威胁情报播报


360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL
76d4758f15cac67a05151fedf8345440 2021-10-20 02:23:50 2021-10 补丁日: Oracle多个产品漏洞安全风险通告 详情
53e2086a60b98d992aa6d1aecbddd1b4 2021-10-18 03:28:06 安全事件周报 (10.11-10.17) 详情
c4b2adb477e10f37561b156d82c204f7 CVE-2021-42340 2021-10-15 07:49:41 Apache Tomcat 拒绝服务漏洞通告 详情
fb815372266f86deecfc74bb80c1fd0d 2021-10-13 06:40:56 Linux挖矿木马NtpClient事件分析 详情
e3881b85580a51c8f62eb81259cf56a2 2021-10-13 02:32:08 2021-10 补丁日: 微软多个漏洞安全更新通告 详情
73693ec6d7f21e08a127128365a91bea 2021-10-11 03:19:25 安全事件周报 (10.04-10.10) 详情
02f7ad2be491c35c59ec22222810c7cd CVE-2021-42013 2021-10-11 02:22:10 Apache HTTP Server 路径穿越漏洞通告 详情
61ff4f18db934d14a83001f25caddda0 2021-10-08 06:16:56 安全事件周报 (09.27-10.03) 详情
0db129d6146257595e4cbdc44be22d00 2021-09-27 10:21:28 安全事件周报 (09.20-09.26) 详情
37c9423769967d0cf58dae1b900a396b 2021-09-22 07:45:31 安全事件周报 (09.13-09.19) 详情
6be63274025717491cbc8e10f3dbf024 2021-09-22 02:39:12 VMware vCenter Server多个高危漏洞通告 详情
a6ae01b327e817f7c9069548016462f6 2021-09-15 02:46:18 2021-09 补丁日: 微软多个漏洞安全更新通告 详情
732d8dd6f94d4f26aae5446404832860 2021-09-14 07:20:13 2021-09 补丁日: Chrome多个漏洞安全更新通告 详情
ee3f2c97a6fc0efd4ac4aaa53e4a5b3a 2021-09-13 02:46:46 安全事件周报 (09.06-09.12) 详情
f080a471257f4dcbece4d5d9a9ff5107 CVE-2021-40444 2021-09-08 03:06:26 CVE-2021-40444:微软官方发布MSHTML组件在野0day漏洞通告 详情
03358819e8b63cf3660e6ba3f60ccf26 2021-09-06 06:03:21 安全事件周报 (08.30-09.05) 详情
04a2b4e0e48d0940bb6e4771011ca348 CVE-2021-26084 2021-09-01 07:29:08 【通告更新】CVE-2021-26084:Confluence OGNL 注入漏洞通告 详情
45e6878b572f45485631468ceb9110da 2021-08-30 06:10:36 安全事件周报 (08.23-08.29) 详情
d78009bcb8c3a411c54e017ab2c76516 2021-08-23 07:23:50 2021-08: XStream 多个高危漏洞通告 详情
a93ee16bf37c73fbd8f58e77f072b37f CVE-2021-20032 2021-08-17 03:09:22 CVE-2021-20032:SonicWall Analytics 远程代码执行漏洞通告 详情
dfba4463b07c7a5f255c3e259e2c4a0e CVE-2021-36958 2021-08-12 06:47:50 Windows Print Spooler打印机漏洞通告 详情
dfba4463b07c7a5f255c3e259e2c4a0e CVE-2021-36958 2021-08-12 06:47:50 Windows Print Spooler打印机漏洞通告 详情
cc797471d65a70bb275239b0bf6d889a 2021-08-12 02:37:22 Conti勒索集团内部核心资料分析 详情
cc797471d65a70bb275239b0bf6d889a 2021-08-12 02:37:22 Conti勒索集团内部核心资料分析 详情
8d5c0347d712c60b3be2069cb5e3e333 2021-08-11 02:48:42 2021-08 补丁日: 微软多个产品漏洞安全更新通告 详情
8d5c0347d712c60b3be2069cb5e3e333 2021-08-11 02:48:42 2021-08 补丁日: 微软多个产品漏洞安全更新通告 详情
8a3e0fae26125c451874d1f87b6f7b67 2021-08-09 03:46:22 安全事件周报 (08.02-08.08) 详情
8a3e0fae26125c451874d1f87b6f7b67 2021-08-09 03:46:22 安全事件周报 (08.02-08.08) 详情
ed612af34543e280880d4c3014234a3c 2021-07-29 01:57:11 YourData勒索软件国内攻击通告 详情
417c12dc2092d637acc3a3471845c855 2021-07-27 09:13:49 Windows MS-EFSRPC协议Ntlm Relay攻击通告 详情

Tenable (Nessus) [TOP 30] CVES TIME TITLE URL
3d46d14c2ff2260996443cfe0ea3b29b CVE-2021-3455 2021-10-19 23:15:00 Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp 详情
ad745cbffd762e438dd8471aa39c6e30 CVE-2021-3454 2021-10-19 23:15:00 Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3 详情
a8eb02e61f385674f1a0550aa5c59628 CVE-2021-41150 2021-10-19 20:15:00 Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known. 详情
6622f3e56e2e68d8443c5d534d44cf9a CVE-2021-31386 2021-10-19 19:15:00 A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. 详情
7f64616f1477f2ee581958178cfc540b CVE-2021-31385 2021-10-19 19:15:00 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. 详情
bef1a070f39edfcabf38635f016fa0ce CVE-2021-31384 2021-10-19 19:15:00 Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. 详情
224a3a3df02a346ffcfbfa2b5e76f0ae CVE-2021-31383 2021-10-19 19:15:00 In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a remote unauthenticated network attacker causes the RPD to crash causing a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1. Juniper Networks Junos OS Evolved 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO. 详情
