Threat-Broadcast
source link: https://lyy289065406.github.io/threat-broadcast/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
眈眈探求 | 威胁情报播报
360 网络安全响应中心 [TOP 30] CVES TIME TITLE URL 50321d22a99c8f9f1bedd33bce8924af 2022-02-28 03:10:28 安全事件周报 (02.21-02.27) 详情
db2aa86c8b77adf0559adbb6ea2e3ef0 2022-02-24 07:59:05 远控木马借势Log4j漏洞发起攻击 详情
43000e60105fe6ae26efb80beb50a929 2022-02-21 05:32:27 安全事件周报 (02.14-02.20) 详情
de4fed4ad47b9fa9d4d01d97f02c10da 2022-02-14 07:19:41 安全事件周报 (02.07-02.13) 详情
ba8b5777ff0c6bf791df681d82febe84 CVE-2021-4034 2022-01-26 06:29:49 Linux Polkit 权限提升漏洞通告 详情
2cf83319963ff4f2522e77a59d725257 2022-01-24 03:38:37 安全事件周报 (01.17-01.23) 详情
4002db1ad42f160666e73332e87be0d0 2022-01-20 09:02:00 Apache Log4j多个安全漏洞通告 详情
d2164294b3c200324f6ef216f622c597 2022-01-19 02:02:24 2022-01 补丁日: Oracle多个产品漏洞安全风险通告 详情
27ee0b158c3e3ed9d4bd6233f93a590a CVE-2021-44757 2022-01-18 08:05:29 CVE-2021-44757:Zoho ManageEngine Desktop Central 身份验证绕过漏洞通告 详情
073e4d744262ebf26baa15adb23b6fa1 2022-01-17 04:10:23 安全事件周报 (01.10-01.16) 详情
90192bfb84c1510450569c8248566d80 CVE-2022-21907 2022-01-15 03:21:21 Microsoft Windows HTTP 协议栈远程代码执行漏洞 详情
eb0536d02801abbd915ee523a34b737d CVE-2021-43297 2022-01-14 07:10:20 Apache Dubbo 远程代码执行漏洞通告 详情
101d94628813bef45e5f87eb2fd52a00 2022-01-12 02:37:09 2022-01 补丁日: 微软多个漏洞安全更新通告 详情
b686b1df411922298c16a9fba8a82f09 2022-01-10 09:12:49 安全事件周报 (01.03-01.09) 详情
0dd2b4e54c1e7d58b6a543d5cd6168ce 2022-01-04 09:42:59 安全事件周报 (12.27-01.02) 详情
1f4414b232828031852a1c0ccd0338a8 CVE-2021-45232 2021-12-28 11:53:57 Apache APISIX Dashboard 未授权访问漏洞通告 详情
7e8a20ef23aa18ec6a4d4db37ac4c3b2 2021-12-27 10:23:48 安全事件周报 (12.20-12.26) 详情
d64e8c999202491d43f23dc514036a1f 2021-12-23 03:35:44 Apache HTTP Server多个漏洞风险通告 详情
c2d76ce73a102654b071afa0aa63a3c7 CVE-2021-45105 2021-12-20 08:57:08 CVE-2021-45105:Apache Log4j 拒绝服务漏洞通告 详情
58138920f2aaf7fe331bd6f96f7cd225 2021-12-20 07:38:33 安全事件周报 (12.13-12.19) 详情
03a81fd8fe0e8c0034b92844bfb6dd03 CVE-2021-45046 2021-12-17 09:54:22 Log4j 2 远程代码执行漏洞通告 详情
a50794d51fd89538d0eb021520271919 2021-12-17 08:05:40 360CERT发布基于漏洞攻击荷载的Log4j2对抗型热补修复方案 详情
d4319ee554074475bdc2bc825480754b 2021-12-15 06:37:34 2021-12 补丁日: 微软多个漏洞安全更新通告 详情
7eed3b6eefb34deb5bba75d8e3cd6c8b CVE-2021-4102 2021-12-14 10:27:36 CVE-2021-4102:Google Chrome 代码执行漏洞 详情
0b2a24c28ee563beb083baa046da930b 2021-12-13 07:09:14 安全事件周报 (12.06-12.12) 详情
ec4c7eb7d0fda599889cdc11440df805 2021-12-13 03:00:28 Microsoft Windows Active Directory 域服务权限提升多个漏洞通告 详情
e0a3b7cab3cc78da77c5fad75a9ba739 2021-12-10 02:25:47 Apache Log4j 2 远程代码执行漏洞通告 详情
9ec8a01a5c4055ebe30833b1e884926e 2021-12-07 09:10:46 Grafana 任意文件读取漏洞通告 详情
c529a8f4ce9149aac86c63b5738017ee 2021-12-06 07:56:06 安全事件周报 (11.29-12.05) 详情
9c24c96b071028e5ab5cb7c57a40aec5 CVE-2021-44077 2021-12-06 02:34:35 Zoho ManageEngine ServiceDesk Plus 认证绕过漏洞通告 详情
Tenable (Nessus) [TOP 30]
CVES
TIME
TITLE
URL
bbf38c46aca495f300545dd7b7f5d0ce
CVE-2022-26336
2022-03-04 16:15:00 
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.
