360 网络安全响应中心 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
150fff028866ba5067dbaf07a084c079 | CVE-2023-22482 | 2023-02-01 10:38:55 ![]() |
CVE-2023-22482/22736:Argo CD 身份验证绕过漏洞通告 | 详情 |
1a8d72f5cd0e1a73a61aaebc6814c14f | CVE-2023-22482 | 2023-02-01 10:26:08 ![]() |
CVE-2023-22482/22736:Argo CD 多个高危漏洞通告 | 详情 |
6ed300bb32e9b3dbcd13799721e33f21 | CVE-2022-27596 | 2023-01-31 09:05:23 | CVE-2022-27596:QNAP QTS/QuTS hero SQL注入漏洞通告 | 详情 |
b1ba4c50be661b8759cbb4305b315eb0 | 2023-01-30 08:15:10 | VMware vRealize Log Insight多个高危漏洞通告 | 详情 | |
14c20963965e361ecb3dd34b1228eb8d | CVE-2023-23560 | 2023-01-30 08:13:40 | CVE-2023-23560:Lexmark打印机服务器端请求伪造漏洞通告 | 详情 |
86918d8f318d68a2079e320a75c0220b | 2023-01-19 08:24:18 | 2023-01 补丁日: Oracle多个产品漏洞安全风险通告 | 详情 | |
29b3089137ef79c951aa6f60cb9b7122 | CVE-2023-21839 | 2023-01-19 08:09:30 | CVE-2023-21839:Oracle WebLogic Server 远程代码执行漏洞通告 | 详情 |
4208fa511ff172ebf734affdd050796e | CVE-2023-22602 | 2023-01-17 09:31:42 | CVE-2023-22602:Apache Shiro身份认证绕过漏洞通告 | 详情 |
62223983c51518a0ca7e9cbe9ea9b834 | 2023-01-16 09:08:54 | 安全事件周报 (01.09-01.13) | 详情 | |
720f5cf7b6a29e3f2d483601ba801a5a | CVE-2023-21752 | 2023-01-12 08:45:47 | CVE-2023-21752:Windows Backup Service权限提升漏洞通告 | 详情 |
2e5d630025b06426092cf8d8a1e16c8e | 2023-01-11 06:46:24 | 2023-01 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
60c1f2b8a7bb098ed4d327afc61a0825 | CVE-2022-45935 | 2023-01-09 10:12:52 | CVE-2022-45935:Apache James Server信息泄露漏洞通告 | 详情 |
6061308d73c79afe6c4a5d92220d113a | 2023-01-09 07:36:56 | 安全事件周报 (01.02-01.08) | 详情 | |
dbec6663a7042bcb0ed3b20fb4e46dd1 | CVE-2022-43931 | 2023-01-06 09:53:44 | CVE-2022-43931:Synology VPN Plus Server越界写入漏洞通告 | 详情 |
32874bc096f1e76d0aa612a9c631dfee | CVE-2022-39947 | 2023-01-06 09:45:29 | CVE-2022-39947/35845:Fortinet 命令注入漏洞通告 | 详情 |
048bd1a4d09184420f7d23033e4dfb1d | CVE-2022-43396 | 2023-01-04 08:20:44 | CVE-2022-43396/44621:Apache Kylin命令注入漏洞通告 | 详情 |
1eb9472f701c04a34abe9e4f982dd28a | 2023-01-03 07:53:35 | 安全事件周报 (12.26-01.01) | 详情 | |
7c7d08a73548df625fc921b9f929ebbf | CVE-2022-41966 | 2022-12-28 09:11:26 | CVE-2022-41966:XStream 拒绝服务漏洞通告 | 详情 |
eb77720c26768d70cc40b3f3870c99fc | CVE-2022-41080 | 2022-12-27 09:18:39 | CVE-2022-41080/41082:Microsoft Exchange Server OWASSRF漏洞通告 | 详情 |
0d023edfcbc03e86fbebb4f5ae4807a0 | CVE-2022-45347 | 2022-12-27 08:10:22 | CVE-2022-45347:Apache ShardingSphere身份认证绕过漏洞通告 | 详情 |
a69acda846a82ea15e1a840547bcb528 | CVE-2022-47939 | 2022-12-26 09:08:30 | CVE-2022-47939:Linux Kernel ksmbd UAF远程代码执行漏洞通告 | 详情 |
8bd58963befa216e2b64a76a9676927a | 2022-12-26 08:20:22 | 安全事件周报 (12.19-12.25) | 详情 | |
13673018d7394e8a03c74e7a420c8328 | 2022-12-19 03:23:37 | 安全事件周报 (12.12-12.18) | 详情 | |
29420db03cefa956d3263ee7127f3234 | 2022-12-14 03:50:13 | 2022-12 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
8c7c2d107634515b852f1b692eb3bf01 | CVE-2022-42475 | 2022-12-13 06:29:30 | Fortinet SSL VPN远程代码执行漏洞 | 详情 |
e6bcb650572be767dc309871d480f8af | 2022-12-12 10:02:23 | 安全事件周报 (12.05-12.11) | 详情 | |
cc5871850d3237f1a846420ef7c0c3e6 | CVE-2022-46169 | 2022-12-07 07:20:46 | CVE-2022-46169:Cacti命令注入漏洞 | 详情 |
1aaa180f7a12e16f561ad4b1b0b417b9 | 2022-12-05 06:43:02 | 安全事件周报 (11.28-12.04) | 详情 | |
aded22774ac53a12afe6e09f2422fe34 | CVE-2022-4262 | 2022-12-03 04:32:39 | CVE-2022-4262:Google Chrome V8类型混淆漏洞通告 | 详情 |
4dd70a249708c45f53a9f14a138550b5 | CVE-2022-3328 | 2022-12-02 07:18:12 | Snapd 本地权限提升漏洞通告 | 详情 |
Tenable (Nessus) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
369fcf89bbdae57760893003db6cbd76 | CVE-2022-43665 | 2023-02-02 10:15:00 ![]() |
A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. | 详情 |
e67f7df607635f262b9a7693c3a35a37 | CVE-2023-0641 | 2023-02-02 09:15:00 ![]() |
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability. | 详情 |
45e429f426104cab66f85aa780ad6a1e | CVE-2023-0640 | 2023-02-02 09:15:00 ![]() |
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020. | 详情 |
2fff7f232c7320c703484efb3fb31c6f | CVE-2023-0639 | 2023-02-02 09:15:00 ![]() |
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. | 详情 |
8420df51496bf8dd943caed11ac75870 | CVE-2023-0638 | 2023-02-02 09:15:00 ![]() |
A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability. | 详情 |
7be26f44a1b8bd3fba14334d07905979 | CVE-2023-0637 | 2023-02-02 09:15:00 ![]() |
A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability. | 详情 |
2c2f21667b6f19aed5bfa865a078cf15 | CVE-2023-0400 | 2023-02-02 09:15:00 ![]() |
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. | 详情 |
