眈眈探求 | 威胁情报播报


360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL
ba8b5777ff0c6bf791df681d82febe84 CVE-2021-4034 2022-01-26 06:29:49 Linux Polkit 权限提升漏洞通告 详情
2cf83319963ff4f2522e77a59d725257 2022-01-24 03:38:37 安全事件周报 (01.17-01.23) 详情
4002db1ad42f160666e73332e87be0d0 2022-01-20 09:02:00 Apache Log4j多个安全漏洞通告 详情
d2164294b3c200324f6ef216f622c597 2022-01-19 02:02:24 2022-01 补丁日: Oracle多个产品漏洞安全风险通告 详情
27ee0b158c3e3ed9d4bd6233f93a590a CVE-2021-44757 2022-01-18 08:05:29 CVE-2021-44757:Zoho ManageEngine Desktop Central 身份验证绕过漏洞通告 详情
073e4d744262ebf26baa15adb23b6fa1 2022-01-17 04:10:23 安全事件周报 (01.10-01.16) 详情
90192bfb84c1510450569c8248566d80 CVE-2022-21907 2022-01-15 03:21:21 Microsoft Windows HTTP 协议栈远程代码执行漏洞 详情
eb0536d02801abbd915ee523a34b737d CVE-2021-43297 2022-01-14 07:10:20 Apache Dubbo 远程代码执行漏洞通告 详情
101d94628813bef45e5f87eb2fd52a00 2022-01-12 02:37:09 2022-01 补丁日: 微软多个漏洞安全更新通告 详情
b686b1df411922298c16a9fba8a82f09 2022-01-10 09:12:49 安全事件周报 (01.03-01.09) 详情
0dd2b4e54c1e7d58b6a543d5cd6168ce 2022-01-04 09:42:59 安全事件周报 (12.27-01.02) 详情
1f4414b232828031852a1c0ccd0338a8 CVE-2021-45232 2021-12-28 11:53:57 Apache APISIX Dashboard 未授权访问漏洞通告 详情
7e8a20ef23aa18ec6a4d4db37ac4c3b2 2021-12-27 10:23:48 安全事件周报 (12.20-12.26) 详情
d64e8c999202491d43f23dc514036a1f 2021-12-23 03:35:44 Apache HTTP Server多个漏洞风险通告 详情
c2d76ce73a102654b071afa0aa63a3c7 CVE-2021-45105 2021-12-20 08:57:08 CVE-2021-45105:Apache Log4j 拒绝服务漏洞通告 详情
58138920f2aaf7fe331bd6f96f7cd225 2021-12-20 07:38:33 安全事件周报 (12.13-12.19) 详情
03a81fd8fe0e8c0034b92844bfb6dd03 CVE-2021-45046 2021-12-17 09:54:22 Log4j 2 远程代码执行漏洞通告 详情
a50794d51fd89538d0eb021520271919 2021-12-17 08:05:40 360CERT发布基于漏洞攻击荷载的Log4j2对抗型热补修复方案 详情
d4319ee554074475bdc2bc825480754b 2021-12-15 06:37:34 2021-12 补丁日: 微软多个漏洞安全更新通告 详情
7eed3b6eefb34deb5bba75d8e3cd6c8b CVE-2021-4102 2021-12-14 10:27:36 CVE-2021-4102:Google Chrome 代码执行漏洞 详情
0b2a24c28ee563beb083baa046da930b 2021-12-13 07:09:14 安全事件周报 (12.06-12.12) 详情
ec4c7eb7d0fda599889cdc11440df805 2021-12-13 03:00:28 Microsoft Windows Active Directory 域服务权限提升多个漏洞通告 详情
e0a3b7cab3cc78da77c5fad75a9ba739 2021-12-10 02:25:47 Apache Log4j 2 远程代码执行漏洞通告 详情
9ec8a01a5c4055ebe30833b1e884926e 2021-12-07 09:10:46 Grafana 任意文件读取漏洞通告 详情
c529a8f4ce9149aac86c63b5738017ee 2021-12-06 07:56:06 安全事件周报 (11.29-12.05) 详情
9c24c96b071028e5ab5cb7c57a40aec5 CVE-2021-44077 2021-12-06 02:34:35 Zoho ManageEngine ServiceDesk Plus 认证绕过漏洞通告 详情
27933e8ec7f78be59d256022a1d64b95 CVE-2021-43527 2021-12-02 10:28:33 Mozilla NSS 缓冲区堆溢出漏洞通告 详情
83bac63949a59169c9c7c271d98a152e 2021-11-29 09:38:26 安全事件周报 (11.22-11.28) 详情
15ff7b9007f0c1e45294434b299d4109 CVE-2021-43267 2021-11-29 08:18:18 【更新】Linux Kernel TIPC远程代码执行漏洞通告 详情
bebe746363e69b69622e3fda0f108447 CVE-2021-43267 2021-11-29 07:19:49 【通告更新】Linux Kernel TIPC远程代码执行漏洞通告 详情

Tenable (Nessus) [TOP 30] CVES TIME TITLE URL
d3219d6871c36cf86d507d0a8f19c67e CVE-2021-44650 2022-01-12 14:15:00 Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. 详情
e3eb67b69684f196582e436b7214f24f CVE-2021-4080 2022-01-12 14:15:00 crater is vulnerable to Unrestricted Upload of File with Dangerous Type 详情
3d644af2fa83e035dfdab5ce7dd09b3e CVE-2021-44649 2022-01-12 13:15:00 Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user. 详情
2c61602470ac394455dd17123bb86485 CVE-2021-44648 2022-01-12 13:15:00 GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. 详情
1c2cf9c2afed7cfdd5b46b57da0e0ad7 CVE-2021-3852 2022-01-12 11:15:00 growi is vulnerable to Authorization Bypass Through User-Controlled Key 详情