908f8c0801b822bc030d040437fbf20c CVE-2021-31382 2021-10-19 19:15:00 On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. These firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments. This issue affects Juniper Networks Junos OS on PTX1000 System: 17.2 versions 17.2R1 and later versions prior to 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2. This issue does not affect Juniper Networks Junos OS prior to version 17.2R1 on PTX1000 System. This issue affects Juniper Networks Junos OS on PTX10002-60C System: 18.2 versions 18.2R1 and later versions prior to 18.4 versions prior to 18.4R3-S9; 19.1 versions later than 19.1R1 prior to 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions 20.4R1 and later versions prior to 21.1 versions prior to 21.1R2; 21.2 versions 21.2R1 and later versions prior to 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS prior to version 18.2R1 on PTX10002-60C System. This issue impacts all filter families (inet, inet6, etc.) and all loopback filters. It does not rely upon the location where a filter is set, impacting both logical and physical interfaces. 详情
d8303618aa9b70510dc56ccda922a962 CVE-2021-31381 2021-10-19 19:15:00 A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system. 详情
9795dd2f585bb9355f9109fb0c51e2cb CVE-2021-31380 2021-10-19 19:15:00 A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information. 详情
57ed63d56853b7b1be43e9f18e7a4292 CVE-2021-31379 2021-10-19 19:15:00 An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these packets. Continued receipt and processing of these malformed IPv4 or IPv6 packets will create a sustained Denial of Service (DoS) condition. This issue only affects MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. An indicator of compromise is the output: FPC ["FPC ID" # e.g. "0"] PFE #{PFE ID # e.g. "1"] : Fabric Disabled Example: FPC 0 PFE #1 : Fabric Disabled when using the command: show chassis fabric fpcs An example of a healthy result of the command use would be: user@device-re1> show chassis fabric fpcs Fabric management FPC state: FPC 0 PFE #0 Plane 0: Plane enabled Plane 1: Plane enabled Plane 2: Plane enabled Plane 3: Plane enabled Plane 4: Plane enabled Plane 5: Plane enabled Plane 6: Plane enabled Plane 7: Plane enabled This issue affects: Juniper Networks Junos OS on MX Series with MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1. 详情
94e89b91bdd23ac8a9caff103feaf53b CVE-2021-31378 2021-10-19 19:15:00 In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be forced into a "Terminating" state by an attacker who is able to send spoofed messages appearing to originate from trusted RADIUS server(s) destined to the device in response to the subscriber's request. These spoofed messages cause the Junos OS General Authentication Service (authd) daemon to force the broadband subscriber into this "Terminating" state which the subscriber will not recover from thereby causing a Denial of Service (DoS) to the endpoint device. Once in the "Terminating" state, the endpoint subscriber will no longer be able to access the network. Restarting the authd daemon on the Junos OS device will temporarily clear the subscribers out of the "Terminating" state. As long as the attacker continues to send these spoofed packets and subscribers request to be logged out, the subscribers will be returned to the "Terminating" state thereby creating a persistent Denial of Service to the subscriber. An indicator of compromise may be seen by displaying the output of "show subscribers summary". The presence of subscribers in the "Terminating" state may indicate the issue is occurring. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect: Juniper Networks Junos OS 12.3 version 12.3R1 and later versions; 15.1 version 15.1R1 and later versions. 详情
2e66af0bdf184ca44275805d4d60dce7 CVE-2021-33988 2021-10-19 17:15:00 Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form. 详情
