360 网络安全响应中心 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
c33d5d851f0eb017b3b3d40b27c4d5c0 | 2022-06-27 06:33:50 ![]() |
安全事件周报 (06.20-06.26) | 详情 | |
d8b60386ddf5aa6cb6b94d7bfdf15dab | CVE-2022-21445 | 2022-06-24 08:59:13 | Oracle JDeveloper ADF Faces 远程代码执行漏洞 | 详情 |
a722f1a07507fe9913ccf9b7c41d4fd1 | 2022-06-20 06:54:29 | 安全事件周报 (06.13-06.19) | 详情 | |
c2186167548f01d8ddfd96db86c40836 | 2022-06-15 08:29:35 | 2022-06 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
64389458cdb7503bb3b28aeafe20ffd4 | 2022-06-13 06:39:43 | 安全事件周报 (06.06-06.12) | 详情 | |
fb61c3ffe8c8e3aede718d3132feee90 | 2022-06-06 08:31:59 | 安全事件周报 (05.30-06.05) | 详情 | |
049da3841ebfd8fef5c9f3d1b5d87ef5 | CVE-2022-26134 | 2022-06-04 02:50:19 | CVE-2022-26134:Confluence OGNL 注入漏洞通告 | 详情 |
eaa2767b3c416d86dd05499c697c12e0 | CVE-2022-30190 | 2022-06-02 02:14:38 | [更新1.0] CVE-2022-30190:Microsoft Windows 支持诊断工具(MSDT)远程代码执行漏洞通告 | 详情 |
83e498526ca0d7c026a64a69f33d4a56 | CVE-2022-30190 | 2022-06-01 08:36:19 | CVE-2022-30190:Microsoft Windows 支持诊断工具(MSDT)远程代码执行漏洞通告 | 详情 |
d98de03075a051648774441a82d8ae09 | 2022-05-30 06:37:51 | 安全事件周报 (05.23-05.29) | 详情 | |
1caf614a1af92b187c5895f16e8959a0 | 2022-05-23 09:33:30 | 安全事件周报 (05.16-05.22) | 详情 | |
f63fd1cacab86b35d70c7794b00917c5 | 2022-05-23 07:36:08 | Fastjson 反序列化漏洞通告 | 详情 | |
fb66abd7a3d6f14fee26094115b0cb07 | 2022-05-16 08:37:44 | 安全事件周报 (05.09-05.16) | 详情 | |
f2f40e27fe16636b0d782bbb2b255af3 | 2022-05-11 07:04:18 | 2022-05 补丁日:微软多个漏洞安全更新通告 | 详情 | |
936cf72cc38fb6e1679e4f30124016d5 | 2022-05-09 06:18:57 | 安全事件周报 (04.25-05.08) | 详情 | |
10191c5c70179ec2e0a6487b13389bef | CVE-2022-1388 | 2022-05-06 07:09:23 | CVE-2022-1388:F5 BIG-IP iControl REST身份验证绕过漏洞 | 详情 |
e2a962f9ffebd7d5a97382cd030ba8d2 | CVE-2022-24706 | 2022-04-27 09:24:38 | CVE-2022-24706:Apache CouchDB 远程代码执行漏洞通告 | 详情 |
42f7b238e3fcf3ff6591aece7b0693da | 2022-04-25 08:24:24 | 安全事件周报 (04.18-04.24) | 详情 | |
794b588b98e3c8865de32c3b6fa6f8bd | CVE-2022-0540 | 2022-04-21 07:45:57 | CVE-2022-0540:Jira 身份验证绕过漏洞风险通告 | 详情 |
6269f651513b7b6a74ce8e6b15a6cb40 | CVE-2022-0540 | 2022-04-21 07:15:38 | CVE-2022-0540:Jira 身份认证绕过漏洞风险通告 | 详情 |
7eb322a673ef3c0b19410bdc96ba293b | 2022-04-20 08:34:00 | 2022-04 补丁日: Oracle多个产品漏洞安全风险通告 | 详情 | |
976cf8c971c9110deb43a103d5871c8a | 2022-04-18 07:45:49 | 安全事件周报 (04.11-04.17) | 详情 | |
50e765bbe0968ff4c8d0119a3006a697 | CVE-2022-1364 | 2022-04-15 10:41:15 | CVE-2022-1364:Google Chrome V8类型混淆漏洞 | 详情 |
eb9f978360abd857f1444312ba91b859 | 2022-04-13 03:27:21 | 2022-04 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
b35a4f0535638825028460eb19b81973 | CVE-2021-31805 | 2022-04-13 02:19:24 | CVE-2021-31805:Apache Struts2远程代码执行漏洞通告 | 详情 |
6d56b9c4c8aa793989e3b840c3138cb9 | 2022-04-11 07:42:43 | 双平台挖矿僵尸网络Sysrv-hello加持新漏洞再度来袭 | 详情 | |
7f540b1dbbe25045f70683a01ea68166 | 2022-04-11 07:07:10 | 安全事件周报 (04-04 ~ 04-10) | 详情 | |
9c88cce7f283abbe0d2ca73f017c7cca | CVE-2022-1162 | 2022-04-07 09:40:36 | Gitlab 硬编码漏洞通告 | 详情 |
e7c1b670f81a9e6ec46db927363c7420 | 2022-04-06 08:50:12 | 安全事件周报 (03-28 ~ 04-03) | 详情 | |
e4765c9e52e2c09c66d06d82bc951934 | 2022-03-28 07:28:54 | 安全事件周报 (03.21-03.27) | 详情 |
Tenable (Nessus) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
4ccaafb75bb36d4993bae7fd1f05dfa0 | CVE-2022-34134 | 2022-06-28 00:15:00 ![]() |
Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. | 详情 |
275290c3b08839d3e0f0ec8e49ca14d2 | CVE-2022-34133 | 2022-06-28 00:15:00 ![]() |
Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. | 详情 |
f262df2d60880acefc0e70db0bd7ef1f | CVE-2022-34132 | 2022-06-28 00:15:00 ![]() |
Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. | 详情 |
44b7408980fd381b21b8d6d9d05a8973 | CVE-2022-31104 | 2022-06-28 00:15:00 ![]() |
Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select` WebAssembly instructions. The `select` instruction is only affected when the inputs are of `v128` type. The correspondingly affected Cranelift instructions were `swizzle` and `select`. The `swizzle` instruction lowering in Cranelift erroneously overwrote the mask input register which could corrupt a constant value, for example. This means that future uses of the same constant may see a different value than the constant itself. The `select` instruction lowering in Cranelift wasn't correctly implemented for vector types that are 128-bits wide. When the condition was 0 the wrong instruction was used to move the correct input to the output of the instruction meaning that only the low 32 bits were moved and the upper 96 bits of the result were left as whatever