64b53d7c691c6251064f6932775bebcc | CVE-2022-2546 | 2023-02-02 09:15:00 ![]() |
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key | 详情 |
76e34dc76f27279e77431e934e0d09ca | CVE-2022-40269 | 2023-02-02 08:15:00 ![]() |
Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes. | 详情 |
af574e7e98421c8c72161a0da9decc51 | CVE-2022-40268 | 2023-02-02 08:15:00 ![]() |
Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. | 详情 |
e5b29b91d30b206971a41b4c240e321e | CVE-2023-25015 | 2023-02-02 04:15:00 ![]() |
Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | 详情 |
b7a6b35dda473e2108023dd0e10317b5 | CVE-2023-25014 | 2023-02-02 01:15:00 ![]() |
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users. | 详情 |
befd08d89419e567a2bf20e11067ce16 | CVE-2023-25013 | 2023-02-02 01:15:00 ![]() |
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users. | 详情 |
b4fab3e763ec2c1a5b8bbb00e0325087 | CVE-2023-25012 | 2023-02-02 00:15:00 ![]() |
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | 详情 |
f422d17010adc40d0f3222e74f870369 | CVE-2023-0599 | 2023-02-01 23:15:00 ![]() |
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator. | 详情 |
54f6a677bbd5fa37186618c492e38bcf | CVE-2022-37034 | 2023-02-01 23:15:00 ![]() |
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. | 详情 |
43c03ecd280ef8189924e61fdd597e37 | CVE-2023-23751 | 2023-02-01 22:15:00 ![]() |
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | 详情 |
ac9ef3b076b10f8ee99944a7c5843474 | CVE-2023-23750 | 2023-02-01 22:15:00 ![]() |
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | 详情 |
085c2b80c4081ea15f2a0b9dc75f84b5 | CVE-2022-47872 | 2023-02-01 22:15:00 ![]() |
maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF). | 详情 |
6e4f481efd39f7443d274b28de693098 | CVE-2022-45783 | 2023-02-01 22:15:00 ![]() |
An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | 详情 |
664f76fbec3ad9bfecead18acd7b1914 | CVE-2022-45782 | 2023-02-01 22:15:00 ![]() |
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover. | 详情 |
aa5c41e7b580c6ff0e2da2429d5bf5cb | CVE-2022-3913 | 2023-02-01 22:15:00 ![]() |
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server's FQDN or redirect legitimate traffic to the attacker's server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM. | 详情 |
252a6e9ec103cff26556852ec9bee326 | CVE-2022-37033 | 2023-02-01 22:15:00 ![]() |
In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely. | 详情 |
4bfd45b7eca2fb17be47e7c6cb508cd2 | CVE-2023-23078 | 2023-02-01 20:15:00 ![]() |
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | 详情 |
23968a88defc3fc10d3bc60c25abc539 | CVE-2023-23077 | 2023-02-01 20:15:00 ![]() |
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | 详情 |
f1f6b15f9892cf78cecfd5c013fdf9c0 | CVE-2023-23076 | 2023-02-01 20:15:00 ![]() |
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | 详情 |
730b045d45dfec2dad5108caa1df8525 | CVE-2023-23075 | 2023-02-01 20:15:00 ![]() |
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. | 详情 |
971b2783478bffb708490dd3714608ea | CVE-2023-23074 | 2023-02-01 20:15:00 ![]() |
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | 详情 |
f093765b753d9898cf508d679339a151 | CVE-2023-23073 | 2023-02-01 20:15:00 ![]() |
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. | 详情 |
02754a9b8203f0899bab9d1cbc399da3 | CVE-2023-22287 | 2023-02-01 20:15:00 ![]() |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | 详情 |
国家信息安全漏洞共享平台(CNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
8686fda9b2b49e4e1666b54e2248f935 | CNVD-2021-74882 | 2021-11-14 16:43:52 | 四创科技有限公司建站系统存在SQL注入漏洞 | 详情 |
8f6972d84ad188b05ff9cc14d4334949 | CNVD-2021-87021 (CVE-2020-4690) | 2021-11-12 12:43:14 | IBM Security Guardium硬编码凭证漏洞 | 详情 |
3bfe7b053a0c59d8a3d38c18f86aa143 | CNVD-2021-87022 (CVE-2021-38870) | 2021-11-12 12:43:12 | IBM Aspera跨站脚本漏洞 | 详情 |
a4649bb17f4db4d1c7f879ebceb46ed0 | CNVD-2021-87011 (CVE-2021-29753) | 2021-11-12 12:43:11 | IBM Business Automation Workflow存在未明漏洞 | 详情 |
094c613f9ed4b8b9d887dc912789043c | CNVD-2021-87025 (CVE-2021-20563) | 2021-11-12 12:43:10 | IBM Sterling File Gateway信息泄露漏洞 | 详情 |
41c47f01a4c65dcb6efc9ebf483fe762 | CNVD-2021-87010 (CVE-2021-38887) | 2021-11-12 12:43:08 | IBM InfoSphere Information Server信息泄露漏洞 | 详情 |
f51d33e7a09fd61ca90ede453515a830 | CNVD-2021-87016 (CVE-2021-29764) | 2021-11-12 12:43:07 | IBM Sterling B2B Integrator跨站脚本漏洞 | 详情 |
33615a5f78df822e82e6d3436045c48c | CNVD-2021-87026 (CVE-2021-38877) | 2021-11-12 12:43:06 | IBM Jazz for Service Management跨站脚本漏洞 | 详情 |
