Threat-Broadcast

眈眈探求 | 威胁情报播报

360 网络安全响应中心 [TOP 30]	CVES	TIME	TITLE	URL
b14656ab37fb9d2b46c6fd15982bbf47	CVE-2022-3236	2022-09-27 06:54:41	CVE-2022-3236：Sophos Firewall代码注入漏洞	详情
446f6a9f1a127a4039062377d5b73f95		2022-09-26 09:02:22	安全事件周报 (09.19-09.25)	详情
eff140d3cfd0ec7da797bfd4f881f01b	CVE-2022-37972	2022-09-22 07:42:58	CVE-2022-37972：Microsoft MECM信息泄露漏洞	详情
b27c1e083a077d918b9a0d22b23082fd	CVE-2022-2588	2022-09-22 07:16:26	CVE-2022-2588：Linux Kernel 权限提升漏洞通告	详情
8f85411b528fc1ec9be489557c2acb76	CVE-2022-39197	2022-09-22 03:34:27	CVE-2022-39197：Cobalt Strike 远程代码执行漏洞通告	详情
351182e40e721da051592124ed22cdb2		2022-09-19 06:45:10	安全事件周报 (09.13-09.18)	详情
10b322cfb81ba7179f9da891cf58a947		2022-09-14 08:28:52	2022-09 补丁日: 微软多个漏洞安全更新通告	详情
aa8f4b7776b9ac0fc36e68c9ca021b1c		2022-09-13 07:39:56	安全事件周报 (09.05-09.12)	详情
a3358e12dfce5bf150c52f6459e42ce0	CVE-2022-34747	2022-09-07 08:26:37	CVE-2022-34747：Zyxel NAS设备远程代码执行漏洞通告	详情
115c034d697c611a37ea04782d281b51	CVE-2022-2639	2022-09-07 07:44:05	CVE-2022-2639：Linux Kernel openvswitch 模块权限提升漏洞通告	详情
52820c45f8312d9325a683310e2eedca	CVE-2022-3075	2022-09-05 08:27:05	CVE-2022-3075：Google Chrome远程代码执行漏洞通告	详情
0717bc3ddc00f3b106713a8e81240e37		2022-09-05 06:53:34	安全事件周报 (08.29-09.04)	详情
ea21e36897c2794a583d4528caefdd94	CVE-2022-2992	2022-08-31 07:34:54	CVE-2022-2992：GitLab远程代码执行漏洞通告	详情
83248cdbd8f6e91b0cd4630c2e4f83dd	CVE-2022-36804	2022-08-30 07:31:04	CVE-2022-36804：Atlassian Bitbucket 命令注入漏洞通告	详情
5d07686451d3d33829e24d86ea8f6c5c		2022-08-29 08:36:24	某流行企业财务软件0day漏洞大规模勒索利用通告	详情
926858936b4c98f9c58a0795ca7b3df1		2022-08-29 06:54:30	安全事件周报 (08.22-08.28)	详情
7d72af58b32741b6841b66ad8df0f8d9	CVE-2022-32893	2022-08-23 09:16:42	CVE-2022-32893：Apple WebKit 代码执行漏洞	详情
64905d10391ecac70ed021cccc4d624f	CVE-2022-2884	2022-08-23 08:16:17	CVE-2022-2884：GitLab远程代码执行漏洞通告	详情
e68033aafd110e70a373e625bf3389d0		2022-08-22 06:50:55	安全事件周报 (08.15-08.21)	详情
da68e42cd3af1790de1fd107804343da	CVE-2022-2856	2022-08-18 08:51:41	Google Chrome 远程代码执行漏洞	详情
3dad1d8c3a6289062510ae96c4e05a31		2022-08-15 06:34:30	安全事件周报 (08.08-08.14)	详情
8c0b671cc7abf93170824c99a0b4cdb8		2022-08-10 07:43:43	2022-08 补丁日: 微软多个漏洞安全更新通告	详情
9d841f4682a1202dfedacaa89501805a		2022-08-08 06:45:50	安全事件周报 (08.01-08.07)	详情
1b0df49508e1c6f6868270a2496bbbde		2022-08-01 08:36:44	安全事件周报 (07.25-07.31)	详情
93bf2542d7b127db32690651646d19c2		2022-07-25 03:38:49	安全事件周报 (07.18-07.24)	详情
09db900a92e196b0e6576732016b0eb5		2022-07-20 08:16:54	2022-07 补丁日: Oracle多个产品漏洞安全风险通告	详情
ca2daf7da508d2dc3e1e0a6f51c4ecc7	CVE-2022-33891	2022-07-19 07:49:50	CVE-2022-33891：Apache Spark 命令注入漏洞通告	详情
7b3ee9af0d5c8827402f405c332bd294		2022-07-18 06:26:57	安全事件周报 (07.11-07.17)	详情
2cece43af043f012f13e155144776d76		2022-07-13 07:17:49	2022-07 补丁日: 微软多个漏洞安全更新通告	详情
f55243969d39f81ef413605a81e351ee		2022-07-11 06:37:28	安全事件周报 (07.04-07.10)	详情

Tenable (Nessus) [TOP 30]	CVES	TIME	TITLE	URL
e174534529aadefe703f6c6e298994cc	CVE-2022-42247	2022-10-03 16:15:00	pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.	详情
9f61f89a94cefc6dc24bab0fe2abbc71	CVE-2022-41443	2022-10-03 16:15:00	phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.	详情
70dda2391819112648b28219d26a8eff	CVE-2022-33882	2022-10-03 16:15:00	Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.	详情
ef416d6c1178c912a042918dede4eac7	CVE-2022-42308	2022-10-03 15:15:00	An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.	详情
4605b9ac49fd6db31ffcabfd2522932c	CVE-2022-42307	2022-10-03 15:15:00	An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.	详情
3b4bbbe78303ae51e1d65b50bad440fd	CVE-2022-42306	2022-10-03 15:15:00	An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.	详情
9af0101b1660d6742b8360ee410aa81d	CVE-2022-42305	2022-10-03 15:15:00	An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.	详情
6820e5ac4c2d56afb0318e11637156a1	CVE-2022-42304	2022-10-03 15:15:00	An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.	详情