the register previously contained (instead of the input being moved from). The `select` instruction worked correctly if the condition was nonzero, however. This bug in Wasmtime's implementation of these instructions on x86_64 represents an incorrect implementation of the specified semantics of these instructions according to the WebAssembly specification. The impact of this is benign for hosts running WebAssembly but represents possible vulnerabilities within the execution of a guest program. For example a WebAssembly program could take unintended branches or materialize incorrect values internally which runs the risk of exposing the program itself to other related vulnerabilities which can occur from miscompilations. We have released Wasmtime 0.38.1 and cranelift-codegen (and other associated cranelift crates) 0.85.1 which contain the corrected implementations of these two instructions in Cranelift. If upgrading is not an option for you at this time, you can avoid the vulnerability by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other aarch64 hosts are not affected. Note that s390x hosts don't yet implement the simd proposal and are not affected. | 详情 |
273bcdec4d9f883ef8a77a027f4cecd9 | CVE-2022-33009 | 2022-06-27 23:15:00 ![]() |
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. | 详情 |
3447d8283fe9caa4484f5f7891593c07 | CVE-2022-32995 | 2022-06-27 23:15:00 ![]() |
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | 详情 |
f996951b366492e489b6409fa20249b4 | CVE-2022-32994 | 2022-06-27 23:15:00 ![]() |
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | 详情 |
fd069dd280238c4fb041000d007cf42c | CVE-2022-31103 | 2022-06-27 23:15:00 ![]() |
lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2. | 详情 |
d210e05bc289eadc72912d18b83ffabd | CVE-2022-31101 | 2022-06-27 23:15:00 ![]() |
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. | 详情 |
5aafa6e07fd3bf3597ee5e94d0918091 | CVE-2022-31099 | 2022-06-27 23:15:00 ![]() |
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue. | 详情 |
e1c91b728e27c9220f1f91f4893997ff | CVE-2022-33879 | 2022-06-27 22:15:00 ![]() |
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. | 详情 |
ac884ae101ec5d8021e06fc7f243eb07 | CVE-2022-33007 | 2022-06-27 22:15:00 ![]() |
TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. | 详情 |
23ab4a169a4aec0f5d872bb84b2e2552 | CVE-2022-32092 | 2022-06-27 22:15:00 ![]() |
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. | 详情 |
b7fd5a7976b7b8b54a86f074afe2ef2d | CVE-2022-31100 | 2022-06-27 22:15:00 ![]() |
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the thread running rulex panics. The crashes are fixed in version **0.4.3**. Affected users are advised to update to this version. The only known workaround for this issue is to assume that regular expression parsing will panic and to add logic to catch panics. | 详情 |
12b538cc8b2d40df1ab7e42a77a1f76a | CVE-2022-31035 | 2022-06-27 19:15:00 ![]() |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. | 详情 |
71ef002b3fb9a4efa6df43d481e2c615 | CVE-2022-31034 | 2022-06-27 19:15:00 ![]() |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. | 详情 |
3e1199d970d248086c7278bff1901332 | CVE-2022-28622 | 2022-06-27 19:15:00 ![]() |
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. | 详情 |
520af9ad6f6379f76c24cfc42347c31f | CVE-2022-2221 | 2022-06-27 19:15:00 ![]() |
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | 详情 |
76c25cdfdacf7551ae92343d679a922d | CVE-2017-20099 | 2022-06-27 19:15:00 ![]() |
A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely. | 详情 |
71ddf9a285dcf0e816011b2322b9ab64 | CVE-2017-20098 | 2022-06-27 19:15:00 ![]() |
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. | 详情 |
4de8ecffd16f31beb2d315fb60b1b18e | CVE-2022-28172 | 2022-06-27 18:15:00 ![]() |
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. | 详情 |
2eca8e98b18bc9fd1c4f1a46f90848c5 | CVE-2022-28171 | 2022-06-27 18:15:00 ![]() |
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. | 详情 |
ac6cdc15affdab9e454292aa6173e3aa | CVE-2022-28168 | 2022-06-27 18:15:00 ![]() |
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | 详情 |
44653037ad87dce7660e2a83fa6f20bd | CVE-2022-28167 | 2022-06-27 18:15:00 ![]() |
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | 详情 |
e4dfa19f16bef3f9e60dca8dd86226b5 | CVE-2022-2140 | 2022-06-27 17:15:00 ![]() |
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. | 详情 |
ea6e1e454127c402a4673b0433c9f477 | CVE-2022-2106 | 2022-06-27 17:15:00 ![]() |
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. | 详情 |