8e729177bcb4105dd831fb1e123ed1bb | CNVD-2021-87014 (CVE-2021-29679) | 2021-11-12 12:43:04 | IBM Cognos Analytics远程代码执行漏洞 | 详情 |
1a3b856f78e9fbdca12aeddc7d665aca | CNVD-2021-87029 (CVE-2021-29752) | 2021-11-12 12:43:03 | IBM Db2信息泄露漏洞 | 详情 |
6f1aa3a0cb819d97519baa47fd0232d5 | CNVD-2021-87015 (CVE-2021-29745) | 2021-11-12 12:43:02 | IBM Cognos Analytics权限提升漏洞 | 详情 |
cbcb12f5f51d6e7d6d8a9fa581aa863a | CNVD-2021-73908 | 2021-11-11 16:42:44 | 泛微e-cology存在SQL注入漏洞 | 详情 |
ae6fd467da55de31aa7219187cf5c2d4 | CNVD-2021-86904 (CVE-2021-20351) | 2021-11-11 08:31:46 | IBM Engineering跨站脚本漏洞 | 详情 |
412a15b40959ed9cf9330ee79f99e079 | CNVD-2021-86903 (CVE-2021-31173) | 2021-11-11 08:31:44 | Microsoft SharePoint Server信息泄露漏洞 | 详情 |
1cbc5d5faac431d3e82c9e5ea9588b5f | CNVD-2021-86902 (CVE-2021-31172) | 2021-11-11 08:31:43 | Microsoft SharePoint欺骗漏洞 | 详情 |
686c7cfb20933b41c3d679cbba79a2ad | CNVD-2021-86901 (CVE-2021-31181) | 2021-11-11 08:31:42 | Microsoft SharePoint远程代码执行漏洞 | 详情 |
72fdfb2d44c0d41d638e4632bdfc10b8 | CNVD-2021-86900 (CVE-2021-3561) | 2021-11-11 08:31:41 | fig2dev缓冲区溢出漏洞 | 详情 |
3ba6f0e9394f9414e2cadb9495e2d5f5 | CNVD-2021-85884 (CVE-2021-41210) | 2021-11-10 07:24:57 | Google TensorFlow堆分配数组越界读取漏洞 | 详情 |
4d8c4744ea972fb2fcb9673fea1fc7b7 | CNVD-2021-85883 (CVE-2021-41226) | 2021-11-10 07:24:56 | Google TensorFlow堆越界访问漏洞 | 详情 |
8778f9cd924cae585ca5e2e0b8be3b3f | CNVD-2021-85882 (CVE-2021-41224) | 2021-11-10 07:24:54 | Google TensorFlow堆越界访问漏洞 | 详情 |
e1b2722e6d5c509c680b584416d9cb20 | CNVD-2021-85881 (CVE-2021-42770) | 2021-11-10 07:24:53 | OPNsense跨站脚本漏洞 | 详情 |
ed09c9fa5586e2d4d9b4e95fe3b447a0 | CNVD-2021-85880 (CVE-2021-28024) | 2021-11-10 07:24:52 | ServiceTonic访问控制不当漏洞 | 详情 |
8a642f0922f7f915e81b2b947276a96c | CNVD-2021-85879 (CVE-2021-28023) | 2021-11-10 07:24:50 | ServiceTonic任意文件上传漏洞 | 详情 |
c00b061c2cfdee4016a869a188135db5 | CNVD-2021-85878 (CVE-2021-28022) | 2021-11-10 07:24:49 | ServiceTonic SQL注入漏洞 | 详情 |
9c4b20a28ad2bd4ab916448f0e1272bd | CNVD-2021-85877 (CVE-2021-32483) | 2021-11-10 07:24:48 | Cloudera Manager不正确访问控制漏洞 | 详情 |
4d4423857b7b1f38e49738f00e8949ba | CNVD-2021-85876 (CVE-2021-32481) | 2021-11-10 07:24:46 | Cloudera Hue跨站脚本漏洞 | 详情 |
6b12b7fc216d603e8e07351603851c86 | CNVD-2021-85875 (CVE-2021-29994) | 2021-11-10 07:24:45 | Cloudera Hue跨站脚本漏洞 | 详情 |
72894fb3a3538de240d2f6810aae63c9 | CNVD-2021-85892 (CVE-2021-42701) | 2021-11-10 02:38:27 | DAQFactory中间人攻击漏洞 | 详情 |
94a1f99a64ba24540cc1594d0a0b3152 | CNVD-2021-85893 (CVE-2021-42699) | 2021-11-10 02:38:26 | DAQFactory明文传输漏洞 | 详情 |
5d9bac33be8f2f88391f6de02fb89c73 | CNVD-2021-85894 (CVE-2021-42698) | 2021-11-10 02:38:24 | DAQFactory反序列化漏洞 | 详情 |
国家信息安全漏洞库(CNNVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
56358b73280e18ed2eaf62bf4b7fba5f | CNNVD-202210-1696 (CVE-2021-44776) | 2022-10-24 13:12:31 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
07eddc3a7e5e3731956c02a50f538970 | CNNVD-202210-1697 (CVE-2021-26732) | 2022-10-24 13:12:29 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
4b051d50f18e2bb4a1f272b12f873223 | CNNVD-202210-1698 (CVE-2021-26731) | 2022-10-24 13:12:27 | Lanner IAC-AST2500A 缓冲区错误漏洞 | 详情 |
0d79d7ad89e7b6f52a89de2e3762a492 | CNNVD-202210-1699 (CVE-2021-42010) | 2022-10-24 13:12:25 | Apache Heron 注入漏洞 | 详情 |
9596051a8fb75da90bf94bd495b53e94 | CNNVD-202210-1700 (CVE-2021-26733) | 2022-10-24 13:12:23 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
883bec62dd4552d68130c0f925873e93 | CNNVD-202210-1701 (CVE-2022-42432) | 2022-10-24 13:12:22 | Linux kernel 安全漏洞 | 详情 |
755328fe5484ce3f71a4940d10f50b34 | CNNVD-202210-1702 (CVE-2021-44769) | 2022-10-24 13:12:20 | Lanner IAC-AST2500A 输入验证错误漏洞 | 详情 |
9c53a984103cd446d6e447c12c9c66c6 | CNNVD-202210-1703 (CVE-2021-44467) | 2022-10-24 13:12:18 | Lanner IAC-AST2500A 安全漏洞 | 详情 |
30dfa903ed49845732fc6cef266206e9 | CNNVD-202210-1704 (CVE-2022-41974) | 2022-10-24 13:12:16 | Red Hat device-mapper-multipath 安全漏洞 | 详情 |
9c6324677d17c72db81aec2e1797791f | CNNVD-202210-1705 (CVE-2022-41973) | 2022-10-24 13:12:14 | Red Hat device-mapper-multipath 安全漏洞 | 详情 |
4ec5a4ccefd5879e573cd53c2123dd3a | CNNVD-202210-1612 (CVE-2022-39272) | 2022-10-22 13:09:56 | Flux2 安全漏洞 | 详情 |
c3846b92a4965777ef3e53a1f4618717 | CNNVD-202210-1600 (CVE-2022-3646) | 2022-10-21 13:10:17 | Linux kernel 安全漏洞 | 详情 |
9a761144255ce6f90bb54e219ea40282 | CNNVD-202210-1601 (CVE-2022-34438) | 2022-10-21 13:10:15 | Dell PowerScale OneFS 安全漏洞 | 详情 |
