眈眈探求 | 威胁情报播报


360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL
b14656ab37fb9d2b46c6fd15982bbf47 CVE-2022-3236 2022-09-27 06:54:41 CVE-2022-3236:Sophos Firewall代码注入漏洞 详情
446f6a9f1a127a4039062377d5b73f95 2022-09-26 09:02:22 安全事件周报 (09.19-09.25) 详情
eff140d3cfd0ec7da797bfd4f881f01b CVE-2022-37972 2022-09-22 07:42:58 CVE-2022-37972:Microsoft MECM信息泄露漏洞 详情
b27c1e083a077d918b9a0d22b23082fd CVE-2022-2588 2022-09-22 07:16:26 CVE-2022-2588:Linux Kernel 权限提升漏洞通告 详情
8f85411b528fc1ec9be489557c2acb76 CVE-2022-39197 2022-09-22 03:34:27 CVE-2022-39197:Cobalt Strike 远程代码执行漏洞通告 详情
351182e40e721da051592124ed22cdb2 2022-09-19 06:45:10 安全事件周报 (09.13-09.18) 详情
10b322cfb81ba7179f9da891cf58a947 2022-09-14 08:28:52 2022-09 补丁日: 微软多个漏洞安全更新通告 详情
aa8f4b7776b9ac0fc36e68c9ca021b1c 2022-09-13 07:39:56 安全事件周报 (09.05-09.12) 详情
a3358e12dfce5bf150c52f6459e42ce0 CVE-2022-34747 2022-09-07 08:26:37 CVE-2022-34747:Zyxel NAS设备远程代码执行漏洞通告 详情
115c034d697c611a37ea04782d281b51 CVE-2022-2639 2022-09-07 07:44:05 CVE-2022-2639:Linux Kernel openvswitch 模块权限提升漏洞通告 详情
52820c45f8312d9325a683310e2eedca CVE-2022-3075 2022-09-05 08:27:05 CVE-2022-3075:Google Chrome远程代码执行漏洞通告 详情
0717bc3ddc00f3b106713a8e81240e37 2022-09-05 06:53:34 安全事件周报 (08.29-09.04) 详情
ea21e36897c2794a583d4528caefdd94 CVE-2022-2992 2022-08-31 07:34:54 CVE-2022-2992:GitLab远程代码执行漏洞通告 详情
83248cdbd8f6e91b0cd4630c2e4f83dd CVE-2022-36804 2022-08-30 07:31:04 CVE-2022-36804:Atlassian Bitbucket 命令注入漏洞通告 详情
5d07686451d3d33829e24d86ea8f6c5c 2022-08-29 08:36:24 某流行企业财务软件0day漏洞大规模勒索利用通告 详情
926858936b4c98f9c58a0795ca7b3df1 2022-08-29 06:54:30 安全事件周报 (08.22-08.28) 详情
7d72af58b32741b6841b66ad8df0f8d9 CVE-2022-32893 2022-08-23 09:16:42 CVE-2022-32893:Apple WebKit 代码执行漏洞 详情
64905d10391ecac70ed021cccc4d624f CVE-2022-2884 2022-08-23 08:16:17 CVE-2022-2884:GitLab远程代码执行漏洞通告 详情
e68033aafd110e70a373e625bf3389d0 2022-08-22 06:50:55 安全事件周报 (08.15-08.21) 详情
da68e42cd3af1790de1fd107804343da CVE-2022-2856 2022-08-18 08:51:41 Google Chrome 远程代码执行漏洞 详情
3dad1d8c3a6289062510ae96c4e05a31 2022-08-15 06:34:30 安全事件周报 (08.08-08.14) 详情
8c0b671cc7abf93170824c99a0b4cdb8 2022-08-10 07:43:43 2022-08 补丁日: 微软多个漏洞安全更新通告 详情
9d841f4682a1202dfedacaa89501805a 2022-08-08 06:45:50 安全事件周报 (08.01-08.07) 详情
1b0df49508e1c6f6868270a2496bbbde 2022-08-01 08:36:44 安全事件周报 (07.25-07.31) 详情
93bf2542d7b127db32690651646d19c2 2022-07-25 03:38:49 安全事件周报 (07.18-07.24) 详情
09db900a92e196b0e6576732016b0eb5 2022-07-20 08:16:54 2022-07 补丁日: Oracle多个产品漏洞安全风险通告 详情
ca2daf7da508d2dc3e1e0a6f51c4ecc7 CVE-2022-33891 2022-07-19 07:49:50 CVE-2022-33891:Apache Spark 命令注入漏洞通告 详情
7b3ee9af0d5c8827402f405c332bd294 2022-07-18 06:26:57 安全事件周报 (07.11-07.17) 详情
2cece43af043f012f13e155144776d76 2022-07-13 07:17:49 2022-07 补丁日: 微软多个漏洞安全更新通告 详情
f55243969d39f81ef413605a81e351ee 2022-07-11 06:37:28 安全事件周报 (07.04-07.10) 详情

Tenable (Nessus) [TOP 30] CVES TIME TITLE URL
e174534529aadefe703f6c6e298994cc CVE-2022-42247 2022-10-03 16:15:00 pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name. 详情
9f61f89a94cefc6dc24bab0fe2abbc71 CVE-2022-41443 2022-10-03 16:15:00 phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. 详情
70dda2391819112648b28219d26a8eff CVE-2022-33882 2022-10-03 16:15:00 Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. 详情
ef416d6c1178c912a042918dede4eac7 CVE-2022-42308 2022-10-03 15:15:00 An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. 详情