详情
4ff0fab45e31e40a9f1c361ccef06df7
CVE-2022-23729
2022-03-04 16:15:00
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.
详情
2a0e36fb05c7f8ffa49035984b49903d
CVE-2022-22946
2022-03-04 16:15:00
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
详情
3053bbb8967ea9b8405c6e5def09aafd
CVE-2021-46382
2022-03-04 16:15:00
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.
详情
cbbaf7aa3a9d81d76c8804092be13ede
CVE-2021-46381
2022-03-04 16:15:00
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
详情
e74e044104a8c65ce8de601431bb5606
CVE-2021-46380
2022-03-04 16:15:00
Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS leads to session hijacking.
详情
e35041b4dda52ee5536a727135a821b8
CVE-2021-46379
2022-03-04 16:15:00
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
详情
446d66cd123cd3fd9101d14f1de314ad
CVE-2021-3744
2022-03-04 16:15:00
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
详情
e9676cc56a7bd1afdafd1298a33a1dac
CVE-2021-3743
2022-03-04 16:15:00
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
详情
bcf55877fa9b949c49c539ef9234542e
CVE-2021-23214
2022-03-04 16:15:00
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
详情
30c4b407e2016cce12dd1f2f3d7b8eaa
CVE-2022-26201
2022-03-04 14:15:00
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.
详情
9b4f406282562b5685d5eb625bbd3d7f
CVE-2022-0832
2022-03-04 14:15:00
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
详情
249ecdddd1ccbb1ea177539362dc33bc
CVE-2022-0831
2022-03-04 14:15:00
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
详情
022e1a88da4c32449edf7e55a5b5eb01
CVE-2021-46394
2022-03-04 14:15:00
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.
详情
f4815aa37aee4447c32a7f0314daf3d7
CVE-2021-46393
2022-03-04 13:15:00
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.
详情
ff388e6c2d10c12da99af1144859b22a
CVE-2021-44321
2022-03-04 13:15:00
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items.
详情
22e69f1be07291ab82c912894aa76a26
CVE-2021-43393
2022-03-04 13:15:00
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.
详情
d053b1bfc64ab68495b42f349baa33eb
CVE-2021-43392
2022-03-04 13:15:00
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.
详情
98f2a82c1774beb77b944276e3dedc7e
CVE-2022-23328
2022-03-04 12:15:00
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).
详情
5ffa58ea37f65e3005dced8417fb6ac0
CVE-2022-23327
2022-03-04 12:15:00
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).
详情
e320fbbebc6559ecbc65027cf252503b
CVE-2022-0752
2022-03-04 12:15:00
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
详情
240e838b91b0680bf2488278b34b7c12
CVE-2022-0848
2022-03-04 09:15:00
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.
详情
e2aa949c01a1a3a7c4a1ec6e4d3d541e
CVE-2022-0838
2022-03-04 08:15:00
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.
详情
e31281cba776c48096cf36b3404fce7d
CVE-2022-0730
2022-03-03 23:15:00
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
详情
75c16d69800d969f528499766847d0d6
CVE-2021-3640
2022-03-03 23:15:00
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
详情
f4624fb3a17933e8fbff103f41fcb32b
CVE-2021-3638
2022-03-03 23:15:00
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
详情
f2d9af91ceba7b7e849be5a12a445bd0
CVE-2021-26948
2022-03-03 23:15:00
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.
详情
28348b8869a8bb22a02919564baf691f
CVE-2021-26259
2022-03-03 23:15:00
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.
详情
7d08b866af46cbfd41a6e43d0a52e71a
CVE-2022-25220
2022-03-03 22:15:00
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding.
详情
bd8ec8736869e2e640bdf98f300773b3
CVE-2022-24725
2022-03-03 22:15:00
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other tested shells, Dash and Zsh, are not affected. Depending on how the output of _shescape_ is used, directory traversal may be possible in the application using _shescape_. The issue was patched in version 1.5.1. As a workaround, manually escape all instances of the tilde character (`~`) using `arg.replace(/~/g, "\\~")`.
