multiple product Vulnerability 详情
36ed4a170d1dfb5b6e3f2b3d9885ac87 CVE-2023-22258 2023-03-26 20:14:24 ADOBE Multiple product Vulnerability 详情
e7bef22d5ba20873684169da2a070084 CVE-2023-22262 2023-03-26 20:14:17 ADOBE Multiple product Vulnerability 详情
25c1e98d5b9f56a67e137e79e5506723 CVE-2023-22261 2023-03-26 20:14:11 ADOBE Multiple product Vulnerability 详情
0402f712b5e0b21dddd780c48e20264a CVE-2023-22265 2023-03-26 20:14:04 ADOBE Multiple product Vulnerability 详情
9a08eefa9c6c8d02d2b8fc81162e68d3 CVE-2023-21615 2023-03-26 20:13:58 ADOBE Multiple product Vulnerability 详情
fc84d8494981a72a0c15a499d519a8bb CVE-2023-1429 2023-03-25 20:18:51 PIMCORE PIMCORE Vulnerability 详情
5d1b1ab3c409333c63237ab6ff74bcd1 CVE-2023-27130 2023-03-25 20:18:39 TYPECHO TYPECHO Vulnerability 详情
02800cd9328c8e97995315edff908ba0 CVE-2023-28100 2023-03-25 20:18:12 FLATPAK FLATPAK Vulnerability 详情

绿盟 [TOP 30] CVES TIME TITLE URL
0a693651f16cc76acae7181beb9b639d CVE-2022-45867 2023-03-31 09:23:10 MyBB路径遍历漏洞 详情
f2b7c4881bd01fda315a7230f5b4e75a CVE-2022-42471 2023-03-31 09:23:10 Fortinet FortiWeb HTTP响应标头注入漏洞 详情
4aa39080d5b1af1396dde14fcfc20c5f CVE-2022-45143 2023-03-31 09:23:10 Apache Tomcat注入漏洞 详情
dd6b9e1dd7ca747216d8804d6979431f CVE-2023-0640 2023-03-31 09:23:10 TRENDnet TEW-652BRP命令注入漏洞 详情
0593493522338132997b14a16aa155f0 CVE-2023-0639 2023-03-31 09:23:10 TRENDnet TEW-652BRP跨站脚本漏洞 详情
3a061574b21ff2402c00687e068afbb6 CVE-2023-22456 2023-03-31 09:23:10 ViewVC跨站脚本漏洞 详情
5c715b1a215056d07f1b284eaecaf5a7 CVE-2023-23119 2023-03-31 09:23:10 Ubiquiti airFiber AF2X Radio固件修改漏洞 详情
e5089f26e3223ef66bca5dea9d21a98e CVE-2023-0637 2023-03-31 09:23:10 TRENDnet TEW-811DRU内存破坏漏洞 详情
b8fb3ada4ae26a352a0e8fe2f1dcdda5 CVE-2022-48079 2023-03-31 09:23:10 Monnai aaPanel访问控制错误漏洞 详情
afae849b7246873ca223924da04e8aed CVE-2022-41336 2023-03-31 09:23:10 Fortinet FortiPortal跨站脚本漏洞 详情
772fe6ad94b81ae915b438d0eb3823f1 CVE-2022-46604 2023-03-31 09:23:10 Tecrail Responsive FileManager任意代码执行漏洞 详情
485536fccffbcb10161e682ec9e49174 CVE-2022-22486 2023-03-31 09:23:10 IBM Tivoli Workload Scheduler XML外部实体注入漏洞 详情
e3c382d10057904fbeab45da0d80689e CVE-2023-24574 2023-03-31 09:23:10 Dell Enterprise SONiC OS不受控制的资源消耗漏洞 详情
0066be12dbcb6f57eac69fd481cb86b1 CVE-2023-0253 2023-03-31 09:23:10 WordPress Plugin Real Media Library跨站脚本漏洞 详情
40ecd547bb228c7dd0437e7d36e4326f CVE-2022-3560 2023-03-31 09:23:10 pesign路径遍历漏洞 详情
566dc9ace3e396821a7704df772229b7 CVE-2022-43665 2023-03-31 07:21:31 ESTsoft Alyac拒绝服务漏洞 详情
6e495e01997937778f84a1af62924570 CVE-2023-0749 2023-03-30 07:21:31 WordPress Ocean Extra Plugin跨站脚本漏洞 详情
a9989e237afbff3ab9003c3f16f8b06e CVE-2023-27063 2023-03-30 07:21:31 Tenda W15E缓冲区溢出漏洞 详情
861ff2120eddc743c338d2602ad6e3a6 CVE-2023-0066 2023-03-30 07:21:31 WordPress Companion Sitemap Generator Plugin跨站脚本漏洞 详情
0afbf567c66986a590911fc4a7ed12ab CVE-2022-45782 2023-03-30 07:21:31 dotCMS core忘记口令恢复机制弱漏洞 详情
2855838858c70d06985c28a86993974c CVE-2022-3614 2023-03-30 07:21:31 Octopus Deploy开放重定向漏洞 详情
8236a90ef4d55daa0cfae8ac26c4ab5a CVE-2023-0038 2023-03-30 07:21:31 WordPress Survey Maker Plugin跨站脚本漏洞 详情
177e7c2f25e0f18cb3eb0d8d0b14efa5 CVE-2022-4109 2023-03-30 07:21:31 WordPress Wholesale Market for WooCommerce Plugin路径遍历漏洞 详情
089731755e480ce5862081eb79435137 CVE-2022-40740 2023-03-30 07:21:31 Realtek GPON Router操作系统命令注入漏洞 详情
b357bf402a59310db292785f9c99dc7f CVE-2022-31364 2023-03-30 07:21:31 Cypress Bluetooth Mesh SDK越界写入漏洞 详情
e864211884137c69d8d1e8fc4a79425f CVE-2022-31363 2023-03-30 07:21:31 Cypress Bluetooth Mesh SDK越界写入漏洞 详情
c71b68d9fde6e3ba1e5d985fc3bcc07f CVE-2022-45783 2023-03-30 07:21:31 dotCMS core目录遍历漏洞 详情
46766aa391026c5f920bd33c8089e59e CVE-2023-22326 2023-03-30 07:21:31 F5 BIG-IP权限分配错误漏洞 详情
e9687ad1c3c83c0a11c7b7e3195753d8 CVE-2022-39042 2023-03-30 07:21:31 aEnrich a+HRD身份验证错误漏洞 详情
ac65e1f8821f3740d936aeaeb2b2ef10 CVE-2022-4359 2023-03-30 07:21:31 WordPress WP RSS By Publishers Plugin SQL注入漏洞 详情

美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL
a6602af107af95d4b796792b1eea4032 CVE-2023-1575 2023-03-29 15:15:07 The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 详情
f7cbe4193206552e4431f9b24b110dd6 CVE-2023-1400 2023-03-27 16:15:09 The Modern Events Calendar Lite WordPress plugin through 5.16.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 详情
