眈眈探求 | 威胁情报播报


360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL
150fff028866ba5067dbaf07a084c079 CVE-2023-22482 2023-02-01 10:38:55 CVE-2023-22482/22736:Argo CD 身份验证绕过漏洞通告 详情
1a8d72f5cd0e1a73a61aaebc6814c14f CVE-2023-22482 2023-02-01 10:26:08 CVE-2023-22482/22736:Argo CD 多个高危漏洞通告 详情
6ed300bb32e9b3dbcd13799721e33f21 CVE-2022-27596 2023-01-31 09:05:23 CVE-2022-27596:QNAP QTS/QuTS hero SQL注入漏洞通告 详情
b1ba4c50be661b8759cbb4305b315eb0 2023-01-30 08:15:10 VMware vRealize Log Insight多个高危漏洞通告 详情
14c20963965e361ecb3dd34b1228eb8d CVE-2023-23560 2023-01-30 08:13:40 CVE-2023-23560:Lexmark打印机服务器端请求伪造漏洞通告 详情
86918d8f318d68a2079e320a75c0220b 2023-01-19 08:24:18 2023-01 补丁日: Oracle多个产品漏洞安全风险通告 详情
29b3089137ef79c951aa6f60cb9b7122 CVE-2023-21839 2023-01-19 08:09:30 CVE-2023-21839:Oracle WebLogic Server 远程代码执行漏洞通告 详情
4208fa511ff172ebf734affdd050796e CVE-2023-22602 2023-01-17 09:31:42 CVE-2023-22602:Apache Shiro身份认证绕过漏洞通告 详情
62223983c51518a0ca7e9cbe9ea9b834 2023-01-16 09:08:54 安全事件周报 (01.09-01.13) 详情
720f5cf7b6a29e3f2d483601ba801a5a CVE-2023-21752 2023-01-12 08:45:47 CVE-2023-21752:Windows Backup Service权限提升漏洞通告 详情
2e5d630025b06426092cf8d8a1e16c8e 2023-01-11 06:46:24 2023-01 补丁日: 微软多个漏洞安全更新通告 详情
60c1f2b8a7bb098ed4d327afc61a0825 CVE-2022-45935 2023-01-09 10:12:52 CVE-2022-45935:Apache James Server信息泄露漏洞通告 详情
6061308d73c79afe6c4a5d92220d113a 2023-01-09 07:36:56 安全事件周报 (01.02-01.08) 详情
dbec6663a7042bcb0ed3b20fb4e46dd1 CVE-2022-43931 2023-01-06 09:53:44 CVE-2022-43931:Synology VPN Plus Server越界写入漏洞通告 详情
32874bc096f1e76d0aa612a9c631dfee CVE-2022-39947 2023-01-06 09:45:29 CVE-2022-39947/35845:Fortinet 命令注入漏洞通告 详情
048bd1a4d09184420f7d23033e4dfb1d CVE-2022-43396 2023-01-04 08:20:44 CVE-2022-43396/44621:Apache Kylin命令注入漏洞通告 详情
1eb9472f701c04a34abe9e4f982dd28a 2023-01-03 07:53:35 安全事件周报 (12.26-01.01) 详情
7c7d08a73548df625fc921b9f929ebbf CVE-2022-41966 2022-12-28 09:11:26 CVE-2022-41966:XStream 拒绝服务漏洞通告 详情
eb77720c26768d70cc40b3f3870c99fc CVE-2022-41080 2022-12-27 09:18:39 CVE-2022-41080/41082:Microsoft Exchange Server OWASSRF漏洞通告 详情
0d023edfcbc03e86fbebb4f5ae4807a0 CVE-2022-45347 2022-12-27 08:10:22 CVE-2022-45347:Apache ShardingSphere身份认证绕过漏洞通告 详情
a69acda846a82ea15e1a840547bcb528 CVE-2022-47939 2022-12-26 09:08:30 CVE-2022-47939:Linux Kernel ksmbd UAF远程代码执行漏洞通告 详情
8bd58963befa216e2b64a76a9676927a 2022-12-26 08:20:22 安全事件周报 (12.19-12.25) 详情
13673018d7394e8a03c74e7a420c8328 2022-12-19 03:23:37 安全事件周报 (12.12-12.18) 详情
29420db03cefa956d3263ee7127f3234 2022-12-14 03:50:13 2022-12 补丁日: 微软多个漏洞安全更新通告 详情
8c7c2d107634515b852f1b692eb3bf01 CVE-2022-42475 2022-12-13 06:29:30 Fortinet SSL VPN远程代码执行漏洞 详情
e6bcb650572be767dc309871d480f8af 2022-12-12 10:02:23 安全事件周报 (12.05-12.11) 详情
cc5871850d3237f1a846420ef7c0c3e6 CVE-2022-46169 2022-12-07 07:20:46 CVE-2022-46169:Cacti命令注入漏洞 详情
1aaa180f7a12e16f561ad4b1b0b417b9 2022-12-05 06:43:02 安全事件周报 (11.28-12.04) 详情
aded22774ac53a12afe6e09f2422fe34 CVE-2022-4262 2022-12-03 04:32:39 CVE-2022-4262:Google Chrome V8类型混淆漏洞通告 详情
4dd70a249708c45f53a9f14a138550b5 CVE-2022-3328 2022-12-02 07:18:12 Snapd 本地权限提升漏洞通告 详情

Tenable (Nessus) [TOP 30] CVES TIME TITLE URL
369fcf89bbdae57760893003db6cbd76 CVE-2022-43665 2023-02-02 10:15:00 A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. 详情
e67f7df607635f262b9a7693c3a35a37 CVE-2023-0641 2023-02-02 09:15:00 A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability. 详情
45e429f426104cab66f85aa780ad6a1e CVE-2023-0640 2023-02-02 09:15:00 A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020. 详情
