威胁情报播报
| 360 网络安全响应中心 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 76d4758f15cac67a05151fedf8345440 | 2021-10-20 02:23:50  |
2021-10 补丁日: Oracle多个产品漏洞安全风险通告 | 详情 | |
| 53e2086a60b98d992aa6d1aecbddd1b4 | 2021-10-18 03:28:06 | 安全事件周报 (10.11-10.17) | 详情 | |
| c4b2adb477e10f37561b156d82c204f7 | CVE-2021-42340 | 2021-10-15 07:49:41 | Apache Tomcat 拒绝服务漏洞通告 | 详情 |
| fb815372266f86deecfc74bb80c1fd0d | 2021-10-13 06:40:56 | Linux挖矿木马NtpClient事件分析 | 详情 | |
| e3881b85580a51c8f62eb81259cf56a2 | 2021-10-13 02:32:08 | 2021-10 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
| 73693ec6d7f21e08a127128365a91bea | 2021-10-11 03:19:25 | 安全事件周报 (10.04-10.10) | 详情 | |
| 02f7ad2be491c35c59ec22222810c7cd | CVE-2021-42013 | 2021-10-11 02:22:10 | Apache HTTP Server 路径穿越漏洞通告 | 详情 |
| 61ff4f18db934d14a83001f25caddda0 | 2021-10-08 06:16:56 | 安全事件周报 (09.27-10.03) | 详情 | |
| 0db129d6146257595e4cbdc44be22d00 | 2021-09-27 10:21:28 | 安全事件周报 (09.20-09.26) | 详情 | |
| 37c9423769967d0cf58dae1b900a396b | 2021-09-22 07:45:31 | 安全事件周报 (09.13-09.19) | 详情 | |
| 6be63274025717491cbc8e10f3dbf024 | 2021-09-22 02:39:12 | VMware vCenter Server多个高危漏洞通告 | 详情 | |
| a6ae01b327e817f7c9069548016462f6 | 2021-09-15 02:46:18 | 2021-09 补丁日: 微软多个漏洞安全更新通告 | 详情 | |
| 732d8dd6f94d4f26aae5446404832860 | 2021-09-14 07:20:13 | 2021-09 补丁日: Chrome多个漏洞安全更新通告 | 详情 | |
| ee3f2c97a6fc0efd4ac4aaa53e4a5b3a | 2021-09-13 02:46:46 | 安全事件周报 (09.06-09.12) | 详情 | |
| f080a471257f4dcbece4d5d9a9ff5107 | CVE-2021-40444 | 2021-09-08 03:06:26 | CVE-2021-40444:微软官方发布MSHTML组件在野0day漏洞通告 | 详情 |
| 03358819e8b63cf3660e6ba3f60ccf26 | 2021-09-06 06:03:21 | 安全事件周报 (08.30-09.05) | 详情 | |
| 04a2b4e0e48d0940bb6e4771011ca348 | CVE-2021-26084 | 2021-09-01 07:29:08 | 【通告更新】CVE-2021-26084:Confluence OGNL 注入漏洞通告 | 详情 |
| 45e6878b572f45485631468ceb9110da | 2021-08-30 06:10:36 | 安全事件周报 (08.23-08.29) | 详情 | |
| d78009bcb8c3a411c54e017ab2c76516 | 2021-08-23 07:23:50 | 2021-08: XStream 多个高危漏洞通告 | 详情 | |
| a93ee16bf37c73fbd8f58e77f072b37f | CVE-2021-20032 | 2021-08-17 03:09:22 | CVE-2021-20032:SonicWall Analytics 远程代码执行漏洞通告 | 详情 |
| dfba4463b07c7a5f255c3e259e2c4a0e | CVE-2021-36958 | 2021-08-12 06:47:50 | Windows Print Spooler打印机漏洞通告 | 详情 |
| dfba4463b07c7a5f255c3e259e2c4a0e | CVE-2021-36958 | 2021-08-12 06:47:50 | Windows Print Spooler打印机漏洞通告 | 详情 |
| cc797471d65a70bb275239b0bf6d889a | 2021-08-12 02:37:22 | Conti勒索集团内部核心资料分析 | 详情 | |
| cc797471d65a70bb275239b0bf6d889a | 2021-08-12 02:37:22 | Conti勒索集团内部核心资料分析 | 详情 | |
| 8d5c0347d712c60b3be2069cb5e3e333 | 2021-08-11 02:48:42 | 2021-08 补丁日: 微软多个产品漏洞安全更新通告 | 详情 | |
| 8d5c0347d712c60b3be2069cb5e3e333 | 2021-08-11 02:48:42 | 2021-08 补丁日: 微软多个产品漏洞安全更新通告 | 详情 | |
| 8a3e0fae26125c451874d1f87b6f7b67 | 2021-08-09 03:46:22 | 安全事件周报 (08.02-08.08) | 详情 | |
| 8a3e0fae26125c451874d1f87b6f7b67 | 2021-08-09 03:46:22 | 安全事件周报 (08.02-08.08) | 详情 | |
| ed612af34543e280880d4c3014234a3c | 2021-07-29 01:57:11 | YourData勒索软件国内攻击通告 | 详情 | |
| 417c12dc2092d637acc3a3471845c855 | 2021-07-27 09:13:49 | Windows MS-EFSRPC协议Ntlm Relay攻击通告 | 详情 |
| Tenable (Nessus) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 3d46d14c2ff2260996443cfe0ea3b29b | CVE-2021-3455 | 2021-10-19 23:15:00 |
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp | 详情 |
| ad745cbffd762e438dd8471aa39c6e30 | CVE-2021-3454 | 2021-10-19 23:15:00 |
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3 | 详情 |
| a8eb02e61f385674f1a0550aa5c59628 | CVE-2021-41150 | 2021-10-19 20:15:00 |
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known. | 详情 |
| 6622f3e56e2e68d8443c5d534d44cf9a | CVE-2021-31386 | 2021-10-19 19:15:00 |
A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. | 详情 |
| 7f64616f1477f2ee581958178cfc540b | CVE-2021-31385 | 2021-10-19 19:15:00 |
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. | 详情 |
| bef1a070f39edfcabf38635f016fa0ce | CVE-2021-31384 | 2021-10-19 19:15:00 |
Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. | 详情 |
| 224a3a3df02a346ffcfbfa2b5e76f0ae | CVE-2021-31383 | 2021-10-19 19:15:00 |
In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a remote unauthenticated network attacker causes the RPD to crash causing a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1. Juniper Networks Junos OS Evolved 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO. | 详情 |
| 908f8c0801b822bc030d040437fbf20c | CVE-2021-31382 | 2021-10-19 19:15:00 |