cbcf8a38231bb79bfaeefba1013c7cca | CVE-2022-2088 | 2022-06-27 17:15:00 ![]() |
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. | 详情 |
51aafc99a7a17f3434ec50692eb94839 | CVE-2021-33654 | 2022-06-27 17:15:00 ![]() |
When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception. | 详情 |
8e58f05fef7657543cac1cff458c230f | CVE-2021-33653 | 2022-06-27 17:15:00 ![]() |
When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception. | 详情 |
8d74f2a43537362751e8d347893d9244 | CVE-2021-33652 | 2022-06-27 17:15:00 ![]() |
When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception. | 详情 |
国家信息安全漏洞共享平台(CNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
8686fda9b2b49e4e1666b54e2248f935 | CNVD-2021-74882 | 2021-11-14 16:43:52 | 四创科技有限公司建站系统存在SQL注入漏洞 | 详情 |
8f6972d84ad188b05ff9cc14d4334949 | CNVD-2021-87021 (CVE-2020-4690) | 2021-11-12 12:43:14 | IBM Security Guardium硬编码凭证漏洞 | 详情 |
3bfe7b053a0c59d8a3d38c18f86aa143 | CNVD-2021-87022 (CVE-2021-38870) | 2021-11-12 12:43:12 | IBM Aspera跨站脚本漏洞 | 详情 |
a4649bb17f4db4d1c7f879ebceb46ed0 | CNVD-2021-87011 (CVE-2021-29753) | 2021-11-12 12:43:11 | IBM Business Automation Workflow存在未明漏洞 | 详情 |
094c613f9ed4b8b9d887dc912789043c | CNVD-2021-87025 (CVE-2021-20563) | 2021-11-12 12:43:10 | IBM Sterling File Gateway信息泄露漏洞 | 详情 |
41c47f01a4c65dcb6efc9ebf483fe762 | CNVD-2021-87010 (CVE-2021-38887) | 2021-11-12 12:43:08 | IBM InfoSphere Information Server信息泄露漏洞 | 详情 |
f51d33e7a09fd61ca90ede453515a830 | CNVD-2021-87016 (CVE-2021-29764) | 2021-11-12 12:43:07 | IBM Sterling B2B Integrator跨站脚本漏洞 | 详情 |
33615a5f78df822e82e6d3436045c48c | CNVD-2021-87026 (CVE-2021-38877) | 2021-11-12 12:43:06 | IBM Jazz for Service Management跨站脚本漏洞 | 详情 |
8e729177bcb4105dd831fb1e123ed1bb | CNVD-2021-87014 (CVE-2021-29679) | 2021-11-12 12:43:04 | IBM Cognos Analytics远程代码执行漏洞 | 详情 |
1a3b856f78e9fbdca12aeddc7d665aca | CNVD-2021-87029 (CVE-2021-29752) | 2021-11-12 12:43:03 | IBM Db2信息泄露漏洞 | 详情 |
6f1aa3a0cb819d97519baa47fd0232d5 | CNVD-2021-87015 (CVE-2021-29745) | 2021-11-12 12:43:02 | IBM Cognos Analytics权限提升漏洞 | 详情 |
cbcb12f5f51d6e7d6d8a9fa581aa863a | CNVD-2021-73908 | 2021-11-11 16:42:44 | 泛微e-cology存在SQL注入漏洞 | 详情 |
ae6fd467da55de31aa7219187cf5c2d4 | CNVD-2021-86904 (CVE-2021-20351) | 2021-11-11 08:31:46 | IBM Engineering跨站脚本漏洞 | 详情 |
412a15b40959ed9cf9330ee79f99e079 | CNVD-2021-86903 (CVE-2021-31173) | 2021-11-11 08:31:44 | Microsoft SharePoint Server信息泄露漏洞 | 详情 |
1cbc5d5faac431d3e82c9e5ea9588b5f | CNVD-2021-86902 (CVE-2021-31172) | 2021-11-11 08:31:43 | Microsoft SharePoint欺骗漏洞 | 详情 |
686c7cfb20933b41c3d679cbba79a2ad | CNVD-2021-86901 (CVE-2021-31181) | 2021-11-11 08:31:42 | Microsoft SharePoint远程代码执行漏洞 | 详情 |
72fdfb2d44c0d41d638e4632bdfc10b8 | CNVD-2021-86900 (CVE-2021-3561) | 2021-11-11 08:31:41 | fig2dev缓冲区溢出漏洞 | 详情 |
3ba6f0e9394f9414e2cadb9495e2d5f5 | CNVD-2021-85884 (CVE-2021-41210) | 2021-11-10 07:24:57 | Google TensorFlow堆分配数组越界读取漏洞 | 详情 |
4d8c4744ea972fb2fcb9673fea1fc7b7 | CNVD-2021-85883 (CVE-2021-41226) | 2021-11-10 07:24:56 | Google TensorFlow堆越界访问漏洞 | 详情 |
8778f9cd924cae585ca5e2e0b8be3b3f | CNVD-2021-85882 (CVE-2021-41224) | 2021-11-10 07:24:54 | Google TensorFlow堆越界访问漏洞 | 详情 |
e1b2722e6d5c509c680b584416d9cb20 | CNVD-2021-85881 (CVE-2021-42770) | 2021-11-10 07:24:53 | OPNsense跨站脚本漏洞 | 详情 |
ed09c9fa5586e2d4d9b4e95fe3b447a0 | CNVD-2021-85880 (CVE-2021-28024) | 2021-11-10 07:24:52 | ServiceTonic访问控制不当漏洞 | 详情 |
8a642f0922f7f915e81b2b947276a96c | CNVD-2021-85879 (CVE-2021-28023) | 2021-11-10 07:24:50 | ServiceTonic任意文件上传漏洞 | 详情 |
c00b061c2cfdee4016a869a188135db5 | CNVD-2021-85878 (CVE-2021-28022) | 2021-11-10 07:24:49 | ServiceTonic SQL注入漏洞 | 详情 |
9c4b20a28ad2bd4ab916448f0e1272bd | CNVD-2021-85877 (CVE-2021-32483) | 2021-11-10 07:24:48 | Cloudera Manager不正确访问控制漏洞 | 详情 |
4d4423857b7b1f38e49738f00e8949ba | CNVD-2021-85876 (CVE-2021-32481) | 2021-11-10 07:24:46 | Cloudera Hue跨站脚本漏洞 | 详情 |
6b12b7fc216d603e8e07351603851c86 | CNVD-2021-85875 (CVE-2021-29994) | 2021-11-10 07:24:45 | Cloudera Hue跨站脚本漏洞 | 详情 |
72894fb3a3538de240d2f6810aae63c9 | CNVD-2021-85892 (CVE-2021-42701) | 2021-11-10 02:38:27 | DAQFactory中间人攻击漏洞 | 详情 |
94a1f99a64ba24540cc1594d0a0b3152 | CNVD-2021-85893 (CVE-2021-42699) | 2021-11-10 02:38:26 | DAQFactory明文传输漏洞 | 详情 |
5d9bac33be8f2f88391f6de02fb89c73 | CNVD-2021-85894 (CVE-2021-42698) | 2021-11-10 02:38:24 | DAQFactory反序列化漏洞 | 详情 |
国家信息安全漏洞库(CNNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
4cf6b4a672f84aa2b15a241eea4350f3 | CNNVD-202206-2545 (CVE-2020-27509) | 2022-06-26 13:01:38 | Galaxkey 安全漏洞 | 详情 |