d3fe3f9eddca6edf33238c5ce4233707	CVE-2022-42303	2022-10-03 15:15:00	An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.	详情
c286f4433178b3513f6dd0e42979be74	CVE-2022-42302	2022-10-03 15:15:00	An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.	详情
db09c554bf4d4c0b62d9b0d4543dabae	CVE-2022-42301	2022-10-03 15:15:00	An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.	详情
975b68d69010c12b7a7b08a1b2a41b8f	CVE-2022-42300	2022-10-03 15:15:00	An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)	详情
de30f5da6f5555b185786d0ce1437913	CVE-2022-42299	2022-10-03 15:15:00	An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.	详情
5a85890dbad2c506f81eb18357ba7791	CVE-2022-40922	2022-10-03 13:15:00	A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.	详情
73e277f65f6c4a983458b4fa3582ee88	CVE-2022-40123	2022-10-03 13:15:00	mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system.	详情
0b5f2c5dfec3ad06a87fab46d2f82a79	CVE-2022-38817	2022-10-03 13:15:00	Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.	详情
2a2de6317bdd1b260a450131deadfdeb	CVE-2022-32173	2022-10-03 13:15:00	In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.	详情
fa019be45a360c886c50653b8f4dc1f9	CVE-2022-36551	2022-10-03 12:15:00	A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.	详情
e92a0f540819d156a570c1170bc04445	CVE-2022-40886	2022-10-03 02:15:00	DedeCMS 5.7.98 has a file upload vulnerability in the background.	详情
0959e2a198d8e21292c342e6ae2fab6a	CVE-2022-41082	2022-10-03 01:15:00	Microsoft Exchange Server Remote Code Execution Vulnerability.	详情
885bb3b4ee85ef10270bff735fa6c3a8	CVE-2022-41040	2022-10-03 01:15:00	Microsoft Exchange Server Elevation of Privilege Vulnerability.	详情
18fbd7dda7e6f731474cb89c4218e782	CVE-2022-42004	2022-10-02 05:15:00	In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.	详情
db40630b04a2d352b1666951237fd0b6	CVE-2022-42003	2022-10-02 05:15:00	In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.	详情
bb3249e1d3878f1b628618e771de69ae	CVE-2022-42002	2022-10-01 00:15:00	SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.	详情
277a71759b937ece09488476a8f6a188	CVE-2022-39268	2022-09-30 21:15:00	### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io	详情
f73d10f3281f10a22625bd60a2a286ee	CVE-2022-34429	2022-09-30 20:15:00	Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.	详情
02ca4a9328c3fec4e34c77e36df641f9	CVE-2022-34428	2022-09-30 20:15:00	Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.	详情
653531b8481e65ab261494f749fd0f83	CVE-2022-40943	2022-09-30 19:15:00	Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.	详情
85d9cdf846362957996371b89cffcaf7	CVE-2022-40923	2022-09-30 19:15:00	A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.	详情
b51cd614002594691480f2dd300c7da0	CVE-2022-40756	2022-09-30 19:15:00	If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.	详情

国家信息安全漏洞共享平台（CNVD） [TOP 30]	CVES	TIME	TITLE	URL
8686fda9b2b49e4e1666b54e2248f935	CNVD-2021-74882	2021-11-14 16:43:52	四创科技有限公司建站系统存在SQL注入漏洞	详情
8f6972d84ad188b05ff9cc14d4334949	CNVD-2021-87021 (CVE-2020-4690)	2021-11-12 12:43:14	IBM Security Guardium硬编码凭证漏洞	详情
3bfe7b053a0c59d8a3d38c18f86aa143	CNVD-2021-87022 (CVE-2021-38870)	2021-11-12 12:43:12	IBM Aspera跨站脚本漏洞	详情
a4649bb17f4db4d1c7f879ebceb46ed0	CNVD-2021-87011 (CVE-2021-29753)	2021-11-12 12:43:11	IBM Business Automation Workflow存在未明漏洞	详情
094c613f9ed4b8b9d887dc912789043c	CNVD-2021-87025 (CVE-2021-20563)	2021-11-12 12:43:10	IBM Sterling File Gateway信息泄露漏洞	详情
41c47f01a4c65dcb6efc9ebf483fe762	CNVD-2021-87010 (CVE-2021-38887)	2021-11-12 12:43:08	IBM InfoSphere Information Server信息泄露漏洞	详情
f51d33e7a09fd61ca90ede453515a830	CNVD-2021-87016 (CVE-2021-29764)	2021-11-12 12:43:07	IBM Sterling B2B Integrator跨站脚本漏洞	详情
33615a5f78df822e82e6d3436045c48c	CNVD-2021-87026 (CVE-2021-38877)	2021-11-12 12:43:06	IBM Jazz for Service Management跨站脚本漏洞	详情
8e729177bcb4105dd831fb1e123ed1bb	CNVD-2021-87014 (CVE-2021-29679)	2021-11-12 12:43:04	IBM Cognos Analytics远程代码执行漏洞	详情