On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. These firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments. This issue affects Juniper Networks Junos OS on PTX1000 System: 17.2 versions 17.2R1 and later versions prior to 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2. This issue does not affect Juniper Networks Junos OS prior to version 17.2R1 on PTX1000 System. This issue affects Juniper Networks Junos OS on PTX10002-60C System: 18.2 versions 18.2R1 and later versions prior to 18.4 versions prior to 18.4R3-S9; 19.1 versions later than 19.1R1 prior to 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions 20.4R1 and later versions prior to 21.1 versions prior to 21.1R2; 21.2 versions 21.2R1 and later versions prior to 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS prior to version 18.2R1 on PTX10002-60C System. This issue impacts all filter families (inet, inet6, etc.) and all loopback filters. It does not rely upon the location where a filter is set, impacting both logical and physical interfaces. | 详情 |
| d8303618aa9b70510dc56ccda922a962 | CVE-2021-31381 | 2021-10-19 19:15:00 |
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system. | 详情 |
| 9795dd2f585bb9355f9109fb0c51e2cb | CVE-2021-31380 | 2021-10-19 19:15:00 |
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information. | 详情 |
| 57ed63d56853b7b1be43e9f18e7a4292 | CVE-2021-31379 | 2021-10-19 19:15:00 |
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these packets. Continued receipt and processing of these malformed IPv4 or IPv6 packets will create a sustained Denial of Service (DoS) condition. This issue only affects MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. An indicator of compromise is the output: FPC ["FPC ID" # e.g. "0"] PFE #{PFE ID # e.g. "1"] : Fabric Disabled Example: FPC 0 PFE #1 : Fabric Disabled when using the command: show chassis fabric fpcs An example of a healthy result of the command use would be: user@device-re1> show chassis fabric fpcs Fabric management FPC state: FPC 0 PFE #0 Plane 0: Plane enabled Plane 1: Plane enabled Plane 2: Plane enabled Plane 3: Plane enabled Plane 4: Plane enabled Plane 5: Plane enabled Plane 6: Plane enabled Plane 7: Plane enabled This issue affects: Juniper Networks Junos OS on MX Series with MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1. | 详情 |
| 94e89b91bdd23ac8a9caff103feaf53b | CVE-2021-31378 | 2021-10-19 19:15:00 |
In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be forced into a "Terminating" state by an attacker who is able to send spoofed messages appearing to originate from trusted RADIUS server(s) destined to the device in response to the subscriber's request. These spoofed messages cause the Junos OS General Authentication Service (authd) daemon to force the broadband subscriber into this "Terminating" state which the subscriber will not recover from thereby causing a Denial of Service (DoS) to the endpoint device. Once in the "Terminating" state, the endpoint subscriber will no longer be able to access the network. Restarting the authd daemon on the Junos OS device will temporarily clear the subscribers out of the "Terminating" state. As long as the attacker continues to send these spoofed packets and subscribers request to be logged out, the subscribers will be returned to the "Terminating" state thereby creating a persistent Denial of Service to the subscriber. An indicator of compromise may be seen by displaying the output of "show subscribers summary". The presence of subscribers in the "Terminating" state may indicate the issue is occurring. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect: Juniper Networks Junos OS 12.3 version 12.3R1 and later versions; 15.1 version 15.1R1 and later versions. | 详情 |
| 2e66af0bdf184ca44275805d4d60dce7 | CVE-2021-33988 | 2021-10-19 17:15:00 |
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form. | 详情 |
| d8fb9a5731137bcafd7c599a7ddd6673 | CVE-2021-38911 | 2021-10-19 16:15:00 |
IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940. | 详情 |
| f987c14bed06ff6d5954175c99aca06d | CVE-2021-29912 | 2021-10-19 16:15:00 |
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828. | 详情 |
| e6f7346a3d0af61b6c1904a45520024d | CVE-2020-12141 | 2021-10-19 16:15:00 |
An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c. | 详情 |
| 549242d869a31bbe161a660bb10a5a38 | CVE-2021-39355 | 2021-10-19 15:15:00 |
The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 详情 |
| f21ee4cfd8cafe856dd9e5deb1240c81 | CVE-2021-39343 | 2021-10-19 15:15:00 |
The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 详情 |
| 55d116368f1019f7a209f41d421e0c95 | CVE-2021-39329 | 2021-10-19 15:15:00 |
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 详情 |
| 6ec4be25b6162248044d18df8386e7c6 | CVE-2021-3746 | 2021-10-19 15:15:00 |
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6. | 详情 |
| 772899da3d4e03b9fecfff8df3312392 | CVE-2021-37137 | 2021-10-19 15:15:00 |
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. | 详情 |
| 6d770190766d00bd8e344452519b4b0f | CVE-2021-37136 | 2021-10-19 15:15:00 |
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack | 详情 |
| 6f636a76cbcbdfc8f2b245041a368948 | CVE-2021-36832 | 2021-10-19 15:15:00 |
WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input. | 详情 |