f767c9edd5d1c8d9ea00b333f6b8e301 CVE-2022-0179 2022-01-12 05:15:00 snipe-it is vulnerable to Improper Access Control 详情
fd139f94756697b139e9029dac7bd36f CVE-2022-0159 2022-01-12 03:15:00 orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 详情
2ccf9cece18c0ebbcf2819aaf573a042 CVE-2022-0087 2022-01-12 00:15:00 keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 详情
3d83e338045d3820930f80309aaa857b CVE-2022-21646 2022-01-11 22:15:00 SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`LookupResources` return a resource as "accessible" if it is *not* accessible by virtue of the inclusion of the wildcard in the intersection or the right side of the exclusion. In `v1.3.0`, the wildcard is ignored entirely in lookup's dispatch, resulting in the `banned` wildcard being ignored in the exclusion. Version 1.4.0 contains a patch for this issue. As a workaround, don't make use of wildcards on the right side of intersections or within exclusions. 详情
7cef8f1f2a3fa5ffc5f2ea3b953d6128 CVE-2021-46283 2022-01-11 22:15:00 nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace. 详情
d7dc9c55a91e21f20c7ff426ee3bd1e8 CVE-2021-43999 2022-01-11 22:15:00 Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user. 详情
8330bcdaa4e2a20aa7bf6b1ba669f8db CVE-2021-41767 2022-01-11 22:15:00 Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection. 详情
f40fb386770cc6717f87003568181c9d CVE-2022-21970 2022-01-11 21:15:00 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954. 详情
777cc4a51b54b2dd6a64e994f346b004 CVE-2022-21969 2022-01-11 21:15:00 Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21855. 详情
9cef7c9231d36d95e4be97abe3de4573 CVE-2022-21964 2022-01-11 21:15:00 Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability. 详情
844edd2b085bd2fbae99d40e265b4bd1 CVE-2022-0173 2022-01-11 17:15:00 radare2 is vulnerable to Out-of-bounds Read 详情
1266ad22c495bbda7d99514f4004a9ec CVE-2020-28103 2022-01-11 16:15:00 cscms v4.1 allows for SQL injection via the "page_del" function. 详情
f1c73b5da672bb16b501b648422b0e32 CVE-2021-44647 2022-01-11 13:15:00 Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. 详情
7599f3dc1d3b3a4156dfc636595a5df4 CVE-2021-45460 2022-01-11 12:15:00 A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service. 详情
475d618a6fb9016a7b6f5a4d9af68112 CVE-2021-45034 2022-01-11 12:15:00 A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. 详情
06abe4a98abded3e1076b47000c15b69 CVE-2021-45033 2022-01-11 12:15:00 A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. 详情
5d2012a4b19b6dedc909fcbf77d03c8a CVE-2021-41769 2022-01-11 12:15:00 A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information. 详情
d55edab60dfb6e2adb2b1ffc9f2b46a4 CVE-2021-37198 2022-01-11 12:15:00 A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform Cross-Site-Request-Forgery attacks. 详情
4ad241d77da31530ad20fca4bf0b720b CVE-2021-37197 2022-01-11 12:15:00 A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements. 详情
11319ef638c4a15a9d62ab714a9c21d8 CVE-2021-37196 2022-01-11 12:15:00 A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. 详情
93c2a9cbb17eecd0d3414e8c4cbc2648 CVE-2021-37195 2022-01-11 12:15:00 A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment. 详情
8ffcbbb41a33249510eefb7dbbce3c35 CVE-2022-0144 2022-01-11 07:15:00 shelljs is vulnerable to Improper Privilege Management 详情