4605b9ac49fd6db31ffcabfd2522932c CVE-2022-42307 2022-10-03 15:15:00 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. 详情
3b4bbbe78303ae51e1d65b50bad440fd CVE-2022-42306 2022-10-03 15:15:00 An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process. 详情
9af0101b1660d6742b8360ee410aa81d CVE-2022-42305 2022-10-03 15:15:00 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. 详情
6820e5ac4c2d56afb0318e11637156a1 CVE-2022-42304 2022-10-03 15:15:00 An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. 详情
d3fe3f9eddca6edf33238c5ce4233707 CVE-2022-42303 2022-10-03 15:15:00 An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. 详情
c286f4433178b3513f6dd0e42979be74 CVE-2022-42302 2022-10-03 15:15:00 An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. 详情
db09c554bf4d4c0b62d9b0d4543dabae CVE-2022-42301 2022-10-03 15:15:00 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. 详情
975b68d69010c12b7a7b08a1b2a41b8f CVE-2022-42300 2022-10-03 15:15:00 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.) 详情
de30f5da6f5555b185786d0ce1437913 CVE-2022-42299 2022-10-03 15:15:00 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. 详情
5a85890dbad2c506f81eb18357ba7791 CVE-2022-40922 2022-10-03 13:15:00 A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. 详情
73e277f65f6c4a983458b4fa3582ee88 CVE-2022-40123 2022-10-03 13:15:00 mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system. 详情
0b5f2c5dfec3ad06a87fab46d2f82a79 CVE-2022-38817 2022-10-03 13:15:00 Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data. 详情
2a2de6317bdd1b260a450131deadfdeb CVE-2022-32173 2022-10-03 13:15:00 In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. 详情
fa019be45a360c886c50653b8f4dc1f9 CVE-2022-36551 2022-10-03 12:15:00 A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF. 详情
e92a0f540819d156a570c1170bc04445 CVE-2022-40886 2022-10-03 02:15:00 DedeCMS 5.7.98 has a file upload vulnerability in the background. 详情
0959e2a198d8e21292c342e6ae2fab6a CVE-2022-41082 2022-10-03 01:15:00 Microsoft Exchange Server Remote Code Execution Vulnerability. 详情
885bb3b4ee85ef10270bff735fa6c3a8 CVE-2022-41040 2022-10-03 01:15:00 Microsoft Exchange Server Elevation of Privilege Vulnerability. 详情
18fbd7dda7e6f731474cb89c4218e782 CVE-2022-42004 2022-10-02 05:15:00 In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. 详情
db40630b04a2d352b1666951237fd0b6 CVE-2022-42003 2022-10-02 05:15:00 In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. 详情
bb3249e1d3878f1b628618e771de69ae CVE-2022-42002 2022-10-01 00:15:00 SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete. 详情
277a71759b937ece09488476a8f6a188 CVE-2022-39268 2022-09-30 21:15:00 ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io 详情
f73d10f3281f10a22625bd60a2a286ee CVE-2022-34429 2022-09-30 20:15:00 Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 详情
02ca4a9328c3fec4e34c77e36df641f9 CVE-2022-34428 2022-09-30 20:15:00 Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. 详情
653531b8481e65ab261494f749fd0f83 CVE-2022-40943 2022-09-30 19:15:00 Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. 详情
85d9cdf846362957996371b89cffcaf7 CVE-2022-40923 2022-09-30 19:15:00 A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. 详情
b51cd614002594691480f2dd300c7da0 CVE-2022-40756 2022-09-30 19:15:00 If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database. 详情