详情
国家信息安全漏洞共享平台(CNVD) [TOP 30] CVES TIME TITLE URL 8686fda9b2b49e4e1666b54e2248f935 CNVD-2021-74882 2021-11-14 16:43:52 四创科技有限公司建站系统存在SQL注入漏洞 详情
8f6972d84ad188b05ff9cc14d4334949 CNVD-2021-87021 (CVE-2020-4690) 2021-11-12 12:43:14 IBM Security Guardium硬编码凭证漏洞 详情
3bfe7b053a0c59d8a3d38c18f86aa143 CNVD-2021-87022 (CVE-2021-38870) 2021-11-12 12:43:12 IBM Aspera跨站脚本漏洞 详情
a4649bb17f4db4d1c7f879ebceb46ed0 CNVD-2021-87011 (CVE-2021-29753) 2021-11-12 12:43:11 IBM Business Automation Workflow存在未明漏洞 详情
094c613f9ed4b8b9d887dc912789043c CNVD-2021-87025 (CVE-2021-20563) 2021-11-12 12:43:10 IBM Sterling File Gateway信息泄露漏洞 详情
41c47f01a4c65dcb6efc9ebf483fe762 CNVD-2021-87010 (CVE-2021-38887) 2021-11-12 12:43:08 IBM InfoSphere Information Server信息泄露漏洞 详情
f51d33e7a09fd61ca90ede453515a830 CNVD-2021-87016 (CVE-2021-29764) 2021-11-12 12:43:07 IBM Sterling B2B Integrator跨站脚本漏洞 详情
33615a5f78df822e82e6d3436045c48c CNVD-2021-87026 (CVE-2021-38877) 2021-11-12 12:43:06 IBM Jazz for Service Management跨站脚本漏洞 详情
8e729177bcb4105dd831fb1e123ed1bb CNVD-2021-87014 (CVE-2021-29679) 2021-11-12 12:43:04 IBM Cognos Analytics远程代码执行漏洞 详情
1a3b856f78e9fbdca12aeddc7d665aca CNVD-2021-87029 (CVE-2021-29752) 2021-11-12 12:43:03 IBM Db2信息泄露漏洞 详情
6f1aa3a0cb819d97519baa47fd0232d5 CNVD-2021-87015 (CVE-2021-29745) 2021-11-12 12:43:02 IBM Cognos Analytics权限提升漏洞 详情
cbcb12f5f51d6e7d6d8a9fa581aa863a CNVD-2021-73908 2021-11-11 16:42:44 泛微e-cology存在SQL注入漏洞 详情
ae6fd467da55de31aa7219187cf5c2d4 CNVD-2021-86904 (CVE-2021-20351) 2021-11-11 08:31:46 IBM Engineering跨站脚本漏洞 详情
412a15b40959ed9cf9330ee79f99e079 CNVD-2021-86903 (CVE-2021-31173) 2021-11-11 08:31:44 Microsoft SharePoint Server信息泄露漏洞 详情
1cbc5d5faac431d3e82c9e5ea9588b5f CNVD-2021-86902 (CVE-2021-31172) 2021-11-11 08:31:43 Microsoft SharePoint欺骗漏洞 详情
686c7cfb20933b41c3d679cbba79a2ad CNVD-2021-86901 (CVE-2021-31181) 2021-11-11 08:31:42 Microsoft SharePoint远程代码执行漏洞 详情
72fdfb2d44c0d41d638e4632bdfc10b8 CNVD-2021-86900 (CVE-2021-3561) 2021-11-11 08:31:41 fig2dev缓冲区溢出漏洞 详情
3ba6f0e9394f9414e2cadb9495e2d5f5 CNVD-2021-85884 (CVE-2021-41210) 2021-11-10 07:24:57 Google TensorFlow堆分配数组越界读取漏洞 详情
4d8c4744ea972fb2fcb9673fea1fc7b7 CNVD-2021-85883 (CVE-2021-41226) 2021-11-10 07:24:56 Google TensorFlow堆越界访问漏洞 详情
8778f9cd924cae585ca5e2e0b8be3b3f CNVD-2021-85882 (CVE-2021-41224) 2021-11-10 07:24:54 Google TensorFlow堆越界访问漏洞 详情
e1b2722e6d5c509c680b584416d9cb20 CNVD-2021-85881 (CVE-2021-42770) 2021-11-10 07:24:53 OPNsense跨站脚本漏洞 详情
ed09c9fa5586e2d4d9b4e95fe3b447a0 CNVD-2021-85880 (CVE-2021-28024) 2021-11-10 07:24:52 ServiceTonic访问控制不当漏洞 详情
8a642f0922f7f915e81b2b947276a96c CNVD-2021-85879 (CVE-2021-28023) 2021-11-10 07:24:50 ServiceTonic任意文件上传漏洞 详情
c00b061c2cfdee4016a869a188135db5 CNVD-2021-85878 (CVE-2021-28022) 2021-11-10 07:24:49 ServiceTonic SQL注入漏洞 详情
9c4b20a28ad2bd4ab916448f0e1272bd CNVD-2021-85877 (CVE-2021-32483) 2021-11-10 07:24:48 Cloudera Manager不正确访问控制漏洞 详情
4d4423857b7b1f38e49738f00e8949ba CNVD-2021-85876 (CVE-2021-32481) 2021-11-10 07:24:46 Cloudera Hue跨站脚本漏洞 详情