2fff7f232c7320c703484efb3fb31c6f CVE-2023-0639 2023-02-02 09:15:00 A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. 详情
8420df51496bf8dd943caed11ac75870 CVE-2023-0638 2023-02-02 09:15:00 A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability. 详情
7be26f44a1b8bd3fba14334d07905979 CVE-2023-0637 2023-02-02 09:15:00 A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability. 详情
2c2f21667b6f19aed5bfa865a078cf15 CVE-2023-0400 2023-02-02 09:15:00 The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. 详情
64b53d7c691c6251064f6932775bebcc CVE-2022-2546 2023-02-02 09:15:00 The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key 详情
76e34dc76f27279e77431e934e0d09ca CVE-2022-40269 2023-02-02 08:15:00 Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes. 详情
af574e7e98421c8c72161a0da9decc51 CVE-2022-40268 2023-02-02 08:15:00 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. 详情
e5b29b91d30b206971a41b4c240e321e CVE-2023-25015 2023-02-02 04:15:00 Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. 详情
b7a6b35dda473e2108023dd0e10317b5 CVE-2023-25014 2023-02-02 01:15:00 An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users. 详情
befd08d89419e567a2bf20e11067ce16 CVE-2023-25013 2023-02-02 01:15:00 An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users. 详情
b4fab3e763ec2c1a5b8bbb00e0325087 CVE-2023-25012 2023-02-02 00:15:00 The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. 详情
f422d17010adc40d0f3222e74f870369 CVE-2023-0599 2023-02-01 23:15:00 Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator. 详情
54f6a677bbd5fa37186618c492e38bcf CVE-2022-37034 2023-02-01 23:15:00 In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. 详情
43c03ecd280ef8189924e61fdd597e37 CVE-2023-23751 2023-02-01 22:15:00 An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. 详情
ac9ef3b076b10f8ee99944a7c5843474 CVE-2023-23750 2023-02-01 22:15:00 An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. 详情
085c2b80c4081ea15f2a0b9dc75f84b5 CVE-2022-47872 2023-02-01 22:15:00 maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF). 详情
6e4f481efd39f7443d274b28de693098 CVE-2022-45783 2023-02-01 22:15:00 An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. 详情
664f76fbec3ad9bfecead18acd7b1914 CVE-2022-45782 2023-02-01 22:15:00 An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover. 详情
aa5c41e7b580c6ff0e2da2429d5bf5cb CVE-2022-3913 2023-02-01 22:15:00 Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server's FQDN or redirect legitimate traffic to the attacker's server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM. 详情
252a6e9ec103cff26556852ec9bee326 CVE-2022-37033 2023-02-01 22:15:00 In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely. 详情
4bfd45b7eca2fb17be47e7c6cb508cd2 CVE-2023-23078 2023-02-01 20:15:00 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. 详情
23968a88defc3fc10d3bc60c25abc539 CVE-2023-23077 2023-02-01 20:15:00 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. 详情
f1f6b15f9892cf78cecfd5c013fdf9c0 CVE-2023-23076 2023-02-01 20:15:00 OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. 详情
730b045d45dfec2dad5108caa1df8525 CVE-2023-23075 2023-02-01 20:15:00 Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. 详情
971b2783478bffb708490dd3714608ea CVE-2023-23074 2023-02-01 20:15:00 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. 详情
f093765b753d9898cf508d679339a151 CVE-2023-23073 2023-02-01 20:15:00 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. 详情
02754a9b8203f0899bab9d1cbc399da3 CVE-2023-22287 2023-02-01 20:15:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. 详情