国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL
8686fda9b2b49e4e1666b54e2248f935 CNVD-2021-74882 2021-11-14 16:43:52 四创科技有限公司建站系统存在SQL注入漏洞 详情
8f6972d84ad188b05ff9cc14d4334949 CNVD-2021-87021 (CVE-2020-4690) 2021-11-12 12:43:14 IBM Security Guardium硬编码凭证漏洞 详情
3bfe7b053a0c59d8a3d38c18f86aa143 CNVD-2021-87022 (CVE-2021-38870) 2021-11-12 12:43:12 IBM Aspera跨站脚本漏洞 详情
a4649bb17f4db4d1c7f879ebceb46ed0 CNVD-2021-87011 (CVE-2021-29753) 2021-11-12 12:43:11 IBM Business Automation Workflow存在未明漏洞 详情
094c613f9ed4b8b9d887dc912789043c CNVD-2021-87025 (CVE-2021-20563) 2021-11-12 12:43:10 IBM Sterling File Gateway信息泄露漏洞 详情
41c47f01a4c65dcb6efc9ebf483fe762 CNVD-2021-87010 (CVE-2021-38887) 2021-11-12 12:43:08 IBM InfoSphere Information Server信息泄露漏洞 详情
f51d33e7a09fd61ca90ede453515a830 CNVD-2021-87016 (CVE-2021-29764) 2021-11-12 12:43:07 IBM Sterling B2B Integrator跨站脚本漏洞 详情
33615a5f78df822e82e6d3436045c48c CNVD-2021-87026 (CVE-2021-38877) 2021-11-12 12:43:06 IBM Jazz for Service Management跨站脚本漏洞 详情
8e729177bcb4105dd831fb1e123ed1bb CNVD-2021-87014 (CVE-2021-29679) 2021-11-12 12:43:04 IBM Cognos Analytics远程代码执行漏洞 详情
1a3b856f78e9fbdca12aeddc7d665aca CNVD-2021-87029 (CVE-2021-29752) 2021-11-12 12:43:03 IBM Db2信息泄露漏洞 详情
6f1aa3a0cb819d97519baa47fd0232d5 CNVD-2021-87015 (CVE-2021-29745) 2021-11-12 12:43:02 IBM Cognos Analytics权限提升漏洞 详情
cbcb12f5f51d6e7d6d8a9fa581aa863a CNVD-2021-73908 2021-11-11 16:42:44 泛微e-cology存在SQL注入漏洞 详情
ae6fd467da55de31aa7219187cf5c2d4 CNVD-2021-86904 (CVE-2021-20351) 2021-11-11 08:31:46 IBM Engineering跨站脚本漏洞 详情
412a15b40959ed9cf9330ee79f99e079 CNVD-2021-86903 (CVE-2021-31173) 2021-11-11 08:31:44 Microsoft SharePoint Server信息泄露漏洞 详情
1cbc5d5faac431d3e82c9e5ea9588b5f CNVD-2021-86902 (CVE-2021-31172) 2021-11-11 08:31:43 Microsoft SharePoint欺骗漏洞 详情
686c7cfb20933b41c3d679cbba79a2ad CNVD-2021-86901 (CVE-2021-31181) 2021-11-11 08:31:42 Microsoft SharePoint远程代码执行漏洞 详情
72fdfb2d44c0d41d638e4632bdfc10b8 CNVD-2021-86900 (CVE-2021-3561) 2021-11-11 08:31:41 fig2dev缓冲区溢出漏洞 详情
3ba6f0e9394f9414e2cadb9495e2d5f5 CNVD-2021-85884 (CVE-2021-41210) 2021-11-10 07:24:57 Google TensorFlow堆分配数组越界读取漏洞 详情
4d8c4744ea972fb2fcb9673fea1fc7b7 CNVD-2021-85883 (CVE-2021-41226) 2021-11-10 07:24:56 Google TensorFlow堆越界访问漏洞 详情
8778f9cd924cae585ca5e2e0b8be3b3f CNVD-2021-85882 (CVE-2021-41224) 2021-11-10 07:24:54 Google TensorFlow堆越界访问漏洞 详情
e1b2722e6d5c509c680b584416d9cb20 CNVD-2021-85881 (CVE-2021-42770) 2021-11-10 07:24:53 OPNsense跨站脚本漏洞 详情
ed09c9fa5586e2d4d9b4e95fe3b447a0 CNVD-2021-85880 (CVE-2021-28024) 2021-11-10 07:24:52 ServiceTonic访问控制不当漏洞 详情
8a642f0922f7f915e81b2b947276a96c CNVD-2021-85879 (CVE-2021-28023) 2021-11-10 07:24:50 ServiceTonic任意文件上传漏洞 详情
c00b061c2cfdee4016a869a188135db5 CNVD-2021-85878 (CVE-2021-28022) 2021-11-10 07:24:49 ServiceTonic SQL注入漏洞 详情
9c4b20a28ad2bd4ab916448f0e1272bd CNVD-2021-85877 (CVE-2021-32483) 2021-11-10 07:24:48 Cloudera Manager不正确访问控制漏洞 详情
4d4423857b7b1f38e49738f00e8949ba CNVD-2021-85876 (CVE-2021-32481) 2021-11-10 07:24:46 Cloudera Hue跨站脚本漏洞 详情
6b12b7fc216d603e8e07351603851c86 CNVD-2021-85875 (CVE-2021-29994) 2021-11-10 07:24:45 Cloudera Hue跨站脚本漏洞 详情
72894fb3a3538de240d2f6810aae63c9 CNVD-2021-85892 (CVE-2021-42701) 2021-11-10 02:38:27 DAQFactory中间人攻击漏洞 详情
94a1f99a64ba24540cc1594d0a0b3152 CNVD-2021-85893 (CVE-2021-42699) 2021-11-10 02:38:26 DAQFactory明文传输漏洞 详情