| 1269f811ac035944e4a2fe36e6dac48d | CVE-2021-27001 | 2021-10-19 15:15:00 |
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. | 详情 |
| 806b2e15012b196a8f55a7e25ad63551 | CVE-2021-26589 | 2021-10-19 15:15:00 |
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers. | 详情 |
| 76e79457e9ed9f98a3a09b57f364b42f | CVE-2011-1075 | 2021-10-19 15:15:00 |
FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, which takes a pathname as an argument, and is called with euid 0. A race condition in this process may lead to an arbitrary MD5 comparison regardless of the read permissions. | 详情 |
| 3df54382d47477c7d635226582d38efa | CVE-2021-3889 | 2021-10-19 13:15:00 |
libmobi is vulnerable to Use of Out-of-range Pointer Offset | 详情 |
| 5fc742b6b3e22996b7eaf9f874aa7697 | CVE-2021-3888 | 2021-10-19 13:15:00 |
libmobi is vulnerable to Use of Out-of-range Pointer Offset | 详情 |
| 6a5928376f8bb9a421f1ebd83bcfc666 | CVE-2021-3879 | 2021-10-19 13:15:00 |
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 详情 |
| ce189de560d543477ef7f615f736bec3 | CVE-2021-3872 | 2021-10-19 13:15:00 |
vim is vulnerable to Heap-based Buffer Overflow | 详情 |
| 国家信息安全漏洞共享平台(CNVD) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 5411f3398c7ab5a95072751b63da38dd | CNVD-2021-78736 (CVE-2021-37921) | 2021-10-20 02:38:38 |
ZOHO ManageEngine ADManager Plus文件上传漏洞 | 详情 |
| 684be72250e045877e8ec0314005faec | CNVD-2021-78735 (CVE-2021-37923) | 2021-10-20 02:38:37 |
ZOHO ManageEngine ADManager Plus文件上传漏洞 | 详情 |
| 28a7f4fcd8b85b14521e4392a5135ea4 | CNVD-2021-78734 (CVE-2021-37924) | 2021-10-20 02:38:36 |
ZOHO ManageEngine ADManager Plus文件上传漏洞 | 详情 |
| ace147b5efe0bdb56c8aee24e7cb7594 | CNVD-2021-78733 (CVE-2021-37926) | 2021-10-20 02:38:35 |
ZOHO ManageEngine ADManager Plus文件上传漏洞 | 详情 |
| 514b1e363b8758471236f97253090a3f | CNVD-2021-78732 (CVE-2021-37928) | 2021-10-20 02:38:33 |
ZOHO ManageEngine ADManager Plus文件上传漏洞 | 详情 |
| 1a57581ef524df42e3af57eff5c9a029 | CNVD-2021-78731 (CVE-2021-37929) | 2021-10-20 02:38:32 |
ZOHO ManageEngine ADManager Plus文件上传漏洞 | 详情 |
| 5e57542cfb8365056e6fb987b51cbae0 | CNVD-2021-78730 (CVE-2021-37920) | 2021-10-20 02:38:31 |
ZOHO ManageEngine ADManager Plus文件上传漏洞 | 详情 |
| ecf49dc7dbae438093c40cbf09ba1160 | CNVD-2021-78729 (CVE-2021-37919) | 2021-10-20 02:38:30 |
ZOHO ManageEngine ADManager Plus文件上传漏洞 | 详情 |
| 2378187532b284e0c7f10517d0303bc1 | CNVD-2021-78728 (CVE-2021-37918) | 2021-10-20 02:38:28 |
ZOHO ManageEngine ADManager Plus文件上传漏洞 | 详情 |
| e742de339cadc059b849e8437cdec88f | CNVD-2021-78727 (CVE-2021-37762) | 2021-10-20 02:38:27 |
ZOHO ManageEngine ADManager Plus文件上传漏洞 | 详情 |
| 4765f8f3e828a3e94e81724d7a7f8b63 | CNVD-2021-78442 (CVE-2021-20485) | 2021-10-19 07:25:02 |
IBM Sterling File Gateway信息泄露漏洞 | 详情 |
| 5aeaf328ffed0eee02e4185d7c4ae3cf | CNVD-2021-78441 (CVE-2020-4654) | 2021-10-19 07:25:01 |
IBM Sterling File Gateway信息泄露漏洞 | 详情 |
| 28dcdb3417eb1f1dbe6ef9a78da3dc9a | CNVD-2021-78440 (CVE-2021-29700) | 2021-10-19 07:24:59 |
IBM Sterling B2B Integrator信息泄露漏洞 | 详情 |
| 5512c987f2680137802565b4f5354ead | CNVD-2021-78439 (CVE-2021-20584) | 2021-10-19 07:24:58 |
IBM Sterling File Gateway任意文件上传漏洞 | 详情 |
| dc995682533c2014122f5cb664a6b0db | CNVD-2021-78438 (CVE-2021-20561) | 2021-10-19 07:24:57 |
IBM Sterling File Gateway跨站脚本漏洞 | 详情 |
| 96c1baedee89c9bcb66fc2a1f902adbb | CNVD-2021-78437 (CVE-2021-20552) | 2021-10-19 07:24:56 |
IBM Sterling File Gateway信息泄露漏洞 | 详情 |
| 5df4b15a4b270c769cf0f1a8deb58f58 | CNVD-2021-78436 (CVE-2021-20489) | 2021-10-19 07:24:54 |
IBM Sterling File Gateway跨站请求伪造漏洞 | 详情 |
| 3ce0b60ac771ff5cdb17ef502d43e773 | CNVD-2021-78435 (CVE-2021-20481) | 2021-10-19 07:24:53 |
IBM Sterling File Gateway跨站脚本漏洞 | 详情 |
| 55a35ee8b7f919d40e62f172488d4029 | CNVD-2021-78430 (CVE-2020-21598) | 2021-10-19 04:35:23 |
libde265堆缓冲区溢出漏洞 | 详情 |
| 63ad76d3772e424e3739f91b16ed32e7 | CNVD-2021-78429 (CVE-2020-21597) | 2021-10-19 04:35:21 |
libde265堆缓冲区溢出漏洞 | 详情 |
| ea5cfa970dcb0d070fc2ab357e31e246 | CNVD-2021-78427 (CVE-2020-21595) | 2021-10-19 04:35:20 |
libde265堆缓冲区溢出漏洞 | 详情 |
| abc7cd069a54659e36beb50d96fa810c | CNVD-2021-78426 (CVE-2020-21594) | 2021-10-19 04:35:19 |
libde265堆缓冲区溢出漏洞 | 详情 |
| 5e799e1ec81a767ede6a16de090897fb | CNVD-2021-78425 (CVE-2020-21535) | 2021-10-19 04:35:18 |
fig2dev分段错误漏洞 | 详情 |
| da4bdf61d521d955abe7e251f5246b75 | CNVD-2021-78424 (CVE-2020-21534) | 2021-10-19 04:35:16 |
fig2dev缓冲区溢出漏洞 | 详情 |
| 1a7a5e700c32df1bb3fe772efbc49b2b | CNVD-2021-78423 (CVE-2020-21533) | 2021-10-19 04:35:15 |
fig2dev栈缓冲区溢出漏洞 | 详情 |
| d9c6b3a42d1c96d1c1bb6f82ff407921 | CNVD-2021-78422 (CVE-2020-21532) | 2021-10-19 04:35:14 |
fig2dev缓冲区溢出漏洞 | 详情 |
| 72161d049409b4cd3aa49918cb381d35 | CNVD-2021-78420 (CVE-2020-21530) | 2021-10-19 04:35:13 |
fig2dev分段错误漏洞 | 详情 |
| 2cc9dc76dc98f06ba835fc0cf4531d71 | CNVD-2021-78419 (CVE-2020-21529) | 2021-10-19 04:35:11 |
fig2dev栈缓冲区溢出漏洞 | 详情 |