89f3478717fbefdd9aaa3bb7ae48f27f CVE-2021-36414 2022-01-10 23:15:00 A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file. 详情
c815af33c95f499c2e6b122d66341e66 CVE-2021-36412 2022-01-10 23:15:00 A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command, 详情
f5f345822804ea50e3f9d958dd14ef6b CVE-2021-36411 2022-01-10 23:15:00 An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. 详情

国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL
8686fda9b2b49e4e1666b54e2248f935 CNVD-2021-74882 2021-11-14 16:43:52 四创科技有限公司建站系统存在SQL注入漏洞 详情
8f6972d84ad188b05ff9cc14d4334949 CNVD-2021-87021 (CVE-2020-4690) 2021-11-12 12:43:14 IBM Security Guardium硬编码凭证漏洞 详情
3bfe7b053a0c59d8a3d38c18f86aa143 CNVD-2021-87022 (CVE-2021-38870) 2021-11-12 12:43:12 IBM Aspera跨站脚本漏洞 详情
a4649bb17f4db4d1c7f879ebceb46ed0 CNVD-2021-87011 (CVE-2021-29753) 2021-11-12 12:43:11 IBM Business Automation Workflow存在未明漏洞 详情
094c613f9ed4b8b9d887dc912789043c CNVD-2021-87025 (CVE-2021-20563) 2021-11-12 12:43:10 IBM Sterling File Gateway信息泄露漏洞 详情
41c47f01a4c65dcb6efc9ebf483fe762 CNVD-2021-87010 (CVE-2021-38887) 2021-11-12 12:43:08 IBM InfoSphere Information Server信息泄露漏洞 详情
f51d33e7a09fd61ca90ede453515a830 CNVD-2021-87016 (CVE-2021-29764) 2021-11-12 12:43:07 IBM Sterling B2B Integrator跨站脚本漏洞 详情
33615a5f78df822e82e6d3436045c48c CNVD-2021-87026 (CVE-2021-38877) 2021-11-12 12:43:06 IBM Jazz for Service Management跨站脚本漏洞 详情
8e729177bcb4105dd831fb1e123ed1bb CNVD-2021-87014 (CVE-2021-29679) 2021-11-12 12:43:04 IBM Cognos Analytics远程代码执行漏洞 详情
1a3b856f78e9fbdca12aeddc7d665aca CNVD-2021-87029 (CVE-2021-29752) 2021-11-12 12:43:03 IBM Db2信息泄露漏洞 详情
6f1aa3a0cb819d97519baa47fd0232d5 CNVD-2021-87015 (CVE-2021-29745) 2021-11-12 12:43:02 IBM Cognos Analytics权限提升漏洞 详情
cbcb12f5f51d6e7d6d8a9fa581aa863a CNVD-2021-73908 2021-11-11 16:42:44 泛微e-cology存在SQL注入漏洞 详情
ae6fd467da55de31aa7219187cf5c2d4 CNVD-2021-86904 (CVE-2021-20351) 2021-11-11 08:31:46 IBM Engineering跨站脚本漏洞 详情
412a15b40959ed9cf9330ee79f99e079 CNVD-2021-86903 (CVE-2021-31173) 2021-11-11 08:31:44 Microsoft SharePoint Server信息泄露漏洞 详情
1cbc5d5faac431d3e82c9e5ea9588b5f CNVD-2021-86902 (CVE-2021-31172) 2021-11-11 08:31:43 Microsoft SharePoint欺骗漏洞 详情
686c7cfb20933b41c3d679cbba79a2ad CNVD-2021-86901 (CVE-2021-31181) 2021-11-11 08:31:42 Microsoft SharePoint远程代码执行漏洞 详情
72fdfb2d44c0d41d638e4632bdfc10b8 CNVD-2021-86900 (CVE-2021-3561) 2021-11-11 08:31:41 fig2dev缓冲区溢出漏洞 详情
3ba6f0e9394f9414e2cadb9495e2d5f5 CNVD-2021-85884 (CVE-2021-41210) 2021-11-10 07:24:57 Google TensorFlow堆分配数组越界读取漏洞 详情
4d8c4744ea972fb2fcb9673fea1fc7b7 CNVD-2021-85883 (CVE-2021-41226) 2021-11-10 07:24:56 Google TensorFlow堆越界访问漏洞 详情
8778f9cd924cae585ca5e2e0b8be3b3f CNVD-2021-85882 (CVE-2021-41224) 2021-11-10 07:24:54 Google TensorFlow堆越界访问漏洞 详情
e1b2722e6d5c509c680b584416d9cb20 CNVD-2021-85881 (CVE-2021-42770) 2021-11-10 07:24:53 OPNsense跨站脚本漏洞 详情
ed09c9fa5586e2d4d9b4e95fe3b447a0 CNVD-2021-85880 (CVE-2021-28024) 2021-11-10 07:24:52 ServiceTonic访问控制不当漏洞 详情
8a642f0922f7f915e81b2b947276a96c CNVD-2021-85879 (CVE-2021-28023) 2021-11-10 07:24:50 ServiceTonic任意文件上传漏洞 详情
c00b061c2cfdee4016a869a188135db5 CNVD-2021-85878 (CVE-2021-28022) 2021-11-10 07:24:49 ServiceTonic SQL注入漏洞 详情
9c4b20a28ad2bd4ab916448f0e1272bd CNVD-2021-85877 (CVE-2021-32483) 2021-11-10 07:24:48 Cloudera Manager不正确访问控制漏洞 详情
4d4423857b7b1f38e49738f00e8949ba CNVD-2021-85876 (CVE-2021-32481) 2021-11-10 07:24:46 Cloudera Hue跨站脚本漏洞 详情
6b12b7fc216d603e8e07351603851c86 CNVD-2021-85875 (CVE-2021-29994) 2021-11-10 07:24:45 Cloudera Hue跨站脚本漏洞 详情