44290d228b51ffbf0aab6efd4d6e678e | CNNVD-202210-1602 (CVE-2022-31239) | 2022-10-21 13:10:12 | Dell PowerScale OneFS 安全漏洞 | 详情 |
9ca9cbb2a337c33899bcdf19d91d7d78 | CNNVD-202210-1603 (CVE-2022-34437) | 2022-10-21 13:10:10 | Dell PowerScale OneFS 安全漏洞 | 详情 |
0a96e1daad10fc7b842abaa350831db2 | CNNVD-202210-1605 (CVE-2022-26870) | 2022-10-21 13:10:08 | Dell EMC PowerStore 安全漏洞 | 详情 |
35f41caeb97feaaa8373f4dbbbd7a249 | CNNVD-202210-1606 (CVE-2020-5355) | 2022-10-21 13:10:06 | Dell EMC Isilon OneFS 安全漏洞 | 详情 |
d314bbe34de68aa67eddd75a9f4ce40c | CNNVD-202210-1609 (CVE-2022-3649) | 2022-10-21 13:10:03 | Linux kernel 资源管理错误漏洞 | 详情 |
351642a659185d5b0604973397c7fa3b | CNNVD-202210-1610 (CVE-2022-39259) | 2022-10-21 13:10:01 | Skylot Jadx 安全漏洞 | 详情 |
ebbdab47bb0184312da10141d7d010e7 | CNNVD-202210-1611 (CVE-2022-23462) | 2022-10-21 13:09:59 | Softmotions IOWOW 安全漏洞 | 详情 |
8c86f10ec92b3124f4395faa27ee8ae3 | CNNVD-202210-1517 (CVE-2022-29477) | 2022-10-20 13:08:31 | Adobe Iota 信任管理问题漏洞 | 详情 |
3c33a32472c03f27b2b606714eb74e0a | CNNVD-202210-1518 (CVE-2022-36966) | 2022-10-20 13:08:29 | SolarWinds Platform 安全漏洞 | 详情 |
280b662d6c30e683e90c26748fa86a26 | CNNVD-202210-1519 (CVE-2022-36958) | 2022-10-20 13:08:27 | SolarWinds Platform 代码问题漏洞 | 详情 |
1d1787e08b1093c5bd9723a8b9465e0f | CNNVD-202210-1520 (CVE-2022-27805) | 2022-10-20 13:08:25 | Adobe Iota 访问控制错误漏洞 | 详情 |
632da31aee8b02c08d2e63767809782a | CNNVD-202210-1521 (CVE-2022-36957) | 2022-10-20 13:08:22 | SolarWinds Platform 安全漏洞 | 详情 |
28743e448b695bd2eee529e66954d3c4 | CNNVD-202210-1522 (CVE-2022-3623) | 2022-10-20 13:08:20 | Linux kernel 竞争条件问题漏洞 | 详情 |
92679bd487d2a90451cf297905a8f3c3 | CNNVD-202210-1523 (CVE-2022-32586) | 2022-10-20 13:08:18 | Adobe Iota 操作系统命令注入漏洞 | 详情 |
bcd4eca45c95707bab85d60a3c30d643 | CNNVD-202210-1524 (CVE-2022-3619) | 2022-10-20 13:08:16 | Linux kernel 安全漏洞 | 详情 |
95cdab65f668ebae996fbf3df854d1e9 | CNNVD-202210-1525 (CVE-2022-3620) | 2022-10-20 13:08:13 | Exim 资源管理错误漏洞 | 详情 |
9e701d3b09a7f774ceea498474bc4d40 | CNNVD-202210-1526 (CVE-2022-3621) | 2022-10-20 13:08:11 | Linux kernel 安全漏洞 | 详情 |
奇安信 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
45ab4afdafe578698bcfccccd65d833e | yt | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
74691465618764c64d52a2ff58013ac4 | yt | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 | |
6bd01daffa85191c80698354fc8e252f | wt | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 | |
7010355bb6ffff38cb1a885acf784ca7 | ft | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 | |
f749eac58b87d0954f0e4a84b5d67057 | CVE-2020-1350 | 2020-07-15 15:57:00 | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 |
90b93cb7073fe73b17746ac166a09637 | CVE-2020-6819, CVE-2020-6820 | 2020-04-08 10:34:35 | QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 | 详情 |
e318a5efa4803b50cdef480b90b1784d | 2020-03-25 13:58:51 | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
cffc3035f7899495cfeae521451f91b2 | CVE-2020-0796 | 2020-03-12 10:32:09 | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 |
3e6175d47d17c6f94bd9ba10d81c3717 | CVE-2020-0674 | 2020-03-02 14:52:46 | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 |
d99d073afb7d248a8a62fb068921997f | CVE-2020-0601 | 2020-01-15 14:11:41 | QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 | 详情 |
b7b45b14a3af1225ef6eec72d74964df | CVE-2019-1367 | 2019-09-25 17:23:00 | QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 | 详情 |
504fc79f0123db109a11b149c334b75c | CVE-2019-0708 | 2019-09-09 10:20:47 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
5b727692d583d4a6e7cdb0f670eac12a | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 | 2019-08-14 11:09:05 | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 |
54b48d765fccbc8dcfa3de0920459f8d | CVE-2019-11707 | 2019-06-19 16:53:47 | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 |
5b4d5fea09fbc2dca45be53f162d39de | CVE-2019-0708 | 2019-05-31 17:03:19 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
安全客 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
03afa8b4eaf4a0160784152fca5465b2 | CVE-2021-27308 | 2021-07-11 14:22:05 | 4images 跨站脚本漏洞 | 详情 |
8b0ace4c54a7fc20a99d21e294152a99 | CVE-2020-15261 | 2021-07-11 14:22:05 | Veyon Service 安全漏洞 | 详情 |
d4f12de949590ab346b61986a29d8b4d | CVE-2021-35039 | 2021-07-09 17:30:13 | Linux kernel 安全漏洞 | 详情 |
f790e7ef3b5de3774d42ee32b9b10c01 | CVE-2021-34626 | 2021-07-09 17:30:13 | WordPress 访问控制错误漏洞 | 详情 |
71bf261eb2113d5ff870ab9bafd29f55 | CVE-2021-25952 | 2021-07-09 17:30:13 | just-safe-set 安全漏洞 | 详情 |