| 44fe51cf8608dfe8dfdc30280a2b1b69 | CNVD-2021-67574 | 2021-10-17 16:42:07 | E-Mobile存在命令执行漏洞 | 详情 |
| e9060a8e88194856c3a385d609ac14b4 | CNVD-2021-67303 | 2021-10-16 16:43:48 | EyouCms存在XSS漏洞 | 详情 |
| 国家信息安全漏洞库(CNNVD) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| f8069742e576f4bd4735ebc91258a130 | CNNVD-202110-1263 (CVE-2021-36513) | 2021-10-18 12:43:06 | FreeSWITCH 安全漏洞 | 详情 |
| 8d7da803c477346dfc4f4fbb6513e21d | CNNVD-202110-1264 (CVE-2021-41152) | 2021-10-18 12:43:04 | OpenOlat 安全漏洞 | 详情 |
| ec86487d338f856503308620ea76a7d7 | CNNVD-202110-1265 (CVE-2021-41151) | 2021-10-18 12:43:02 | backstage 路径遍历漏洞 | 详情 |
| 9c142859e481ec40aadf083a03acc720 | CNNVD-202110-1266 (CVE-2021-41153) | 2021-10-18 12:42:59 | evm crate 安全漏洞 | 详情 |
| 3ae067c5693291b2a4baaabe35aaf59f | CNNVD-202110-1267 (CVE-2021-41156) | 2021-10-18 12:42:57 | anuko timetracker 跨站脚本漏洞 | 详情 |
| 876d91cbe49479362a3469eb9782cdd2 | CNNVD-202110-1268 (CVE-2021-21749) | 2021-10-18 12:42:55 | ZTE MF971R LTE router 缓冲区错误漏洞 | 详情 |
| 10ad133c99c9153c706ded8427423b46 | CNNVD-202110-1269 (CVE-2021-42650) | 2021-10-18 12:42:53 | Portainer 代码注入漏洞 | 详情 |
| aab448f572a23433c2ecd8199a9a3fd6 | CNNVD-202110-1270 (CVE-2021-42055) | 2021-10-18 12:42:51 | ASUSTek ZenBook Pro Due 15 UX582 安全漏洞 | 详情 |
| a3e938354beca0e0c232895d3e1e1558 | CNNVD-202110-1271 (CVE-2021-41155) | 2021-10-18 12:42:48 | Tuleap SQL注入漏洞 | 详情 |
| d41edca488120b013082480cda89f6f6 | CNNVD-202110-1272 (CVE-2021-41154) | 2021-10-18 12:42:46 | Tuleap Open Alm SQL注入漏洞 | 详情 |
| cbda2456e48baf7d6a5ce67828e6749f | CNNVD-202110-1202 (CVE-2021-29878) | 2021-10-15 12:43:29 | IBM Business Automation Workflow 跨站脚本漏洞 | 详情 |
| 82c07c2771eeebad33b5af012541002b | CNNVD-202110-1203 (CVE-2021-40996) | 2021-10-15 12:43:27 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
| 5edc17bbbd20475c56bf912b3308eafe | CNNVD-202110-1204 (CVE-2021-40998) | 2021-10-15 12:43:25 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
| f313dae8e60ecf00563f86116322c90d | CNNVD-202110-1205 (CVE-2021-28021) | 2021-10-15 12:43:23 | stb 缓冲区错误漏洞 | 详情 |
| 0cfb6c8ae47b62368a82aa6341b818c6 | CNNVD-202110-1206 (CVE-2021-29679) | 2021-10-15 12:43:20 | IBM Cognos Analytics 安全漏洞 | 详情 |
| fd0b38a6d5205129178035a944417205 | CNNVD-202110-1207 (CVE-2018-16061) | 2021-10-15 12:43:18 | Mitsubishi Electric SmartRTU 跨站脚本漏洞 | 详情 |
| 1285309ed689fd7f271d53b6d72f91bc | CNNVD-202110-1208 (CVE-2021-29745) | 2021-10-15 12:43:16 | IBM Cognos Analytics 安全漏洞 | 详情 |
| a8e55b1e6ed05968d2a0f4a34fb2022d | CNNVD-202110-1209 (CVE-2021-41320) | 2021-10-15 12:43:14 | ION Wallstreet Suite TRM 安全漏洞 | 详情 |
| 69376e95e8645b9d13802a35f19e76c1 | CNNVD-202110-1210 (CVE-2018-16060) | 2021-10-15 12:43:12 | Mitsubishi Electric SmartRTU 安全漏洞 | 详情 |
| 5c73dd82e9e345dafe61d8023fcb7f87 | CNNVD-202110-1211 (CVE-2021-27561) | 2021-10-15 12:43:10 | Yealink Device Management 安全漏洞 | 详情 |
| 4b4c78e5f5a6bcb76beab3f2b84fe45d | CNNVD-202110-1063 (CVE-2021-37129) | 2021-10-15 12:42:49 | Huawei Ngfw Module 安全漏洞 | 详情 |
| 5a4e81e0587607b8a4944d5ecb0014df | CNNVD-202110-1054 (CVE-2021-41132) | 2021-10-14 12:43:09 | OMERO.web跨站脚本漏洞 | 详情 |
| ca97c5c5fb1c5556d0c303e8903e582f | CNNVD-202110-1055 (CVE-2021-42227) | 2021-10-14 12:43:07 | KindEditor 跨站脚本漏洞 | 详情 |
| 5ad2bf0dd2898a0ef9b4e190c91e2237 | CNNVD-202110-1056 (CVE-2021-41142) | 2021-10-14 12:43:05 | Tuleap Open ALM 跨站脚本漏洞 | 详情 |
| 05fddd449b4dfadccada92edac5c87eb | CNNVD-202110-1057 (CVE-2021-42340) | 2021-10-14 12:43:02 | Apache Tomcat 安全漏洞 | 详情 |
| e27438e0d6481637cf3bc278245def4a | CNNVD-202110-1058 (CVE-2021-42228) | 2021-10-14 12:43:00 | KindEdirot 跨站请求伪造漏洞 | 详情 |
| d9bf019c1ef796df3f69b5feddc90910 | CNNVD-202110-1059 (CVE-2021-32569) | 2021-10-14 12:42:58 | Network Manager 跨站脚本漏洞 | 详情 |
| cd7e6b597a202522930636aae61d1e09 | CNNVD-202110-1060 (CVE-2021-32571) | 2021-10-14 12:42:56 | Network Manager 安全漏洞 | 详情 |
| 223c12b38ad613504d86e8eaf065a65e | CNNVD-202110-1061 (CVE-2021-22801) | 2021-10-14 12:42:53 | Schneider Electric ConneXium Network Manager Software 安全漏洞 | 详情 |
| bd919e45c6d1604096c2ec1dfc2162fb | CNNVD-202110-1062 (CVE-2021-42369) | 2021-10-14 12:42:51 | Imagicle Application Suite SQL注入漏洞 | 详情 |
| 奇安信 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 6bd01daffa85191c80698354fc8e252f | wt | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 | |
| f749eac58b87d0954f0e4a84b5d67057 | CVE-2020-1350 | 2020-07-15 15:57:00 | QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 | 详情 |
| 90b93cb7073fe73b17746ac166a09637 | CVE-2020-6819, CVE-2020-6820 | 2020-04-08 10:34:35 | QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 | 详情 |
| e318a5efa4803b50cdef480b90b1784d | 2020-03-25 13:58:51 | QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 | 详情 | |
| cffc3035f7899495cfeae521451f91b2 | CVE-2020-0796 | 2020-03-12 10:32:09 | QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 | 详情 |