1a3b856f78e9fbdca12aeddc7d665aca	CNVD-2021-87029 (CVE-2021-29752)	2021-11-12 12:43:03	IBM Db2信息泄露漏洞	详情
6f1aa3a0cb819d97519baa47fd0232d5	CNVD-2021-87015 (CVE-2021-29745)	2021-11-12 12:43:02	IBM Cognos Analytics权限提升漏洞	详情
cbcb12f5f51d6e7d6d8a9fa581aa863a	CNVD-2021-73908	2021-11-11 16:42:44	泛微e-cology存在SQL注入漏洞	详情
ae6fd467da55de31aa7219187cf5c2d4	CNVD-2021-86904 (CVE-2021-20351)	2021-11-11 08:31:46	IBM Engineering跨站脚本漏洞	详情
412a15b40959ed9cf9330ee79f99e079	CNVD-2021-86903 (CVE-2021-31173)	2021-11-11 08:31:44	Microsoft SharePoint Server信息泄露漏洞	详情
1cbc5d5faac431d3e82c9e5ea9588b5f	CNVD-2021-86902 (CVE-2021-31172)	2021-11-11 08:31:43	Microsoft SharePoint欺骗漏洞	详情
686c7cfb20933b41c3d679cbba79a2ad	CNVD-2021-86901 (CVE-2021-31181)	2021-11-11 08:31:42	Microsoft SharePoint远程代码执行漏洞	详情
72fdfb2d44c0d41d638e4632bdfc10b8	CNVD-2021-86900 (CVE-2021-3561)	2021-11-11 08:31:41	fig2dev缓冲区溢出漏洞	详情
3ba6f0e9394f9414e2cadb9495e2d5f5	CNVD-2021-85884 (CVE-2021-41210)	2021-11-10 07:24:57	Google TensorFlow堆分配数组越界读取漏洞	详情
4d8c4744ea972fb2fcb9673fea1fc7b7	CNVD-2021-85883 (CVE-2021-41226)	2021-11-10 07:24:56	Google TensorFlow堆越界访问漏洞	详情
8778f9cd924cae585ca5e2e0b8be3b3f	CNVD-2021-85882 (CVE-2021-41224)	2021-11-10 07:24:54	Google TensorFlow堆越界访问漏洞	详情
e1b2722e6d5c509c680b584416d9cb20	CNVD-2021-85881 (CVE-2021-42770)	2021-11-10 07:24:53	OPNsense跨站脚本漏洞	详情
ed09c9fa5586e2d4d9b4e95fe3b447a0	CNVD-2021-85880 (CVE-2021-28024)	2021-11-10 07:24:52	ServiceTonic访问控制不当漏洞	详情
8a642f0922f7f915e81b2b947276a96c	CNVD-2021-85879 (CVE-2021-28023)	2021-11-10 07:24:50	ServiceTonic任意文件上传漏洞	详情
c00b061c2cfdee4016a869a188135db5	CNVD-2021-85878 (CVE-2021-28022)	2021-11-10 07:24:49	ServiceTonic SQL注入漏洞	详情
9c4b20a28ad2bd4ab916448f0e1272bd	CNVD-2021-85877 (CVE-2021-32483)	2021-11-10 07:24:48	Cloudera Manager不正确访问控制漏洞	详情
4d4423857b7b1f38e49738f00e8949ba	CNVD-2021-85876 (CVE-2021-32481)	2021-11-10 07:24:46	Cloudera Hue跨站脚本漏洞	详情
6b12b7fc216d603e8e07351603851c86	CNVD-2021-85875 (CVE-2021-29994)	2021-11-10 07:24:45	Cloudera Hue跨站脚本漏洞	详情
72894fb3a3538de240d2f6810aae63c9	CNVD-2021-85892 (CVE-2021-42701)	2021-11-10 02:38:27	DAQFactory中间人攻击漏洞	详情
94a1f99a64ba24540cc1594d0a0b3152	CNVD-2021-85893 (CVE-2021-42699)	2021-11-10 02:38:26	DAQFactory明文传输漏洞	详情
5d9bac33be8f2f88391f6de02fb89c73	CNVD-2021-85894 (CVE-2021-42698)	2021-11-10 02:38:24	DAQFactory反序列化漏洞	详情

国家信息安全漏洞库（CNNVD） [TOP 30]	CVES	TIME	TITLE	URL
07db275e07040bf31611c3ce45821d66	CNNVD-202209-3078 (CVE-2022-37460)	2022-09-29 13:08:55	Python 安全漏洞	详情
3c942a9243f62ec9e5421f6e44a24c9f	CNNVD-202209-3080 (CVE-2022-33880)	2022-09-29 13:08:52	Projectworlds Hospital Management System 安全漏洞	详情
a548bb2eab53bb31308d8f8705e3850d	CNNVD-202209-3086 (CVE-2022-39266)	2022-09-29 13:08:50	Marcel Laverdet isolated-vm 安全漏洞	详情
2e3e91d8e99fcea6d5a6291e3cebe9e6	CNNVD-202209-3089 (CVE-2022-3364)	2022-09-29 13:08:47	Rdiffweb 安全漏洞	详情
1ddcba9b9e4aa2e2db2a125146ff1f77	CNNVD-202209-3090 (CVE-2022-41828)	2022-09-29 13:08:44	Amazon AWS Redshift JDBC Driver 安全漏洞	详情
545520da6d7c14d7e385a5a35a99928b	CNNVD-202209-3091 (CVE-2022-39232)	2022-09-29 13:08:41	Discourse 输入验证错误漏洞	详情
529915d811a244f684f6196d223244c2	CNNVD-202209-3092 (CVE-2022-40472)	2022-09-29 13:08:39	ZKTeco ZKBio Time 安全漏洞	详情
5eada6acb8db8995aa2254e7d4f36bf9	CNNVD-202209-3093 (CVE-2022-36066)	2022-09-29 13:08:36	Discourse 代码问题漏洞	详情
eb38e158f67b88dd731911fbd8f1d14b	CNNVD-202209-3094 (CVE-2022-39226)	2022-09-29 13:08:33	Discourse 安全漏洞	详情
66512b665aaba9996db38b066744be09	CNNVD-202209-3095 (CVE-2022-36068)	2022-09-29 13:08:31	Discourse 安全漏洞	详情
3429fbe07f384bad22eb2af49b950eb5	CNNVD-202209-2917 (CVE-2022-23716)	2022-09-28 09:41:30	Elastic Cloud Enterprise 安全漏洞	详情
3a0193be7a2d415e22455fbd24c19291	CNNVD-202209-2918 (CVE-2022-36781)	2022-09-28 09:41:28	ConnectWise Control 安全漏洞	详情
6571fde2bff91603c252df20edfd28e3	CNNVD-202209-2919 (CVE-2022-39246)	2022-09-28 09:41:25	Matrix 安全漏洞	详情
ff457a5c02ebc4e90e08d4a5c4991413	CNNVD-202209-2920 (CVE-2022-39248)	2022-09-28 09:41:23	Matrix 安全漏洞	详情