152793cbc104933584f5f227606f433d | CVE-2021-0597 | 2021-07-09 17:30:13 | Google Android 信息泄露漏洞 | 详情 |
75f153c327984fdfdd2d9c463a91371d | CVE-2021-34430 | 2021-07-09 17:30:13 | Eclipse TinyDTLS 安全特征问题漏洞 | 详情 |
9610336f1a41241cc8edea22a2780ec5 | CVE-2021-3638 | 2021-07-09 17:30:13 | QEMU 安全漏洞 | 详情 |
92fe450ae5c5dfa48072aca79d64ba63 | CVE-2021-34614 | 2021-07-09 14:24:32 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
680a4218fc32922746717210664a3d62 | CVE-2021-22144 | 2021-07-09 13:28:16 | Elasticsearch 安全漏洞 | 详情 |
373930f669f2c1f7b61101a925304779 | CVE-2021-24022 | 2021-07-09 13:28:16 | Fortinet FortiManager 安全漏洞 | 详情 |
8556f9cd0699f88c1f6cca9a43463bdd | CVE-2021-33012 | 2021-07-09 13:28:16 | Allen Bradley Micrologix 1100输入验证错误漏洞 | 详情 |
480ae713cc88cc0985e1ebc079974d83 | CVE-2021-0592 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8ef4dbefa6604ea2312621401c3ec0b9 | CVE-2021-1598 | 2021-07-09 13:28:16 | Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 | 详情 |
d6e8714c32df7a0dcc2f3910ec68b42d | CVE-2021-20782 | 2021-07-09 13:28:16 | Software License Manager 跨站请求伪造漏洞 | 详情 |
4e60b22611b8bb0fd7e532896498af29 | CVE-2021-20781 | 2021-07-09 13:28:16 | WordPress 跨站请求伪造漏洞 | 详情 |
5ca48ad58fb499c069ae0800c3b39875 | CVE-2021-32961 | 2021-07-09 13:28:16 | MDT AutoSave代码问题漏洞 | 详情 |
2ed854890b43f08e52340a1e8fe6d39f | CVE-2021-0577 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
8d63110e1475bbd245715b2ee1824d13 | CVE-2021-31816 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
72bef2ae2f5db7dd066e1cdefa618dc5 | CVE-2021-31817 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
1f7369b2609dbd2cd40d091f7de540cd | CVE-2020-20217 | 2021-07-09 13:28:16 | Mikrotik RouterOs 安全漏洞 | 详情 |
1793176eecc5813c3348f026dc9909c9 | CVE-2020-28598 | 2021-07-09 13:28:16 | PrusaSlicer 安全漏洞 | 详情 |
7f4cf34ceb545548dcfcc3c0e7120268 | CVE-2021-32945 | 2021-07-09 13:28:16 | MDT AutoSave加密问题漏洞 | 详情 |
58553eb00d6e3e83b633f09464c4e98a | CVE-2021-29712 | 2021-07-09 13:28:16 | IBM InfoSphere Information Server 跨站脚本漏洞 | 详情 |
d8e27ec42fb0b89998fcc006f49b249b | CVE-2021-25432 | 2021-07-09 13:28:16 | Samsung Members 信息泄露漏洞 | 详情 |
8f2adc6c247725bf2eb7f53256c93ea7 | CVE-2021-25433 | 2021-07-09 13:28:16 | Samsung Tizen安全漏洞 | 详情 |
8f949676124339eb6f64f9c607af5470 | CVE-2021-25431 | 2021-07-09 13:28:16 | Samsung Mobile Device Cameralyzer 访问控制错误漏洞 | 详情 |
069818a8958f9c158fcb0956ee32fc03 | CVE-2021-25434 | 2021-07-09 13:28:16 | Samsung Tizen 代码注入漏洞 | 详情 |
55b9126220b9722ff5d730d3996877e9 | CVE-2021-32949 | 2021-07-09 13:28:16 | MDT AutoSave 路径遍历漏洞 | 详情 |
ebab009fffdee3d360dcdff74b0ed061 | CVE-2021-25435 | 2021-07-09 13:28:16 | Samsung Tizen代码注入漏洞 | 详情 |
斗象 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
096b6298d82574500dc1a14c9dba4065 | CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 | 2022-07-15 00:38:28 | 微软2022年7月补丁日漏洞通告 | 详情 |
6018f718b2d751478bf1ce069ac65f0d | CVE-2022-2185 | 2022-07-01 09:02:05 | GitLab 远程代码执行漏洞(CVE-2022-2185) | 详情 |
844719cf0bb4843aff73d2f33cc6dd0b | CVE-2022-30190, CVE-2022-30136 | 2022-06-15 05:48:12 | 微软2022年6月补丁日漏洞通告 | 详情 |
8b47000e1abfbacdadb7df6f09152d89 | CVE-2022-26134 | 2022-06-03 05:48:38 | Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) | 详情 |
eebe93468b36d2ca24cf4b82136a5635 | CVE-2022-30190 | 2022-05-31 13:57:17 | Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) | 详情 |
95525e3f5907a776dc7cd4f87f2e2154 | 2022-05-23 07:11:04 | Fastjson 反序列化漏洞 | 详情 | |
945fd6e612634d9721f861833f1ecb75 | CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 | 2022-05-11 03:45:48 | 微软2022年5月补丁日漏洞通告 | 详情 |
e2938ff82d0cc152508e0240697def4c | CVE-2022-1388 | 2022-05-06 05:53:04 | F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) | 详情 |
bcf7253d2ee580c618737de137d370c4 | CVE-2022-29464 | 2022-04-22 02:21:17 | WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) | 详情 |
07c09799b08afb04c63a9de750b70aca | CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 | 2022-04-13 07:51:00 | 微软2022年4月补丁日漏洞通告 | 详情 |
f5b543501ed5679d423411edac502e24 | CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 | 2022-04-08 03:49:31 | VMware 产品多个高危漏洞通告 | 详情 |
f421bcdb306e2bc1ffbf58fcb024a0dd | 2022-03-29 17:11:30 | Spring 框架远程代码执行漏洞 | 详情 | |
0473358d95e58c7c3f2e7db0109f56f4 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 | |
a888c948ca1172f8a06a3879479f1de4 | CVE-2022-22965 | 2022-03-29 17:11:30 | Spring Framework 远程代码执行漏洞(CVE-2022-22965) | 详情 |