| 3e6175d47d17c6f94bd9ba10d81c3717 | CVE-2020-0674 | 2020-03-02 14:52:46 | QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 | 详情 |
| d99d073afb7d248a8a62fb068921997f | CVE-2020-0601 | 2020-01-15 14:11:41 | QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 | 详情 |
| b7b45b14a3af1225ef6eec72d74964df | CVE-2019-1367 | 2019-09-25 17:23:00 | QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 | 详情 |
| 504fc79f0123db109a11b149c334b75c | CVE-2019-0708 | 2019-09-09 10:20:47 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
| 5b727692d583d4a6e7cdb0f670eac12a | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 | 2019-08-14 11:09:05 | QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 | 详情 |
| 54b48d765fccbc8dcfa3de0920459f8d | CVE-2019-11707 | 2019-06-19 16:53:47 | QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 | 详情 |
| 5b4d5fea09fbc2dca45be53f162d39de | CVE-2019-0708 | 2019-05-31 17:03:19 | QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 | 详情 |
| 安全客 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 03afa8b4eaf4a0160784152fca5465b2 | CVE-2021-27308 | 2021-07-11 14:22:05 | 4images 跨站脚本漏洞 | 详情 |
| 8b0ace4c54a7fc20a99d21e294152a99 | CVE-2020-15261 | 2021-07-11 14:22:05 | Veyon Service 安全漏洞 | 详情 |
| d4f12de949590ab346b61986a29d8b4d | CVE-2021-35039 | 2021-07-09 17:30:13 | Linux kernel 安全漏洞 | 详情 |
| f790e7ef3b5de3774d42ee32b9b10c01 | CVE-2021-34626 | 2021-07-09 17:30:13 | WordPress 访问控制错误漏洞 | 详情 |
| 71bf261eb2113d5ff870ab9bafd29f55 | CVE-2021-25952 | 2021-07-09 17:30:13 | just-safe-set 安全漏洞 | 详情 |
| 152793cbc104933584f5f227606f433d | CVE-2021-0597 | 2021-07-09 17:30:13 | Google Android 信息泄露漏洞 | 详情 |
| 75f153c327984fdfdd2d9c463a91371d | CVE-2021-34430 | 2021-07-09 17:30:13 | Eclipse TinyDTLS 安全特征问题漏洞 | 详情 |
| 9610336f1a41241cc8edea22a2780ec5 | CVE-2021-3638 | 2021-07-09 17:30:13 | QEMU 安全漏洞 | 详情 |
| 92fe450ae5c5dfa48072aca79d64ba63 | CVE-2021-34614 | 2021-07-09 14:24:32 | Aruba ClearPass Policy Manager 安全漏洞 | 详情 |
| 680a4218fc32922746717210664a3d62 | CVE-2021-22144 | 2021-07-09 13:28:16 | Elasticsearch 安全漏洞 | 详情 |
| 373930f669f2c1f7b61101a925304779 | CVE-2021-24022 | 2021-07-09 13:28:16 | Fortinet FortiManager 安全漏洞 | 详情 |
| 8556f9cd0699f88c1f6cca9a43463bdd | CVE-2021-33012 | 2021-07-09 13:28:16 | Allen Bradley Micrologix 1100输入验证错误漏洞 | 详情 |
| 480ae713cc88cc0985e1ebc079974d83 | CVE-2021-0592 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
| 8ef4dbefa6604ea2312621401c3ec0b9 | CVE-2021-1598 | 2021-07-09 13:28:16 | Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 | 详情 |
| d6e8714c32df7a0dcc2f3910ec68b42d | CVE-2021-20782 | 2021-07-09 13:28:16 | Software License Manager 跨站请求伪造漏洞 | 详情 |
| 4e60b22611b8bb0fd7e532896498af29 | CVE-2021-20781 | 2021-07-09 13:28:16 | WordPress 跨站请求伪造漏洞 | 详情 |
| 5ca48ad58fb499c069ae0800c3b39875 | CVE-2021-32961 | 2021-07-09 13:28:16 | MDT AutoSave代码问题漏洞 | 详情 |
| 2ed854890b43f08e52340a1e8fe6d39f | CVE-2021-0577 | 2021-07-09 13:28:16 | Google Android 安全漏洞 | 详情 |
| 8d63110e1475bbd245715b2ee1824d13 | CVE-2021-31816 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
| 72bef2ae2f5db7dd066e1cdefa618dc5 | CVE-2021-31817 | 2021-07-09 13:28:16 | Octopus Server 安全漏洞 | 详情 |
| 1f7369b2609dbd2cd40d091f7de540cd | CVE-2020-20217 | 2021-07-09 13:28:16 | Mikrotik RouterOs 安全漏洞 | 详情 |
| 1793176eecc5813c3348f026dc9909c9 | CVE-2020-28598 | 2021-07-09 13:28:16 | PrusaSlicer 安全漏洞 | 详情 |
| 7f4cf34ceb545548dcfcc3c0e7120268 | CVE-2021-32945 | 2021-07-09 13:28:16 | MDT AutoSave加密问题漏洞 | 详情 |
| 58553eb00d6e3e83b633f09464c4e98a | CVE-2021-29712 | 2021-07-09 13:28:16 | IBM InfoSphere Information Server 跨站脚本漏洞 | 详情 |
| d8e27ec42fb0b89998fcc006f49b249b | CVE-2021-25432 | 2021-07-09 13:28:16 | Samsung Members 信息泄露漏洞 | 详情 |
| 8f2adc6c247725bf2eb7f53256c93ea7 | CVE-2021-25433 | 2021-07-09 13:28:16 | Samsung Tizen安全漏洞 | 详情 |
| 8f949676124339eb6f64f9c607af5470 | CVE-2021-25431 | 2021-07-09 13:28:16 | Samsung Mobile Device Cameralyzer 访问控制错误漏洞 | 详情 |
| 069818a8958f9c158fcb0956ee32fc03 | CVE-2021-25434 | 2021-07-09 13:28:16 | Samsung Tizen 代码注入漏洞 | 详情 |
| 55b9126220b9722ff5d730d3996877e9 | CVE-2021-32949 | 2021-07-09 13:28:16 | MDT AutoSave 路径遍历漏洞 | 详情 |
| ebab009fffdee3d360dcdff74b0ed061 | CVE-2021-25435 | 2021-07-09 13:28:16 | Samsung Tizen代码注入漏洞 | 详情 |
| 斗象 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| a418a10f7f4a1694a2293e895b24de6a | CVE-2021-35617, CVE-2021-35620 | 2021-10-20 03:07:34 |
Oracle WebLogic 多个高危漏洞通告 | 详情 |
| e2d8ba6cd503627461acaa0de23c51b6 | CVE-2021-40449, CVE-2021-26427, CVE-2021-40486, CVE-2021-38672, CVE-2021-40461 | 2021-10-13 05:29:50 | 微软2021年10月补丁日漏洞通告 | 详情 |
| 68be9e619a7702aa2cb4d58c255d39c8 | CVE-2021-41773, CVE-2021-42013 | 2021-10-09 03:33:50 | Apache HTTP Server 路径遍历漏洞 | 详情 |
| 2b425329012f167ceeee133dcab6c49c | CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017 | 2021-09-22 05:41:12 | VMware多个高危漏洞通告 | 详情 |