5d9bac33be8f2f88391f6de02fb89c73 CNVD-2021-85894 (CVE-2021-42698) 2021-11-10 02:38:24 DAQFactory反序列化漏洞 详情

国家信息安全漏洞库(CNNVD) [TOP 30] CVES TIME TITLE URL
07db275e07040bf31611c3ce45821d66 CNNVD-202209-3078 (CVE-2022-37460) 2022-09-29 13:08:55 Python 安全漏洞 详情
3c942a9243f62ec9e5421f6e44a24c9f CNNVD-202209-3080 (CVE-2022-33880) 2022-09-29 13:08:52 Projectworlds Hospital Management System 安全漏洞 详情
a548bb2eab53bb31308d8f8705e3850d CNNVD-202209-3086 (CVE-2022-39266) 2022-09-29 13:08:50 Marcel Laverdet isolated-vm 安全漏洞 详情
2e3e91d8e99fcea6d5a6291e3cebe9e6 CNNVD-202209-3089 (CVE-2022-3364) 2022-09-29 13:08:47 Rdiffweb 安全漏洞 详情
1ddcba9b9e4aa2e2db2a125146ff1f77 CNNVD-202209-3090 (CVE-2022-41828) 2022-09-29 13:08:44 Amazon AWS Redshift JDBC Driver 安全漏洞 详情
545520da6d7c14d7e385a5a35a99928b CNNVD-202209-3091 (CVE-2022-39232) 2022-09-29 13:08:41 Discourse 输入验证错误漏洞 详情
529915d811a244f684f6196d223244c2 CNNVD-202209-3092 (CVE-2022-40472) 2022-09-29 13:08:39 ZKTeco ZKBio Time 安全漏洞 详情
5eada6acb8db8995aa2254e7d4f36bf9 CNNVD-202209-3093 (CVE-2022-36066) 2022-09-29 13:08:36 Discourse 代码问题漏洞 详情
eb38e158f67b88dd731911fbd8f1d14b CNNVD-202209-3094 (CVE-2022-39226) 2022-09-29 13:08:33 Discourse 安全漏洞 详情
66512b665aaba9996db38b066744be09 CNNVD-202209-3095 (CVE-2022-36068) 2022-09-29 13:08:31 Discourse 安全漏洞 详情
3429fbe07f384bad22eb2af49b950eb5 CNNVD-202209-2917 (CVE-2022-23716) 2022-09-28 09:41:30 Elastic Cloud Enterprise 安全漏洞 详情
3a0193be7a2d415e22455fbd24c19291 CNNVD-202209-2918 (CVE-2022-36781) 2022-09-28 09:41:28 ConnectWise Control 安全漏洞 详情
6571fde2bff91603c252df20edfd28e3 CNNVD-202209-2919 (CVE-2022-39246) 2022-09-28 09:41:25 Matrix 安全漏洞 详情
ff457a5c02ebc4e90e08d4a5c4991413 CNNVD-202209-2920 (CVE-2022-39248) 2022-09-28 09:41:23 Matrix 安全漏洞 详情
57fcac21307fea5ac54dc45a11a7b46e CNNVD-202209-2921 (CVE-2022-39264) 2022-09-28 09:41:20 nheko 信任管理问题漏洞 详情
322747ccc46482e3b0c4493494359da1 CNNVD-202209-2922 (CVE-2022-31629) 2022-09-28 09:41:18 PHP 安全漏洞 详情
674f1680e32300702103d685274054d3 CNNVD-202209-2923 (CVE-2022-3326) 2022-09-28 09:41:16 Rdiffweb 安全漏洞 详情
604aa56a46108bd6dda49d0afaa35398 CNNVD-202209-2924 (CVE-2022-3100) 2022-09-28 09:41:13 OpenStack barbican 安全漏洞 详情
425a91cac4831f49eb5793cecc2b41a8 CNNVD-202209-2925 (CVE-2022-3348) 2022-09-28 09:41:11 ToolJet 信息泄露漏洞 详情
85b0ebecfdf4927991c84ed920446578 CNNVD-202209-2926 (CVE-2022-31628) 2022-09-28 09:41:08 PHP 安全漏洞 详情
d884eb8b6880a733f20b809365bb6f8e CNNVD-202209-1648 (CVE-2022-3228) 2022-09-20 13:05:24 Host Engineering H0-ECOM100 Communications Module 安全漏洞 详情
627ab9e363aca7779849907f08888444 CNNVD-202209-1649 (CVE-2022-35086) 2022-09-20 13:05:21 SWFTools 安全漏洞 详情
dc7610960feeed5f2163662a9b96b08b CNNVD-202209-1650 (CVE-2022-35085) 2022-09-20 13:05:19 SWFTools 安全漏洞 详情
675818107f00fc6b8962a6f4a0c9079b CNNVD-202209-1651 (CVE-2022-35088) 2022-09-20 13:05:16 SWFTools 安全漏洞 详情
cf1a857160eabbb053e32b83bc9bc116 CNNVD-202209-1652 (CVE-2022-35089) 2022-09-20 13:05:13 SWFTools 安全漏洞 详情
8fc7b2931d2f19ff37e2f6da46358f77 CNNVD-202209-1653 (CVE-2022-38619) 2022-09-20 13:05:11 SmartVista SVFE2 安全漏洞 详情
5f7fd760c31a51f2d7db16f1c3cbdbf5 CNNVD-202209-1654 (CVE-2022-35087) 2022-09-20 13:05:08 SWFTools 安全漏洞 详情
d327c2901d371f44cbb7545ac55ad9e9 CNNVD-202209-1655 (CVE-2022-35090) 2022-09-20 13:05:06 SWFTools 安全漏洞 详情
b3a106cc882a9f3236d5b695666666b5 CNNVD-202209-1656 (CVE-2022-39220) 2022-09-20 13:05:03 SFTPGo 跨站脚本漏洞 详情