d8fb9a5731137bcafd7c599a7ddd6673 CVE-2021-38911 2021-10-19 16:15:00 IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940. 详情
f987c14bed06ff6d5954175c99aca06d CVE-2021-29912 2021-10-19 16:15:00 IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828. 详情
e6f7346a3d0af61b6c1904a45520024d CVE-2020-12141 2021-10-19 16:15:00 An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c. 详情
549242d869a31bbe161a660bb10a5a38 CVE-2021-39355 2021-10-19 15:15:00 The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. 详情
f21ee4cfd8cafe856dd9e5deb1240c81 CVE-2021-39343 2021-10-19 15:15:00 The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. 详情
55d116368f1019f7a209f41d421e0c95 CVE-2021-39329 2021-10-19 15:15:00 The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. 详情
6ec4be25b6162248044d18df8386e7c6 CVE-2021-3746 2021-10-19 15:15:00 A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6. 详情
772899da3d4e03b9fecfff8df3312392 CVE-2021-37137 2021-10-19 15:15:00 The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. 详情
6d770190766d00bd8e344452519b4b0f CVE-2021-37136 2021-10-19 15:15:00 The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack 详情
6f636a76cbcbdfc8f2b245041a368948 CVE-2021-36832 2021-10-19 15:15:00 WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input. 详情
1269f811ac035944e4a2fe36e6dac48d CVE-2021-27001 2021-10-19 15:15:00 Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. 详情
806b2e15012b196a8f55a7e25ad63551 CVE-2021-26589 2021-10-19 15:15:00 A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers. 详情
76e79457e9ed9f98a3a09b57f364b42f CVE-2011-1075 2021-10-19 15:15:00 FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, which takes a pathname as an argument, and is called with euid 0. A race condition in this process may lead to an arbitrary MD5 comparison regardless of the read permissions. 详情
3df54382d47477c7d635226582d38efa CVE-2021-3889 2021-10-19 13:15:00 libmobi is vulnerable to Use of Out-of-range Pointer Offset 详情
5fc742b6b3e22996b7eaf9f874aa7697 CVE-2021-3888 2021-10-19 13:15:00 libmobi is vulnerable to Use of Out-of-range Pointer Offset 详情
6a5928376f8bb9a421f1ebd83bcfc666 CVE-2021-3879 2021-10-19 13:15:00 snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 详情
ce189de560d543477ef7f615f736bec3 CVE-2021-3872 2021-10-19 13:15:00 vim is vulnerable to Heap-based Buffer Overflow 详情

国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL
5411f3398c7ab5a95072751b63da38dd CNVD-2021-78736 (CVE-2021-37921) 2021-10-20 02:38:38 ZOHO ManageEngine ADManager Plus文件上传漏洞 详情
684be72250e045877e8ec0314005faec CNVD-2021-78735 (CVE-2021-37923) 2021-10-20 02:38:37 ZOHO ManageEngine ADManager Plus文件上传漏洞 详情
28a7f4fcd8b85b14521e4392a5135ea4 CNVD-2021-78734 (CVE-2021-37924) 2021-10-20 02:38:36 ZOHO ManageEngine ADManager Plus文件上传漏洞 详情
ace147b5efe0bdb56c8aee24e7cb7594 CNVD-2021-78733 (CVE-2021-37926) 2021-10-20 02:38:35 ZOHO ManageEngine ADManager Plus文件上传漏洞 详情
514b1e363b8758471236f97253090a3f CNVD-2021-78732 (CVE-2021-37928) 2021-10-20 02:38:33 ZOHO ManageEngine ADManager Plus文件上传漏洞 详情
1a57581ef524df42e3af57eff5c9a029 CNVD-2021-78731 (CVE-2021-37929) 2021-10-20 02:38:32 ZOHO ManageEngine ADManager Plus文件上传漏洞 详情
5e57542cfb8365056e6fb987b51cbae0 CNVD-2021-78730 (CVE-2021-37920) 2021-10-20 02:38:31 ZOHO ManageEngine ADManager Plus文件上传漏洞 详情
ecf49dc7dbae438093c40cbf09ba1160 CNVD-2021-78729 (CVE-2021-37919) 2021-10-20 02:38:30 ZOHO ManageEngine ADManager Plus文件上传漏洞 详情
2378187532b284e0c7f10517d0303bc1 CNVD-2021-78728 (CVE-2021-37918) 2021-10-20 02:38:28 ZOHO ManageEngine ADManager Plus文件上传漏洞 详情
e742de339cadc059b849e8437cdec88f CNVD-2021-78727 (CVE-2021-37762) 2021-10-20 02:38:27 ZOHO ManageEngine ADManager Plus文件上传漏洞 详情
4765f8f3e828a3e94e81724d7a7f8b63 CNVD-2021-78442 (CVE-2021-20485) 2021-10-19 07:25:02 IBM Sterling File Gateway信息泄露漏洞 详情
5aeaf328ffed0eee02e4185d7c4ae3cf CNVD-2021-78441 (CVE-2020-4654) 2021-10-19 07:25:01 IBM Sterling File Gateway信息泄露漏洞 详情