72894fb3a3538de240d2f6810aae63c9 CNVD-2021-85892 (CVE-2021-42701) 2021-11-10 02:38:27 DAQFactory中间人攻击漏洞 详情
94a1f99a64ba24540cc1594d0a0b3152 CNVD-2021-85893 (CVE-2021-42699) 2021-11-10 02:38:26 DAQFactory明文传输漏洞 详情
5d9bac33be8f2f88391f6de02fb89c73 CNVD-2021-85894 (CVE-2021-42698) 2021-11-10 02:38:24 DAQFactory反序列化漏洞 详情

国家信息安全漏洞库(CNNVD) [TOP 30] CVES TIME TITLE URL
4af56cb5b92c349c7b58f8ab9f329d1d CNNVD-202201-2337 (CVE-2021-45729) 2022-01-25 12:40:47 WordPress plugin 安全漏洞 详情
bb300107cee07cb11ac31eebdc21a36e CNNVD-202201-2338 (CVE-2022-0270) 2022-01-25 12:40:45 BoreD Agent 安全漏洞 详情
e99584f5eef890aac84bd4907a630373 CNNVD-202201-2339 (CVE-2022-22789) 2022-01-25 12:40:42 Charactell FormStorm 安全漏洞 详情
80fb9039885803da635a438afe79e7c3 CNNVD-202201-2340 (CVE-2022-0358) 2022-01-25 12:40:40 QEMU 安全漏洞 详情
1fa7b4e00eb4bb279b5c304709ec6a3c CNNVD-202201-2341 (CVE-2021-4202) 2022-01-25 12:40:37 Linux kernel 安全漏洞 详情
f34c2061fd9f12b51e434c49e8d68fdf CNNVD-202201-2342 (CVE-2021-4135) 2022-01-25 12:40:35 Linux kernel 安全漏洞 详情
a42d5e12eb75e9f073c13850c9729280 CNNVD-202201-2343 (CVE-2021-4034) 2022-01-25 12:40:33 polkit 安全漏洞 详情
d164519b8eb3f97273631aaea3049576 CNNVD-202201-2344 (CVE-2022-0330) 2022-01-25 12:40:31 Linux kernel 安全漏洞 详情
3a87ad45bc90042b6a2f2639f96957d9 CNNVD-202201-2345 (CVE-2021-44477) 2022-01-25 12:40:28 GE Gas Power ToolBoxST 代码问题漏洞 详情
f21a854dc96d7506381650244692812d CNNVD-202201-2346 (CVE-2022-23959) 2022-01-25 12:40:26 Varnish Cache 安全漏洞 详情
c3b984f5fd2d10b7e81d4c3f144a788d CNNVD-202201-2264 (CVE-2021-45226) 2022-01-24 12:42:49 Construction Industry Solutions Conis Construction Cloud 安全漏洞 详情
d8e37fc1e55690ac5163c470f38eb235 CNNVD-202201-2265 (CVE-2021-45224) 2022-01-24 12:42:47 Construction Industry Solutions Conis Construction Cloud 安全漏洞 详情
69f730ef2dfd9909a1e1c978d13e3c7f CNNVD-202201-2266 (CVE-2021-45225) 2022-01-24 12:42:45 Construction Industry Solutions Conis Construction Cloud 跨站脚本漏洞 详情
f59ef7122e72ac079ac1a6db07cc189f CNNVD-202201-2267 (CVE-2021-46451) 2022-01-24 12:42:42 Sourcecodester Online Project Time Management System SQL注入漏洞 详情
a508729b28cb05079f8d354d861461ca CNNVD-202201-2268 (CVE-2022-21710) 2022-01-24 12:42:40 MediaWiki ShortDescription 安全漏洞 详情
c3a2eecf1c711af70697b2fd760e5249 CNNVD-202201-2269 (CVE-2022-21711) 2022-01-24 12:42:38 elfspirit 安全漏洞 详情
fd708be247b5f18c6f1a51f1a899a6d5 CNNVD-202201-2270 (CVE-2022-21715) 2022-01-24 12:42:36 CodeIgniter 安全漏洞 详情
d06a4c586191179b5d2ed5fd464b1889 CNNVD-202201-2271 (CVE-2022-22554) 2022-01-24 12:42:33 Dell Emc System Update 安全漏洞 详情
219208748384f236e46b9369acf4395a CNNVD-202201-2272 (CVE-2022-0177) 2022-01-24 12:42:31 Mrdoob Three 跨站脚本漏洞 详情
73015f4a6b7f81f54f3f7f5f1cf8a0f3 CNNVD-202201-2273 (CVE-2021-43394) 2022-01-24 12:42:29 Unisys Messaging Integration Services 安全漏洞 详情
333f2afccac0717b3866e038c6df5d85 CNNVD-202201-2192 (CVE-2021-4129) 2022-01-24 12:41:41 Mozilla Thunderbird 安全漏洞 详情
8154ffbbb7456ac26079812120c4f020 CNNVD-202201-2193 (CVE-2021-4088) 2022-01-24 12:41:39 Mozilla Thunderbird 安全漏洞 详情
2eeee68a487fe9d99f5f38432ce72265 CNNVD-202201-2188 (CVE-2021-45380) 2022-01-23 12:41:49 AppCMS 跨站脚本漏洞 详情
0968a28820e123fce6ed4d58d14219c3 CNNVD-202201-2189 (CVE-2021-4103) 2022-01-23 12:41:47 vditor 跨站脚本漏洞 详情
4217426ddde116b43748dc811f6ad553 CNNVD-202201-2190 (CVE-2022-23850) 2022-01-23 12:41:45 epub2txt 安全漏洞 详情
d9870fc3a99011b3291ee16ac2ad1287 CNNVD-202201-2191 (CVE-2021-46024) 2022-01-23 12:41:43 online-shopping-webvsite-in-php SQL注入漏洞 详情