6b12b7fc216d603e8e07351603851c86 CNVD-2021-85875 (CVE-2021-29994) 2021-11-10 07:24:45 Cloudera Hue跨站脚本漏洞 详情
72894fb3a3538de240d2f6810aae63c9 CNVD-2021-85892 (CVE-2021-42701) 2021-11-10 02:38:27 DAQFactory中间人攻击漏洞 详情
94a1f99a64ba24540cc1594d0a0b3152 CNVD-2021-85893 (CVE-2021-42699) 2021-11-10 02:38:26 DAQFactory明文传输漏洞 详情
5d9bac33be8f2f88391f6de02fb89c73 CNVD-2021-85894 (CVE-2021-42698) 2021-11-10 02:38:24 DAQFactory反序列化漏洞 详情
国家信息安全漏洞库(CNNVD) [TOP 30]
CVES
TIME
TITLE
URL
f9119bbb6f5bca8f5911070c60e5d7a5
CNNVD-202203-169 (CVE-2022-21716)
2022-03-03 12:44:50
Twisted 安全漏洞
详情
1df1a468b4028e39c6c427777a0e34c5
CNNVD-202203-174 (CVE-2022-24723)
2022-03-03 12:44:48
Medialize URI.js 输入验证错误漏洞
详情
2746d293f9ea979f70aef20f87924a29
CNNVD-202203-175 (CVE-2022-0265)
2022-03-03 12:44:46
Hazelcast 安全漏洞
详情
7cc47597d51faa8d5c7f284c65ccd97c
CNNVD-202203-178 (CVE-2021-38577)
2022-03-03 12:44:44
Tianocore Edk2 安全漏洞
详情
b6a9b12c6975ebdd8c7625f1813a1124
CNNVD-202203-180 (CVE-2021-38578)
2022-03-03 12:44:42
Tianocore Edk2 安全漏洞
详情
902a4562ec4aaea660e570c4796b63f4
CNNVD-202203-181 (CVE-2022-22985)
2022-03-03 12:44:39
IPCOMM ipDIO 代码注入漏洞
详情
a6a27679fefa8d0592d9717de4d96a77
CNNVD-202203-182 (CVE-2022-24915)
2022-03-03 12:44:37
IPCOMM ipDIO 代码注入漏洞
详情
3ebf694a1af6003a6cd619f860c655f1
CNNVD-202203-183 (CVE-2022-21146)
2022-03-03 12:44:35
IPCOMM ipDIO 跨站脚本漏洞
详情
92f910d94a9eef5e4c841cac8595bdd9
CNNVD-202203-184 (CVE-2022-24432)
2022-03-03 12:44:33
IPCOMM ipDIO 跨站脚本漏洞
详情
ebf7ad06a229da32a1f6fd672ff55a53
CNNVD-202203-185 (CVE-2022-0730)
2022-03-03 12:44:30
Cacti 安全漏洞
详情
e996fec3cd2eebc60d70854697eabff7
CNNVD-202203-122 (CVE-2021-38263)
2022-03-03 12:44:09
Liferay Portal和Liferay DXP 跨站脚本漏洞
详情
23c86a4abcd7a87eff27e96aa438b8de
CNNVD-202203-123 (CVE-2021-38265)
2022-03-03 12:44:07
Liferay Portal和Liferay DXP 跨站脚本漏洞
详情
a8efa567b93e7fcdc8c114f3d400d7fa
CNNVD-202203-124 (CVE-2021-38267)
2022-03-03 12:44:05
Liferay Portal 安全漏洞
详情
34fad70f614e48d3bb3766c47a7c5fa7
CNNVD-202203-125 (CVE-2021-38269)
2022-03-03 12:44:03
Liferay Portal 安全漏洞
详情
fcbf754a4008502152a0175788bd7506
CNNVD-202203-126 (CVE-2021-44343)
2022-03-03 12:44:00
ok-file-formats 缓冲区错误漏洞
详情
7314ae025e5addc13699b4f661d1ea8f CNNVD-202203-045 (CVE-2022-22301) 2022-03-02 12:44:27 Fortinet FortiAP安全漏洞 详情
19d393f033336d8803277dc13425451f CNNVD-202203-046 (CVE-2021-45861) 2022-03-02 12:44:25 Daniel Kamil Kozar tsMuxer 安全漏洞 详情
78800435b6e1eabe0f809b688a50a933 CNNVD-202203-047 (CVE-2021-45863) 2022-03-02 12:44:23 Daniel Kamil Kozar tsMuxer 安全漏洞 详情
3a3adaaeee50b25c2d4e70901d01f8ec CNNVD-202203-048 (CVE-2021-45864) 2022-03-02 12:44:20 Daniel Kamil Kozar tsMuxer 安全漏洞 详情
eb6d07e23e141249a97e0c6b02a3c23a CNNVD-202203-117 (CVE-2022-26171) 2022-03-02 12:44:19 Bank Management System SQL注入漏洞 详情
9b20ca5ce64b14881dc08a3c6a30b676 CNNVD-202203-049 (CVE-2022-25050) 2022-03-02 12:44:18 rtl_433 安全漏洞 详情
3ee25a5bd61116433add5fd9fff5d1c9 CNNVD-202203-118 (CVE-2022-20754) 2022-03-02 12:44:17 Cisco Expressway Series 安全漏洞 详情