c33d90f2befa2e08678059ca5ba45e53 CNNVD-202209-1658 (CVE-2022-39221) 2022-09-20 13:05:00 McWebserver 路径遍历漏洞 详情

奇安信 [TOP 30] CVES TIME TITLE URL
6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情

安全客 [TOP 30] CVES TIME TITLE URL
03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情

斗象 [TOP 30] CVES TIME TITLE URL
096b6298d82574500dc1a14c9dba4065 CVE-2022-22038, CVE-2022-22047, CVE-2022-30216, CVE-2022-22029 2022-07-15 00:38:28 微软2022年7月补丁日漏洞通告 详情
6018f718b2d751478bf1ce069ac65f0d CVE-2022-2185 2022-07-01 09:02:05 GitLab 远程代码执行漏洞(CVE-2022-2185) 详情
844719cf0bb4843aff73d2f33cc6dd0b CVE-2022-30190, CVE-2022-30136 2022-06-15 05:48:12 微软2022年6月补丁日漏洞通告 详情
8b47000e1abfbacdadb7df6f09152d89 CVE-2022-26134 2022-06-03 05:48:38 Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) 详情
eebe93468b36d2ca24cf4b82136a5635 CVE-2022-30190 2022-05-31 13:57:17 Microsoft Windows MSDT 远程代码执行漏洞(CVE-2022-30190) 详情
95525e3f5907a776dc7cd4f87f2e2154 2022-05-23 07:11:04 Fastjson 反序列化漏洞 详情
945fd6e612634d9721f861833f1ecb75 CVE-2022-26925, CVE-2022-26937, CVE-2022-22017, CVE-2022-26923 2022-05-11 03:45:48 微软2022年5月补丁日漏洞通告 详情
e2938ff82d0cc152508e0240697def4c CVE-2022-1388 2022-05-06 05:53:04 F5 BIG-IP iControl REST 身份验证绕过漏洞(CVE-2022-1388) 详情
bcf7253d2ee580c618737de137d370c4 CVE-2022-29464 2022-04-22 02:21:17 WSO2 Carbon Server 远程代码执行漏洞(CVE-2022-29464) 详情
07c09799b08afb04c63a9de750b70aca CVE-2022-26809, CVE-2022-24491, CVE-2022-24497, CVE-2022-26815, CVE-2022-26904 2022-04-13 07:51:00 微软2022年4月补丁日漏洞通告 详情
f5b543501ed5679d423411edac502e24 CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 2022-04-08 03:49:31 VMware 产品多个高危漏洞通告 详情
f421bcdb306e2bc1ffbf58fcb024a0dd 2022-03-29 17:11:30 Spring 框架远程代码执行漏洞 详情
0473358d95e58c7c3f2e7db0109f56f4 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
a888c948ca1172f8a06a3879479f1de4 CVE-2022-22965 2022-03-29 17:11:30 Spring Framework 远程代码执行漏洞(CVE-2022-22965) 详情
71ed541bb737196268b75c7ba435e1a9 2022-03-28 04:57:30 Spring Cloud Function SpEL表达式注入漏洞 详情
f7a5dcd376be777c6593a29b8ebd411a CVE-2022-0778 2022-03-18 07:09:22 OpenSSL拒绝服务漏洞(CVE-2022-0778) 详情
6c4124fed44906a79843cd2dd383c695 CVE-2022-0847 2022-03-15 03:32:03 Linux Kernel本地提权漏洞(CVE-2022-0847) 详情
a2795e4829bff16f108cf191eba663c3 CVE-2022-21990, CVE-2022-24508, CVE-2022-23277 2022-03-11 02:14:56 微软2022年3月补丁日漏洞通告 详情
d09f0641bf65c64a16d802cd78e14097 CVE-2022-0847 2022-03-08 08:23:08 Linux 内核本地提权漏洞(CVE-2022-0847) 详情
69052e2a8c09416f5df674f92cba25a6 CVE-2022-22947 2022-03-02 11:42:55 Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947) 详情
5f42b6f584a9ace426787dc8dfd6e6e5 2022-02-16 10:44:18 向日葵远程命令执行漏洞(CNVD-2022-10270) 详情
79556071f6236ab4674f75b3beee4d79 CVE-2022-24112 2022-02-11 06:13:35 Apache APISIX 远程代码执行漏洞 (CVE-2022-24112) 详情
485f2c57713f4a39830e8c2d01e43cfe CVE-2021-4034 2022-01-26 06:19:16 Linux Polkit 权限提升漏洞(CVE-2021-4034) 详情
0aa6eab412c0318b74c6a470ee774df1 CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 2022-01-12 03:44:50 微软2022年1月补丁日漏洞通告 详情
88a8c676b52a739c0335d7c21ca810a9 2022-01-06 08:19:17 MeterSphere 远程代码执行漏洞 详情
76cad61d2d5a8750a6a714ab2c6dbc97 CVE-2021-45232 2021-12-28 10:31:16 Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) 详情
af4f5f63390eb00de8705b5029d8c376 CVE-2021-44228, CVE-2021-45046 2021-12-14 01:56:52 Apache Log4j 远程代码执行漏洞 详情
43456ae172e45c12087c40c03d925e0e CVE-2021-44228 2021-12-11 03:21:34 Apache Log4j 远程代码执行漏洞 详情