09919062e71689395c015584fc9f4bb0 | CNNVD-202206-2546 (CVE-2022-34495) | 2022-06-26 13:01:36 | Linux kernel 安全漏洞 | 详情 |
d1e9409efd6a0d3174dff3bfa834bce6 | CNNVD-202206-2547 (CVE-2022-34494) | 2022-06-26 13:01:34 | Linux kernel 安全漏洞 | 详情 |
6b6e1dadb96a4e21705b6ebd6a148c7a | CNNVD-202206-2549 (CVE-2022-2206) | 2022-06-26 13:01:31 | Vim 缓冲区错误漏洞 | 详情 |
e98f2460398a44f05a5292e0cf24c85e | CNNVD-202206-2539 (CVE-2022-31017) | 2022-06-25 13:01:52 | Zulip 安全漏洞 | 详情 |
3dc11e6eab103a9b7888f7884009519c | CNNVD-202206-2540 (CVE-2022-29168) | 2022-06-25 13:01:49 | Wire 安全漏洞 | 详情 |
89aaa75b55eabbed982fe2f4ff49c801 | CNNVD-202206-2541 (CVE-2022-24893) | 2022-06-25 13:01:47 | Espressif ESP-IDF 安全漏洞 | 详情 |
44669ada672f6d0dc60cfdc7b5227d23 | CNNVD-202206-2542 (CVE-2022-29931) | 2022-06-25 13:01:45 | Raytion 安全漏洞 | 详情 |
d510fb30c4ee460d46af967833dfcaec | CNNVD-202206-2543 (CVE-2022-34491) | 2022-06-25 13:01:43 | MediaWiki 安全漏洞 | 详情 |
2000b3b626ffc3d43ab52337f2116df7 | CNNVD-202206-2544 (CVE-2019-25071) | 2022-06-25 13:01:41 | Apple iPhone 安全漏洞 | 详情 |
9b7bda074abfea1f1f673778af3738c0 | CNNVD-202206-2317 (CVE-2022-29519) | 2022-06-24 12:55:41 | Yokogawa STARDOM 安全漏洞 | 详情 |
9ba41b96fd98844a21eabcb1477832f0 | CNNVD-202206-2318 (CVE-2022-30997) | 2022-06-24 12:55:38 | Yokogawa STARDOM 安全漏洞 | 详情 |
7812e406058b408aec549263168be173 | CNNVD-202206-2309 (CVE-2022-2121) | 2022-06-23 12:56:01 | OFFIS DCMTK 代码问题漏洞 | 详情 |
27cb27b9f28ee41033f5b5b631946cf0 | CNNVD-202206-2310 (CVE-2022-26864) | 2022-06-23 12:55:59 | Dell BIOS 安全漏洞 | 详情 |
54bfe55788015ab28f3f320b76a3f165 | CNNVD-202206-2311 (CVE-2022-2120) | 2022-06-23 12:55:56 | OFFIS DCMTK 安全漏洞 | 详情 |
2b6c5a07b60d5d416f1362602393b5b6 | CNNVD-202206-2312 (CVE-2022-33146) | 2022-06-23 12:55:54 | web2py 安全漏洞 | 详情 |
33a8219bc7bff9db882b5d6a46c6409a | CNNVD-202206-2313 (CVE-2022-2119) | 2022-06-23 12:55:51 | OFFIS DCMTK 路径遍历漏洞 | 详情 |
5d01eb301f2af6d485a4352e7471368d | CNNVD-202206-2314 (CVE-2022-26863) | 2022-06-23 12:55:49 | Dell BIOS 安全漏洞 | 详情 |
15d53a42b1d64933bdc6647b074c1600 | CNNVD-202206-2315 (CVE-2022-26862) | 2022-06-23 12:55:46 | Dell BIOS 安全漏洞 | 详情 |
541d4dbde22eb7213901965270a17812 | CNNVD-202206-2316 (CVE-2022-2147) | 2022-06-23 12:55:43 | Cloudflare Warp 安全漏洞 | 详情 |
ac19612cfdbda7e091250ac62d38b2ea | CNNVD-202206-2205 (CVE-2022-23079) | 2022-06-22 12:57:13 | motor-admin 安全漏洞 | 详情 |
31806d8736ea2a9e5f6fcde0c86a331a | CNNVD-202206-2206 (CVE-2022-31091) | 2022-06-22 12:57:10 | Guzzle 安全漏洞 | 详情 |
1e353b790bedb7eef0e7026f93bdb7d9 | CNNVD-202206-2207 (CVE-2022-32549) | 2022-06-22 12:57:08 | Apache Sling 安全漏洞 | 详情 |
202fc1170eed6894b1a0f314d83b61b6 | CNNVD-202206-2208 (CVE-2022-23077) | 2022-06-22 12:57:06 | habitica 跨站脚本漏洞 | 详情 |
bbfa4f52e9d55ce7480cd58f8239043d | CNNVD-202206-2209 (CVE-2022-23078) | 2022-06-22 12:57:03 | habitica 输入验证错误漏洞 | 详情 |
9f5966abbf2bd0b70161c85887660420 | CNNVD-202206-2210 (CVE-2022-32159) | 2022-06-22 12:57:01 | openlibrary 跨站脚本漏洞 | 详情 |
91f2556d4580115f730986861fb94ae1 | CNNVD-202206-2211 (CVE-2022-20828) | 2022-06-22 12:56:59 | Cisco Adaptive Security Appliance 安全漏洞 | 详情 |
e76eb46f330e56189347b02066d5b31e | CNNVD-202206-2212 (CVE-2022-23080) | 2022-06-22 12:56:56 | Directus 代码问题漏洞 | 详情 |
353461199d46029315d4c7d027d88d59 | CNNVD-202206-2213 (CVE-2022-23081) | 2022-06-22 12:56:54 | openlibrary 跨站脚本漏洞 | 详情 |
0319759bba8251f2aa21d934dc4bd6c9 | CNNVD-202206-2214 (CVE-2022-20829) | 2022-06-22 12:56:52 | 多款Cisco产品数据伪造问题漏洞 | 详情 |
奇安信 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
6bd01daffa85191c80698354fc8e252f | wt | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 | |
f749eac58b87d0954f0e4a84b5d67057 | CVE-2020-1350 | 2020-07-15 15:57:00 | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 |
90b93cb7073fe73b17746ac166a09637 | CVE-2020-6819, CVE-2020-6820 | 2020-04-08 10:34:35 | QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 | 详情 |
e318a5efa4803b50cdef480b90b1784d | 2020-03-25 13:58:51 | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
cffc3035f7899495cfeae521451f91b2 | CVE-2020-0796 | 2020-03-12 10:32:09 | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 |
3e6175d47d17c6f94bd9ba10d81c3717 | CVE-2020-0674 | 2020-03-02 14:52:46 | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 |
d99d073afb7d248a8a62fb068921997f | CVE-2020-0601 | 2020-01-15 14:11:41 | QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 | 详情 |
b7b45b14a3af1225ef6eec72d74964df | CVE-2019-1367 | 2019-09-25 17:23:00 | QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 | 详情 |