f8c214c936695c553e02a1572dfee183 CNNVD-202203-119 (CVE-2021-38264) 2022-03-02 12:44:15 Liferay Portal 安全漏洞 详情
0ecd8145044dfe84a867f713dc2c75fb CNNVD-202203-120 (CVE-2021-44335) 2022-03-02 12:44:13 ok-file-formats 缓冲区错误漏洞 详情
94a0426ce8828dec35b1bda9ae240d12 CNNVD-202203-121 (CVE-2022-25471) 2022-03-02 12:44:11 OpenEMR 安全漏洞 详情
549c6fdbef2213274a1bc97baf8cb077 CNNVD-202203-040 (CVE-2022-25010) 2022-03-01 12:44:39 Stepmania 安全漏洞 详情
74d255d7fc649d6a5e3d38aee6b7fa34 CNNVD-202203-041 (CVE-2022-25012) 2022-03-01 12:44:36 Argus Surveillance Dvr 安全漏洞 详情
b99d987e56a70ee9c6501dbfcbf84089 CNNVD-202203-042 (CVE-2021-45860) 2022-03-01 12:44:34 Daniel Kamil Kozar tsMuxer 安全漏洞 详情
090cfbbfb84539b93545e1ed27e94692 CNNVD-202203-043 (CVE-2021-38996) 2022-03-01 12:44:32 IBM AIX 安全漏洞 详情
97324661a3f89916ec5b6428deb66ac5 CNNVD-202203-044 (CVE-2022-25051) 2022-03-01 12:44:30 rtl_433 安全漏洞 详情
奇安信 [TOP 30] CVES TIME TITLE URL 6bd01daffa85191c80698354fc8e252f wt QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
f749eac58b87d0954f0e4a84b5d67057 CVE-2020-1350 2020-07-15 15:57:00 QiAnXinTI-SV-2020-0013 Microsoft DNS Server远程代码执行漏洞(CVE-2020-1350)通告 详情
90b93cb7073fe73b17746ac166a09637 CVE-2020-6819, CVE-2020-6820 2020-04-08 10:34:35 QianxinTI-SV-2020-0012 Firefox在野远程代码执行漏洞(CVE-2020-6819、CVE-2020-6820)通告 详情
e318a5efa4803b50cdef480b90b1784d 2020-03-25 13:58:51 QiAnXinTI-SV-2020-0009 Microsoft Windows Type 1字体处理远程代码执行漏洞(ADV200006)通告 详情
cffc3035f7899495cfeae521451f91b2 CVE-2020-0796 2020-03-12 10:32:09 QiAnXinTI-SV-2020-0008 Microsoft Windows SMBv3.0服务远程代码执行漏洞(CVE-2020-0796)通告 详情
3e6175d47d17c6f94bd9ba10d81c3717 CVE-2020-0674 2020-03-02 14:52:46 QiAnXinTI-SV-2020-0002 Microsoft IE jscript远程命令执行0day漏洞(CVE-2020-0674)通告 详情
d99d073afb7d248a8a62fb068921997f CVE-2020-0601 2020-01-15 14:11:41 QianxinTI-SV-2020-0001 微软核心加密库漏洞(CVE-2020-0601)通告 详情
b7b45b14a3af1225ef6eec72d74964df CVE-2019-1367 2019-09-25 17:23:00 QiAnXinTI-SV-2019-0022 微软IE浏览器JScript脚本引擎远程代码执行漏洞通告 详情
504fc79f0123db109a11b149c334b75c CVE-2019-0708 2019-09-09 10:20:47 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
5b727692d583d4a6e7cdb0f670eac12a CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 2019-08-14 11:09:05 QianxinTI-SV-2019-0015 Microsoft Windows RDP远程桌面服务多个远程代码执行漏洞通告 详情
54b48d765fccbc8dcfa3de0920459f8d CVE-2019-11707 2019-06-19 16:53:47 QiAnXinTI-SV-2019-0013 Firefox远程代码执行漏洞(CVE-2019-11707)预警通告 详情
5b4d5fea09fbc2dca45be53f162d39de CVE-2019-0708 2019-05-31 17:03:19 QiAnXinTI-SV-2019-0006 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)预警通告 详情
安全客 [TOP 30] CVES TIME TITLE URL 03afa8b4eaf4a0160784152fca5465b2 CVE-2021-27308 2021-07-11 14:22:05 4images 跨站脚本漏洞 详情
8b0ace4c54a7fc20a99d21e294152a99 CVE-2020-15261 2021-07-11 14:22:05 Veyon Service 安全漏洞 详情
d4f12de949590ab346b61986a29d8b4d CVE-2021-35039 2021-07-09 17:30:13 Linux kernel 安全漏洞 详情
f790e7ef3b5de3774d42ee32b9b10c01 CVE-2021-34626 2021-07-09 17:30:13 WordPress 访问控制错误漏洞 详情
71bf261eb2113d5ff870ab9bafd29f55 CVE-2021-25952 2021-07-09 17:30:13 just-safe-set 安全漏洞 详情