28dcdb3417eb1f1dbe6ef9a78da3dc9a CNVD-2021-78440 (CVE-2021-29700) 2021-10-19 07:24:59 IBM Sterling B2B Integrator信息泄露漏洞 详情
5512c987f2680137802565b4f5354ead CNVD-2021-78439 (CVE-2021-20584) 2021-10-19 07:24:58 IBM Sterling File Gateway任意文件上传漏洞 详情
dc995682533c2014122f5cb664a6b0db CNVD-2021-78438 (CVE-2021-20561) 2021-10-19 07:24:57 IBM Sterling File Gateway跨站脚本漏洞 详情
96c1baedee89c9bcb66fc2a1f902adbb CNVD-2021-78437 (CVE-2021-20552) 2021-10-19 07:24:56 IBM Sterling File Gateway信息泄露漏洞 详情
5df4b15a4b270c769cf0f1a8deb58f58 CNVD-2021-78436 (CVE-2021-20489) 2021-10-19 07:24:54 IBM Sterling File Gateway跨站请求伪造漏洞 详情
3ce0b60ac771ff5cdb17ef502d43e773 CNVD-2021-78435 (CVE-2021-20481) 2021-10-19 07:24:53 IBM Sterling File Gateway跨站脚本漏洞 详情
55a35ee8b7f919d40e62f172488d4029 CNVD-2021-78430 (CVE-2020-21598) 2021-10-19 04:35:23 libde265堆缓冲区溢出漏洞 详情
63ad76d3772e424e3739f91b16ed32e7 CNVD-2021-78429 (CVE-2020-21597) 2021-10-19 04:35:21 libde265堆缓冲区溢出漏洞 详情
ea5cfa970dcb0d070fc2ab357e31e246 CNVD-2021-78427 (CVE-2020-21595) 2021-10-19 04:35:20 libde265堆缓冲区溢出漏洞 详情
abc7cd069a54659e36beb50d96fa810c CNVD-2021-78426 (CVE-2020-21594) 2021-10-19 04:35:19 libde265堆缓冲区溢出漏洞 详情
5e799e1ec81a767ede6a16de090897fb CNVD-2021-78425 (CVE-2020-21535) 2021-10-19 04:35:18 fig2dev分段错误漏洞 详情
da4bdf61d521d955abe7e251f5246b75 CNVD-2021-78424 (CVE-2020-21534) 2021-10-19 04:35:16 fig2dev缓冲区溢出漏洞 详情
1a7a5e700c32df1bb3fe772efbc49b2b CNVD-2021-78423 (CVE-2020-21533) 2021-10-19 04:35:15 fig2dev栈缓冲区溢出漏洞 详情
d9c6b3a42d1c96d1c1bb6f82ff407921 CNVD-2021-78422 (CVE-2020-21532) 2021-10-19 04:35:14 fig2dev缓冲区溢出漏洞 详情
72161d049409b4cd3aa49918cb381d35 CNVD-2021-78420 (CVE-2020-21530) 2021-10-19 04:35:13 fig2dev分段错误漏洞 详情
2cc9dc76dc98f06ba835fc0cf4531d71 CNVD-2021-78419 (CVE-2020-21529) 2021-10-19 04:35:11 fig2dev栈缓冲区溢出漏洞 详情
44fe51cf8608dfe8dfdc30280a2b1b69 CNVD-2021-67574 2021-10-17 16:42:07 E-Mobile存在命令执行漏洞 详情
e9060a8e88194856c3a385d609ac14b4 CNVD-2021-67303 2021-10-16 16:43:48 EyouCms存在XSS漏洞 详情

国家信息安全漏洞库(CNNVD) [TOP 30] CVES TIME TITLE URL
f8069742e576f4bd4735ebc91258a130 CNNVD-202110-1263 (CVE-2021-36513) 2021-10-18 12:43:06 FreeSWITCH 安全漏洞 详情
8d7da803c477346dfc4f4fbb6513e21d CNNVD-202110-1264 (CVE-2021-41152) 2021-10-18 12:43:04 OpenOlat 安全漏洞 详情
ec86487d338f856503308620ea76a7d7 CNNVD-202110-1265 (CVE-2021-41151) 2021-10-18 12:43:02 backstage 路径遍历漏洞 详情
9c142859e481ec40aadf083a03acc720 CNNVD-202110-1266 (CVE-2021-41153) 2021-10-18 12:42:59 evm crate 安全漏洞 详情
3ae067c5693291b2a4baaabe35aaf59f CNNVD-202110-1267 (CVE-2021-41156) 2021-10-18 12:42:57 anuko timetracker 跨站脚本漏洞 详情
876d91cbe49479362a3469eb9782cdd2 CNNVD-202110-1268 (CVE-2021-21749) 2021-10-18 12:42:55 ZTE MF971R LTE router 缓冲区错误漏洞 详情
10ad133c99c9153c706ded8427423b46 CNNVD-202110-1269 (CVE-2021-42650) 2021-10-18 12:42:53 Portainer 代码注入漏洞 详情
aab448f572a23433c2ecd8199a9a3fd6 CNNVD-202110-1270 (CVE-2021-42055) 2021-10-18 12:42:51 ASUSTek ZenBook Pro Due 15 UX582 安全漏洞 详情
a3e938354beca0e0c232895d3e1e1558 CNNVD-202110-1271 (CVE-2021-41155) 2021-10-18 12:42:48 Tuleap SQL注入漏洞 详情
d41edca488120b013082480cda89f6f6 CNNVD-202110-1272 (CVE-2021-41154) 2021-10-18 12:42:46 Tuleap Open Alm SQL注入漏洞 详情
cbda2456e48baf7d6a5ce67828e6749f CNNVD-202110-1202 (CVE-2021-29878) 2021-10-15 12:43:29 IBM Business Automation Workflow 跨站脚本漏洞 详情
82c07c2771eeebad33b5af012541002b CNNVD-202110-1203 (CVE-2021-40996) 2021-10-15 12:43:27 Aruba ClearPass Policy Manager 安全漏洞 详情
5edc17bbbd20475c56bf912b3308eafe CNNVD-202110-1204 (CVE-2021-40998) 2021-10-15 12:43:25 Aruba ClearPass Policy Manager 安全漏洞 详情
f313dae8e60ecf00563f86116322c90d CNNVD-202110-1205 (CVE-2021-28021) 2021-10-15 12:43:23 stb 缓冲区错误漏洞 详情
0cfb6c8ae47b62368a82aa6341b818c6 CNNVD-202110-1206 (CVE-2021-29679) 2021-10-15 12:43:20 IBM Cognos Analytics 安全漏洞 详情
fd0b38a6d5205129178035a944417205 CNNVD-202110-1207 (CVE-2018-16061) 2021-10-15 12:43:18 Mitsubishi Electric SmartRTU 跨站脚本漏洞 详情