57fcac21307fea5ac54dc45a11a7b46e	CNNVD-202209-2921 (CVE-2022-39264)	2022-09-28 09:41:20	nheko 信任管理问题漏洞	详情
322747ccc46482e3b0c4493494359da1	CNNVD-202209-2922 (CVE-2022-31629)	2022-09-28 09:41:18	PHP 安全漏洞	详情
674f1680e32300702103d685274054d3	CNNVD-202209-2923 (CVE-2022-3326)	2022-09-28 09:41:16	Rdiffweb 安全漏洞	详情
604aa56a46108bd6dda49d0afaa35398	CNNVD-202209-2924 (CVE-2022-3100)	2022-09-28 09:41:13	OpenStack barbican 安全漏洞	详情
425a91cac4831f49eb5793cecc2b41a8	CNNVD-202209-2925 (CVE-2022-3348)	2022-09-28 09:41:11	ToolJet 信息泄露漏洞	详情
85b0ebecfdf4927991c84ed920446578	CNNVD-202209-2926 (CVE-2022-31628)	2022-09-28 09:41:08	PHP 安全漏洞	详情
d884eb8b6880a733f20b809365bb6f8e	CNNVD-202209-1648 (CVE-2022-3228)	2022-09-20 13:05:24	Host Engineering H0-ECOM100 Communications Module 安全漏洞	详情
627ab9e363aca7779849907f08888444	CNNVD-202209-1649 (CVE-2022-35086)	2022-09-20 13:05:21	SWFTools 安全漏洞	详情
dc7610960feeed5f2163662a9b96b08b	CNNVD-202209-1650 (CVE-2022-35085)	2022-09-20 13:05:19	SWFTools 安全漏洞	详情
675818107f00fc6b8962a6f4a0c9079b	CNNVD-202209-1651 (CVE-2022-35088)	2022-09-20 13:05:16	SWFTools 安全漏洞	详情
cf1a857160eabbb053e32b83bc9bc116	CNNVD-202209-1652 (CVE-2022-35089)	2022-09-20 13:05:13	SWFTools 安全漏洞	详情
8fc7b2931d2f19ff37e2f6da46358f77	CNNVD-202209-1653 (CVE-2022-38619)	2022-09-20 13:05:11	SmartVista SVFE2 安全漏洞	详情
5f7fd760c31a51f2d7db16f1c3cbdbf5	CNNVD-202209-1654 (CVE-2022-35087)	2022-09-20 13:05:08	SWFTools 安全漏洞	详情
d327c2901d371f44cbb7545ac55ad9e9	CNNVD-202209-1655 (CVE-2022-35090)	2022-09-20 13:05:06	SWFTools 安全漏洞	详情
b3a106cc882a9f3236d5b695666666b5	CNNVD-202209-1656 (CVE-2022-39220)	2022-09-20 13:05:03	SFTPGo 跨站脚本漏洞	详情
c33d90f2befa2e08678059ca5ba45e53	CNNVD-202209-1658 (CVE-2022-39221)	2022-09-20 13:05:00	McWebserver 路径遍历漏洞	详情

奇安信 [TOP 30]	CVES	TIME	TITLE	URL
6bd01daffa85191c80698354fc8e252f		wt	QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告	详情
f749eac58b87d0954f0e4a84b5d67057	CVE-2020-1350	2020-07-15 15:57:00	QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞（CVE-2020-1350）通告	详情
90b93cb7073fe73b17746ac166a09637	CVE-2020-6819, CVE-2020-6820	2020-04-08 10:34:35	QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞（CVE-2020-6819、CVE-2020-6820）通告	详情
e318a5efa4803b50cdef480b90b1784d		2020-03-25 13:58:51	QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞（ADV200006）通告	详情
cffc3035f7899495cfeae521451f91b2	CVE-2020-0796	2020-03-12 10:32:09	QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞（CVE-2020-0796）通告	详情
3e6175d47d17c6f94bd9ba10d81c3717	CVE-2020-0674	2020-03-02 14:52:46	QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞（CVE-2020-0674）通告	详情
d99d073afb7d248a8a62fb068921997f	CVE-2020-0601	2020-01-15 14:11:41	QianxinTI-SV-2020-0001 微软核心加密库漏洞（CVE-2020-0601）通告	详情
b7b45b14a3af1225ef6eec72d74964df	CVE-2019-1367	2019-09-25 17:23:00	QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告	详情
504fc79f0123db109a11b149c334b75c	CVE-2019-0708	2019-09-09 10:20:47	QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞（CVE-2019-0708）预警通告	详情
5b727692d583d4a6e7cdb0f670eac12a	CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226	2019-08-14 11:09:05	QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告	详情
54b48d765fccbc8dcfa3de0920459f8d	CVE-2019-11707	2019-06-19 16:53:47	QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞（CVE-2019-11707）预警通告	详情
5b4d5fea09fbc2dca45be53f162d39de	CVE-2019-0708	2019-05-31 17:03:19	QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞（CVE-2019-0708）预警通告	详情

安全客 [TOP 30]	CVES	TIME	TITLE	URL
03afa8b4eaf4a0160784152fca5465b2	CVE-2021-27308	2021-07-11 14:22:05	4images 跨站脚本漏洞	详情
8b0ace4c54a7fc20a99d21e294152a99	CVE-2020-15261	2021-07-11 14:22:05	Veyon Service 安全漏洞	详情
d4f12de949590ab346b61986a29d8b4d	CVE-2021-35039	2021-07-09 17:30:13	Linux kernel 安全漏洞	详情
f790e7ef3b5de3774d42ee32b9b10c01	CVE-2021-34626	2021-07-09 17:30:13	WordPress 访问控制错误漏洞	详情
71bf261eb2113d5ff870ab9bafd29f55	CVE-2021-25952	2021-07-09 17:30:13	just-safe-set 安全漏洞	详情