152793cbc104933584f5f227606f433d CVE-2021-0597 2021-07-09 17:30:13 Google Android 信息泄露漏洞 详情
75f153c327984fdfdd2d9c463a91371d CVE-2021-34430 2021-07-09 17:30:13 Eclipse TinyDTLS 安全特征问题漏洞 详情
9610336f1a41241cc8edea22a2780ec5 CVE-2021-3638 2021-07-09 17:30:13 QEMU 安全漏洞 详情
92fe450ae5c5dfa48072aca79d64ba63 CVE-2021-34614 2021-07-09 14:24:32 Aruba ClearPass Policy Manager 安全漏洞 详情
680a4218fc32922746717210664a3d62 CVE-2021-22144 2021-07-09 13:28:16 Elasticsearch 安全漏洞 详情
373930f669f2c1f7b61101a925304779 CVE-2021-24022 2021-07-09 13:28:16 Fortinet FortiManager 安全漏洞 详情
8556f9cd0699f88c1f6cca9a43463bdd CVE-2021-33012 2021-07-09 13:28:16 Allen Bradley Micrologix 1100输入验证错误漏洞 详情
480ae713cc88cc0985e1ebc079974d83 CVE-2021-0592 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8ef4dbefa6604ea2312621401c3ec0b9 CVE-2021-1598 2021-07-09 13:28:16 Cisco Video Surveillance 7000 Series IP Cameras 安全漏洞 详情
d6e8714c32df7a0dcc2f3910ec68b42d CVE-2021-20782 2021-07-09 13:28:16 Software License Manager 跨站请求伪造漏洞 详情
4e60b22611b8bb0fd7e532896498af29 CVE-2021-20781 2021-07-09 13:28:16 WordPress 跨站请求伪造漏洞 详情
5ca48ad58fb499c069ae0800c3b39875 CVE-2021-32961 2021-07-09 13:28:16 MDT AutoSave代码问题漏洞 详情
2ed854890b43f08e52340a1e8fe6d39f CVE-2021-0577 2021-07-09 13:28:16 Google Android 安全漏洞 详情
8d63110e1475bbd245715b2ee1824d13 CVE-2021-31816 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
72bef2ae2f5db7dd066e1cdefa618dc5 CVE-2021-31817 2021-07-09 13:28:16 Octopus Server 安全漏洞 详情
1f7369b2609dbd2cd40d091f7de540cd CVE-2020-20217 2021-07-09 13:28:16 Mikrotik RouterOs 安全漏洞 详情
1793176eecc5813c3348f026dc9909c9 CVE-2020-28598 2021-07-09 13:28:16 PrusaSlicer 安全漏洞 详情
7f4cf34ceb545548dcfcc3c0e7120268 CVE-2021-32945 2021-07-09 13:28:16 MDT AutoSave加密问题漏洞 详情
58553eb00d6e3e83b633f09464c4e98a CVE-2021-29712 2021-07-09 13:28:16 IBM InfoSphere Information Server 跨站脚本漏洞 详情
d8e27ec42fb0b89998fcc006f49b249b CVE-2021-25432 2021-07-09 13:28:16 Samsung Members 信息泄露漏洞 详情
8f2adc6c247725bf2eb7f53256c93ea7 CVE-2021-25433 2021-07-09 13:28:16 Samsung Tizen安全漏洞 详情
8f949676124339eb6f64f9c607af5470 CVE-2021-25431 2021-07-09 13:28:16 Samsung Mobile Device Cameralyzer 访问控制错误漏洞 详情
069818a8958f9c158fcb0956ee32fc03 CVE-2021-25434 2021-07-09 13:28:16 Samsung Tizen 代码注入漏洞 详情
55b9126220b9722ff5d730d3996877e9 CVE-2021-32949 2021-07-09 13:28:16 MDT AutoSave 路径遍历漏洞 详情
ebab009fffdee3d360dcdff74b0ed061 CVE-2021-25435 2021-07-09 13:28:16 Samsung Tizen代码注入漏洞 详情
斗象 [TOP 30] CVES TIME TITLE URL 485f2c57713f4a39830e8c2d01e43cfe CVE-2021-4034 2022-01-26 06:19:16 Linux Polkit 权限提升漏洞(CVE-2021-4034) 详情
0aa6eab412c0318b74c6a470ee774df1 CVE-2022-21907, CVE-2022-21969, CVE-2022-21846, CVE-2022-21855, CVE-2022-21874, CVE-2022-21893, CVE-2022-21850, CVE-2022-21851, CVE-2022-21836, CVE-2022-21919 2022-01-12 03:44:50 微软2022年1月补丁日漏洞通告 详情
88a8c676b52a739c0335d7c21ca810a9 2022-01-06 08:19:17 MeterSphere 远程代码执行漏洞 详情
76cad61d2d5a8750a6a714ab2c6dbc97 CVE-2021-45232 2021-12-28 10:31:16 Apache APISIX Dashboard 接口未授权访问漏洞(CVE-2021-45232) 详情
af4f5f63390eb00de8705b5029d8c376 CVE-2021-44228, CVE-2021-45046 2021-12-14 01:56:52 Apache Log4j 远程代码执行漏洞 详情