504fc79f0123db109a11b149c334b75c | CVE-2019-0708 | 2019-09-09 10:20:47 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
5b727692d583d4a6e7cdb0f670eac12a | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 | 2019-08-14 11:09:05 | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 |
54b48d765fccbc8dcfa3de0920459f8d | CVE-2019-11707 | 2019-06-19 16:53:47 | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 |
5b4d5fea09fbc2dca45be53f162d39de | CVE-2019-0708 | 2019-05-31 17:03:19 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
安全客 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
03afa8b4eaf4a0160784152fca5465b2 | CVE-2021-27308 | 2021-07-11 14:22:05 | 4images 跨站脚本漏洞 | 详情 |
8b0ace4c54a7fc20a99d21e294152a99 | CVE-2020-15261 | 2021-07-11 14:22:05 | Veyon Service 安全漏洞 | 详情 |
d4f12de949590ab346b61986a29d8b4d | CVE-2021-35039 | 2021-07-09 17:30:13 | Linux kernel 安全漏洞 | 详情 |
f790e7ef3b5de3774d42ee32b9b10c01 | CVE-2021-34626 | 2021-07-09 17:30:13 | WordPress 访问控制错误漏洞 | 详情 |
71bf261eb2113d5ff870ab9bafd29f55 | CVE-2021-25952 | 2021-07-09 17:30:13 | just-safe-set 安全漏洞 | 详情 |
152793cbc104933584f5f227606f433d | CVE-2021-0597 | 2021-07-09 17:30:13 | Google Android 信息泄露漏洞 | 详情 |
75f153c327984fdfdd2d9c463a91371d | CVE-2021-34430 | 2021-07-09 17:30:13 | Eclipse TinyDTLS 安全特征问题漏洞 | 详情 |
9610336f1a41241cc8edea22a2780ec5 | CVE-2021-3638 | 2021-07-09 17:30:13 | QEMU 安全漏洞 | 详情 |
92fe450ae5c5dfa48072aca79d64ba63 | CVE-2021-34614 | 2021-07-09 14:24:32 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
680a4218fc32922746717210664a3d62 | CVE-2021-22144 | 2021-07-09 13:28:16 | Elasticsearch 安全漏洞 | 详情 |
373930f669f2c1f7b61101a925304779 | CVE-2021-24022 | 2021-07-09 13:28:16 | Fortinet FortiManager 安全漏洞 | 详情 |
8556f9cd0699f88c1f6cca9a43463bdd | CVE-2021-33012 | 2021-07-09 13:28:16 | Allen Bradley Micrologix 1100输入验证错误漏洞 | 详情 |
480ae713cc88cc0985e1ebc079974d83 | CVE-2021-0592 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8ef4dbefa6604ea2312621401c3ec0b9 | CVE-2021-1598 | 2021-07-09 13:28:16 | Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 | 详情 |
d6e8714c32df7a0dcc2f3910ec68b42d | CVE-2021-20782 | 2021-07-09 13:28:16 | Software License Manager 跨站请求伪造漏洞 | 详情 |
4e60b22611b8bb0fd7e532896498af29 | CVE-2021-20781 | 2021-07-09 13:28:16 | WordPress 跨站请求伪造漏洞 | 详情 |
5ca48ad58fb499c069ae0800c3b39875 | CVE-2021-32961 | 2021-07-09 13:28:16 | MDT AutoSave代码问题漏洞 | 详情 |
2ed854890b43f08e52340a1e8fe6d39f | CVE-2021-0577 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8d63110e1475bbd245715b2ee1824d13 | CVE-2021-31816 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
72bef2ae2f5db7dd066e1cdefa618dc5 | CVE-2021-31817 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
1f7369b2609dbd2cd40d091f7de540cd | CVE-2020-20217 | 2021-07-09 13:28:16 | Mikrotik RouterOs 安全漏洞 | 详情 |
1793176eecc5813c3348f026dc9909c9 | CVE-2020-28598 | 2021-07-09 13:28:16 | PrusaSlicer 安全漏洞 | 详情 |
7f4cf34ceb545548dcfcc3c0e7120268 | CVE-2021-32945 | 2021-07-09 13:28:16 | MDT AutoSave加密问题漏洞 | 详情 |
58553eb00d6e3e83b633f09464c4e98a | CVE-2021-29712 | 2021-07-09 13:28:16 | IBM InfoSphere Information Server 跨站脚本漏洞 | 详情 |
d8e27ec42fb0b89998fcc006f49b249b | CVE-2021-25432 | 2021-07-09 13:28:16 | Samsung Members 信息泄露漏洞 | 详情 |
8f2adc6c247725bf2eb7f53256c93ea7 | CVE-2021-25433 | 2021-07-09 13:28:16 | Samsung Tizen安全漏洞 | 详情 |
8f949676124339eb6f64f9c607af5470 | CVE-2021-25431 | 2021-07-09 13:28:16 | Samsung Mobile Device Cameralyzer 访问控制错误漏洞 | 详情 |
069818a8958f9c158fcb0956ee32fc03 | CVE-2021-25434 | 2021-07-09 13:28:16 | Samsung Tizen 代码注入漏洞 | 详情 |
55b9126220b9722ff5d730d3996877e9 | CVE-2021-32949 | 2021-07-09 13:28:16 | MDT AutoSave 路径遍历漏洞 | 详情 |
ebab009fffdee3d360dcdff74b0ed061 | CVE-2021-25435 | 2021-07-09 13:28:16 | Samsung Tizen代码注入漏洞 | 详情 |
斗象 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
844719cf0bb4843aff73d2f33cc6dd0b | CVE-2022-30190, CVE-2022-30136 | 2022-06-15 05:48:12 | 微软2022年6月补丁日漏洞通告 | 详情 |
8b47000e1abfbacdadb7df6f09152d89 | CVE-2022-26134 | 2022-06-03 05:48:38 | Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) | 详情 |
eebe93468b36d2ca24cf4b82136a5635 | CVE-2022-30190 | 2022-05-31 13:57:17 | Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) | 详情 |
95525e3f5907a776dc7cd4f87f2e2154 | 2022-05-23 07:11:04 | Fastjson 反序列化漏洞 | 详情 | |
945fd6e612634d9721f861833f1ecb75 | CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 | 2022-05-11 03:45:48 | 微软2022年5月补丁日漏洞通告 | 详情 |
e2938ff82d0cc152508e0240697def4c | CVE-2022-1388 | 2022-05-06 05:53:04 | F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) | 详情 |