71ed541bb737196268b75c7ba435e1a9 | 2022-03-28 04:57:30 | Spring Cloud Function SpEL表达式注入漏洞 | 详情 | |
f7a5dcd376be777c6593a29b8ebd411a | CVE-2022-0778 | 2022-03-18 07:09:22 | OpenSSL拒绝服务漏洞(CVE-2022-0778) | 详情 |
6c4124fed44906a79843cd2dd383c695 | CVE-2022-0847 | 2022-03-15 03:32:03 | Linux Kernel本地提权漏洞(CVE-2022-0847) | 详情 |
a2795e4829bff16f108cf191eba663c3 | CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 | 2022-03-11 02:14:56 | 微软2022年3月补丁日漏洞通告 | 详情 |
d09f0641bf65c64a16d802cd78e14097 | CVE-2022-0847 | 2022-03-08 08:23:08 | Linux 内核本地提权漏洞(CVE-2022-0847) | 详情 |
69052e2a8c09416f5df674f92cba25a6 | CVE-2022-22947 | 2022-03-02 11:42:55 | Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) | 详情 |
5f42b6f584a9ace426787dc8dfd6e6e5 | 2022-02-16 10:44:18 | 向日葵远程命令执行漏洞(CNVD-2022-10270) | 详情 | |
79556071f6236ab4674f75b3beee4d79 | CVE-2022-24112 | 2022-02-11 06:13:35 | Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) | 详情 |
485f2c57713f4a39830e8c2d01e43cfe | CVE-2021-4034 | 2022-01-26 06:19:16 | Linux Polkit 权限提升漏洞(CVE-2021-4034) | 详情 |
0aa6eab412c0318b74c6a470ee774df1 | CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 | 2022-01-12 03:44:50 | 微软2022年1月补丁日漏洞通告 | 详情 |
88a8c676b52a739c0335d7c21ca810a9 | 2022-01-06 08:19:17 | MeterSphere 远程代码执行漏洞 | 详情 | |
76cad61d2d5a8750a6a714ab2c6dbc97 | CVE-2021-45232 | 2021-12-28 10:31:16 | Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) | 详情 |
af4f5f63390eb00de8705b5029d8c376 | CVE-2021-44228, CVE-2021-45046 | 2021-12-14 01:56:52 | Apache Log4j 远程代码执行漏洞 | 详情 |
43456ae172e45c12087c40c03d925e0e | CVE-2021-44228 | 2021-12-11 03:21:34 | Apache Log4j 远程代码执行漏洞 | 详情 |
392b133d98d6f61aee36ce6c8784f4df | 2021-12-09 15:20:54 | Apache Log4j 远程代码执行漏洞 | 详情 | |
1e193280a8f45427c06cb4945be4f126 | 2021-12-07 06:48:55 | Grafana 任意文件读取漏洞 | 详情 |
红后 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
adb34d68c468518395133c2ef482a58a | CVE-2022-41861 | 2023-02-01 20:29:10 ![]() |
FREERADIUS FREERADIUS Vulnerability | 详情 |
b87567750eeef5570481dca470e1062d | CVE-2023-22875 | 2023-02-01 20:29:03 ![]() |
IBM QRADAR_SECURITY_INFORMATION_AND_EVENT_MANAGER Vulnerability | 详情 |
1f3a2e7100f13ddd1b090e927360f8bd | CVE-2022-41860 | 2023-02-01 20:28:51 ![]() |
FREERADIUS FREERADIUS Vulnerability | 详情 |
fee9ee29bad78b928b69cd8f9e2a0a98 | CVE-2022-47929 | 2023-02-01 20:28:44 ![]() |
Vulnerability | 详情 |
4a0df528ac5f99bcd47b632a35db4321 | CVE-2022-23739 | 2023-02-01 20:28:32 ![]() |
GITHUB ENTERPRISE_SERVER Vulnerability | 详情 |
0e04abe1da5f20b6f54a0cfccb3c5593 | CVE-2023-22732 | 2023-02-01 20:28:26 ![]() |
SHOPWARE SHOPWARE Vulnerability | 详情 |
a7be1b2e1b0b7af2e692fa86d722f56f | CVE-2022-4121 | 2023-02-01 20:28:20 ![]() |
LIBETPAN_PROJECT LIBETPAN Vulnerability | 详情 |
779281df0bbe13243264d0b1ee1a8888 | CVE-2022-42399 | 2023-01-31 20:35:05 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
deca50a4557e147c71ee83cac62c8182 | CVE-2022-42386 | 2023-01-30 20:20:58 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
6bd99603bf4afb1c0a5dcd8fed40c6ec | CVE-2022-42389 | 2023-01-30 20:20:51 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
343f9977702b050f2f87a70a648197bc | CVE-2022-42392 | 2023-01-30 20:20:45 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
69024b9acf40ea8e732a5016685ad225 | CVE-2022-42387 | 2023-01-30 20:20:41 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
2fe62c0168559647b70bf4a5394ddeff | CVE-2022-42395 | 2023-01-30 20:20:34 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
63874ab582d33bcbf929287ccfd0761d | CVE-2022-42390 | 2023-01-30 20:20:26 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
95ff979003d3be2025da5e1717149a3c | CVE-2022-42398 | 2023-01-30 20:20:20 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
8c2c52ba0b946b447593a6ac002ae2a3 | CVE-2022-42393 | 2023-01-30 20:20:14 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
6e37754528f00660d007daa84ecb722d | CVE-2022-42401 | 2023-01-30 20:20:07 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
886b1825312c1758416d2f59c3f3f48a | CVE-2022-42396 | 2023-01-30 20:20:00 | TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability | 详情 |
8eda15b59e61ab6279ef9aa8f45cd29e | CVE-2022-38112 | 2023-01-29 20:39:21 | SOLARWINDS DATABASE_PERFORMANCE_ANALYZER Vulnerability | 详情 |
7f267e5f2ee013c4836d8f7fea512d45 | CVE-2020-21152 | 2023-01-29 20:39:15 | INXEDU INXEDU Vulnerability | 详情 |
103dfd3f7efb745b6a614c7b10e5d5cb | CVE-2023-22910 | 2023-01-29 20:39:08 | MEDIAWIKI MEDIAWIKI Vulnerability | 详情 |