152793cbc104933584f5f227606f433d	CVE-2021-0597	2021-07-09 17:30:13	Google Android 信息泄露漏洞	详情
75f153c327984fdfdd2d9c463a91371d	CVE-2021-34430	2021-07-09 17:30:13	Eclipse TinyDTLS 安全特征问题漏洞	详情
9610336f1a41241cc8edea22a2780ec5	CVE-2021-3638	2021-07-09 17:30:13	QEMU 安全漏洞	详情
92fe450ae5c5dfa48072aca79d64ba63	CVE-2021-34614	2021-07-09 14:24:32	Aruba ClearPass Policy Manager 安全漏洞	详情
680a4218fc32922746717210664a3d62	CVE-2021-22144	2021-07-09 13:28:16	Elasticsearch 安全漏洞	详情
373930f669f2c1f7b61101a925304779	CVE-2021-24022	2021-07-09 13:28:16	Fortinet FortiManager 安全漏洞	详情
8556f9cd0699f88c1f6cca9a43463bdd	CVE-2021-33012	2021-07-09 13:28:16	Allen Bradley Micrologix 1100输入验证错误漏洞	详情
480ae713cc88cc0985e1ebc079974d83	CVE-2021-0592	2021-07-09 13:28:16	Google Android 安全漏洞	详情
8ef4dbefa6604ea2312621401c3ec0b9	CVE-2021-1598	2021-07-09 13:28:16	Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞	详情
d6e8714c32df7a0dcc2f3910ec68b42d	CVE-2021-20782	2021-07-09 13:28:16	Software License Manager 跨站请求伪造漏洞	详情
4e60b22611b8bb0fd7e532896498af29	CVE-2021-20781	2021-07-09 13:28:16	WordPress 跨站请求伪造漏洞	详情
5ca48ad58fb499c069ae0800c3b39875	CVE-2021-32961	2021-07-09 13:28:16	MDT AutoSave代码问题漏洞	详情
2ed854890b43f08e52340a1e8fe6d39f	CVE-2021-0577	2021-07-09 13:28:16	Google Android 安全漏洞	详情
8d63110e1475bbd245715b2ee1824d13	CVE-2021-31816	2021-07-09 13:28:16	Octopus Server 安全漏洞	详情
72bef2ae2f5db7dd066e1cdefa618dc5	CVE-2021-31817	2021-07-09 13:28:16	Octopus Server 安全漏洞	详情
1f7369b2609dbd2cd40d091f7de540cd	CVE-2020-20217	2021-07-09 13:28:16	Mikrotik RouterOs 安全漏洞	详情
1793176eecc5813c3348f026dc9909c9	CVE-2020-28598	2021-07-09 13:28:16	PrusaSlicer 安全漏洞	详情
7f4cf34ceb545548dcfcc3c0e7120268	CVE-2021-32945	2021-07-09 13:28:16	MDT AutoSave加密问题漏洞	详情
58553eb00d6e3e83b633f09464c4e98a	CVE-2021-29712	2021-07-09 13:28:16	IBM InfoSphere Information Server 跨站脚本漏洞	详情
d8e27ec42fb0b89998fcc006f49b249b	CVE-2021-25432	2021-07-09 13:28:16	Samsung Members 信息泄露漏洞	详情
8f2adc6c247725bf2eb7f53256c93ea7	CVE-2021-25433	2021-07-09 13:28:16	Samsung Tizen安全漏洞	详情
8f949676124339eb6f64f9c607af5470	CVE-2021-25431	2021-07-09 13:28:16	Samsung Mobile Device Cameralyzer 访问控制错误漏洞	详情
069818a8958f9c158fcb0956ee32fc03	CVE-2021-25434	2021-07-09 13:28:16	Samsung Tizen 代码注入漏洞	详情
55b9126220b9722ff5d730d3996877e9	CVE-2021-32949	2021-07-09 13:28:16	MDT AutoSave 路径遍历漏洞	详情
ebab009fffdee3d360dcdff74b0ed061	CVE-2021-25435	2021-07-09 13:28:16	Samsung Tizen代码注入漏洞	详情

斗象 [TOP 30]	CVES	TIME	TITLE	URL
096b6298d82574500dc1a14c9dba4065	CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029	2022-07-15 00:38:28	微软2022年7月补丁日漏洞通告	详情
6018f718b2d751478bf1ce069ac65f0d	CVE-2022-2185	2022-07-01 09:02:05	GitLab 远程代码执行漏洞(CVE-2022-2185)	详情
844719cf0bb4843aff73d2f33cc6dd0b	CVE-2022-30190, CVE-2022-30136	2022-06-15 05:48:12	微软2022年6月补丁日漏洞通告	详情
8b47000e1abfbacdadb7df6f09152d89	CVE-2022-26134	2022-06-03 05:48:38	Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134)	详情
eebe93468b36d2ca24cf4b82136a5635	CVE-2022-30190	2022-05-31 13:57:17	Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190)	详情
95525e3f5907a776dc7cd4f87f2e2154		2022-05-23 07:11:04	Fastjson 反序列化漏洞	详情
945fd6e612634d9721f861833f1ecb75	CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923	2022-05-11 03:45:48	微软2022年5月补丁日漏洞通告	详情
e2938ff82d0cc152508e0240697def4c	CVE-2022-1388	2022-05-06 05:53:04	F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388)	详情
bcf7253d2ee580c618737de137d370c4	CVE-2022-29464	2022-04-22 02:21:17	WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464)	详情
07c09799b08afb04c63a9de750b70aca	CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904	2022-04-13 07:51:00	微软2022年4月补丁日漏洞通告	详情
f5b543501ed5679d423411edac502e24	CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961	2022-04-08 03:49:31	VMware 产品多个高危漏洞通告	详情
f421bcdb306e2bc1ffbf58fcb024a0dd		2022-03-29 17:11:30	Spring 框架远程代码执行漏洞	详情
0473358d95e58c7c3f2e7db0109f56f4		2022-03-29 17:11:30	Spring Framework 远程代码执行漏洞(CVE-2022-22965)	详情