国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL
8686fda9b2b49e4e1666b54e2248f935 CNVD-2021-74882 2021-11-14 16:43:52 四创科技有限公司建站系统存在SQL注入漏洞 详情
8f6972d84ad188b05ff9cc14d4334949 CNVD-2021-87021 (CVE-2020-4690) 2021-11-12 12:43:14 IBM Security Guardium硬编码凭证漏洞 详情
3bfe7b053a0c59d8a3d38c18f86aa143 CNVD-2021-87022 (CVE-2021-38870) 2021-11-12 12:43:12 IBM Aspera跨站脚本漏洞 详情
a4649bb17f4db4d1c7f879ebceb46ed0 CNVD-2021-87011 (CVE-2021-29753) 2021-11-12 12:43:11 IBM Business Automation Workflow存在未明漏洞 详情
094c613f9ed4b8b9d887dc912789043c CNVD-2021-87025 (CVE-2021-20563) 2021-11-12 12:43:10 IBM Sterling File Gateway信息泄露漏洞 详情
41c47f01a4c65dcb6efc9ebf483fe762 CNVD-2021-87010 (CVE-2021-38887) 2021-11-12 12:43:08 IBM InfoSphere Information Server信息泄露漏洞 详情
f51d33e7a09fd61ca90ede453515a830 CNVD-2021-87016 (CVE-2021-29764) 2021-11-12 12:43:07 IBM Sterling B2B Integrator跨站脚本漏洞 详情
33615a5f78df822e82e6d3436045c48c CNVD-2021-87026 (CVE-2021-38877) 2021-11-12 12:43:06 IBM Jazz for Service Management跨站脚本漏洞 详情
8e729177bcb4105dd831fb1e123ed1bb CNVD-2021-87014 (CVE-2021-29679) 2021-11-12 12:43:04 IBM Cognos Analytics远程代码执行漏洞 详情
1a3b856f78e9fbdca12aeddc7d665aca CNVD-2021-87029 (CVE-2021-29752) 2021-11-12 12:43:03 IBM Db2信息泄露漏洞 详情
6f1aa3a0cb819d97519baa47fd0232d5 CNVD-2021-87015 (CVE-2021-29745) 2021-11-12 12:43:02 IBM Cognos Analytics权限提升漏洞 详情
cbcb12f5f51d6e7d6d8a9fa581aa863a CNVD-2021-73908 2021-11-11 16:42:44 泛微e-cology存在SQL注入漏洞 详情
ae6fd467da55de31aa7219187cf5c2d4 CNVD-2021-86904 (CVE-2021-20351) 2021-11-11 08:31:46 IBM Engineering跨站脚本漏洞 详情
412a15b40959ed9cf9330ee79f99e079 CNVD-2021-86903 (CVE-2021-31173) 2021-11-11 08:31:44 Microsoft SharePoint Server信息泄露漏洞 详情
1cbc5d5faac431d3e82c9e5ea9588b5f CNVD-2021-86902 (CVE-2021-31172) 2021-11-11 08:31:43 Microsoft SharePoint欺骗漏洞 详情
686c7cfb20933b41c3d679cbba79a2ad CNVD-2021-86901 (CVE-2021-31181) 2021-11-11 08:31:42 Microsoft SharePoint远程代码执行漏洞 详情
72fdfb2d44c0d41d638e4632bdfc10b8 CNVD-2021-86900 (CVE-2021-3561) 2021-11-11 08:31:41 fig2dev缓冲区溢出漏洞 详情
3ba6f0e9394f9414e2cadb9495e2d5f5 CNVD-2021-85884 (CVE-2021-41210) 2021-11-10 07:24:57 Google TensorFlow堆分配数组越界读取漏洞 详情
4d8c4744ea972fb2fcb9673fea1fc7b7 CNVD-2021-85883 (CVE-2021-41226) 2021-11-10 07:24:56 Google TensorFlow堆越界访问漏洞 详情
8778f9cd924cae585ca5e2e0b8be3b3f CNVD-2021-85882 (CVE-2021-41224) 2021-11-10 07:24:54 Google TensorFlow堆越界访问漏洞 详情
e1b2722e6d5c509c680b584416d9cb20 CNVD-2021-85881 (CVE-2021-42770) 2021-11-10 07:24:53 OPNsense跨站脚本漏洞 详情
ed09c9fa5586e2d4d9b4e95fe3b447a0 CNVD-2021-85880 (CVE-2021-28024) 2021-11-10 07:24:52 ServiceTonic访问控制不当漏洞 详情
8a642f0922f7f915e81b2b947276a96c CNVD-2021-85879 (CVE-2021-28023) 2021-11-10 07:24:50 ServiceTonic任意文件上传漏洞 详情
c00b061c2cfdee4016a869a188135db5 CNVD-2021-85878 (CVE-2021-28022) 2021-11-10 07:24:49 ServiceTonic SQL注入漏洞 详情
9c4b20a28ad2bd4ab916448f0e1272bd CNVD-2021-85877 (CVE-2021-32483) 2021-11-10 07:24:48 Cloudera Manager不正确访问控制漏洞 详情
4d4423857b7b1f38e49738f00e8949ba CNVD-2021-85876 (CVE-2021-32481) 2021-11-10 07:24:46 Cloudera Hue跨站脚本漏洞 详情
6b12b7fc216d603e8e07351603851c86 CNVD-2021-85875 (CVE-2021-29994) 2021-11-10 07:24:45 Cloudera Hue跨站脚本漏洞 详情
72894fb3a3538de240d2f6810aae63c9 CNVD-2021-85892 (CVE-2021-42701) 2021-11-10 02:38:27 DAQFactory中间人攻击漏洞 详情
94a1f99a64ba24540cc1594d0a0b3152 CNVD-2021-85893 (CVE-2021-42699) 2021-11-10 02:38:26 DAQFactory明文传输漏洞 详情
5d9bac33be8f2f88391f6de02fb89c73 CNVD-2021-85894 (CVE-2021-42698) 2021-11-10 02:38:24 DAQFactory反序列化漏洞 详情

国家信息安全漏洞库(CNNVD) [TOP 30] CVES TIME TITLE URL
56358b73280e18ed2eaf62bf4b7fba5f CNNVD-202210-1696 (CVE-2021-44776) 2022-10-24 13:12:31 Lanner IAC-AST2500A 安全漏洞 详情