392b133d98d6f61aee36ce6c8784f4df 2021-12-09 15:20:54 Apache Log4j 远程代码执行漏洞 详情
1e193280a8f45427c06cb4945be4f126 2021-12-07 06:48:55 Grafana 任意文件读取漏洞 详情

红后 [TOP 30] CVES TIME TITLE URL
96984fd0f2a5588a69ed9f103c460854 CVE-2022-38732 2022-10-06 20:31:44 NetApp SnapCenter 安全漏洞 详情
6a9c5655de2bee8ec9ccdea4e858980b CVE-2022-41846 2022-10-06 20:31:39 AXIOSYS BENTO4 Vulnerability 详情
0783e79d7a6d54fc7f71bf2229010658 CVE-2022-39173 2022-10-06 20:31:34 wolfSSL 安全漏洞 详情
9401d5aca4d59da86c37e36408c6709d CVE-2022-41430 2022-10-06 20:31:18 AXIOSYS BENTO4 Vulnerability 详情
c12b1a2285c4193b02dc42c98606a14d CVE-2020-15333 2022-10-06 20:31:17 Zyxel CloudCNM SecuManager SQL注入漏洞 详情
adacc4366a231f40f1b748c6a10b8636 CVE-2022-41841 2022-10-06 20:31:09 AXIOSYS BENTO4 Vulnerability 详情
6bc3c1a101a130b4eb226f20a88f5727 CVE-2020-15338 2022-10-06 20:31:06 Zyxel CloudCNM SecuManager 安全漏洞 详情
f8335a89353a3826e7b0817ecd1222ba CVE-2022-41429 2022-10-06 20:31:04 AXIOSYS BENTO4 Vulnerability 详情
673ae6b45c9906c8a9d0a0ae03dd52c2 CVE-2022-36448 2022-10-05 20:28:27 INSYDE INSYDEH2O Vulnerability 详情
2e174c9637c7e7c1c8086632f4df0971 CVE-2022-23716 2022-10-05 20:28:18 ELASTIC ELASTIC_CLOUD_ENTERPRISE Vulnerability 详情
82a1ed167f4e2c7244e16d768ec83547 CVE-2022-3215 2022-10-05 20:28:07 APPLE SWIFTNIO Vulnerability 详情
f8cb1ea74806f384bbb5e90807b0d8d4 CVE-2021-42046 2022-10-05 20:27:56 MediaWiki GlobalWatchlist 跨站脚本漏洞 详情
1c26dcd5ef093ce352489acf6e3a9b4e CVE-2020-15334 2022-10-04 20:31:39 Zyxel CloudCNM SecuManager 安全漏洞 详情
a9819a74bafc6bfdba304f86755c1f36 CVE-2020-15339 2022-10-04 20:31:34 Zyxel CloudCNM SecuManager 跨站脚本漏洞 详情
f0c68a6a69a83976177883544d5a608f CVE-2020-15342 2022-10-04 20:31:24 Zyxel CloudCNM SecuManager 安全漏洞 详情
cb6b8550c75383381ae83c8304bc40c7 CVE-2020-15329 2022-10-04 20:31:19 Zyxel CloudCNM SecuManager 安全漏洞 详情
977bdcf826a20cb20c99301fe2dc5307 CVE-2020-15345 2022-10-04 20:31:14 Zyxel CloudCNM SecuManager 安全漏洞 详情
e70c0d4a1a2c7a4597ace084712b5427 CVE-2020-15332 2022-10-04 20:31:08 Zyxel CloudCNM SecuManager 安全漏洞 详情
e1c09a826e529e34f03a4384870f5182 CVE-2022-3352 2022-10-03 20:29:12 Vim 资源管理错误漏洞 详情
3c2bca5f9f4247be8cacd09c48a22da9 CVE-2021-43980 2022-10-03 20:29:08 Apache Tomcat 安全漏洞 详情
002ec4a8b7d59e55ab5568a8041ed4d4 CVE-2022-39261 2022-10-03 20:29:03 Sensio Labs Twig 路径遍历漏洞 详情
c03234283fb6bf0bcaf32350588e47bc CVE-2022-39236 2022-10-03 20:28:42 Matrix 输入验证错误漏洞 详情
a714bfb0f0bd1783d742b3037e56c6c5 CVE-2022-39249 2022-10-03 20:28:36 Matrix 安全漏洞 详情
218dfbb47fbcac80c09e95600386b231 CVE-2022-39251 2022-10-03 20:28:31 Matrix 安全漏洞 详情
db2da3c2300690a3d953229e491494fa CVE-2022-31628 2022-10-03 20:28:26 PHP 安全漏洞 详情
cbd311faab4570bcf0717b5899cfb07c CVE-2020-15325 2022-10-02 20:29:51 Zyxel CloudCNM SecuManager 安全漏洞 详情
02317bab96842635046cec9e1865c220 CVE-2020-15328 2022-10-02 20:29:46 Zyxel CloudCNM SecuManager 安全漏洞 详情
e4904530eb6a679ec94bd93fee9394d8 CVE-2020-15331 2022-10-02 20:29:41 Zyxel CloudCNM SecuManager 安全漏洞 详情
7150cd9c954320200f070dc5d65c7870 CVE-2020-15337 2022-10-02 20:29:36 Zyxel CloudCNM SecuManager 安全漏洞 详情
3f50c029088d19c9f28ae841144e675f CVE-2020-15327 2022-10-02 20:29:31 Zyxel CloudCNM SecuManager 信任管理问题漏洞 详情

绿盟 [TOP 30] CVES TIME TITLE URL
a77a7d471d9c8dea09d26a0913ea9d73 CVE-2022-33201 2022-09-30 07:51:48 WordPress MailerLite–Signup Forms (Official) Plugin跨站请求伪造漏洞 详情