a888c948ca1172f8a06a3879479f1de4	CVE-2022-22965	2022-03-29 17:11:30	Spring Framework 远程代码执行漏洞(CVE-2022-22965)	详情
71ed541bb737196268b75c7ba435e1a9		2022-03-28 04:57:30	Spring Cloud Function SpEL表达式注入漏洞	详情
f7a5dcd376be777c6593a29b8ebd411a	CVE-2022-0778	2022-03-18 07:09:22	OpenSSL拒绝服务漏洞(CVE-2022-0778)	详情
6c4124fed44906a79843cd2dd383c695	CVE-2022-0847	2022-03-15 03:32:03	Linux Kernel本地提权漏洞（CVE-2022-0847）	详情
a2795e4829bff16f108cf191eba663c3	CVE-2022-21990, CVE-2022-24508, CVE-2022-23277	2022-03-11 02:14:56	微软2022年3月补丁日漏洞通告	详情
d09f0641bf65c64a16d802cd78e14097	CVE-2022-0847	2022-03-08 08:23:08	Linux 内核本地提权漏洞(CVE-2022-0847)	详情
69052e2a8c09416f5df674f92cba25a6	CVE-2022-22947	2022-03-02 11:42:55	Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947)	详情
5f42b6f584a9ace426787dc8dfd6e6e5		2022-02-16 10:44:18	向日葵远程命令执行漏洞(CNVD-2022-10270)	详情
79556071f6236ab4674f75b3beee4d79	CVE-2022-24112	2022-02-11 06:13:35	Apache APISIX 远程代码执行漏洞 (CVE-2022-24112)	详情
485f2c57713f4a39830e8c2d01e43cfe	CVE-2021-4034	2022-01-26 06:19:16	Linux Polkit 权限提升漏洞(CVE-2021-4034)	详情
0aa6eab412c0318b74c6a470ee774df1	CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919	2022-01-12 03:44:50	微软2022年1月补丁日漏洞通告	详情
88a8c676b52a739c0335d7c21ca810a9		2022-01-06 08:19:17	MeterSphere 远程代码执行漏洞	详情
76cad61d2d5a8750a6a714ab2c6dbc97	CVE-2021-45232	2021-12-28 10:31:16	Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232)	详情
af4f5f63390eb00de8705b5029d8c376	CVE-2021-44228, CVE-2021-45046	2021-12-14 01:56:52	Apache Log4j 远程代码执行漏洞	详情
43456ae172e45c12087c40c03d925e0e	CVE-2021-44228	2021-12-11 03:21:34	Apache Log4j 远程代码执行漏洞	详情
392b133d98d6f61aee36ce6c8784f4df		2021-12-09 15:20:54	Apache Log4j 远程代码执行漏洞	详情
1e193280a8f45427c06cb4945be4f126		2021-12-07 06:48:55	Grafana 任意文件读取漏洞	详情

红后 [TOP 30]	CVES	TIME	TITLE	URL
96984fd0f2a5588a69ed9f103c460854	CVE-2022-38732	2022-10-06 20:31:44	NetApp SnapCenter 安全漏洞	详情
6a9c5655de2bee8ec9ccdea4e858980b	CVE-2022-41846	2022-10-06 20:31:39	AXIOSYS BENTO4 Vulnerability	详情
0783e79d7a6d54fc7f71bf2229010658	CVE-2022-39173	2022-10-06 20:31:34	wolfSSL 安全漏洞	详情
9401d5aca4d59da86c37e36408c6709d	CVE-2022-41430	2022-10-06 20:31:18	AXIOSYS BENTO4 Vulnerability	详情
c12b1a2285c4193b02dc42c98606a14d	CVE-2020-15333	2022-10-06 20:31:17	Zyxel CloudCNM SecuManager SQL注入漏洞	详情
adacc4366a231f40f1b748c6a10b8636	CVE-2022-41841	2022-10-06 20:31:09	AXIOSYS BENTO4 Vulnerability	详情
6bc3c1a101a130b4eb226f20a88f5727	CVE-2020-15338	2022-10-06 20:31:06	Zyxel CloudCNM SecuManager 安全漏洞	详情
f8335a89353a3826e7b0817ecd1222ba	CVE-2022-41429	2022-10-06 20:31:04	AXIOSYS BENTO4 Vulnerability	详情
673ae6b45c9906c8a9d0a0ae03dd52c2	CVE-2022-36448	2022-10-05 20:28:27	INSYDE INSYDEH2O Vulnerability	详情
2e174c9637c7e7c1c8086632f4df0971	CVE-2022-23716	2022-10-05 20:28:18	ELASTIC ELASTIC_CLOUD_ENTERPRISE Vulnerability	详情
82a1ed167f4e2c7244e16d768ec83547	CVE-2022-3215	2022-10-05 20:28:07	APPLE SWIFTNIO Vulnerability	详情
f8cb1ea74806f384bbb5e90807b0d8d4	CVE-2021-42046	2022-10-05 20:27:56	MediaWiki GlobalWatchlist 跨站脚本漏洞	详情
1c26dcd5ef093ce352489acf6e3a9b4e	CVE-2020-15334	2022-10-04 20:31:39	Zyxel CloudCNM SecuManager 安全漏洞	详情
a9819a74bafc6bfdba304f86755c1f36	CVE-2020-15339	2022-10-04 20:31:34	Zyxel CloudCNM SecuManager 跨站脚本漏洞	详情
f0c68a6a69a83976177883544d5a608f	CVE-2020-15342	2022-10-04 20:31:24	Zyxel CloudCNM SecuManager 安全漏洞	详情
cb6b8550c75383381ae83c8304bc40c7	CVE-2020-15329	2022-10-04 20:31:19	Zyxel CloudCNM SecuManager 安全漏洞	详情
977bdcf826a20cb20c99301fe2dc5307	CVE-2020-15345	2022-10-04 20:31:14	Zyxel CloudCNM SecuManager 安全漏洞	详情
e70c0d4a1a2c7a4597ace084712b5427	CVE-2020-15332	2022-10-04 20:31:08	Zyxel CloudCNM SecuManager 安全漏洞	详情
e1c09a826e529e34f03a4384870f5182	CVE-2022-3352	2022-10-03 20:29:12	Vim 资源管理错误漏洞	详情
3c2bca5f9f4247be8cacd09c48a22da9	CVE-2021-43980	2022-10-03 20:29:08	Apache Tomcat 安全漏洞	详情
002ec4a8b7d59e55ab5568a8041ed4d4	CVE-2022-39261	2022-10-03 20:29:03	Sensio Labs Twig 路径遍历漏洞	详情