1285309ed689fd7f271d53b6d72f91bc CNNVD-202110-1208 (CVE-2021-29745) 2021-10-15 12:43:16 IBM Cognos Analytics 安全漏洞 详情
a8e55b1e6ed05968d2a0f4a34fb2022d CNNVD-202110-1209 (CVE-2021-41320) 2021-10-15 12:43:14 ION Wallstreet Suite TRM 安全漏洞 详情
69376e95e8645b9d13802a35f19e76c1 CNNVD-202110-1210 (CVE-2018-16060) 2021-10-15 12:43:12 Mitsubishi Electric SmartRTU 安全漏洞 详情
5c73dd82e9e345dafe61d8023fcb7f87 CNNVD-202110-1211 (CVE-2021-27561) 2021-10-15 12:43:10 Yealink Device Management 安全漏洞 详情
4b4c78e5f5a6bcb76beab3f2b84fe45d CNNVD-202110-1063 (CVE-2021-37129) 2021-10-15 12:42:49 Huawei Ngfw Module 安全漏洞 详情
5a4e81e0587607b8a4944d5ecb0014df CNNVD-202110-1054 (CVE-2021-41132) 2021-10-14 12:43:09 OMERO.web跨站脚本漏洞 详情
ca97c5c5fb1c5556d0c303e8903e582f CNNVD-202110-1055 (CVE-2021-42227) 2021-10-14 12:43:07 KindEditor 跨站脚本漏洞 详情
5ad2bf0dd2898a0ef9b4e190c91e2237 CNNVD-202110-1056 (CVE-2021-41142) 2021-10-14 12:43:05 Tuleap Open ALM 跨站脚本漏洞 详情
05fddd449b4dfadccada92edac5c87eb CNNVD-202110-1057 (CVE-2021-42340) 2021-10-14 12:43:02 Apache Tomcat 安全漏洞 详情
e27438e0d6481637cf3bc278245def4a CNNVD-202110-1058 (CVE-2021-42228) 2021-10-14 12:43:00 KindEdirot 跨站请求伪造漏洞 详情
d9bf019c1ef796df3f69b5feddc90910 CNNVD-202110-1059 (CVE-2021-32569) 2021-10-14 12:42:58 Network Manager 跨站脚本漏洞 详情
cd7e6b597a202522930636aae61d1e09 CNNVD-202110-1060 (CVE-2021-32571) 2021-10-14 12:42:56 Network Manager 安全漏洞 详情
223c12b38ad613504d86e8eaf065a65e CNNVD-202110-1061 (CVE-2021-22801) 2021-10-14 12:42:53 Schneider Electric ConneXium Network Manager Software 安全漏洞 详情
bd919e45c6d1604096c2ec1dfc2162fb CNNVD-202110-1062 (CVE-2021-42369) 2021-10-14 12:42:51 Imagicle Application Suite SQL注入漏洞 详情

奇安信 [TOP 30] CVES TIME TITLE URL
6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情

安全客 [TOP 30] CVES TIME TITLE URL
03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情

斗象 [TOP 30] CVES TIME TITLE URL
a418a10f7f4a1694a2293e895b24de6a CVE-2021-35617, CVE-2021-35620 2021-10-20 03:07:34 Oracle WebLogic 多个高危漏洞通告 详情
e2d8ba6cd503627461acaa0de23c51b6 CVE-2021-40449, CVE-2021-26427, CVE-2021-40486, CVE-2021-38672, CVE-2021-40461 2021-10-13 05:29:50 微软2021年10月补丁日漏洞通告 详情
68be9e619a7702aa2cb4d58c255d39c8 CVE-2021-41773, CVE-2021-42013 2021-10-09 03:33:50 Apache HTTP Server 路径遍历漏洞 详情
2b425329012f167ceeee133dcab6c49c CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017 2021-09-22 05:41:12 VMware多个高危漏洞通告 详情
a0f1f4b9e08c161feea107db8c47d55e CVE-2021-26084 2021-08-26 12:03:16 Atlassian Confluence远程代码执行漏洞(CVE-2021-26084) 详情
68ee7b98acb8ba2e45c3638a078d9535 CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, CVE-2021-39154 2021-08-23 06:14:35 XStream 多个反序列化漏洞 详情
e00d270224089dec1dde09bb05ec2678 CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 2021-08-06 08:53:31 Microsoft Exchange 远程代码执行漏洞(PoC已公开) 详情
b36f311a6a1cb8b7c4d2da09512e0fa9 CVE-2021-2394, CVE-2021-2397, CVE-2021-2382 2021-07-21 10:29:24 Oracle WebLogic 多个高危漏洞通告 详情
86cb552f791b9e8159d01a9478a59f9d CVE-2021-34527, CVE-2021-34448, CVE-2021-33771, CVE-2021-31979, CVE-2021-34473, CVE-2021-34520, CVE-2021-34468, CVE-2021-34467, CVE-2021-34449, CVE-2021-33780 2021-07-14 09:40:04 微软2021年7月补丁日漏洞通告 详情
ed706209d0185b2415915cac4afec37b 2021-07-08 08:43:59 YApi远程代码执行漏洞通告 详情
c5bfeca05acdc931e8686c9e3d4ff937 2021-07-02 11:03:50 Windows Print Spooler 远程代码执行漏洞(CVE-2021-34527) 详情
4184ae9f57a2db9063367e64e6cc2cb7 CVE-2021-1675 2021-06-29 10:15:39 Windows Print Spooler远程代码执行漏洞(CVE-2021-1675) 详情
2131ca2cbd7b631f62f8701a925c2767 CVE-2021-21998 2021-06-23 06:20:30 VMware Carbon Black App Control 身份验证绕过漏洞(CVE-2021-21998) 详情
906de48de24b85a2278ae80a9f4d0aa8 2021-06-03 02:48:56 用友NC BeanShell 远程命令执行漏洞 详情
4d9035105f60b9d56f24c24e87fc6e32 CVE-2021-21985 2021-05-26 03:39:33 VMware vCenter Server 远程代码执行漏洞(CVE-2021-21985) 详情
137a4e2d822964f8f8c93f59d00f2bce 2021-04-18 16:38:14 WebLogic T3反序列化漏洞0day 详情
7cb0c487c17f2247b0b81ef4bc51f47b 2021-04-18 16:38:14 WebLogic T3反序列化漏洞0day通告 详情