07eddc3a7e5e3731956c02a50f538970 CNNVD-202210-1697 (CVE-2021-26732) 2022-10-24 13:12:29 Lanner IAC-AST2500A 安全漏洞 详情
4b051d50f18e2bb4a1f272b12f873223 CNNVD-202210-1698 (CVE-2021-26731) 2022-10-24 13:12:27 Lanner IAC-AST2500A 缓冲区错误漏洞 详情
0d79d7ad89e7b6f52a89de2e3762a492 CNNVD-202210-1699 (CVE-2021-42010) 2022-10-24 13:12:25 Apache Heron 注入漏洞 详情
9596051a8fb75da90bf94bd495b53e94 CNNVD-202210-1700 (CVE-2021-26733) 2022-10-24 13:12:23 Lanner IAC-AST2500A 安全漏洞 详情
883bec62dd4552d68130c0f925873e93 CNNVD-202210-1701 (CVE-2022-42432) 2022-10-24 13:12:22 Linux kernel 安全漏洞 详情
755328fe5484ce3f71a4940d10f50b34 CNNVD-202210-1702 (CVE-2021-44769) 2022-10-24 13:12:20 Lanner IAC-AST2500A 输入验证错误漏洞 详情
9c53a984103cd446d6e447c12c9c66c6 CNNVD-202210-1703 (CVE-2021-44467) 2022-10-24 13:12:18 Lanner IAC-AST2500A 安全漏洞 详情
30dfa903ed49845732fc6cef266206e9 CNNVD-202210-1704 (CVE-2022-41974) 2022-10-24 13:12:16 Red Hat device-mapper-multipath 安全漏洞 详情
9c6324677d17c72db81aec2e1797791f CNNVD-202210-1705 (CVE-2022-41973) 2022-10-24 13:12:14 Red Hat device-mapper-multipath 安全漏洞 详情
4ec5a4ccefd5879e573cd53c2123dd3a CNNVD-202210-1612 (CVE-2022-39272) 2022-10-22 13:09:56 Flux2 安全漏洞 详情
c3846b92a4965777ef3e53a1f4618717 CNNVD-202210-1600 (CVE-2022-3646) 2022-10-21 13:10:17 Linux kernel 安全漏洞 详情
9a761144255ce6f90bb54e219ea40282 CNNVD-202210-1601 (CVE-2022-34438) 2022-10-21 13:10:15 Dell PowerScale OneFS 安全漏洞 详情
44290d228b51ffbf0aab6efd4d6e678e CNNVD-202210-1602 (CVE-2022-31239) 2022-10-21 13:10:12 Dell PowerScale OneFS 安全漏洞 详情
9ca9cbb2a337c33899bcdf19d91d7d78 CNNVD-202210-1603 (CVE-2022-34437) 2022-10-21 13:10:10 Dell PowerScale OneFS 安全漏洞 详情
0a96e1daad10fc7b842abaa350831db2 CNNVD-202210-1605 (CVE-2022-26870) 2022-10-21 13:10:08 Dell EMC PowerStore 安全漏洞 详情
35f41caeb97feaaa8373f4dbbbd7a249 CNNVD-202210-1606 (CVE-2020-5355) 2022-10-21 13:10:06 Dell EMC Isilon OneFS 安全漏洞 详情
d314bbe34de68aa67eddd75a9f4ce40c CNNVD-202210-1609 (CVE-2022-3649) 2022-10-21 13:10:03 Linux kernel 资源管理错误漏洞 详情
351642a659185d5b0604973397c7fa3b CNNVD-202210-1610 (CVE-2022-39259) 2022-10-21 13:10:01 Skylot Jadx 安全漏洞 详情
ebbdab47bb0184312da10141d7d010e7 CNNVD-202210-1611 (CVE-2022-23462) 2022-10-21 13:09:59 Softmotions IOWOW 安全漏洞 详情
8c86f10ec92b3124f4395faa27ee8ae3 CNNVD-202210-1517 (CVE-2022-29477) 2022-10-20 13:08:31 Adobe Iota 信任管理问题漏洞 详情
3c33a32472c03f27b2b606714eb74e0a CNNVD-202210-1518 (CVE-2022-36966) 2022-10-20 13:08:29 SolarWinds Platform 安全漏洞 详情
280b662d6c30e683e90c26748fa86a26 CNNVD-202210-1519 (CVE-2022-36958) 2022-10-20 13:08:27 SolarWinds Platform 代码问题漏洞 详情
1d1787e08b1093c5bd9723a8b9465e0f CNNVD-202210-1520 (CVE-2022-27805) 2022-10-20 13:08:25 Adobe Iota 访问控制错误漏洞 详情
632da31aee8b02c08d2e63767809782a CNNVD-202210-1521 (CVE-2022-36957) 2022-10-20 13:08:22 SolarWinds Platform 安全漏洞 详情
28743e448b695bd2eee529e66954d3c4 CNNVD-202210-1522 (CVE-2022-3623) 2022-10-20 13:08:20 Linux kernel 竞争条件问题漏洞 详情
92679bd487d2a90451cf297905a8f3c3 CNNVD-202210-1523 (CVE-2022-32586) 2022-10-20 13:08:18 Adobe Iota 操作系统命令注入漏洞 详情
bcd4eca45c95707bab85d60a3c30d643 CNNVD-202210-1524 (CVE-2022-3619) 2022-10-20 13:08:16 Linux kernel 安全漏洞 详情
95cdab65f668ebae996fbf3df854d1e9 CNNVD-202210-1525 (CVE-2022-3620) 2022-10-20 13:08:13 Exim 资源管理错误漏洞 详情
9e701d3b09a7f774ceea498474bc4d40 CNNVD-202210-1526 (CVE-2022-3621) 2022-10-20 13:08:11 Linux kernel 安全漏洞 详情

奇安信 [TOP 30] CVES TIME TITLE URL
45ab4afdafe578698bcfccccd65d833e yt QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
74691465618764c64d52a2ff58013ac4 yt QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