c03234283fb6bf0bcaf32350588e47bc	CVE-2022-39236	2022-10-03 20:28:42	Matrix 输入验证错误漏洞	详情
a714bfb0f0bd1783d742b3037e56c6c5	CVE-2022-39249	2022-10-03 20:28:36	Matrix 安全漏洞	详情
218dfbb47fbcac80c09e95600386b231	CVE-2022-39251	2022-10-03 20:28:31	Matrix 安全漏洞	详情
db2da3c2300690a3d953229e491494fa	CVE-2022-31628	2022-10-03 20:28:26	PHP 安全漏洞	详情
cbd311faab4570bcf0717b5899cfb07c	CVE-2020-15325	2022-10-02 20:29:51	Zyxel CloudCNM SecuManager 安全漏洞	详情
02317bab96842635046cec9e1865c220	CVE-2020-15328	2022-10-02 20:29:46	Zyxel CloudCNM SecuManager 安全漏洞	详情
e4904530eb6a679ec94bd93fee9394d8	CVE-2020-15331	2022-10-02 20:29:41	Zyxel CloudCNM SecuManager 安全漏洞	详情
7150cd9c954320200f070dc5d65c7870	CVE-2020-15337	2022-10-02 20:29:36	Zyxel CloudCNM SecuManager 安全漏洞	详情
3f50c029088d19c9f28ae841144e675f	CVE-2020-15327	2022-10-02 20:29:31	Zyxel CloudCNM SecuManager 信任管理问题漏洞	详情

绿盟 [TOP 30]	CVES	TIME	TITLE	URL
a77a7d471d9c8dea09d26a0913ea9d73	CVE-2022-33201	2022-09-30 07:51:48	WordPress MailerLite–Signup Forms (Official) Plugin跨站请求伪造漏洞	详情
65426a70b0611837edbef85aba73ea73	CVE-2022-1906	2022-09-30 07:51:48	WordPress Copyright Proof Plugin跨站脚本漏洞	详情
d5f9c0aaf27f5b8e1aa64dbb9182a904	CVE-2022-2171	2022-09-30 07:51:48	WordPress Progressive License Plugin跨站脚本漏洞	详情
4b0ca2eacfa05b3cef20707f165132ac	CVE-2022-2004	2022-09-30 07:51:48	AutomationDirect DirectLOGIC D0-06 Series CPU不受控制的资源消耗漏洞	详情
ca61bdb5e0c4a41df739e5269ac5dd3e	CVE-2022-27255	2022-09-30 07:51:48	Realtek eCos RSDK和MSDK堆栈缓冲区溢出漏洞	详情
70936fe04f76e4ba6a18742364d90703	CVE-2022-22334	2022-09-30 07:51:48	IBM Robotic Process Automation信息泄露漏洞	详情
4ab1d56ed8216f164e829c8698c89140	CVE-2022-2521	2022-09-30 07:51:48	LibTIFF拒绝服务漏洞	详情
1e9bd2744d225a4c52bfa588ae6b4532	CVE-2022-30318	2022-09-30 07:51:48	Honeywell ControlEdge硬编码凭据漏洞	详情
cf626df4021fd871e117c68eefa13392	CVE-2022-31233	2022-09-30 07:51:48	Dell EMC Unisphere for PowerMax权限提升漏洞	详情
2003ccc9efb44b5ee4b9d9dc3fadf2cf	CVE-2022-1976	2022-09-30 07:51:48	Linux Kernel内存错误引用漏洞	详情
46c020c92f4e077f793355b516eea24e	CVE-2022-2153	2022-09-30 07:51:48	Linux Kernel空指针解引用漏洞	详情
378004c494ccfbe792640ee448ab99d4	CVE-2022-37173	2022-09-30 07:51:48	Gvim默认权限错误漏洞	详情
a8a61fe0fa332806e7ac152ea4c4a2a2	CVE-2022-1271	2022-09-30 07:51:48	GNU Gzip输入验证错误漏洞	详情
387202e607d5bcac1ea9f9ff67e84ad8	CVE-2022-1012	2022-09-30 07:51:48	Linux Kernel内存泄露漏洞	详情
c4fe9a2aa045d5381642ecc112e9c2d8	CVE-2022-31609	2022-09-30 07:51:48	NVIDIA vGPU Software身份验证错误漏洞	详情
63abf25d9af3245a81b6613bd5fa2d0b	CVE-2022-27546	2022-09-29 11:31:31	HCL Technologies HCL iNotes跨站脚本漏洞	详情
cd4845e7dea8ed66841180361f9f2873	CVE-2022-0336	2022-09-29 11:31:31	Samba AD DC默认权限错误漏洞	详情
e93b83b0c3bb70898d60bc5c2499ee74	CVE-2022-22897	2022-09-29 11:31:31	PrestaShop SQL注入漏洞	详情
6d42183463d72bc15ad16ed3322cec1e	CVE-2022-34668	2022-09-29 11:31:31	NVIDIA NVFLARE不受信数据反序列化漏洞	详情
c9a4b4f7a4ce81f7287d1aae0b8a3eef	CVE-2022-36547	2022-09-29 11:31:31	Edoc-doctor-appointment-system跨站脚本漏洞	详情
96d6e603cb83acb815591b8cf809fc20	CVE-2022-2915	2022-09-29 11:31:31	SonicWall SMA100堆缓冲区溢出漏洞	详情
fcf4e729d31e2a6d8c7c70a500be83cd	CVE-2022-0216	2022-09-29 11:31:31	QEMU内存错误引用漏洞	详情
8a408619eb89ea5cb97953ba84f3f522	CVE-2022-25625	2022-09-29 11:31:31	Broadcom Symantec Privileged Access Management（PAM）信息泄露漏洞	详情
bd9e6743fae52010a1923ded605f557e	CVE-2022-37318	2022-09-29 11:31:31	Archer Platform跨站脚本漏洞	详情
a7edeed8c53029177b528b6ce5b185b0	CVE-2022-32840	2022-09-29 11:31:31	Apple多款产品任意代码执行漏洞	详情
6f5929d885f2924def9dcfabdd1ea9b2	CVE-2022-32812	2022-09-29 11:31:31	Apple多款产品任意代码执行漏洞	详情
fbea1708fafb42d28158f99de93d5a94	CVE-2022-2569	2022-09-29 11:31:31	ARC Informatique PcVue信息泄露漏洞	详情
6c8df1ccd298a3d43c5d208fc1f85d5e	CVE-2021-4209	2022-09-29 11:31:31	GnuTLS空指针解引用漏洞	详情
618278f7253cb0188be269c8eb73b63b	CVE-2021-4155	2022-09-29 11:31:31	Red Hat Enterprise Linux信息泄露漏洞	详情
a3010cc43074f08d7ffe1c88ed913d06	CVE-2021-0887	2022-09-29 11:31:31	Google Android信息泄露漏洞	详情

美国国家漏洞数据库（NVD） [TOP 30]	CVES	TIME	TITLE	URL