65426a70b0611837edbef85aba73ea73 CVE-2022-1906 2022-09-30 07:51:48 WordPress Copyright Proof Plugin跨站脚本漏洞 详情
d5f9c0aaf27f5b8e1aa64dbb9182a904 CVE-2022-2171 2022-09-30 07:51:48 WordPress Progressive License Plugin跨站脚本漏洞 详情
4b0ca2eacfa05b3cef20707f165132ac CVE-2022-2004 2022-09-30 07:51:48 AutomationDirect DirectLOGIC D0-06 Series CPU不受控制的资源消耗漏洞 详情
ca61bdb5e0c4a41df739e5269ac5dd3e CVE-2022-27255 2022-09-30 07:51:48 Realtek eCos RSDK和MSDK堆栈缓冲区溢出漏洞 详情
70936fe04f76e4ba6a18742364d90703 CVE-2022-22334 2022-09-30 07:51:48 IBM Robotic Process Automation信息泄露漏洞 详情
4ab1d56ed8216f164e829c8698c89140 CVE-2022-2521 2022-09-30 07:51:48 LibTIFF拒绝服务漏洞 详情
1e9bd2744d225a4c52bfa588ae6b4532 CVE-2022-30318 2022-09-30 07:51:48 Honeywell ControlEdge硬编码凭据漏洞 详情
cf626df4021fd871e117c68eefa13392 CVE-2022-31233 2022-09-30 07:51:48 Dell EMC Unisphere for PowerMax权限提升漏洞 详情
2003ccc9efb44b5ee4b9d9dc3fadf2cf CVE-2022-1976 2022-09-30 07:51:48 Linux Kernel内存错误引用漏洞 详情
46c020c92f4e077f793355b516eea24e CVE-2022-2153 2022-09-30 07:51:48 Linux Kernel空指针解引用漏洞 详情
378004c494ccfbe792640ee448ab99d4 CVE-2022-37173 2022-09-30 07:51:48 Gvim默认权限错误漏洞 详情
a8a61fe0fa332806e7ac152ea4c4a2a2 CVE-2022-1271 2022-09-30 07:51:48 GNU Gzip输入验证错误漏洞 详情
387202e607d5bcac1ea9f9ff67e84ad8 CVE-2022-1012 2022-09-30 07:51:48 Linux Kernel内存泄露漏洞 详情
c4fe9a2aa045d5381642ecc112e9c2d8 CVE-2022-31609 2022-09-30 07:51:48 NVIDIA vGPU Software身份验证错误漏洞 详情
63abf25d9af3245a81b6613bd5fa2d0b CVE-2022-27546 2022-09-29 11:31:31 HCL Technologies HCL iNotes跨站脚本漏洞 详情
cd4845e7dea8ed66841180361f9f2873 CVE-2022-0336 2022-09-29 11:31:31 Samba AD DC默认权限错误漏洞 详情
e93b83b0c3bb70898d60bc5c2499ee74 CVE-2022-22897 2022-09-29 11:31:31 PrestaShop SQL注入漏洞 详情
6d42183463d72bc15ad16ed3322cec1e CVE-2022-34668 2022-09-29 11:31:31 NVIDIA NVFLARE不受信数据反序列化漏洞 详情
c9a4b4f7a4ce81f7287d1aae0b8a3eef CVE-2022-36547 2022-09-29 11:31:31 Edoc-doctor-appointment-system跨站脚本漏洞 详情
96d6e603cb83acb815591b8cf809fc20 CVE-2022-2915 2022-09-29 11:31:31 SonicWall SMA100堆缓冲区溢出漏洞 详情
fcf4e729d31e2a6d8c7c70a500be83cd CVE-2022-0216 2022-09-29 11:31:31 QEMU内存错误引用漏洞 详情
8a408619eb89ea5cb97953ba84f3f522 CVE-2022-25625 2022-09-29 11:31:31 Broadcom Symantec Privileged Access Management(PAM)信息泄露漏洞 详情
bd9e6743fae52010a1923ded605f557e CVE-2022-37318 2022-09-29 11:31:31 Archer Platform跨站脚本漏洞 详情
a7edeed8c53029177b528b6ce5b185b0 CVE-2022-32840 2022-09-29 11:31:31 Apple多款产品任意代码执行漏洞 详情
6f5929d885f2924def9dcfabdd1ea9b2 CVE-2022-32812 2022-09-29 11:31:31 Apple多款产品任意代码执行漏洞 详情
fbea1708fafb42d28158f99de93d5a94 CVE-2022-2569 2022-09-29 11:31:31 ARC Informatique PcVue信息泄露漏洞 详情
6c8df1ccd298a3d43c5d208fc1f85d5e CVE-2021-4209 2022-09-29 11:31:31 GnuTLS空指针解引用漏洞 详情
618278f7253cb0188be269c8eb73b63b CVE-2021-4155 2022-09-29 11:31:31 Red Hat Enterprise Linux信息泄露漏洞 详情
a3010cc43074f08d7ffe1c88ed913d06 CVE-2021-0887 2022-09-29 11:31:31 Google Android信息泄露漏洞 详情

美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL
6dfcc01b3750278d2d5200928ef2c5bd CVE-2022-42308 2022-10-03 15:15:22 An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. 详情
a8efa42a592f0e779274674aaea0a1d4 CVE-2022-42307 2022-10-03 15:15:22 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. 详情
29a2cc9d311b60aa4735218a417012bd CVE-2022-42306 2022-10-03 15:15:22 An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process. 详情
3d945362433bbf74dd331c0bedac4e2d CVE-2022-42305 2022-10-03 15:15:21 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. 详情