4618cdb61ef66ed727b302839a228974 CVE-2023-24840 2023-03-27 04:15:10 HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database. 详情
cc8a847fe297795e96959e34241a2a39 CVE-2023-24839 2023-03-27 04:15:09 HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack. 详情
97b5fa763694c5b044668b335ab18dbc CVE-2023-1457 2023-03-25 21:15:06 ** DISPUTED ** A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities. 详情
797d01c10a4294ebb5d0cb1dcf99c993 CVE-2023-1456 2023-03-25 21:15:06 A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities. 详情
32524831039aa7631f3525010e676d4c CVE-2023-1631 2023-03-25 12:15:07 A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224013 was assigned to this vulnerability. 详情
04c1354493034f456a559cfb70382e7f CVE-2023-1630 2023-03-25 12:15:07 A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012. 详情
8f64c4034b5aadb416dfdff5daacb3c0 CVE-2023-1628 2023-03-25 12:15:07 A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Affected is an unknown function in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224010 is the identifier assigned to this vulnerability. 详情
63253249831bc740e83cb8154818cf8a CVE-2023-1629 2023-03-25 11:16:01 A vulnerability classified as critical was found in JiangMin Antivirus 16.2.2022.418. Affected by this vulnerability is the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224011. 详情
e39a29b1a6a0de6d20bf2acff0ae6db0 CVE-2023-26864 2023-03-24 22:15:07 SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent. 详情
89c344c7df24a2e7bfe1f5e368eab6b5 CVE-2023-1583 2023-03-24 22:15:07 A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash. 详情
a3254a6831ba6cc4cc64dcb69ba046ef CVE-2023-22812 2023-03-24 20:15:15 SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. 详情
a980bddad36dae5cbb37a3e3b6b192e4 CVE-2023-21067 2023-03-24 20:15:14 Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/A 详情
3a67ca286841be7398b761a9f10dd6b0 CVE-2023-21065 2023-03-24 20:15:14 In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630493References: N/A 详情
8da17a7fd1599c7f2d3f499472d0b52f CVE-2023-21064 2023-03-24 20:15:14 In DoSetPinControl of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130078References: N/A 详情
c05409c170bba425dcefc96b9564adad CVE-2023-21063 2023-03-24 20:15:14 In ParseWithAuthType of simdata.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243129862References: N/A 详情
d66bcbc7fd07ebfb629781372c274b53 CVE-2023-21061 2023-03-24 20:15:14 Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A 详情
c1098b359373f3ca12c4f8e1ef7aa641 CVE-2023-21060 2023-03-24 20:15:14 In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A 详情
ac384e63f6075d314093ca300148c989 CVE-2023-21059 2023-03-24 20:15:14 In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-247564044References: N/A 详情
8afb98a6b07f20bb82fd48c3699bbd1f CVE-2023-21058 2023-03-24 20:15:14 In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246169606References: N/A 详情
8c557b88bde63750f533d4f864ab0087 CVE-2023-21057 2023-03-24 20:15:14 In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244450646References: N/A 详情
52c17fe9dee1093d17be39c93ffc7d62 CVE-2023-21056 2023-03-24 20:15:14 In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A 详情
2e319322dc32a5469ecf717080348625 CVE-2023-21042 2023-03-24 20:15:14 In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/A 详情
31757d2c27be219ea79c0e715a2c8917 CVE-2023-21041 2023-03-24 20:15:13 In append_to_params of param_util.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-250123688References: N/A 详情
395311989a04ac1019b193bed948ad7e CVE-2023-21040 2023-03-24 20:15:13 In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238420277References: N/A 详情
f5574ca5a78a28970b3609b6235ced59 CVE-2023-21039 2023-03-24 20:15:13 In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783650References: N/A 详情
5b22c9b252e0fd34662448afaaa921aa CVE-2023-21038 2023-03-24 20:15:13 In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224000736References: N/A 详情
a8234a2f123a571507be9362c5644497 CVE-2023-21036 2023-03-24 20:15:13 In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A 详情
29c87076ac883ab255a13e86dabe82c1 CVE-2023-21035 2023-03-24 20:15:13 In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184847040 详情