43456ae172e45c12087c40c03d925e0e CVE-2021-44228 2021-12-11 03:21:34 Apache Log4j 远程代码执行漏洞 详情
392b133d98d6f61aee36ce6c8784f4df 2021-12-09 15:20:54 Apache Log4j 远程代码执行漏洞 详情
1e193280a8f45427c06cb4945be4f126 2021-12-07 06:48:55 Grafana 任意文件读取漏洞 详情
1911c90c4cf886d9867ff81b4756eb3f 2021-12-02 06:37:58 VMware vCenter 服务端请求伪造漏洞 详情
45a46bc77eb26e67020f43cf08f1fcc6 CVE-2021-21980, CVE-2021-22049 2021-11-26 03:52:06 VMware vCenter Server多个高危漏洞通告 详情
c1d2650c12cb12d9ee21f53d0f087be8 CVE-2021-42321, CVE-2021-42292, CVE-2021-38666 2021-11-10 12:03:45 微软2021年11月补丁日漏洞通告 详情
6b34ab872bd97043b7699554194da23f CVE-2021-22205 2021-11-02 03:38:34 GitLab CE/EE远程代码执行漏洞(CVE-2021-22205) 详情
a418a10f7f4a1694a2293e895b24de6a CVE-2021-35617, CVE-2021-35620 2021-10-20 03:07:34 Oracle WebLogic 多个高危漏洞通告 详情
e2d8ba6cd503627461acaa0de23c51b6 CVE-2021-40449, CVE-2021-26427, CVE-2021-40486, CVE-2021-38672, CVE-2021-40461 2021-10-13 05:29:50 微软2021年10月补丁日漏洞通告 详情
68be9e619a7702aa2cb4d58c255d39c8 CVE-2021-41773, CVE-2021-42013 2021-10-09 03:33:50 Apache HTTP Server 路径遍历漏洞 详情
2b425329012f167ceeee133dcab6c49c CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017 2021-09-22 05:41:12 VMware多个高危漏洞通告 详情
a0f1f4b9e08c161feea107db8c47d55e CVE-2021-26084 2021-08-26 12:03:16 Atlassian Confluence远程代码执行漏洞(CVE-2021-26084) 详情
68ee7b98acb8ba2e45c3638a078d9535 CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, CVE-2021-39154 2021-08-23 06:14:35 XStream 多个反序列化漏洞 详情
e00d270224089dec1dde09bb05ec2678 CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 2021-08-06 08:53:31 Microsoft Exchange 远程代码执行漏洞(PoC已公开) 详情
b36f311a6a1cb8b7c4d2da09512e0fa9 CVE-2021-2394, CVE-2021-2397, CVE-2021-2382 2021-07-21 10:29:24 Oracle WebLogic 多个高危漏洞通告 详情
86cb552f791b9e8159d01a9478a59f9d CVE-2021-34527, CVE-2021-34448, CVE-2021-33771, CVE-2021-31979, CVE-2021-34473, CVE-2021-34520, CVE-2021-34468, CVE-2021-34467, CVE-2021-34449, CVE-2021-33780 2021-07-14 09:40:04 微软2021年7月补丁日漏洞通告 详情
ed706209d0185b2415915cac4afec37b 2021-07-08 08:43:59 YApi远程代码执行漏洞通告 详情
c5bfeca05acdc931e8686c9e3d4ff937 2021-07-02 11:03:50 Windows Print Spooler 远程代码执行漏洞(CVE-2021-34527) 详情
4184ae9f57a2db9063367e64e6cc2cb7 CVE-2021-1675 2021-06-29 10:15:39 Windows Print Spooler远程代码执行漏洞(CVE-2021-1675) 详情
2131ca2cbd7b631f62f8701a925c2767 CVE-2021-21998 2021-06-23 06:20:30 VMware Carbon Black App Control 身份验证绕过漏洞(CVE-2021-21998) 详情
906de48de24b85a2278ae80a9f4d0aa8 2021-06-03 02:48:56 用友NC BeanShell 远程命令执行漏洞 详情
4d9035105f60b9d56f24c24e87fc6e32 CVE-2021-21985 2021-05-26 03:39:33 VMware vCenter Server 远程代码执行漏洞(CVE-2021-21985) 详情
137a4e2d822964f8f8c93f59d00f2bce 2021-04-18 16:38:14 WebLogic T3反序列化漏洞0day 详情
7cb0c487c17f2247b0b81ef4bc51f47b 2021-04-18 16:38:14 WebLogic T3反序列化漏洞0day通告 详情
49c6f9e6d3305e3f6a1b9e819a546f5e 2021-03-18 07:43:11 GitLab markdown远程代码执行漏洞 详情
红后 [TOP 30]
CVES
TIME
TITLE
URL
3f1a278a2712f0665e8d2255c2467e1e
CVE-2021-1669
2022-03-04 13:48:50
Microsoft Windows 远程桌面安全漏洞
详情
fea33805b80800ba8838521a2f5a03e6