0bc964de0d2889897d0c2f0028f77bb6 CVE-2022-42304 2022-10-03 15:15:21 An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. 详情
ce6cc8b6a87d97e05222bb2760409472 CVE-2022-42303 2022-10-03 15:15:21 An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. 详情
a2bd9568715243df33b4ec1e33ae58e8 CVE-2022-42301 2022-10-03 15:15:20 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. 详情
173470ad35ba6a0a42289d110f432230 CVE-2022-42300 2022-10-03 15:15:20 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.) 详情
aee24c21e99f48ff71b8429b8bd64f99 CVE-2022-42299 2022-10-03 15:15:20 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. 详情
6a7781470ad456beaf9e61b5235bdfeb CVE-2022-42302 2022-10-03 15:15:20 An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. 详情
53a50fa414567fcc808744b132892b97 CVE-2022-41430 2022-10-03 14:15:25 Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. 详情
867eeedbb8ab5ee571e72e1a29ed6a19 CVE-2022-41082 2022-10-03 01:15:08 Microsoft Exchange Server Remote Code Execution Vulnerability. 详情
9852ec7b349961d75523a35e36f8d1e4 CVE-2022-41040 2022-10-03 01:15:08 Microsoft Exchange Server Elevation of Privilege Vulnerability. 详情
bedac5025b8a28cb312b281fb25c4a38 CVE-2022-42004 2022-10-02 05:15:09 In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. 详情
3849af9ff8e87636317f3beab906a8f3 CVE-2022-42003 2022-10-02 05:15:09 In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. 详情
55d6247fc68c01eb7194481c30f6c495 CVE-2022-41975 2022-09-30 18:15:12 RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. 详情
5704b8659e545995b9b10bce189e9482 CVE-2022-41870 2022-09-30 18:15:11 AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. 详情
7a29276ca67d1d7b3b9e02585bb08d35 CVE-2022-41850 2022-09-30 06:15:12 roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. 详情
0d1f86ca7b83ef5c05dea961db02f8f7 CVE-2022-41849 2022-09-30 06:15:12 drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. 详情
8e0f203eb82c84041624ac116a6e1acc CVE-2022-41848 2022-09-30 06:15:11 drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. 详情
d5315ccc646341a38962cfcbde74ccea CVE-2022-41847 2022-09-30 05:15:11 An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp. 详情
809fceef24135824d942d092e89b8582 CVE-2022-41846 2022-09-30 05:15:11 An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. 详情
bb9cea2d53d7c32c5d3de70a848c0bb1 CVE-2022-41845 2022-09-30 05:15:11 An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h. 详情
f76ab7fa427dec678d921e70aec4a534 CVE-2022-41844 2022-09-30 05:15:11 An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088. 详情
9e0e0c29f51588ebc9320a73285110ee CVE-2022-41843 2022-09-30 05:15:11 An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928. 详情
b5cd32c12cd2339e7bca506a6eeda3a3 CVE-2022-41842 2022-09-30 05:15:11 An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. 详情
ddb60e922ef8ac89f7bfb7758a48f22a CVE-2022-41841 2022-09-30 05:15:11 An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File. 详情
0fbeaf4ff08de3607075e0fac49b7685 CVE-2022-41828 2022-09-29 21:15:12 In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. 详情
452bb5f26dac9c067e9d6bc136648712 CVE-2022-38222 2022-09-29 03:15:15 There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. 详情
e1bc9f42de567403c60eb95548b013e8 CVE-2022-40710 2022-09-28 21:15:15 A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 详情




赞助途径