7010355bb6ffff38cb1a885acf784ca7 ft QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情

安全客 [TOP 30] CVES TIME TITLE URL
03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情

斗象 [TOP 30] CVES TIME TITLE URL
096b6298d82574500dc1a14c9dba4065 CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 2022-07-15 00:38:28 微软2022年7月补丁日漏洞通告 详情
6018f718b2d751478bf1ce069ac65f0d CVE-2022-2185 2022-07-01 09:02:05 GitLab 远程代码执行漏洞(CVE-2022-2185) 详情
844719cf0bb4843aff73d2f33cc6dd0b CVE-2022-30190, CVE-2022-30136 2022-06-15 05:48:12 微软2022年6月补丁日漏洞通告 详情
8b47000e1abfbacdadb7df6f09152d89 CVE-2022-26134 2022-06-03 05:48:38 Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) 详情
eebe93468b36d2ca24cf4b82136a5635 CVE-2022-30190 2022-05-31 13:57:17 Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) 详情
95525e3f5907a776dc7cd4f87f2e2154 2022-05-23 07:11:04 Fastjson 反序列化漏洞 详情
945fd6e612634d9721f861833f1ecb75 CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 2022-05-11 03:45:48 微软2022年5月补丁日漏洞通告 详情
e2938ff82d0cc152508e0240697def4c CVE-2022-1388 2022-05-06 05:53:04 F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) 详情
bcf7253d2ee580c618737de137d370c4 CVE-2022-29464 2022-04-22 02:21:17 WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) 详情
07c09799b08afb04c63a9de750b70aca CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 2022-04-13 07:51:00 微软2022年4月补丁日漏洞通告 详情
f5b543501ed5679d423411edac502e24 CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 2022-04-08 03:49:31 VMware 产品多个高危漏洞通告 详情
f421bcdb306e2bc1ffbf58fcb024a0dd 2022-03-29 17:11:30 Spring 框架远程代码执行漏洞 详情
0473358d95e58c7c3f2e7db0109f56f4 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
a888c948ca1172f8a06a3879479f1de4 CVE-2022-22965 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
71ed541bb737196268b75c7ba435e1a9 2022-03-28 04:57:30 Spring Cloud Function SpEL表达式注入漏洞 详情
f7a5dcd376be777c6593a29b8ebd411a CVE-2022-0778 2022-03-18 07:09:22 OpenSSL拒绝服务漏洞(CVE-2022-0778) 详情
6c4124fed44906a79843cd2dd383c695 CVE-2022-0847 2022-03-15 03:32:03 Linux Kernel本地提权漏洞(CVE-2022-0847) 详情
a2795e4829bff16f108cf191eba663c3 CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 2022-03-11 02:14:56 微软2022年3月补丁日漏洞通告 详情
d09f0641bf65c64a16d802cd78e14097 CVE-2022-0847 2022-03-08 08:23:08 Linux 内核本地提权漏洞(CVE-2022-0847) 详情
69052e2a8c09416f5df674f92cba25a6 CVE-2022-22947 2022-03-02 11:42:55 Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) 详情
5f42b6f584a9ace426787dc8dfd6e6e5 2022-02-16 10:44:18 向日葵远程命令执行漏洞(CNVD-2022-10270) 详情
79556071f6236ab4674f75b3beee4d79 CVE-2022-24112 2022-02-11 06:13:35 Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) 详情
485f2c57713f4a39830e8c2d01e43cfe CVE-2021-4034 2022-01-26 06:19:16 Linux Polkit 权限提升漏洞(CVE-2021-4034) 详情
0aa6eab412c0318b74c6a470ee774df1 CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 2022-01-12 03:44:50 微软2022年1月补丁日漏洞通告 详情
88a8c676b52a739c0335d7c21ca810a9 2022-01-06 08:19:17 MeterSphere 远程代码执行漏洞 详情
76cad61d2d5a8750a6a714ab2c6dbc97 CVE-2021-45232 2021-12-28 10:31:16 Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) 详情
af4f5f63390eb00de8705b5029d8c376 CVE-2021-44228, CVE-2021-45046 2021-12-14 01:56:52 Apache Log4j 远程代码执行漏洞 详情
43456ae172e45c12087c40c03d925e0e CVE-2021-44228 2021-12-11 03:21:34 Apache Log4j 远程代码执行漏洞 详情
392b133d98d6f61aee36ce6c8784f4df 2021-12-09 15:20:54 Apache Log4j 远程代码执行漏洞 详情
1e193280a8f45427c06cb4945be4f126 2021-12-07 06:48:55 Grafana 任意文件读取漏洞 详情

红后 [TOP 30] CVES TIME TITLE URL
adb34d68c468518395133c2ef482a58a CVE-2022-41861 2023-02-01 20:29:10 FREERADIUS FREERADIUS Vulnerability 详情