bcf7253d2ee580c618737de137d370c4 | CVE-2022-29464 | 2022-04-22 02:21:17 | WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) | 详情 |
07c09799b08afb04c63a9de750b70aca | CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 | 2022-04-13 07:51:00 | 微软2022年4月补丁日漏洞通告 | 详情 |
f5b543501ed5679d423411edac502e24 | CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 | 2022-04-08 03:49:31 | VMware 产品多个高危漏洞通告 | 详情 |
f421bcdb306e2bc1ffbf58fcb024a0dd | 2022-03-29 17:11:30 | Spring 框架远程代码执行漏洞 | 详情 | |
0473358d95e58c7c3f2e7db0109f56f4 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 | |
a888c948ca1172f8a06a3879479f1de4 | CVE-2022-22965 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 |
71ed541bb737196268b75c7ba435e1a9 | 2022-03-28 04:57:30 | Spring Cloud Function SpEL表达式注入漏洞 | 详情 | |
f7a5dcd376be777c6593a29b8ebd411a | CVE-2022-0778 | 2022-03-18 07:09:22 | OpenSSL拒绝服务漏洞(CVE-2022-0778) | 详情 |
6c4124fed44906a79843cd2dd383c695 | CVE-2022-0847 | 2022-03-15 03:32:03 | Linux Kernel本地提权漏洞(CVE-2022-0847) | 详情 |
a2795e4829bff16f108cf191eba663c3 | CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 | 2022-03-11 02:14:56 | 微软2022年3月补丁日漏洞通告 | 详情 |
d09f0641bf65c64a16d802cd78e14097 | CVE-2022-0847 | 2022-03-08 08:23:08 | Linux 内核本地提权漏洞(CVE-2022-0847) | 详情 |
69052e2a8c09416f5df674f92cba25a6 | CVE-2022-22947 | 2022-03-02 11:42:55 | Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) | 详情 |
5f42b6f584a9ace426787dc8dfd6e6e5 | 2022-02-16 10:44:18 | 向日葵远程命令执行漏洞(CNVD-2022-10270) | 详情 | |
79556071f6236ab4674f75b3beee4d79 | CVE-2022-24112 | 2022-02-11 06:13:35 | Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) | 详情 |
485f2c57713f4a39830e8c2d01e43cfe | CVE-2021-4034 | 2022-01-26 06:19:16 | Linux Polkit 权限提升漏洞(CVE-2021-4034) | 详情 |
0aa6eab412c0318b74c6a470ee774df1 | CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 | 2022-01-12 03:44:50 | 微软2022年1月补丁日漏洞通告 | 详情 |
88a8c676b52a739c0335d7c21ca810a9 | 2022-01-06 08:19:17 | MeterSphere 远程代码执行漏洞 | 详情 | |
76cad61d2d5a8750a6a714ab2c6dbc97 | CVE-2021-45232 | 2021-12-28 10:31:16 | Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) | 详情 |
af4f5f63390eb00de8705b5029d8c376 | CVE-2021-44228, CVE-2021-45046 | 2021-12-14 01:56:52 | Apache Log4j 远程代码执行漏洞 | 详情 |
43456ae172e45c12087c40c03d925e0e | CVE-2021-44228 | 2021-12-11 03:21:34 | Apache Log4j 远程代码执行漏洞 | 详情 |
392b133d98d6f61aee36ce6c8784f4df | 2021-12-09 15:20:54 | Apache Log4j 远程代码执行漏洞 | 详情 | |
1e193280a8f45427c06cb4945be4f126 | 2021-12-07 06:48:55 | Grafana 任意文件读取漏洞 | 详情 | |
1911c90c4cf886d9867ff81b4756eb3f | 2021-12-02 06:37:58 | VMware vCenter 服务端请求伪造漏洞 | 详情 | |
45a46bc77eb26e67020f43cf08f1fcc6 | CVE-2021-21980, CVE-2021-22049 | 2021-11-26 03:52:06 | VMware vCenter Server多个高危漏洞通告 | 详情 |
红后 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
60022e4c5aec4efe4296a0545e1c473f | CVE-2022-20126 | 2022-06-27 20:03:36 ![]() |
Google Android 权限许可和访问控制问题漏洞 | 详情 |
269f08d65144d43b5f942f230dd65a5c | CVE-2022-20129 | 2022-06-27 20:03:21 ![]() |
Google Android 输入验证错误漏洞 | 详情 |
8c3d62988e50a00021eb45b546616e3f | CVE-2022-20131 | 2022-06-27 20:03:16 ![]() |
Google Android 信息泄露漏洞 | 详情 |
f1522cee7130e634c9a34c3d95ba8753 | CVE-2022-20125 | 2022-06-26 20:02:17 | Google Android 安全漏洞 | 详情 |
0dc019a7358ebd67f5a9fc37f2a1648e | CVE-2022-20130 | 2022-06-26 20:02:12 | Google Android 缓冲区错误漏洞 | 详情 |
d6fc3a86a5c3b9425bb1aa7222814647 | CVE-2022-20124 | 2022-06-26 20:02:07 | Google Android 权限许可和访问控制问题漏洞 | 详情 |
8b208bebd6095c4ceb0708ba3a1be0d4 | CVE-2022-20132 | 2022-06-26 20:02:01 | Google Android 缓冲区错误漏洞 | 详情 |
a580272180a42c8ef6a57d415e6729b4 | CVE-2022-20127 | 2022-06-26 20:01:56 | Google Android 资源管理错误漏洞 | 详情 |
c07b86a4cc67b3b84c7b03d6c591fac2 | CVE-2022-20142 | 2022-06-26 20:01:51 | Google Android 权限许可和访问控制问题漏洞 | 详情 |
614c5fbe4a28a4e2121ae27954f49d82 | CVE-2022-20134 | 2022-06-26 20:01:50 | Google Android 输入验证错误漏洞 | 详情 |
f1b2a7822ca6ef5ff49c6be73da68dc9 | CVE-2022-20149 | 2022-06-26 20:01:39 | Google Android 信息泄露漏洞 | 详情 |
42f549fcf65e76c80880f30e47968891 | CVE-2022-20135 | 2022-06-26 20:01:39 | Google Android 权限许可和访问控制问题漏洞 | 详情 |
5f51dac1d438c01ede440da51f78a704 | CVE-2022-20146 | 2022-06-26 20:01:31 | Google Android 安全漏洞 | 详情 |
769b47f48a30a3e18989f858bb05f701 | CVE-2021-30327 | 2022-06-25 19:59:27 | 多款Qualcomm产品资源管理错误漏洞 | 详情 |
2cc848f450b76c3127ccd60d512fb8eb | CVE-2021-30346 | 2022-06-25 19:59:19 | 多款Qualcomm产品配置错误漏洞 | 详情 |
130c8915b86879618833cc89e0b66b85 | CVE-2021-30345 | 2022-06-25 19:59:14 | 多款Qualcomm产品配置错误漏洞 | 详情 |
2d45ec6dd1a8b3a762a530e23c2bc25c | CVE-2021-30349 | 2022-06-25 19:59:09 | 多款Qualcomm产品访问控制错误漏洞 | 详情 |