49c6f9e6d3305e3f6a1b9e819a546f5e 2021-03-18 07:43:11 GitLab markdown远程代码执行漏洞 详情
d260fd6bfb4e9ac71fb3d9e8ac099e8a CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351 2021-03-15 12:14:54 XStream 多个反序列化漏洞 详情
653950b848400677d6b639ceab859948 CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, CVE-2021-22990, CVE-2021-22991, CVE-2021-22992 2021-03-11 03:39:16 F5 BIG-IP/IQ 多个高危漏洞通告 详情
e3e5335fb40b2591fe2db20109b721f8 CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-26411, CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897 2021-03-10 06:12:12 微软2021年3月补丁日漏洞通告 详情
798406bf8b68124deca9085d3eb2d1c5 CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 2021-03-03 03:42:27 微软Exchange多个高危漏洞通告 详情
c4de1572047cc389046c24f3c08a6032 CVE-2021-21972, CVE-2021-21974, CVE-2021-21973 2021-02-24 06:53:19 VMware多个高危漏洞通告 详情
e24aa9f6bc8de2f5a5c26f521f1ecab7 CVE-2021-3156 2021-01-27 09:03:36 sudo本地权限提升漏洞(CVE-2021-3156) 详情
1ca52c925f4caae6425f3fde97dadb79 2021-01-26 09:30:20 SonicWall SSL-VPN 远程命令执行漏洞 详情
1b1695140e14e77738f02be5b6c390f1 CVE-2021-1994, CVE-2020-14756, CVE-2021-2047, CVE-2021-2064, CVE-2021-2108 2021-01-20 03:56:12 Oracle WebLogic 多个安全漏洞 详情
5933116115eeeaeb4de0f2170f3d016d 2021-01-15 11:39:06 JumpServer 远程命令执行漏洞 详情
07e5628c0aa5289c6cfd7f22b75c9481 CVE-2021-1647, CVE-2021-1648, CVE-2021-1677, CVE-2021-1674 2021-01-13 07:00:20 微软2021年1月补丁日漏洞通告 详情
58dd177414d5a7f6be24321ccb4e8617 2021-01-11 03:17:50 致远OA多个高危漏洞通告 详情
c53899e17bb99e72c26a50891bfaaa58 CVE-2020-17518, CVE-2020-17519 2021-01-06 05:46:00 Apache Flink 目录遍历漏洞(CVE-2020-17518/17519) 详情

红后 [TOP 30] CVES TIME TITLE URL
c8c7bdebcfe2faba6fec05f16930a2a4 CVE-2021-29595 2021-10-19 13:24:57 Google TensorFlow 数字错误漏洞 详情
a635f633e509d4830dc07002f3ce2674 CVE-2021-29598 2021-10-19 13:24:54 Google TensorFlow 数字错误漏洞 详情
02c1a8e4866e0ad4690382e00d8ccce8 CVE-2021-29604 2021-10-19 13:24:51 Google TensorFlow 数字错误漏洞 详情
fc59cd11bb74c2131db557715d87192f CVE-2021-29596 2021-10-19 13:24:48 Google TensorFlow 数字错误漏洞 详情
6bcb8d102ed62842125d8fad0c060f85 CVE-2021-29608 2021-10-19 13:24:45 Google TensorFlow 安全漏洞 详情
6352dcf244ba202885f74ef9fcd57c0b CVE-2021-29599 2021-10-19 13:24:43 Google TensorFlow 数字错误漏洞 详情
2d95167b87c346e7a7962da743c284ed CVE-2021-29597 2021-10-19 13:24:40 Google TensorFlow 数字错误漏洞 详情
68074b419b9509f4c85d70aefad8eaa2 CVE-2021-29609 2021-10-19 13:24:37 Google TensorFlow 代码问题漏洞 详情
12fe23779b5f630b766a7204ab1fc0a6 CVE-2021-29600 2021-10-19 13:24:34 Google TensorFlow 数字错误漏洞 详情
049373e80a3c63e54399ec6057f8e2ab CVE-2021-29601 2021-10-19 13:24:31 Google TensorFlow输入验证错误漏洞 详情
79e9b5dbe32dba1c8ed4472d04defce3 CVE-2021-28461 2021-10-18 13:24:22 Microsoft Dynamics Finance & Operations 跨站脚本漏洞 详情
93c8176e98978bb3cd3cd181c87e7890 CVE-2021-28479 2021-10-18 13:24:19 Microsoft Windows CSC Service 信息泄露漏洞 详情
eb45f982795c01b3e4d2a8713c676f06 CVE-2021-28476 2021-10-18 13:24:16 Microsoft Hyper-V 代码注入漏洞 详情
504d46927db7b55992bb3f0e6412fe50 CVE-2021-31166 2021-10-18 13:24:14 Microsoft HTTP.sys 代码注入漏洞 详情
b9c81103316955d90ec68e26a51d9d1e CVE-2021-31165 2021-10-18 13:24:11 Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 详情
360aab5c9b3e1de6a7bcc1307f98d18e CVE-2021-31168 2021-10-18 13:24:08 Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 详情
7147958e4e0cbddb7b64726704037dba CVE-2021-31169 2021-10-18 13:24:05 Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 详情
b80e196e8c06f1fb5f520807007c4e72 CVE-2021-31171 2021-10-18 13:24:03 Microsoft SharePoint 信息泄露漏洞 详情
5c3a5bf742054363f141c9624f24b9e7 CVE-2021-28474 2021-10-18 13:24:00 Microsoft SharePoint 命令注入漏洞 详情
fa13681bed6ed46e06d00bc7a270139e CVE-2021-31172 2021-10-18 13:23:57 Microsoft SharePoint 安全漏洞 详情
794e8e6da1555ec1061c4d89d80e9983 CVE-2020-20267 2021-10-17 13:34:39 Mikrotik RouterOs 缓冲区错误漏洞 详情
de0cd94c3f77eed09d5856126d7f6d07 CVE-2021-21648 2021-10-17 13:34:36 Jenkins 跨站脚本漏洞 详情