b87567750eeef5570481dca470e1062d CVE-2023-22875 2023-02-01 20:29:03 IBM QRADAR_SECURITY_INFORMATION_AND_EVENT_MANAGER Vulnerability 详情
1f3a2e7100f13ddd1b090e927360f8bd CVE-2022-41860 2023-02-01 20:28:51 FREERADIUS FREERADIUS Vulnerability 详情
fee9ee29bad78b928b69cd8f9e2a0a98 CVE-2022-47929 2023-02-01 20:28:44 Vulnerability 详情
4a0df528ac5f99bcd47b632a35db4321 CVE-2022-23739 2023-02-01 20:28:32 GITHUB ENTERPRISE_SERVER Vulnerability 详情
0e04abe1da5f20b6f54a0cfccb3c5593 CVE-2023-22732 2023-02-01 20:28:26 SHOPWARE SHOPWARE Vulnerability 详情
a7be1b2e1b0b7af2e692fa86d722f56f CVE-2022-4121 2023-02-01 20:28:20 LIBETPAN_PROJECT LIBETPAN Vulnerability 详情
779281df0bbe13243264d0b1ee1a8888 CVE-2022-42399 2023-01-31 20:35:05 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
deca50a4557e147c71ee83cac62c8182 CVE-2022-42386 2023-01-30 20:20:58 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
6bd99603bf4afb1c0a5dcd8fed40c6ec CVE-2022-42389 2023-01-30 20:20:51 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
343f9977702b050f2f87a70a648197bc CVE-2022-42392 2023-01-30 20:20:45 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
69024b9acf40ea8e732a5016685ad225 CVE-2022-42387 2023-01-30 20:20:41 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
2fe62c0168559647b70bf4a5394ddeff CVE-2022-42395 2023-01-30 20:20:34 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
63874ab582d33bcbf929287ccfd0761d CVE-2022-42390 2023-01-30 20:20:26 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
95ff979003d3be2025da5e1717149a3c CVE-2022-42398 2023-01-30 20:20:20 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
8c2c52ba0b946b447593a6ac002ae2a3 CVE-2022-42393 2023-01-30 20:20:14 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
6e37754528f00660d007daa84ecb722d CVE-2022-42401 2023-01-30 20:20:07 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
886b1825312c1758416d2f59c3f3f48a CVE-2022-42396 2023-01-30 20:20:00 TRACKER-SOFTWARE PDF-XCHANGE_EDITOR Vulnerability 详情
8eda15b59e61ab6279ef9aa8f45cd29e CVE-2022-38112 2023-01-29 20:39:21 SOLARWINDS DATABASE_PERFORMANCE_ANALYZER Vulnerability 详情
7f267e5f2ee013c4836d8f7fea512d45 CVE-2020-21152 2023-01-29 20:39:15 INXEDU INXEDU Vulnerability 详情
103dfd3f7efb745b6a614c7b10e5d5cb CVE-2023-22910 2023-01-29 20:39:08 MEDIAWIKI MEDIAWIKI Vulnerability 详情
5be45d43db1a848b6ded4d8c493fc600 CVE-2022-20965 2023-01-29 20:39:02 CISCO IDENTITY_SERVICES_ENGINE Vulnerability 详情
44e1e95916d186bbbc5cabca01532712 CVE-2022-41733 2023-01-29 20:38:56 IBM INFOSPHERE_INFORMATION_SERVER Vulnerability 详情
2991465b370b4d0ac26bc28431f42fd5 CVE-2023-20002 2023-01-29 20:38:50 CISCO Multiple product Vulnerability 详情
290ff041e5bf50eb81398ab31d1ecec5 CVE-2022-20966 2023-01-29 20:38:44 CISCO IDENTITY_SERVICES_ENGINE Vulnerability 详情
b79d8d330d69b7db9746d76059a86f13 CVE-2021-33959 2023-01-29 20:38:38 PLEX MEDIA_SERVER Vulnerability 详情
fd2c67474d7089240f2ad8f1bde4fa5d CVE-2023-20008 2023-01-29 20:38:31 CISCO Multiple product Vulnerability 详情
b9e48f1bccb8c0ac6af5f18cc99d9512 CVE-2023-22809 2023-01-29 20:38:25 SUDO_PROJECT SUDO Vulnerability 详情
93b0952e0fd66c402b4aabc6300c0179 CVE-2023-0402 2023-01-28 20:25:05 WARFAREPLUGINS SOCIAL_WARFARE Vulnerability 详情
c3755b0b8ee246b0a1620d911d6737b0 CVE-2023-0403 2023-01-28 20:25:00 WARFAREPLUGINS SOCIAL_WARFARE Vulnerability 详情

绿盟 [TOP 30] CVES TIME TITLE URL
41c49874e48d1021809f3105658d5bf1 CVE-2022-42409 2023-01-31 10:27:29 PDF-XChange Editor越界读取漏洞 详情