846fbea9d823c97c002c565d0a83fb3d | CVE-2021-35070 | 2022-06-25 19:59:04 | 多款Qualcomm产品信息泄露漏洞 | 详情 |
105dacfdce4afd00a1d960cf09acfa4f | CVE-2021-35071 | 2022-06-25 19:58:59 | 多款Qualcomm产品缓冲区错误漏洞 | 详情 |
2129f43bd79223bbc961b04ddc060ae4 | CVE-2021-35073 | 2022-06-25 19:58:54 | Qualcomm 安全漏洞 | 详情 |
ead3668a907b875094b63225a21acf60 | CVE-2021-35076 | 2022-06-25 19:58:49 | Qualcomm 代码问题漏洞 | 详情 |
7d5d306824d31c388561404f90954d9a | CVE-2021-35078 | 2022-06-25 19:58:45 | Qualcomm多款产品 安全漏洞 | 详情 |
8ff4fdc25ebff09e45fc6400906f3cbb | CVE-2021-35083 | 2022-06-24 19:56:21 | Qualcomm 缓冲区错误漏洞 | 详情 |
b46edf8dd1937d86b742c9ad34e62a13 | CVE-2021-46816 | 2022-06-24 19:56:17 | Adobe Premiere Pro 缓冲区错误漏洞 | 详情 |
83248bb507c9ee986d87a089e9b86636 | CVE-2021-30281 | 2022-06-24 19:55:29 | 多款Qualcomm产品访问控制错误漏洞 | 详情 |
137afe6705c37ac523069ae1e05be05d | CVE-2021-35082 | 2022-06-24 19:55:19 | Qualcomm多款产品 安全漏洞 | 详情 |
ed4222d1c5bc9fb31b3454d82c4c1c40 | CVE-2022-24077 | 2022-06-24 19:55:15 | Naver Cloud Explorer 代码问题漏洞 | 详情 |
3f3cd02b95abd65396b5fd1baae7661c | CVE-2021-46818 | 2022-06-24 19:55:12 | Adobe Media Encoder 缓冲区错误漏洞 | 详情 |
38badc63cf1354aad693fa6e42e56f65 | CVE-2021-46817 | 2022-06-24 19:55:07 | Adobe Media Encoder 缓冲区错误漏洞 | 详情 |
c0b38645b0532abd39b68f626856da47 | CVE-2021-46812 | 2022-06-23 19:56:43 | HUAWEI HarmonyOS 安全漏洞 | 详情 |
绿盟 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
652be8805294ef6e4b2451e48d40e7b1 | CVE-2022-0592 | 2022-06-27 11:25:31 ![]() |
WordPress MapSVG Plugin SQL注入漏洞 | 详情 |
70002801306e466ad2d6b91eb5ef8afa | CVE-2022-0625 | 2022-06-27 11:25:31 ![]() |
WordPress Admin Menu Editor Plugin跨站脚本漏洞 | 详情 |
d30582a914031b651bb7f08fbd053a65 | CVE-2022-28533 | 2022-06-27 11:25:31 ![]() |
Medical Hub Directory Site SQL注入漏洞 | 详情 |
9488cada867d4a31d23f9437e3847376 | CVE-2022-26835 | 2022-06-27 11:25:31 ![]() |
F5 BIG-IP路径遍历漏洞 | 详情 |
31effadca28eefba1cdc0cc2e14ea9b9 | CVE-2022-24899 | 2022-06-27 11:25:31 ![]() |
Contao跨站脚本漏洞 | 详情 |
bf4df1d55be74a8b886deda97929f36e | CVE-2022-29535 | 2022-06-27 11:25:31 ![]() |
ZOHO ManageEngine OpManager SQL注入漏洞 | 详情 |
552b75ad92da6bc80bb5dab820635759 | CVE-2022-27360 | 2022-06-27 11:25:31 ![]() |
SpringBlade SQL注入漏洞 | 详情 |
07730a8b58e29147a6dac62f883676c8 | CVE-2022-27359 | 2022-06-27 11:25:31 ![]() |
Foxit PDF Reader空指针解引用漏洞 | 详情 |
ce28f2954463db352779fd71a95e63c1 | CVE-2022-27337 | 2022-06-27 11:25:31 ![]() |
Freedesktop Poppler拒绝服务漏洞 | 详情 |
e45377a24c8696e49c4c179ae0cc3671 | CVE-2021-25268 | 2022-06-27 11:25:31 ![]() |
Sophos Firewall跨站脚本漏洞 | 详情 |
24a71d752b27fb57ae1857bb9ab189ed | CVE-2021-25267 | 2022-06-27 11:25:31 ![]() |
Sophos Firewall跨站脚本漏洞 | 详情 |
ce7af177d5291440abec4647a7e57020 | CVE-2022-29592 | 2022-06-27 11:25:31 ![]() |
Tenda TX9 Pro操作系统命令注入漏洞 | 详情 |
60f77f63e6677bd5465fd86d9fe751c3 | CVE-2022-28463 | 2022-06-27 11:25:31 ![]() |
Imagemagick Studio ImageMagick缓冲区溢出漏洞 | 详情 |
37f981d7e0aaffee3f0bb075847e1454 | CVE-2022-28545 | 2022-06-27 11:25:31 ![]() |
FUDforum跨站脚本漏洞 | 详情 |
038ab179182794a2fcc134a3075c2802 | CVE-2021-23592 | 2022-06-27 09:27:57 ![]() |
topthink/framework不受信数据反序列化漏洞 | 详情 |
4d26376d6bd28c5f1b4ce9a41be8a42f | CVE-2022-23802 | 2022-06-27 09:27:57 ![]() |
Joomla Guru信息泄露漏洞 | 详情 |
6d7930957a661534ce9670e7e460353b | CVE-2022-0424 | 2022-06-27 09:27:57 ![]() |
WordPress Popup by Supsystic Plugin身份验证错误漏洞 | 详情 |
a3e5ca379eaef3d6f28711ceb5aeb482 | CVE-2022-23205 | 2022-06-27 09:27:57 ![]() |
Adobe Photoshop越界写入漏洞 | 详情 |
2bfe3786864e7e0401adecfa750d1d37 | CVE-2022-30286 | 2022-06-27 09:27:57 ![]() |
PyScript信息泄露漏洞 | 详情 |
7fb89db3d4b58a2263f8731a3d59f394 | CVE-2021-20479 | 2022-06-27 09:27:57 ![]() |
IBM Cloud Pak System弱加密漏洞 | 详情 |
57a9fc3f103cedec74a43b3d317de3b6 | CVE-2021-39023 | 2022-06-27 09:27:57 ![]() |
IBM Guardium Data Encryption信息泄露漏洞 | 详情 |
c89ffb1c249b3c3f476cd80afa314817 | CVE-2021-42743 | 2022-06-27 09:27:57 ![]() |
Splunk Enterprise配置错误漏洞 | 详情 |
8b889e5d671844f4a0e73d081fc018ce | CVE-2022-2 | 2022-06-27 09:27:57 ![]() |
Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121跨站脚本漏洞(CVE-2022-2 | 详情 |
759b3c8d0521b910ad4d034ccffc38ca | CVE-2021-27765 | 2022-06-27 09:27:57 ![]() |
HCL BigFix Platform权限管理错误漏洞 | 详情 |
cc47511d3add11c05a8dc701285ab7ee | CVE-2021-27759 | 2022-06-27 09:27:57 ![]() |
HCL BigFix Inventory跨站请求伪造漏洞 | 详情 |
206f298ed0fcb1f11b876d0b306fe3a7 | CVE-2021-27760 | 2022-06-27 09:27:57 ![]() |
HCL Notes输入验证错误漏洞 | 详情 |
ab474402589fa32bd76749e96fed96df | CVE-2021-27761 | 2022-06-27 09:27:57 ![]() |
HCL BigFix Platform弱加密漏洞 | 详情 |