d09e89f8b022588c8fde0fbc8deed0fe CVE-2021-21651 2021-10-17 13:34:33 Jenkins 信息泄露漏洞 详情
68ca31a45da324b5637c325421ff72be CVE-2021-21655 2021-10-17 13:34:30 Jenkins 跨站请求伪造漏洞 详情
c9ac81202259092026ce087b6290c78e CVE-2021-21654 2021-10-17 13:34:27 Jenkins 访问控制错误漏洞 详情
99fa465151e92bb33fab06db919e9d8b CVE-2020-20265 2021-10-17 13:34:25 Mikrotik RouterOs 安全漏洞 详情
5f713c3722d90e13df3b504b5c5c3fb6 CVE-2021-27616 2021-10-17 13:34:22 SAP Business One 权限许可和访问控制问题漏洞 详情
2dec2e788aacfbfc6957dda118b6aa9f CVE-2021-21650 2021-10-17 13:34:19 Jenkins 信息泄露漏洞 详情
30667f7ad99176fca84aeeb9a1c42304 CVE-2021-27614 2021-10-17 13:34:19 SAP Business One 注入漏洞 详情
223ab8fe413b7da4a76956de9941a8ac CVE-2021-27617 2021-10-17 13:34:15 SAP Process Integration 资源管理错误漏洞 详情

绿盟 [TOP 30] CVES TIME TITLE URL
9d26d2b51f2680ee1f3b5257507635cf CVE-2021-40728 2021-10-19 09:26:28 Adobe Acrobat Reader DC内存错误引用漏洞 详情
bf3b2fe11a0e3903ba8382f18a57f2f2 CVE-2021-40995 2021-10-19 09:26:28 Aruba ClearPass Policy Manager远程命令注入漏洞 详情
4625d86b18e3eff05c1d91adbd869827 CVE-2021-40994 2021-10-19 09:26:28 Aruba ClearPass Policy Manager远程命令注入漏洞 详情
116fb325534b6cc727948afddc1da9ea CVE-2021-40993 2021-10-19 09:26:28 Aruba ClearPass Policy Manager SQL注入漏洞 详情
68010ef987cb7c7cb3b0ae74a3be1d42 CVE-2021-40992 2021-10-19 09:26:28 Aruba ClearPass Policy Manager SQL注入漏洞 详情
5bd43e90dc12bef1d6250973bde6dad8 CVE-2021-40991 2021-10-19 09:26:28 Aruba ClearPass Policy Manager权限提升漏洞 详情
e71889246e5500b3f7d44762e6b60c16 CVE-2021-40990 2021-10-19 09:26:28 Aruba ClearPass Policy Manager信息泄露漏洞 详情
5fa96a5bf05497b548c3695554f57f5a CVE-2021-40988 2021-10-19 09:26:28 Aruba ClearPass Policy Manager路径遍历漏洞 详情
fb870ca7973712590a49a738659df9c5 CVE-2021-40999 2021-10-19 09:26:28 Aruba ClearPass Policy Manager远程命令注入漏洞 详情
c05ed6f44779f594ebc71d013cff9a17 CVE-2021-40998 2021-10-19 09:26:28 Aruba ClearPass Policy Manager远程命令注入漏洞 详情
971cf4a0ace7313cf6e5a013685fe451 CVE-2021-40987 2021-10-19 09:26:28 Aruba ClearPass Policy Manager远程命令注入漏洞 详情
5033d6122b58ca8b6c0d024af22859e0 CVE-2021-40986 2021-10-19 09:26:28 Aruba ClearPass Policy Manager远程命令注入漏洞 详情
6494b08b9d7f21614bca74d586993a36 CVE-2021-37739 2021-10-19 09:26:28 Aruba ClearPass Policy Manager远程命令注入漏洞 详情
21a472682b197f56461654f4397f94cd CVE-2021-37738 2021-10-19 09:26:28 Aruba ClearPass Policy Manager信息泄露漏洞 详情
86d4ac2a3c8cf0f78d7e14fb11e2bcf3 CVE-2021-37737 2021-10-19 09:26:28 Aruba ClearPass Policy Manager SQL注入漏洞 详情
0f2dfcfb97b61ee13ada76fa1b8f2cbd CVE-2021-41732 2021-10-18 09:27:01 Zeek HTTP请求拆分漏洞 详情
1379ed14705a1409b43c500b34a60cc6 CVE-2021-41573 2021-10-18 09:27:01 Hitachi Content Platform Anywhere信息泄露漏洞 详情
05362ffe7bdea6531fb8d631254a3705 CVE-2021-41764 2021-10-18 09:27:01 Streama跨站请求伪造漏洞 详情
8e323816539d9aebfaa227564bf404cc CVE-2021-41821 2021-10-18 09:27:01 Wazuh Manager整数溢出漏洞 详情
c5d5bbc0c570183cc1b53f1dcbbf64f7 CVE-2021-25963 2021-10-18 09:27:01 Shuup跨站脚本漏洞 详情
7c5eaa98885574d8acfbcc5d0f85da63 CVE-2021-40715 2021-10-18 09:27:01 Adobe Premiere Pro缓冲区溢出漏洞 详情
09fca38415450c122b27d7060be841f0 CVE-2021-40710 2021-10-18 09:27:01 Adobe Premiere Pro缓冲区溢出漏洞 详情
18c1e9b2b4220603bcb06090259c1429 CVE-2021-39862 2021-10-18 09:27:01 Adobe Framemaker越界读取漏洞 详情
d77883bd34ec16d16df503c167ba1df6 CVE-2021-40716 2021-10-18 09:27:01 Adobe XMP Toolkit SDK越界读取漏洞 详情
2c452f999aa023f7e87da74aa9ab6c0b CVE-2021-40708 2021-10-18 09:27:01 Adobe Genuine Service权限提升漏洞 详情
386e00a2aab0fd5d979ccf54c6b882ee CVE-2021-40697 2021-10-18 09:27:01 Adobe Framemaker越界读取漏洞 详情
5de6056643a513a45f7441ad9e9d14ee CVE-2021-39865 2021-10-18 09:27:01 Adobe Framemaker越界读取漏洞 详情
ba5128fe7163ce15df2daf03df54b7ad CVE-2021-39863 2021-10-18 09:27:01 Adobe Acrobat Reader DC缓冲区溢出漏洞 详情
1ce0d14b6ad1285cb873da0ba6ac11f5 CVE-2020-20131 2021-10-18 09:27:01 LaraCms跨站脚本漏洞 详情
3383462b47a74e350426fdd27986a026 CVE-2020-20129 2021-10-18 09:27:01 LaraCms跨站脚本漏洞 详情

美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL
81df7be9eab9341533c4f7fe97694a55 CVE-2021-42228 2021-10-14 17:15:08 A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html. 详情
ac128b8389587791e80781eefc22b9c1 CVE-2021-42227 2021-10-14 17:15:08 Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed). 详情
96adc4ecc18ff9d6030c601a84243ec2 CVE-2021-42224 2021-10-13 18:15:08 SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. 详情
48c14619541a3ba24fef375532b1d550 CVE-2021-42223 2021-10-13 18:15:08 Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. 详情
bd48c68fc754b77a0ba6bdbcee38a5f5 CVE-2021-42325 2021-10-12 20:15:07 Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. 详情
876ec7c5488b2b52655b672e47c6aca2 CVE-2021-42326 2021-10-12 19:15:08 Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. 详情
12891b16885c9cbaddbefdc74f89d822 CVE-2021-42260 2021-10-11 20:15:07 TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. 详情
c73c94a35971fba74dacdf0a0762b548 CVE-2021-42257 2021-10-11 20:15:07 check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression. 详情
9bcbf18fc7e83dcc883b5e13df6d5a9b CVE-2021-42252 2021-10-11 19:15:07 An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. 详情
c73b37559cd66bc50a1ad02edac60b7e CVE-2021-42137 2021-10-11 05:15:06 An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc. 详情
e40551d032f601a81ec766911018ab4a CVE-2021-42139 2021-10-11 05:15:06 Deno before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations. 详情
b53b3fbd8e8ac5c1c355fb85cbd7a65c CVE-2021-42135 2021-10-11 03:15:06 HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials. 详情
aa88b2cad73a70a104ad309ed5d6e54e CVE-2021-42134 2021-10-11 01:15:06 The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. 详情
62a522c9c5f0706e0ff03593626605f2 CVE-2021-42112 2021-10-08 21:15:07 The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. 详情
d9823ceab49a1e41aa1d9d9ec441fbee CVE-2021-42109 2021-10-08 18:15:07 VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root. 详情
1b46e74a45728bccf35f2f09570a05fe CVE-2021-42088 2021-10-07 21:15:07 An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. 详情
bc7cd26fa6031270e91cdb562d1f7710 CVE-2021-42085 2021-10-07 21:15:07 An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar. 详情
450af52ac07c0ae2cc153a35a9928d5d CVE-2021-42091 2021-10-07 21:15:07 An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. 详情
5428e8fac1033fd7685e0d36ea645951 CVE-2021-42090 2021-10-07 21:15:07 An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled. 详情
13cd58533e6dd91ba3a1444bce45fdff CVE-2021-42089 2021-10-07 21:15:07 An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. 详情
09de9e605b61a33e33ba89142f1d4fac CVE-2021-42087 2021-10-07 21:15:07 An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. 详情
37796a01fcb3f23ca49bb005262121ce CVE-2021-42086 2021-10-07 21:15:07 An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. 详情
a26b162b858c9e9b03f3ee9f1362898e CVE-2021-42095 2021-10-07 21:15:07 Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. 详情
65b462dcbe784a6b362ab7c4629aa516 CVE-2021-42094 2021-10-07 20:15:07 An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages. 详情
21d11dcf762cad7d315a6f8820661432 CVE-2021-42093 2021-10-07 20:15:07 An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. 详情
38466bb27f18876a753d109bfe46e3af CVE-2021-42092 2021-10-07 20:15:07 An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket. 详情
6568994f5fec9ef0ef869b00b9b2ceca CVE-2021-41773 2021-10-05 09:15:07 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. 详情
01339c76b681194aa848130d48c692a9 CVE-2021-42008 2021-10-05 00:15:07 The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. 详情
0858c12dfbe7e741db64f1cd912fca26 CVE-2021-42006 2021-10-04 23:15:08 An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file. 详情
0822bf41e70dded549513624cc46190f CVE-2021-41651 2021-10-04 19:15:08 A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. 详情




赞助途径