f44ef80eb6f1cbd07d5317d0a4b9864e CVE-2022-42410 2023-01-31 10:27:29 PDF-XChange Editor越界写入漏洞 详情
cfc0c9550d223c21b288adf272ba5e95 CVE-2022-42411 2023-01-31 10:27:29 PDF-XChange Editor越界读取漏洞 详情
a6fd10b828c40177cecf4e654fdc9d07 CVE-2022-42412 2023-01-31 10:27:29 PDF-XChange Editor越界读取漏洞 详情
f31918e979171d2741a84c93f3be4867 CVE-2022-42413 2023-01-31 10:27:29 PDF-XChange Editor越界读取漏洞 详情
db82af42fe4fb934b7fe905c204b345b CVE-2022-42414 2023-01-31 10:27:29 PDF-XChange Editor信息泄露漏洞 详情
46676e2a3c9083c69fce0a8196ad6f18 CVE-2022-42415 2023-01-31 10:27:29 PDF-XChange Editor越界写入漏洞 详情
4f3a62627b0e22994993aba8436fc49a CVE-2022-42416 2023-01-31 10:27:29 PDF-XChange Editor越界写入漏洞 详情
521ba1740ce12dff08a330f48b28d5a0 CVE-2022-42417 2023-01-31 10:27:29 PDF-XChange Editor越界读取漏洞 详情
4523180d9aa01de1638403c75ff7323f CVE-2022-42418 2023-01-31 10:27:29 PDF-XChange Editor空指针解引用漏洞 详情
39db7708b1adc5cec9b938f100aad1ca CVE-2022-42419 2023-01-31 10:27:29 PDF-XChange Editor越界写入漏洞 详情
be944c4891d9becdcf3aab4991188f01 CVE-2022-42420 2023-01-31 10:27:29 PDF-XChange Editor越界写入漏洞 详情
8866faf5fdd3ba6640736d39605fb1a0 CVE-2022-42421 2023-01-31 10:27:29 PDF-XChange Editor越界写入漏洞 详情
588237ee4d81f6107855e995ebda91f1 CVE-2022-42407 2023-01-31 10:27:29 PDF-XChange Editor越界读取漏洞 详情
f99a159acda51faa60dd6f3df788d291 CVE-2022-42406 2023-01-31 10:27:29 PDF-XChange Editor越界读取漏洞 详情
27780f65734d037a95a20cb46d161862 CVE-2023-0128 2023-01-12 04:29:30 Google Chrome Overview Mode内存错误引用漏洞 详情
771651032697fbe544f80903f7a5611a CVE-2023-0129 2023-01-12 04:29:30 Google Chrome Network Service堆缓冲区溢出漏洞 详情
b2d60308154f9ffc0a6a686815b36ee2 CVE-2023-0130 2023-01-12 04:29:30 Google Chrome Fullscreen API实现不当漏洞 详情
977bf7ac1ff25d5c8505451f904abc0c CVE-2023-0131 2023-01-12 04:29:30 Google Chrome iframe Sandbox实现不当漏洞 详情
26a5492eb5734f0eef07b189c11a79ca CVE-2023-0132 2023-01-12 04:29:30 Google Chrome Permission Prompts实现不当漏洞 详情
ab4ae278303768ac993d489ff77ca745 CVE-2023-0133 2023-01-12 04:29:30 Google Chrome Permission Prompts实现不当漏洞 详情
eb74b0e2e26ca0b1989afce3bad50210 CVE-2023-0134 2023-01-12 04:29:30 Google Chrome Cart内存错误引用漏洞 详情
697cf182cb4be7ba27b1349a0f6a1471 CVE-2023-0135 2023-01-12 04:29:30 Google Chrome Cart内存错误引用漏洞 详情
473796f85a5736471a185edbc4ffc532 CVE-2023-0136 2023-01-12 04:29:30 Google Chrome Fullscreen API实现不当漏洞 详情
bec720024d5d618ac9e8e1bb945c9066 CVE-2023-0138 2023-01-12 04:29:30 Google Chrome libphonenumber堆缓冲区溢出漏洞 详情
71ee08bc6258ce8b44b88f389803036a CVE-2023-0139 2023-01-12 04:29:30 Google Chrome Downloads输入验证错误漏洞 详情
dfff5b69c6b9848d9a1cc5125a6209eb CVE-2023-0140 2023-01-12 04:29:30 Google Chrome File System API实现不当漏洞 详情
46cb68cf0b59c851d6edbf4438df9653 CVE-2023-0141 2023-01-12 04:29:30 Google Chrome CORS策略执行不当漏洞 详情
03a6a73a0041e63c3eb5ac17b7badda9 CVE-2023-0137 2023-01-12 04:29:30 Google Chrome Platform Apps堆缓冲区溢出漏洞 详情
e06640cce5d9fc097548c656a9a16142 CVE-2022-3462 2023-01-12 04:29:30 WordPress Highlight Focus Plugin跨站脚本漏洞 详情

美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL
daa2ab37edf082d2135eb6a820dcebc0 CVE-2022-45920 2023-01-26 21:17:55 In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak. 详情
8d397a6f32266fa7ec3d82f5bc5d7e19 CVE-2022-45808 2023-01-26 21:17:54 SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. 详情
96cc46a7489a28a3ab97cb4c28751fb1 CVE-2022-45730 2023-01-26 21:17:53 A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. 详情
1103608f90b7a675fc6085103e294c20 CVE-2022-20492 2023-01-26 21:15:27 In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043 详情
2b10df47a36d2ee27ac3d538951560ce CVE-2022-20490 2023-01-26 21:15:27 In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505 详情