f46f48a28ae7d0099f4ca18732d517b6 CNNVD-202201-2185 (CVE-2022-23807) 2022-01-22 12:41:56 phpMyAdmin 安全漏洞 详情
373317d54d9d4f9fc72bfdc5cd5d9c12 CNNVD-202201-2186 (CVE-2022-23808) 2022-01-22 12:41:54 phpMyAdmin 跨站脚本漏洞 详情
b2f4ac3a6437dda93a700596d4d8edc7 CNNVD-202201-2187 (CVE-2021-4172) 2022-01-22 12:41:52 showdoc 跨站脚本漏洞 详情
d6a52eff49e9cc4852ff3423eddb1b5d CNNVD-202201-2184 (CVE-2022-23366) 2022-01-21 12:41:58 kabirkhyrul Hospital Managment System SQL注入漏洞 详情

奇安信 [TOP 30] CVES TIME TITLE URL
6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情

安全客 [TOP 30] CVES TIME TITLE URL
03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情

斗象 [TOP 30] CVES TIME TITLE URL
485f2c57713f4a39830e8c2d01e43cfe CVE-2021-4034 2022-01-26 06:19:16 Linux Polkit 权限提升漏洞(CVE-2021-4034) 详情
0aa6eab412c0318b74c6a470ee774df1 CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 2022-01-12 03:44:50 微软2022年1月补丁日漏洞通告 详情
88a8c676b52a739c0335d7c21ca810a9 2022-01-06 08:19:17 MeterSphere 远程代码执行漏洞 详情
76cad61d2d5a8750a6a714ab2c6dbc97 CVE-2021-45232 2021-12-28 10:31:16 Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) 详情
af4f5f63390eb00de8705b5029d8c376 CVE-2021-44228, CVE-2021-45046 2021-12-14 01:56:52 Apache Log4j 远程代码执行漏洞 详情
43456ae172e45c12087c40c03d925e0e CVE-2021-44228 2021-12-11 03:21:34 Apache Log4j 远程代码执行漏洞 详情
392b133d98d6f61aee36ce6c8784f4df 2021-12-09 15:20:54 Apache Log4j 远程代码执行漏洞 详情
1e193280a8f45427c06cb4945be4f126 2021-12-07 06:48:55 Grafana 任意文件读取漏洞 详情
1911c90c4cf886d9867ff81b4756eb3f 2021-12-02 06:37:58 VMware vCenter 服务端请求伪造漏洞 详情
45a46bc77eb26e67020f43cf08f1fcc6 CVE-2021-21980, CVE-2021-22049 2021-11-26 03:52:06 VMware vCenter Server多个高危漏洞通告 详情
c1d2650c12cb12d9ee21f53d0f087be8 CVE-2021-42321, CVE-2021-42292, CVE-2021-38666 2021-11-10 12:03:45 微软2021年11月补丁日漏洞通告 详情
6b34ab872bd97043b7699554194da23f CVE-2021-22205 2021-11-02 03:38:34 GitLab CE/EE远程代码执行漏洞(CVE-2021-22205) 详情
a418a10f7f4a1694a2293e895b24de6a CVE-2021-35617, CVE-2021-35620 2021-10-20 03:07:34 Oracle WebLogic 多个高危漏洞通告 详情
e2d8ba6cd503627461acaa0de23c51b6 CVE-2021-40449, CVE-2021-26427, CVE-2021-40486, CVE-2021-38672, CVE-2021-40461 2021-10-13 05:29:50 微软2021年10月补丁日漏洞通告 详情
68be9e619a7702aa2cb4d58c255d39c8 CVE-2021-41773, CVE-2021-42013 2021-10-09 03:33:50 Apache HTTP Server 路径遍历漏洞 详情
2b425329012f167ceeee133dcab6c49c CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017 2021-09-22 05:41:12 VMware多个高危漏洞通告 详情
a0f1f4b9e08c161feea107db8c47d55e CVE-2021-26084 2021-08-26 12:03:16 Atlassian Confluence远程代码执行漏洞(CVE-2021-26084) 详情
68ee7b98acb8ba2e45c3638a078d9535 CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, CVE-2021-39154 2021-08-23 06:14:35 XStream 多个反序列化漏洞 详情
e00d270224089dec1dde09bb05ec2678 CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 2021-08-06 08:53:31 Microsoft Exchange 远程代码执行漏洞(PoC已公开) 详情
b36f311a6a1cb8b7c4d2da09512e0fa9 CVE-2021-2394, CVE-2021-2397, CVE-2021-2382 2021-07-21 10:29:24 Oracle WebLogic 多个高危漏洞通告 详情
86cb552f791b9e8159d01a9478a59f9d CVE-2021-34527, CVE-2021-34448, CVE-2021-33771, CVE-2021-31979, CVE-2021-34473, CVE-2021-34520, CVE-2021-34468, CVE-2021-34467, CVE-2021-34449, CVE-2021-33780 2021-07-14 09:40:04 微软2021年7月补丁日漏洞通告 详情
ed706209d0185b2415915cac4afec37b 2021-07-08 08:43:59 YApi远程代码执行漏洞通告 详情
c5bfeca05acdc931e8686c9e3d4ff937 2021-07-02 11:03:50 Windows Print Spooler 远程代码执行漏洞(CVE-2021-34527) 详情