| a0f1f4b9e08c161feea107db8c47d55e | CVE-2021-26084 | 2021-08-26 12:03:16 | Atlassian Confluence远程代码执行漏洞(CVE-2021-26084) | 详情 |
| 68ee7b98acb8ba2e45c3638a078d9535 | CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, CVE-2021-39154 | 2021-08-23 06:14:35 | XStream 多个反序列化漏洞 | 详情 |
| e00d270224089dec1dde09bb05ec2678 | CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 | 2021-08-06 08:53:31 | Microsoft Exchange 远程代码执行漏洞(PoC已公开) | 详情 |
| b36f311a6a1cb8b7c4d2da09512e0fa9 | CVE-2021-2394, CVE-2021-2397, CVE-2021-2382 | 2021-07-21 10:29:24 | Oracle WebLogic 多个高危漏洞通告 | 详情 |
| 86cb552f791b9e8159d01a9478a59f9d | CVE-2021-34527, CVE-2021-34448, CVE-2021-33771, CVE-2021-31979, CVE-2021-34473, CVE-2021-34520, CVE-2021-34468, CVE-2021-34467, CVE-2021-34449, CVE-2021-33780 | 2021-07-14 09:40:04 | 微软2021年7月补丁日漏洞通告 | 详情 |
| ed706209d0185b2415915cac4afec37b | 2021-07-08 08:43:59 | YApi远程代码执行漏洞通告 | 详情 | |
| c5bfeca05acdc931e8686c9e3d4ff937 | 2021-07-02 11:03:50 | Windows Print Spooler 远程代码执行漏洞(CVE-2021-34527) | 详情 | |
| 4184ae9f57a2db9063367e64e6cc2cb7 | CVE-2021-1675 | 2021-06-29 10:15:39 | Windows Print Spooler远程代码执行漏洞(CVE-2021-1675) | 详情 |
| 2131ca2cbd7b631f62f8701a925c2767 | CVE-2021-21998 | 2021-06-23 06:20:30 | VMware Carbon Black App Control 身份验证绕过漏洞(CVE-2021-21998) | 详情 |
| 906de48de24b85a2278ae80a9f4d0aa8 | 2021-06-03 02:48:56 | 用友NC BeanShell 远程命令执行漏洞 | 详情 | |
| 4d9035105f60b9d56f24c24e87fc6e32 | CVE-2021-21985 | 2021-05-26 03:39:33 | VMware vCenter Server 远程代码执行漏洞(CVE-2021-21985) | 详情 |
| 137a4e2d822964f8f8c93f59d00f2bce | 2021-04-18 16:38:14 | WebLogic T3反序列化漏洞0day | 详情 | |
| 7cb0c487c17f2247b0b81ef4bc51f47b | 2021-04-18 16:38:14 | WebLogic T3反序列化漏洞0day通告 | 详情 | |
| 49c6f9e6d3305e3f6a1b9e819a546f5e | 2021-03-18 07:43:11 | GitLab markdown远程代码执行漏洞 | 详情 | |
| d260fd6bfb4e9ac71fb3d9e8ac099e8a | CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351 | 2021-03-15 12:14:54 | XStream 多个反序列化漏洞 | 详情 |
| 653950b848400677d6b639ceab859948 | CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, CVE-2021-22990, CVE-2021-22991, CVE-2021-22992 | 2021-03-11 03:39:16 | F5 BIG-IP/IQ 多个高危漏洞通告 | 详情 |
| e3e5335fb40b2591fe2db20109b721f8 | CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-26411, CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897 | 2021-03-10 06:12:12 | 微软2021年3月补丁日漏洞通告 | 详情 |
| 798406bf8b68124deca9085d3eb2d1c5 | CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 | 2021-03-03 03:42:27 | 微软Exchange多个高危漏洞通告 | 详情 |
| c4de1572047cc389046c24f3c08a6032 | CVE-2021-21972, CVE-2021-21974, CVE-2021-21973 | 2021-02-24 06:53:19 | VMware多个高危漏洞通告 | 详情 |
| e24aa9f6bc8de2f5a5c26f521f1ecab7 | CVE-2021-3156 | 2021-01-27 09:03:36 | sudo本地权限提升漏洞(CVE-2021-3156) | 详情 |
| 1ca52c925f4caae6425f3fde97dadb79 | 2021-01-26 09:30:20 | SonicWall SSL-VPN 远程命令执行漏洞 | 详情 | |
| 1b1695140e14e77738f02be5b6c390f1 | CVE-2021-1994, CVE-2020-14756, CVE-2021-2047, CVE-2021-2064, CVE-2021-2108 | 2021-01-20 03:56:12 | Oracle WebLogic 多个安全漏洞 | 详情 |
| 5933116115eeeaeb4de0f2170f3d016d | 2021-01-15 11:39:06 | JumpServer 远程命令执行漏洞 | 详情 | |
| 07e5628c0aa5289c6cfd7f22b75c9481 | CVE-2021-1647, CVE-2021-1648, CVE-2021-1677, CVE-2021-1674 | 2021-01-13 07:00:20 | 微软2021年1月补丁日漏洞通告 | 详情 |
| 58dd177414d5a7f6be24321ccb4e8617 | 2021-01-11 03:17:50 | 致远OA多个高危漏洞通告 | 详情 | |
| c53899e17bb99e72c26a50891bfaaa58 | CVE-2020-17518, CVE-2020-17519 | 2021-01-06 05:46:00 | Apache Flink 目录遍历漏洞(CVE-2020-17518/17519) | 详情 |
| 红后 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| c8c7bdebcfe2faba6fec05f16930a2a4 | CVE-2021-29595 | 2021-10-19 13:24:57 |
Google TensorFlow 数字错误漏洞 | 详情 |
| a635f633e509d4830dc07002f3ce2674 | CVE-2021-29598 | 2021-10-19 13:24:54 |
Google TensorFlow 数字错误漏洞 | 详情 |
| 02c1a8e4866e0ad4690382e00d8ccce8 | CVE-2021-29604 | 2021-10-19 13:24:51 |
Google TensorFlow 数字错误漏洞 | 详情 |
| fc59cd11bb74c2131db557715d87192f | CVE-2021-29596 | 2021-10-19 13:24:48 |
Google TensorFlow 数字错误漏洞 | 详情 |
| 6bcb8d102ed62842125d8fad0c060f85 | CVE-2021-29608 | 2021-10-19 13:24:45 |
Google TensorFlow 安全漏洞 | 详情 |
| 6352dcf244ba202885f74ef9fcd57c0b | CVE-2021-29599 | 2021-10-19 13:24:43 |
Google TensorFlow 数字错误漏洞 | 详情 |
| 2d95167b87c346e7a7962da743c284ed | CVE-2021-29597 | 2021-10-19 13:24:40 |
Google TensorFlow 数字错误漏洞 | 详情 |
| 68074b419b9509f4c85d70aefad8eaa2 | CVE-2021-29609 | 2021-10-19 13:24:37 |
Google TensorFlow 代码问题漏洞 | 详情 |
| 12fe23779b5f630b766a7204ab1fc0a6 | CVE-2021-29600 | 2021-10-19 13:24:34 |
Google TensorFlow 数字错误漏洞 | 详情 |
| 049373e80a3c63e54399ec6057f8e2ab | CVE-2021-29601 | 2021-10-19 13:24:31 |
Google TensorFlow输入验证错误漏洞 | 详情 |
| 79e9b5dbe32dba1c8ed4472d04defce3 | CVE-2021-28461 | 2021-10-18 13:24:22 | Microsoft Dynamics Finance & Operations 跨站脚本漏洞 | 详情 |
| 93c8176e98978bb3cd3cd181c87e7890 | CVE-2021-28479 | 2021-10-18 13:24:19 | Microsoft Windows CSC Service 信息泄露漏洞 | 详情 |
| eb45f982795c01b3e4d2a8713c676f06 | CVE-2021-28476 | 2021-10-18 13:24:16 | Microsoft Hyper-V 代码注入漏洞 | 详情 |