5be45d43db1a848b6ded4d8c493fc600 | CVE-2022-20965 | 2023-01-29 20:39:02 | CISCO IDENTITY_SERVICES_ENGINE Vulnerability | 详情 |
44e1e95916d186bbbc5cabca01532712 | CVE-2022-41733 | 2023-01-29 20:38:56 | IBM INFOSPHERE_INFORMATION_SERVER Vulnerability | 详情 |
2991465b370b4d0ac26bc28431f42fd5 | CVE-2023-20002 | 2023-01-29 20:38:50 | CISCO Multiple product Vulnerability | 详情 |
290ff041e5bf50eb81398ab31d1ecec5 | CVE-2022-20966 | 2023-01-29 20:38:44 | CISCO IDENTITY_SERVICES_ENGINE Vulnerability | 详情 |
b79d8d330d69b7db9746d76059a86f13 | CVE-2021-33959 | 2023-01-29 20:38:38 | PLEX MEDIA_SERVER Vulnerability | 详情 |
fd2c67474d7089240f2ad8f1bde4fa5d | CVE-2023-20008 | 2023-01-29 20:38:31 | CISCO Multiple product Vulnerability | 详情 |
b9e48f1bccb8c0ac6af5f18cc99d9512 | CVE-2023-22809 | 2023-01-29 20:38:25 | SUDO_PROJECT SUDO Vulnerability | 详情 |
93b0952e0fd66c402b4aabc6300c0179 | CVE-2023-0402 | 2023-01-28 20:25:05 | WARFAREPLUGINS SOCIAL_WARFARE Vulnerability | 详情 |
c3755b0b8ee246b0a1620d911d6737b0 | CVE-2023-0403 | 2023-01-28 20:25:00 | WARFAREPLUGINS SOCIAL_WARFARE Vulnerability | 详情 |
绿盟 [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
41c49874e48d1021809f3105658d5bf1 | CVE-2022-42409 | 2023-01-31 10:27:29 | PDF-XChange Editor越界读取漏洞 | 详情 |
f44ef80eb6f1cbd07d5317d0a4b9864e | CVE-2022-42410 | 2023-01-31 10:27:29 | PDF-XChange Editor越界写入漏洞 | 详情 |
cfc0c9550d223c21b288adf272ba5e95 | CVE-2022-42411 | 2023-01-31 10:27:29 | PDF-XChange Editor越界读取漏洞 | 详情 |
a6fd10b828c40177cecf4e654fdc9d07 | CVE-2022-42412 | 2023-01-31 10:27:29 | PDF-XChange Editor越界读取漏洞 | 详情 |
f31918e979171d2741a84c93f3be4867 | CVE-2022-42413 | 2023-01-31 10:27:29 | PDF-XChange Editor越界读取漏洞 | 详情 |
db82af42fe4fb934b7fe905c204b345b | CVE-2022-42414 | 2023-01-31 10:27:29 | PDF-XChange Editor信息泄露漏洞 | 详情 |
46676e2a3c9083c69fce0a8196ad6f18 | CVE-2022-42415 | 2023-01-31 10:27:29 | PDF-XChange Editor越界写入漏洞 | 详情 |
4f3a62627b0e22994993aba8436fc49a | CVE-2022-42416 | 2023-01-31 10:27:29 | PDF-XChange Editor越界写入漏洞 | 详情 |
521ba1740ce12dff08a330f48b28d5a0 | CVE-2022-42417 | 2023-01-31 10:27:29 | PDF-XChange Editor越界读取漏洞 | 详情 |
4523180d9aa01de1638403c75ff7323f | CVE-2022-42418 | 2023-01-31 10:27:29 | PDF-XChange Editor空指针解引用漏洞 | 详情 |
39db7708b1adc5cec9b938f100aad1ca | CVE-2022-42419 | 2023-01-31 10:27:29 | PDF-XChange Editor越界写入漏洞 | 详情 |
be944c4891d9becdcf3aab4991188f01 | CVE-2022-42420 | 2023-01-31 10:27:29 | PDF-XChange Editor越界写入漏洞 | 详情 |
8866faf5fdd3ba6640736d39605fb1a0 | CVE-2022-42421 | 2023-01-31 10:27:29 | PDF-XChange Editor越界写入漏洞 | 详情 |
588237ee4d81f6107855e995ebda91f1 | CVE-2022-42407 | 2023-01-31 10:27:29 | PDF-XChange Editor越界读取漏洞 | 详情 |
f99a159acda51faa60dd6f3df788d291 | CVE-2022-42406 | 2023-01-31 10:27:29 | PDF-XChange Editor越界读取漏洞 | 详情 |
27780f65734d037a95a20cb46d161862 | CVE-2023-0128 | 2023-01-12 04:29:30 | Google Chrome Overview Mode内存错误引用漏洞 | 详情 |
771651032697fbe544f80903f7a5611a | CVE-2023-0129 | 2023-01-12 04:29:30 | Google Chrome Network Service堆缓冲区溢出漏洞 | 详情 |
b2d60308154f9ffc0a6a686815b36ee2 | CVE-2023-0130 | 2023-01-12 04:29:30 | Google Chrome Fullscreen API实现不当漏洞 | 详情 |
977bf7ac1ff25d5c8505451f904abc0c | CVE-2023-0131 | 2023-01-12 04:29:30 | Google Chrome iframe Sandbox实现不当漏洞 | 详情 |
26a5492eb5734f0eef07b189c11a79ca | CVE-2023-0132 | 2023-01-12 04:29:30 | Google Chrome Permission Prompts实现不当漏洞 | 详情 |
ab4ae278303768ac993d489ff77ca745 | CVE-2023-0133 | 2023-01-12 04:29:30 | Google Chrome Permission Prompts实现不当漏洞 | 详情 |
eb74b0e2e26ca0b1989afce3bad50210 | CVE-2023-0134 | 2023-01-12 04:29:30 | Google Chrome Cart内存错误引用漏洞 | 详情 |
697cf182cb4be7ba27b1349a0f6a1471 | CVE-2023-0135 | 2023-01-12 04:29:30 | Google Chrome Cart内存错误引用漏洞 | 详情 |
473796f85a5736471a185edbc4ffc532 | CVE-2023-0136 | 2023-01-12 04:29:30 | Google Chrome Fullscreen API实现不当漏洞 | 详情 |
bec720024d5d618ac9e8e1bb945c9066 | CVE-2023-0138 | 2023-01-12 04:29:30 | Google Chrome libphonenumber堆缓冲区溢出漏洞 | 详情 |
71ee08bc6258ce8b44b88f389803036a | CVE-2023-0139 | 2023-01-12 04:29:30 | Google Chrome Downloads输入验证错误漏洞 | 详情 |
dfff5b69c6b9848d9a1cc5125a6209eb | CVE-2023-0140 | 2023-01-12 04:29:30 | Google Chrome File System API实现不当漏洞 | 详情 |
46cb68cf0b59c851d6edbf4438df9653 | CVE-2023-0141 | 2023-01-12 04:29:30 | Google Chrome CORS策略执行不当漏洞 | 详情 |
03a6a73a0041e63c3eb5ac17b7badda9 | CVE-2023-0137 | 2023-01-12 04:29:30 | Google Chrome Platform Apps堆缓冲区溢出漏洞 | 详情 |
e06640cce5d9fc097548c656a9a16142 | CVE-2022-3462 | 2023-01-12 04:29:30 | WordPress Highlight Focus Plugin跨站脚本漏洞 | 详情 |
美国国家漏洞数据库(NVD) [TOP 30] | CVES | TIME | TITLE | URL |