bce16e7b0b8d0498f0504f88542c7e56 | CVE-2019-25060 | 2022-06-27 09:27:57 ![]() |
WordPress WPGraphQL Plugin访问控制错误漏洞 | 详情 |
452c4f231b06a56104e1b6cde1831a26 | CVE-2022-29421 | 2022-06-27 09:27:57 ![]() |
WordPress Countdown & Clock Plugin跨站脚本漏洞 | 详情 |
0f360e836abb170b0c3b5d0dfff3b051 | CVE-2022-33995 | 2022-06-24 09:27:25 | Devolutions Remote Desktop Manager路径遍历漏洞 | 详情 |
美国国家漏洞数据库(NVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
2d8701399bdb77d39590a5c4ce5aab6a | CVE-2022-33913 | 2022-06-20 16:15:08 | In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. | 详情 |
b5474ad4a82d47241c66796f244df67a | CVE-2022-31795 | 2022-06-20 15:15:13 | An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands. | 详情 |
c938afb59b5051ad4938e3c70fa04cae | CVE-2022-31794 | 2022-06-20 15:15:13 | An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands. | 详情 |
aac73dfcfe0703fa6bdcccc590e2b8ac | CVE-2022-31357 | 2022-06-17 14:15:08 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=. | 详情 |
461fecf8d0555d2850382eda6a7ef4fb | CVE-2022-33756 | 2022-06-16 22:15:08 | CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. | 详情 |
910852c4fd6b4fd695ae5e52c2e4d87f | CVE-2022-33755 | 2022-06-16 22:15:08 | CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | 详情 |
78d8af472c95a7c68287fafb62c529e3 | CVE-2022-33754 | 2022-06-16 22:15:08 | CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | 详情 |
977ae893866df49a6332fdc496fc6972 | CVE-2022-33753 | 2022-06-16 22:15:08 | CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | 详情 |
788f0fb42b25ca9e306b42c5156d9295 | CVE-2022-33752 | 2022-06-16 22:15:08 | CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | 详情 |
3a183ec382d28ff7481c42c09b8ec82c | CVE-2022-33751 | 2022-06-16 22:15:08 | CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. | 详情 |
10db4526401b7c1a2acbf3041c3808ea | CVE-2022-31384 | 2022-06-16 17:15:08 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. | 详情 |
a2bca594e0dafa9ba7fffda056251a64 | CVE-2022-31383 | 2022-06-16 17:15:08 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. | 详情 |
0f28642793b03a817c9296b96b80779c | CVE-2022-31382 | 2022-06-16 17:15:08 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. | 详情 |
146f2ab2815752b6a4f926d62a6463f5 | CVE-2022-31908 | 2022-06-16 15:15:09 | Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php. | 详情 |
fff8f7290f84ca60175cabb12535ae6a | CVE-2022-31906 | 2022-06-16 15:15:09 | Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php. | 详情 |
e47dcb8c2f32e62be26bca7d3d910df5 | CVE-2022-31849 | 2022-06-16 15:15:09 | MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request. | 详情 |
f7f8435147fbfaeed89abb5ad5eba043 | CVE-2022-32992 | 2022-06-15 17:15:09 | Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. | 详情 |
8332d235feb1cbfa30771e7f6ced0f04 | CVE-2022-32991 | 2022-06-15 17:15:09 | Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. | 详情 |
9d325baf5fa1ff4bc2c591885ba61723 | CVE-2022-33140 | 2022-06-15 15:15:08 | The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments. | 详情 |
6f62c45355df0d0bcccffc7377cb4feb | CVE-2022-32243 | 2022-06-14 23:15:09 | When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 详情 |
7ef53f22cc67e70ec82b2937861995b1 | CVE-2022-32242 | 2022-06-14 23:15:09 | When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 详情 |
56dbd21af3b5a9505c488b5da939a49e | CVE-2022-32241 | 2022-06-14 23:15:09 | When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 详情 |
74b14f67a5464753fe90213ddc8dd298 | CVE-2022-32240 | 2022-06-14 23:15:09 | When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 详情 |
cfff1b0de8aa8fff2e402423d0724c69 | CVE-2022-32239 | 2022-06-14 20:15:08 | When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 详情 |
452fc7aee439a2e4c59b06e682a07093 | CVE-2022-32238 | 2022-06-14 20:15:08 | When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 详情 |
52e98c6eede1844ee366b992ea346c14 | CVE-2022-32237 | 2022-06-14 20:15:07 | When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 详情 |
e1de8a2ac91f468c37615d6fa4c74de9 | CVE-2022-31590 | 2022-06-14 19:15:07 | SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | 详情 |
c5e32ce6f506da18607a218a1c4c2ac7 | CVE-2022-31589 | 2022-06-14 19:15:07 | Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. | 详情 |
cdfc4b6ff1a358b408f49a9ddf5050c2 | CVE-2022-32367 | 2022-06-14 18:15:08 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. | 详情 |
d284fcc7e988b41ccf130d3cf7257285 | CVE-2022-32366 | 2022-06-14 18:15:08 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. | 详情 |
![]() |
![]() |
---|---|
支付宝 | 微信 |