14f61ffe2e3a5ddbfba44726d3cdc7ef CVE-2022-20489 2023-01-26 21:15:27 In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460 详情
80b7f3693011256dc6b729f48aa042c6 CVE-2022-20461 2023-01-26 21:15:27 In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963 详情
07298504c612accc5d7effabbbdb12b4 CVE-2022-20458 2023-01-26 21:15:26 The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776 详情
005950af05c204089d2a1b81f7a27a37 CVE-2022-20456 2023-01-26 21:15:26 In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780 详情
10ca0bca9a3bab1646adbf2f55d2b69c CVE-2022-20235 2023-01-26 21:15:26 The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780 详情
7a8c81d418c751121ea7f1ea3b0f46c4 CVE-2022-20215 2023-01-26 21:15:26 In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206 详情
a870dd1d18550ed69c4cf66451ec68f5 CVE-2022-20214 2023-01-26 21:15:25 In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210 详情
b29c18ad1ba2ec293aa2cda07933f7a1 CVE-2022-20213 2023-01-26 21:15:25 In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508 详情
3e3da618bb38e90e4541ab0b121baf66 CVE-2021-36686 2023-01-26 21:15:24 Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page. 详情
e6a1496585ccd40ab163321163862785 CVE-2022-42409 2023-01-26 18:59:57 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18315. 详情
3ab0f76cce7486b2a30e5d0d9e218b05 CVE-2022-42408 2023-01-26 18:59:57 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18543. 详情
a6951ce2dbe5060c8baf94cd1658ee80 CVE-2022-42407 2023-01-26 18:59:57 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18542. 详情
fd8c4aeb7fcc66f36db9d5d5276129ca CVE-2022-42406 2023-01-26 18:59:57 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18369. 详情
ebadc22f4cba8ca799c6df0027004265 CVE-2022-42405 2023-01-26 18:59:57 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18367. 详情
bc6b05be0f36b10e3979f9f1a052e133 CVE-2022-42404 2023-01-26 18:59:57 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18273. 详情
5221188b8b1d6a95dc416c0c6c08c1de CVE-2022-42403 2023-01-26 18:59:57 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18892. 详情
66df6adbed21903beb4e7372b48c2ad8 CVE-2022-42402 2023-01-26 18:59:57 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in an embedded U3D object can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18632. 详情
13315d978c002a53c992c824c701b1dc CVE-2022-42401 2023-01-26 18:59:57 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18533. 详情
5c8fd7a125f188899ac4c50ea917b6aa CVE-2022-42400 2023-01-26 18:59:57 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18328. 详情
42e5fff7666d1ffbad7e27fe0af1dc3c CVE-2022-42398 2023-01-26 18:59:56 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18307. 详情
3b001d5a9a1e0f4940e7c5a63bc1db07 CVE-2022-42397 2023-01-26 18:59:56 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. Crafted data in an XPS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18279. 详情
95208b594ac347be93701587d0c7efcc CVE-2022-42396 2023-01-26 18:59:56 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18278. 详情
07b0245c3bb436556bbd90eed54abce6 CVE-2022-42395 2023-01-26 18:59:56 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. Crafted data in an XPS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18274. 详情
00538eba584d1e3b7b400c7ad6233265 CVE-2022-42394 2023-01-26 18:59:56 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18893. 详情
62b799e5de7c15d1faf31c9bc89ad4c8 CVE-2022-42393 2023-01-26 18:59:56 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18662. 详情




赞助途径