4184ae9f57a2db9063367e64e6cc2cb7 CVE-2021-1675 2021-06-29 10:15:39 Windows Print Spooler远程代码执行漏洞(CVE-2021-1675) 详情
2131ca2cbd7b631f62f8701a925c2767 CVE-2021-21998 2021-06-23 06:20:30 VMware Carbon Black App Control 身份验证绕过漏洞(CVE-2021-21998) 详情
906de48de24b85a2278ae80a9f4d0aa8 2021-06-03 02:48:56 用友NC BeanShell 远程命令执行漏洞 详情
4d9035105f60b9d56f24c24e87fc6e32 CVE-2021-21985 2021-05-26 03:39:33 VMware vCenter Server 远程代码执行漏洞(CVE-2021-21985) 详情
137a4e2d822964f8f8c93f59d00f2bce 2021-04-18 16:38:14 WebLogic T3反序列化漏洞0day 详情
7cb0c487c17f2247b0b81ef4bc51f47b 2021-04-18 16:38:14 WebLogic T3反序列化漏洞0day通告 详情
49c6f9e6d3305e3f6a1b9e819a546f5e 2021-03-18 07:43:11 GitLab markdown远程代码执行漏洞 详情

红后 [TOP 30] CVES TIME TITLE URL
8a38deab9ee335ad121f47279e57bb11 CVE-2020-26534 2022-01-26 13:47:30 Foxit Reader PhantomPDF 资源管理错误漏洞 详情
f5a8afe7c5c9a0e2fc2b24a1d6de05ee CVE-2020-26518 2022-01-26 13:47:27 Artica Pandora FMS SQL注入漏洞 详情
77a4267e21124545688d42be89e98309 CVE-2020-26536 2022-01-26 13:47:25 Foxit Reader and PhantomPDF 代码问题漏洞 详情
28ded10ac184663dcff27eaaa90c775e CVE-2020-26535 2022-01-26 13:47:20 Foxit Reader,PhantomPDF 缓冲区错误漏洞 详情
7554f4b991f8ab4df1c92a3834de410d CVE-2020-26519 2022-01-26 13:47:16 artifex mupdf 缓冲区错误漏洞 详情
043fbcae02bbfa9614ae2094eba67fc4 CVE-2020-26134 2022-01-26 13:47:13 Live Helper Chat 跨站脚本漏洞 详情
ab7ca86be22076c4079ac212ba687a24 CVE-2020-24698 2022-01-26 13:47:09 PowerDNS 资源管理错误漏洞 详情
2e398ea3a1eb87e774a08e7f7f5a9ed7 CVE-2020-18190 2022-01-26 13:47:06 Bludit 路径遍历漏洞 详情
e6c5166d3100134cd33ece7824c2c4ef CVE-2020-17482 2022-01-26 13:47:02 PowerDNS Authoritative Server 信息泄露漏洞 详情
b98eabea3159b5e9778e76cd43d240b6 CVE-2020-13320 2022-01-25 13:43:31 GitLab 授权问题漏洞 详情
7c56243053ec275e0403e10699e220d4 CVE-2020-12506 2022-01-25 13:43:28 WAGO 访问控制错误漏洞 详情
5fe2f0b6e2930eaf65b805cd2a25067e CVE-2020-25774 2022-01-25 13:43:24 Trend Micro Apex One 缓冲区错误漏洞 详情
53ac569396d73bdb1da34205e06468be CVE-2020-13296 2022-01-25 13:43:21 GitLab 访问控制问题漏洞 详情
44de3e0716deb870816b896ebffd02f3 CVE-2020-25771 2022-01-25 13:43:18 Trend Micro Apex One 缓冲区错误漏洞 详情
315ecd0916dba77db20f6d85b9e862b1 CVE-2020-25775 2022-01-25 13:43:14 Trend Micro Security 2020 竞争条件问题漏洞 详情
f342d5d2b041adb1d5a1b6fcd1807b96 CVE-2020-24564 2022-01-25 13:43:11 Trend Micro Apex One 缓冲区错误漏洞 详情
691233a401f83fe33ddc13cc256a2811 CVE-2020-25772 2022-01-25 13:43:07 Trend Micro Apex One 缓冲区错误漏洞 详情
6e5cb390568d431f179f0ed80d242953 CVE-2020-26121 2022-01-25 13:43:04 MediaWiki 安全漏洞 详情
44634006c7b701b3f37b6cfb43141701 CVE-2020-24565 2022-01-25 13:43:00 Trend Micro Apex One 缓冲区错误漏洞 详情
4e4e6939448e7795b5fa08a7c850a052 CVE-2020-26111 2022-01-24 13:44:13 cPanel 跨站脚本漏洞 详情
9a8e28ba3c04487bbaa87ef88638ccdf CVE-2020-26109 2022-01-24 13:44:10 cPanel 安全漏洞 详情
0035ae7962995540dac5ac7ef2bcba71 CVE-2020-26110 2022-01-24 13:44:06 cPanel 跨站脚本漏洞 详情
27680ba03318d2bfccb79ab7cb55f4a7 CVE-2020-26105 2022-01-24 13:44:03 cPanel 安全漏洞 详情
e082652caa3d2a955914d6f04f726f93 CVE-2020-26107 2022-01-24 13:44:00 cPanel 加密问题漏洞 详情
e69e4fff04fa34a1fef010cb6ecf1eb0 CVE-2020-26112 2022-01-24 13:43:56 cPanel 安全漏洞 详情
01042a708447081e5135400006996ff6 CVE-2020-26103 2022-01-24 13:43:53 cPanel 安全漏洞 详情
074a953152bcbc9606cc103745f4ca60 CVE-2020-26106 2022-01-24 13:43:49 cPanel 日志信息泄露漏洞 详情
700fcb089d34a6b388874dfaed346101 CVE-2020-26108 2022-01-24 13:43:46 cPanel 安全漏洞 详情
e324863a2c71429f468f17c92ec7b043 CVE-2020-26101 2022-01-24 13:43:43 cPanel 安全漏洞 详情
c49a185eac13cd95870e88f93a63d05a CVE-2020-3133 2022-01-23 13:48:19 Cisco Email Security Appliance AsyncOS Software 输入验证错误漏洞 详情