---|---|---|---|---|
daa2ab37edf082d2135eb6a820dcebc0 | CVE-2022-45920 | 2023-01-26 21:17:55 | In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak. | 详情 |
8d397a6f32266fa7ec3d82f5bc5d7e19 | CVE-2022-45808 | 2023-01-26 21:17:54 | SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 详情 |
96cc46a7489a28a3ab97cb4c28751fb1 | CVE-2022-45730 | 2023-01-26 21:17:53 | A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. | 详情 |
1103608f90b7a675fc6085103e294c20 | CVE-2022-20492 | 2023-01-26 21:15:27 | In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043 | 详情 |
2b10df47a36d2ee27ac3d538951560ce | CVE-2022-20490 | 2023-01-26 21:15:27 | In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505 | 详情 |
14f61ffe2e3a5ddbfba44726d3cdc7ef | CVE-2022-20489 | 2023-01-26 21:15:27 | In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460 | 详情 |
80b7f3693011256dc6b729f48aa042c6 | CVE-2022-20461 | 2023-01-26 21:15:27 | In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963 | 详情 |
07298504c612accc5d7effabbbdb12b4 | CVE-2022-20458 | 2023-01-26 21:15:26 | The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776 | 详情 |
005950af05c204089d2a1b81f7a27a37 | CVE-2022-20456 | 2023-01-26 21:15:26 | In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780 | 详情 |
10ca0bca9a3bab1646adbf2f55d2b69c | CVE-2022-20235 | 2023-01-26 21:15:26 | The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780 | 详情 |
7a8c81d418c751121ea7f1ea3b0f46c4 | CVE-2022-20215 | 2023-01-26 21:15:26 | In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206 | 详情 |
a870dd1d18550ed69c4cf66451ec68f5 | CVE-2022-20214 | 2023-01-26 21:15:25 | In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210 | 详情 |
b29c18ad1ba2ec293aa2cda07933f7a1 | CVE-2022-20213 | 2023-01-26 21:15:25 | In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508 | 详情 |
3e3da618bb38e90e4541ab0b121baf66 | CVE-2021-36686 | 2023-01-26 21:15:24 | Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page. | 详情 |
e6a1496585ccd40ab163321163862785 | CVE-2022-42409 | 2023-01-26 18:59:57 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18315. | 详情 |
3ab0f76cce7486b2a30e5d0d9e218b05 | CVE-2022-42408 | 2023-01-26 18:59:57 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18543. | 详情 |
a6951ce2dbe5060c8baf94cd1658ee80 | CVE-2022-42407 | 2023-01-26 18:59:57 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18542. | 详情 |
fd8c4aeb7fcc66f36db9d5d5276129ca | CVE-2022-42406 | 2023-01-26 18:59:57 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18369. | 详情 |
ebadc22f4cba8ca799c6df0027004265 | CVE-2022-42405 | 2023-01-26 18:59:57 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18367. | 详情 |
bc6b05be0f36b10e3979f9f1a052e133 | CVE-2022-42404 | 2023-01-26 18:59:57 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18273. | 详情 |
5221188b8b1d6a95dc416c0c6c08c1de | CVE-2022-42403 | 2023-01-26 18:59:57 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18892. | 详情 |
66df6adbed21903beb4e7372b48c2ad8 | CVE-2022-42402 | 2023-01-26 18:59:57 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in an embedded U3D object can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18632. | 详情 |
13315d978c002a53c992c824c701b1dc | CVE-2022-42401 | 2023-01-26 18:59:57 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18533. | 详情 |
5c8fd7a125f188899ac4c50ea917b6aa | CVE-2022-42400 | 2023-01-26 18:59:57 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18328. | 详情 |
42e5fff7666d1ffbad7e27fe0af1dc3c | CVE-2022-42398 | 2023-01-26 18:59:56 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18307. | 详情 |
3b001d5a9a1e0f4940e7c5a63bc1db07 | CVE-2022-42397 | 2023-01-26 18:59:56 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. Crafted data in an XPS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18279. | 详情 |
95208b594ac347be93701587d0c7efcc | CVE-2022-42396 | 2023-01-26 18:59:56 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18278. | 详情 |
07b0245c3bb436556bbd90eed54abce6 | CVE-2022-42395 | 2023-01-26 18:59:56 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. Crafted data in an XPS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18274. | 详情 |
00538eba584d1e3b7b400c7ad6233265 | CVE-2022-42394 | 2023-01-26 18:59:56 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18893. | 详情 |
62b799e5de7c15d1faf31c9bc89ad4c8 | CVE-2022-42393 | 2023-01-26 18:59:56 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18662. | 详情 |
![]() |
![]() |
---|---|
支付宝 | 微信 |