6dfcc01b3750278d2d5200928ef2c5bd	CVE-2022-42308	2022-10-03 15:15:22	An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.	详情
a8efa42a592f0e779274674aaea0a1d4	CVE-2022-42307	2022-10-03 15:15:22	An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.	详情
29a2cc9d311b60aa4735218a417012bd	CVE-2022-42306	2022-10-03 15:15:22	An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.	详情
3d945362433bbf74dd331c0bedac4e2d	CVE-2022-42305	2022-10-03 15:15:21	An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.	详情
0bc964de0d2889897d0c2f0028f77bb6	CVE-2022-42304	2022-10-03 15:15:21	An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.	详情
ce6cc8b6a87d97e05222bb2760409472	CVE-2022-42303	2022-10-03 15:15:21	An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.	详情
a2bd9568715243df33b4ec1e33ae58e8	CVE-2022-42301	2022-10-03 15:15:20	An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.	详情
173470ad35ba6a0a42289d110f432230	CVE-2022-42300	2022-10-03 15:15:20	An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)	详情
aee24c21e99f48ff71b8429b8bd64f99	CVE-2022-42299	2022-10-03 15:15:20	An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.	详情
6a7781470ad456beaf9e61b5235bdfeb	CVE-2022-42302	2022-10-03 15:15:20	An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.	详情
53a50fa414567fcc808744b132892b97	CVE-2022-41430	2022-10-03 14:15:25	Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux.	详情
867eeedbb8ab5ee571e72e1a29ed6a19	CVE-2022-41082	2022-10-03 01:15:08	Microsoft Exchange Server Remote Code Execution Vulnerability.	详情
9852ec7b349961d75523a35e36f8d1e4	CVE-2022-41040	2022-10-03 01:15:08	Microsoft Exchange Server Elevation of Privilege Vulnerability.	详情
bedac5025b8a28cb312b281fb25c4a38	CVE-2022-42004	2022-10-02 05:15:09	In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.	详情
3849af9ff8e87636317f3beab906a8f3	CVE-2022-42003	2022-10-02 05:15:09	In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.	详情
55d6247fc68c01eb7194481c30f6c495	CVE-2022-41975	2022-09-30 18:15:12	RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.	详情
5704b8659e545995b9b10bce189e9482	CVE-2022-41870	2022-09-30 18:15:11	AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.	详情
7a29276ca67d1d7b3b9e02585bb08d35	CVE-2022-41850	2022-09-30 06:15:12	roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.	详情
0d1f86ca7b83ef5c05dea961db02f8f7	CVE-2022-41849	2022-09-30 06:15:12	drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.	详情
8e0f203eb82c84041624ac116a6e1acc	CVE-2022-41848	2022-09-30 06:15:11	drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.	详情
d5315ccc646341a38962cfcbde74ccea	CVE-2022-41847	2022-09-30 05:15:11	An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream, char const, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.	详情
809fceef24135824d942d092e89b8582	CVE-2022-41846	2022-09-30 05:15:11	An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.	详情
bb9cea2d53d7c32c5d3de70a848c0bb1	CVE-2022-41845	2022-09-30 05:15:11	An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h.	详情
f76ab7fa427dec678d921e70aec4a534	CVE-2022-41844	2022-09-30 05:15:11	An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.	详情
9e0e0c29f51588ebc9320a73285110ee	CVE-2022-41843	2022-09-30 05:15:11	An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.	详情
b5cd32c12cd2339e7bca506a6eeda3a3	CVE-2022-41842	2022-09-30 05:15:11	An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.	详情
ddb60e922ef8ac89f7bfb7758a48f22a	CVE-2022-41841	2022-09-30 05:15:11	An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.	详情
0fbeaf4ff08de3607075e0fac49b7685	CVE-2022-41828	2022-09-29 21:15:12	In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.	详情
452bb5f26dac9c067e9d6bc136648712	CVE-2022-38222	2022-09-29 03:15:15	There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.	详情
e1bc9f42de567403c60eb95548b013e8	CVE-2022-40710	2022-09-28 21:15:15	A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	详情

眈眈探求 | 威胁情报播报

赞助途径