绿盟 [TOP 30] CVES TIME TITLE URL
30a14afd4218aedf530a5d2db69d17d9 CVE-2021-46234 2022-01-26 09:26:42 GPAC空指针解引用漏洞 详情
fa76f1d19c217130368d12865e4e99d5 CVE-2021-46236 2022-01-26 09:26:42 GPAC空指针解引用漏洞 详情
f75434a37957a67d6f66a9e547d96875 CVE-2021-46240 2022-01-26 09:26:42 GPAC空指针解引用漏洞 详情
1718e1f77e3b7eed2ae3be1c7dc73e7d CVE-2021-46237 2022-01-26 09:26:42 GPAC空指针解引用漏洞 详情
4af2cb5b8d40198e1edb37b9fc490564 CVE-2021-46238 2022-01-26 09:26:42 GPAC堆栈溢出漏洞 详情
a442ef0b9b97baa69db608667f8452ad CVE-2021-46239 2022-01-26 09:26:42 GPAC无效释放漏洞 详情
5bb4fef9b7076a7e9eeab96fb06db6bd CVE-2021-34866 2022-01-26 09:26:42 Linux kernel类型混淆漏洞 详情
47b41af0e5f480bdf6aa109b96d2744b CVE-2022-22551 2022-01-26 09:26:42 Dell EMC AppSync信息泄露漏洞 详情
4ee1f48327a3bec376046330fee63e44 CVE-2021-34870 2022-01-26 09:26:42 NETGEAR XR1000授权错误漏洞 详情
c4123ac671aadd152668fa6371ef7728 CVE-2021-34865 2022-01-26 09:26:42 多款NETGEAR路由器授权错误漏洞 详情
04e1936129aa5780f8b0304a9e163fa6 CVE-2021-34867 2022-01-26 09:26:42 Parallels Desktop权限提升漏洞 详情
c1fd9955028be5ee1945c142c42c6528 CVE-2021-34868 2022-01-26 09:26:42 Parallels Desktop权限提升漏洞 详情
f82b9674db4786528991a86ea9438282 CVE-2021-34869 2022-01-26 09:26:42 Parallels Desktop权限提升漏洞 详情
0db814885bce89a5aa40387a44f6a332 CVE-2021-38695 2022-01-26 09:26:42 SoftVibe Saraban for INFOMA跨站脚本漏洞 详情
389d72a45c2ed35109fdf6b77a6ec6a3 CVE-2021-38696 2022-01-26 09:26:42 SoftVibe Saraban for INFOMA访问控制错误漏洞 详情
705745fefd430fc9f6f26c6efb807bec CVE-2022-21334 2022-01-25 09:25:57 Oracle MySQL Cluster输入验证错误漏洞 详情
b33af1b3d33d93f9ce19c218dc3240cf CVE-2022-21329 2022-01-25 09:25:57 Oracle MySQL Cluster输入验证错误漏洞 详情
de69345a8c3686e42b29246a30ac8739 CVE-2022-21307 2022-01-25 09:25:57 Oracle MySQL Cluster输入验证错误漏洞 详情
c4e2e8301b070bc59d81d4ad839ea1e1 CVE-2022-21358 2022-01-25 09:25:57 Oracle MySQL Server输入验证错误漏洞 详情
ad185ac2e77dab74f9ed7d441c307021 CVE-2022-21363 2022-01-25 09:25:57 Oracle MySQL Connectors输入验证错误漏洞 详情
e9614e8c7322ceaea7de2025e9009dcf CVE-2022-21283 2022-01-25 09:25:57 Oracle Java SE和GraalVM Enterprise Edition输入验证错误漏洞 详情
51ba0040cbe97592b9266d6206be25db CVE-2022-21341 2022-01-25 09:25:57 Oracle Java SE和GraalVM Enterprise Edition输入验证错误漏洞 详情
ebe8ce21640ce41826be7a60070d5d94 CVE-2022-21340 2022-01-25 09:25:57 Oracle Java SE和GraalVM Enterprise Edition输入验证错误漏洞 详情
139027ae4294503e12e718923f3cec0a CVE-2022-21293 2022-01-25 09:25:57 Oracle Java SE和GraalVM Enterprise Edition输入验证错误漏洞 详情
e33e257ecbb625bf97f8e0b24cf048cd CVE-2022-21278 2022-01-25 09:25:57 Oracle MySQL Server输入验证错误漏洞 详情
3f85245df76b210a642ec10890dcfc61 CVE-2022-21351 2022-01-25 09:25:57 Oracle MySQL Server输入验证错误漏洞 详情
b226496c6edff25811aba9d86d797620 CVE-2022-21335 2022-01-25 09:25:57 Oracle MySQL Cluster输入验证错误漏洞 详情
7aec87d2923edf655b2e22f509ca2936 CVE-2022-21284 2022-01-25 09:25:57 Oracle MySQL Cluster输入验证错误漏洞 详情
ab356ec63315a9eb7ec7848c1783b876 CVE-2022-21271 2022-01-25 09:25:57 Oracle Java SE和GraalVM Enterprise Edition输入验证错误漏洞 详情
0c3aa9928f4e893d16b04edb21478488 CVE-2022-21294 2022-01-25 09:25:57 Oracle Java SE和GraalVM Enterprise Edition输入验证错误漏洞 详情

美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL
407fc8caf981f6ae2535530da94a7c93 CVE-2022-23315 2022-01-21 00:15:08 MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. 详情
64562a76405b612669f98c6586ad7612 CVE-2022-23314 2022-01-21 00:15:08 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. 详情
43ad593bce639c9fe093c198e3495e3b CVE-2022-23221 2022-01-19 17:15:09 H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392. 详情