| 504d46927db7b55992bb3f0e6412fe50 | CVE-2021-31166 | 2021-10-18 13:24:14 | Microsoft HTTP.sys 代码注入漏洞 | 详情 |
| b9c81103316955d90ec68e26a51d9d1e | CVE-2021-31165 | 2021-10-18 13:24:11 | Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 | 详情 |
| 360aab5c9b3e1de6a7bcc1307f98d18e | CVE-2021-31168 | 2021-10-18 13:24:08 | Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 | 详情 |
| 7147958e4e0cbddb7b64726704037dba | CVE-2021-31169 | 2021-10-18 13:24:05 | Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 | 详情 |
| b80e196e8c06f1fb5f520807007c4e72 | CVE-2021-31171 | 2021-10-18 13:24:03 | Microsoft SharePoint 信息泄露漏洞 | 详情 |
| 5c3a5bf742054363f141c9624f24b9e7 | CVE-2021-28474 | 2021-10-18 13:24:00 | Microsoft SharePoint 命令注入漏洞 | 详情 |
| fa13681bed6ed46e06d00bc7a270139e | CVE-2021-31172 | 2021-10-18 13:23:57 | Microsoft SharePoint 安全漏洞 | 详情 |
| 794e8e6da1555ec1061c4d89d80e9983 | CVE-2020-20267 | 2021-10-17 13:34:39 | Mikrotik RouterOs 缓冲区错误漏洞 | 详情 |
| de0cd94c3f77eed09d5856126d7f6d07 | CVE-2021-21648 | 2021-10-17 13:34:36 | Jenkins 跨站脚本漏洞 | 详情 |
| d09e89f8b022588c8fde0fbc8deed0fe | CVE-2021-21651 | 2021-10-17 13:34:33 | Jenkins 信息泄露漏洞 | 详情 |
| 68ca31a45da324b5637c325421ff72be | CVE-2021-21655 | 2021-10-17 13:34:30 | Jenkins 跨站请求伪造漏洞 | 详情 |
| c9ac81202259092026ce087b6290c78e | CVE-2021-21654 | 2021-10-17 13:34:27 | Jenkins 访问控制错误漏洞 | 详情 |
| 99fa465151e92bb33fab06db919e9d8b | CVE-2020-20265 | 2021-10-17 13:34:25 | Mikrotik RouterOs 安全漏洞 | 详情 |
| 5f713c3722d90e13df3b504b5c5c3fb6 | CVE-2021-27616 | 2021-10-17 13:34:22 | SAP Business One 权限许可和访问控制问题漏洞 | 详情 |
| 2dec2e788aacfbfc6957dda118b6aa9f | CVE-2021-21650 | 2021-10-17 13:34:19 | Jenkins 信息泄露漏洞 | 详情 |
| 30667f7ad99176fca84aeeb9a1c42304 | CVE-2021-27614 | 2021-10-17 13:34:19 | SAP Business One 注入漏洞 | 详情 |
| 223ab8fe413b7da4a76956de9941a8ac | CVE-2021-27617 | 2021-10-17 13:34:15 | SAP Process Integration 资源管理错误漏洞 | 详情 |
| 绿盟 [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 9d26d2b51f2680ee1f3b5257507635cf | CVE-2021-40728 | 2021-10-19 09:26:28 |
Adobe Acrobat Reader DC内存错误引用漏洞 | 详情 |
| bf3b2fe11a0e3903ba8382f18a57f2f2 | CVE-2021-40995 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager远程命令注入漏洞 | 详情 |
| 4625d86b18e3eff05c1d91adbd869827 | CVE-2021-40994 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager远程命令注入漏洞 | 详情 |
| 116fb325534b6cc727948afddc1da9ea | CVE-2021-40993 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager SQL注入漏洞 | 详情 |
| 68010ef987cb7c7cb3b0ae74a3be1d42 | CVE-2021-40992 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager SQL注入漏洞 | 详情 |
| 5bd43e90dc12bef1d6250973bde6dad8 | CVE-2021-40991 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager权限提升漏洞 | 详情 |
| e71889246e5500b3f7d44762e6b60c16 | CVE-2021-40990 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager信息泄露漏洞 | 详情 |
| 5fa96a5bf05497b548c3695554f57f5a | CVE-2021-40988 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager路径遍历漏洞 | 详情 |
| fb870ca7973712590a49a738659df9c5 | CVE-2021-40999 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager远程命令注入漏洞 | 详情 |
| c05ed6f44779f594ebc71d013cff9a17 | CVE-2021-40998 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager远程命令注入漏洞 | 详情 |
| 971cf4a0ace7313cf6e5a013685fe451 | CVE-2021-40987 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager远程命令注入漏洞 | 详情 |
| 5033d6122b58ca8b6c0d024af22859e0 | CVE-2021-40986 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager远程命令注入漏洞 | 详情 |
| 6494b08b9d7f21614bca74d586993a36 | CVE-2021-37739 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager远程命令注入漏洞 | 详情 |
| 21a472682b197f56461654f4397f94cd | CVE-2021-37738 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager信息泄露漏洞 | 详情 |
| 86d4ac2a3c8cf0f78d7e14fb11e2bcf3 | CVE-2021-37737 | 2021-10-19 09:26:28 |
Aruba ClearPass Policy Manager SQL注入漏洞 | 详情 |
| 0f2dfcfb97b61ee13ada76fa1b8f2cbd | CVE-2021-41732 | 2021-10-18 09:27:01 | Zeek HTTP请求拆分漏洞 | 详情 |
| 1379ed14705a1409b43c500b34a60cc6 | CVE-2021-41573 | 2021-10-18 09:27:01 | Hitachi Content Platform Anywhere信息泄露漏洞 | 详情 |
| 05362ffe7bdea6531fb8d631254a3705 | CVE-2021-41764 | 2021-10-18 09:27:01 | Streama跨站请求伪造漏洞 | 详情 |
| 8e323816539d9aebfaa227564bf404cc | CVE-2021-41821 | 2021-10-18 09:27:01 | Wazuh Manager整数溢出漏洞 | 详情 |
| c5d5bbc0c570183cc1b53f1dcbbf64f7 | CVE-2021-25963 | 2021-10-18 09:27:01 | Shuup跨站脚本漏洞 | 详情 |
| 7c5eaa98885574d8acfbcc5d0f85da63 | CVE-2021-40715 | 2021-10-18 09:27:01 | Adobe Premiere Pro缓冲区溢出漏洞 | 详情 |
| 09fca38415450c122b27d7060be841f0 | CVE-2021-40710 | 2021-10-18 09:27:01 | Adobe Premiere Pro缓冲区溢出漏洞 | 详情 |
| 18c1e9b2b4220603bcb06090259c1429 | CVE-2021-39862 | 2021-10-18 09:27:01 | Adobe Framemaker越界读取漏洞 | 详情 |
| d77883bd34ec16d16df503c167ba1df6 | CVE-2021-40716 | 2021-10-18 09:27:01 | Adobe XMP Toolkit SDK越界读取漏洞 | 详情 |
| 2c452f999aa023f7e87da74aa9ab6c0b | CVE-2021-40708 | 2021-10-18 09:27:01 | Adobe Genuine Service权限提升漏洞 | 详情 |