8a0109eeb32858e75dbc7f982d859528 CVE-2022-23435 2022-01-19 01:15:09 decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service. 详情
2ad1380374a61bb9e26aa706fe74cff6 CVE-2022-23307 2022-01-18 16:15:08 CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. 详情
4c59a940f9e46a1408d758a13294cd29 CVE-2022-23304 2022-01-17 02:15:06 The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. 详情
5a2a1cc5d5c4339d0c2d23671998e43f CVE-2022-23303 2022-01-17 02:15:06 The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. 详情
1d871895704f5d6abe014505ae2f8017 CVE-2022-23095 2022-01-15 15:17:30 Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. 详情
24a189ed35310dd56ae19b47d53435f8 CVE-2022-23178 2022-01-15 15:17:30 An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. 详情
5cf5467d31c8f227eb4e104456bd127c CVE-2022-23094 2022-01-15 02:15:06 Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. 详情
56a29b12b26bf4211bef6d92c7982df8 CVE-2022-23227 2022-01-14 18:15:10 NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. 详情
c5bdbe855d7c7d84e6e9d529c55b7b28 CVE-2022-23222 2022-01-14 08:15:07 kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. 详情
4fea8ec1f9030766b5f1dd930ef1bfc3 CVE-2022-23218 2022-01-14 07:15:08 The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. 详情
4bda2739dd6171d138bf56b5b490a2b4 CVE-2022-23219 2022-01-14 07:15:08 The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. 详情
f050b8de25a9c760e622f8b619745a61 CVE-2021-34918 2022-01-13 22:15:11 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14896. 详情
4491b4a0d1bc8f1982caede51bcf7a45 CVE-2021-34917 2022-01-13 22:15:11 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14895. 详情
f9bebf5a8caa147e3cb564958002344c CVE-2021-34916 2022-01-13 22:15:11 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14894. 详情
266dacbef82556181eb8c34b385137cc CVE-2021-34915 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14893. 详情
0b93ed1df7986f0e1b8cc82f6d1b9860 CVE-2021-34914 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14892. 详情
229e6d110e8ab2fd9b3eff08b480ddb5 CVE-2021-34913 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14831. 详情
999c4fc9ced537f809ac53b84bfd7075 CVE-2021-34912 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14885. 详情
8634322a0a79cbab76418088790fad5e CVE-2021-34911 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14884. 详情
8c786825296c71f3ddeaff1255d19f53 CVE-2021-34910 2022-01-13 22:15:10 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14883. 详情
e756992b343bca1190235dc2ce39b528 CVE-2021-34909 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14882. 详情
3dbabc221d076ba9d3f844b34bff8cbf CVE-2021-34908 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14881. 详情
583455500d41e61eda4998926b5c91ca CVE-2021-34907 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14880. 详情
f7291cd9133f21b53d8c6a02125887fa CVE-2021-34906 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14879. 详情
2ffca7e8228cf593ffc4074998c26e87 CVE-2021-34905 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14878. 详情
5257670735eaedc78947ced659cfdcdb CVE-2021-34904 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14877. 详情
b1c0ea008e5b892da16720aeee153aee CVE-2021-34903 2022-01-13 22:15:10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. Crafted data in a BMP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14876. 详情




赞助途径