| 386e00a2aab0fd5d979ccf54c6b882ee | CVE-2021-40697 | 2021-10-18 09:27:01 | Adobe Framemaker越界读取漏洞 | 详情 |
| 5de6056643a513a45f7441ad9e9d14ee | CVE-2021-39865 | 2021-10-18 09:27:01 | Adobe Framemaker越界读取漏洞 | 详情 |
| ba5128fe7163ce15df2daf03df54b7ad | CVE-2021-39863 | 2021-10-18 09:27:01 | Adobe Acrobat Reader DC缓冲区溢出漏洞 | 详情 |
| 1ce0d14b6ad1285cb873da0ba6ac11f5 | CVE-2020-20131 | 2021-10-18 09:27:01 | LaraCms跨站脚本漏洞 | 详情 |
| 3383462b47a74e350426fdd27986a026 | CVE-2020-20129 | 2021-10-18 09:27:01 | LaraCms跨站脚本漏洞 | 详情 |
| 美国国家漏洞数据库(NVD) [TOP 30] | CVES | TIME | TITLE | URL |
|---|---|---|---|---|
| 81df7be9eab9341533c4f7fe97694a55 | CVE-2021-42228 | 2021-10-14 17:15:08 | A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html. | 详情 |
| ac128b8389587791e80781eefc22b9c1 | CVE-2021-42227 | 2021-10-14 17:15:08 | Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed). | 详情 |
| 96adc4ecc18ff9d6030c601a84243ec2 | CVE-2021-42224 | 2021-10-13 18:15:08 | SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. | 详情 |
| 48c14619541a3ba24fef375532b1d550 | CVE-2021-42223 | 2021-10-13 18:15:08 | Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. | 详情 |
| bd48c68fc754b77a0ba6bdbcee38a5f5 | CVE-2021-42325 | 2021-10-12 20:15:07 | Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. | 详情 |
| 876ec7c5488b2b52655b672e47c6aca2 | CVE-2021-42326 | 2021-10-12 19:15:08 | Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. | 详情 |
| 12891b16885c9cbaddbefdc74f89d822 | CVE-2021-42260 | 2021-10-11 20:15:07 | TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. | 详情 |
| c73c94a35971fba74dacdf0a0762b548 | CVE-2021-42257 | 2021-10-11 20:15:07 | check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression. | 详情 |
| 9bcbf18fc7e83dcc883b5e13df6d5a9b | CVE-2021-42252 | 2021-10-11 19:15:07 | An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. | 详情 |
| c73b37559cd66bc50a1ad02edac60b7e | CVE-2021-42137 | 2021-10-11 05:15:06 | An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc. | 详情 |
| e40551d032f601a81ec766911018ab4a | CVE-2021-42139 | 2021-10-11 05:15:06 | Deno before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations. | 详情 |
| b53b3fbd8e8ac5c1c355fb85cbd7a65c | CVE-2021-42135 | 2021-10-11 03:15:06 | HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials. | 详情 |
| aa88b2cad73a70a104ad309ed5d6e54e | CVE-2021-42134 | 2021-10-11 01:15:06 | The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. | 详情 |
| 62a522c9c5f0706e0ff03593626605f2 | CVE-2021-42112 | 2021-10-08 21:15:07 | The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. | 详情 |
| d9823ceab49a1e41aa1d9d9ec441fbee | CVE-2021-42109 | 2021-10-08 18:15:07 | VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root. | 详情 |
| 1b46e74a45728bccf35f2f09570a05fe | CVE-2021-42088 | 2021-10-07 21:15:07 | An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. | 详情 |
| bc7cd26fa6031270e91cdb562d1f7710 | CVE-2021-42085 | 2021-10-07 21:15:07 | An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar. | 详情 |
| 450af52ac07c0ae2cc153a35a9928d5d | CVE-2021-42091 | 2021-10-07 21:15:07 | An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. | 详情 |
| 5428e8fac1033fd7685e0d36ea645951 | CVE-2021-42090 | 2021-10-07 21:15:07 | An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled. | 详情 |
| 13cd58533e6dd91ba3a1444bce45fdff | CVE-2021-42089 | 2021-10-07 21:15:07 | An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. | 详情 |
| 09de9e605b61a33e33ba89142f1d4fac | CVE-2021-42087 | 2021-10-07 21:15:07 | An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. | 详情 |
| 37796a01fcb3f23ca49bb005262121ce | CVE-2021-42086 | 2021-10-07 21:15:07 | An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. | 详情 |
| a26b162b858c9e9b03f3ee9f1362898e | CVE-2021-42095 | 2021-10-07 21:15:07 | Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | 详情 |
| 65b462dcbe784a6b362ab7c4629aa516 | CVE-2021-42094 | 2021-10-07 20:15:07 | An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages. | 详情 |
| 21d11dcf762cad7d315a6f8820661432 | CVE-2021-42093 | 2021-10-07 20:15:07 | An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. | 详情 |
| 38466bb27f18876a753d109bfe46e3af | CVE-2021-42092 | 2021-10-07 20:15:07 | An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket. | 详情 |
| 6568994f5fec9ef0ef869b00b9b2ceca | CVE-2021-41773 | 2021-10-05 09:15:07 | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. | 详情 |
| 01339c76b681194aa848130d48c692a9 | CVE-2021-42008 | 2021-10-05 00:15:07 | The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | 详情 |
| 0858c12dfbe7e741db64f1cd912fca26 | CVE-2021-42006 | 2021-10-04 23:15:08 | An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file. | 详情 |
| 0822bf41e70dded549513624cc46190f | CVE-2021-41651 | 2021-10-04 19:15:08 | A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. | 详情 |