CVE-2021-1651
2022-03-04 13:48:46
Microsoft Windows 诊断中心标准收集器安全漏洞
详情
816c047de922f4489cc48188b58a0b8e
CVE-2021-1646
2022-03-04 13:48:42
Microsoft Windows WLAN 授权问题漏洞
详情
53533429f5c310f73543eaaa054fae19
CVE-2021-1643
2022-03-04 13:48:38
Microsoft HEVC Video Extensions 安全漏洞
详情
c2ec2c14c6281803ab9edb1fc16a959f
CVE-2021-1670
2022-03-04 13:48:36
Microsoft Windows FS Filter 驱动程序信息泄露漏洞
详情
070e59201465fe6a88d9e6d1e70f9c3d
CVE-2021-1638
2022-03-04 13:48:32
Microsoft Windows Bluetooth 安全漏洞
详情
d1aa0bcf783c37cbe089e085ca892ed7
CVE-2021-1662
2022-03-04 13:48:28
Microsoft Windows 安全漏洞
详情
4a143f388c23264ca5999eeabf668ae2
CVE-2021-1663
2022-03-04 13:48:26
Microsoft Windows FS Filter 驱动程序信息泄露漏洞
详情
390c687a0e23d72217bc110ba7552caf
CVE-2020-5686
2022-03-04 13:48:23
NEC 多款产品授权问题漏洞
详情
ab01aa1c85cebd1781244d54c7f8c79f
CVE-2021-1648
2022-03-04 13:48:19
Microsoft Windows splwow64 授权问题漏洞
详情
e3d85a02e64931537b2405e290219723
CVE-2021-1650
2022-03-04 13:48:15
Microsoft Windows 安全漏洞
详情
4ff09cdcacb0bb825c8d19665068ffb0
CVE-2020-4674
2022-03-03 13:51:28
IBM Workload Automation 信息泄露漏洞
详情
a19af6a31eed6baecc6bb3372b3f72b8
CVE-2020-4838
2022-03-03 13:51:27
IBM API Connect 跨站脚本漏洞
详情
6d53f44151a37557ed2b62a7ce50b4b1
CVE-2020-35655
2022-03-03 13:51:22
Pillow 缓冲区错误漏洞
详情
b10291177e8f9f88351de7831f27e173
CVE-2020-35653
2022-03-03 13:51:19
Pillow 缓冲区错误漏洞
详情
34a8f651caf89224582bfc8c1f4c3cd6
CVE-2020-35458
2022-03-03 13:51:13
ClusterLabs Hawk 代码注入漏洞
详情
f202274fd49e10b30e169775351ba6a3
CVE-2020-35459
2022-03-03 13:51:10
Clusterlabs Crmsh 安全漏洞
详情
9259d85b7192dfc17dd742fe30ad4ed6
CVE-2021-0301
2022-03-03 13:51:05
Google Android 缓冲区错误漏洞
详情
98dfe20b5d1533bc89d8c3cc8be57793
CVE-2020-27637
2022-03-03 13:51:02
R Cran 路径遍历漏洞
详情
b26e5d1f8bcf6dda86e0a3e4dc4d2705
CVE-2020-27059
2022-03-03 13:50:59
Googe Android 信息泄露漏洞
详情
6e51137b7470ea13e927d28c2437e1d0
CVE-2020-4673
2022-03-03 13:50:52
IBM Workload Automation 信息泄露漏洞
详情
b38dd435767071f7cceedb8fcf3311f4 CVE-2020-16023 2022-03-02 13:52:16 Google Chrome 资源管理错误漏洞 详情
e0f0127b31b8d9d08acc8e98b28c785e CVE-2020-16022 2022-03-02 13:52:12 Google Chrome 安全漏洞 详情
70bfdf687bd9c24d0a3bef980f00d01b CVE-2020-16020 2022-03-02 13:52:12 Google Chrome 安全漏洞 详情
cef24438d24d2d30829e65c7491d194d CVE-2020-16017 2022-03-02 13:52:05 Google Chrome 资源管理错误漏洞 详情
2af3e6184a200d3e9abe393149dc6155 CVE-2020-16019 2022-03-02 13:52:05 Google Chrome 安全漏洞 详情
6ee31ddb95daa944794b1c5b1a6053ee CVE-2020-16014 2022-03-02 13:51:58 Google Chrome 安全漏洞 详情
8299c6029377b130768164796d41cf01 CVE-2020-16016 2022-03-02 13:51:58 Google Chrome 安全漏洞 详情
32b5f9822a5d199b122e0a0429a1c2d9 CVE-2020-16012 2022-03-02 13:51:49 Mozilla Firefox 安全漏洞 详情
e27940b98fc36513eee870d2f7ed82fb CVE-2020-16013 2022-03-02 13:51:49 Google Chrome 缓冲区错误漏洞 详情
绿盟 [TOP 30]
CVES
TIME
TITLE
URL
25633b1e9f662aa3a3af07bc093b3fae
CVE-2021-46618
2022-03-04 09:25:43
Bentley MicroStation CONNECT越界读取漏洞
详情
bc479de038e53ea3325a5d7b8b1abff1
CVE-2021-46617
2022-03-04 09:25:43
Bentley MicroStation CONNECT未初始化内存漏洞
详情
e5bacab81ab912c1e7a6c9ac3779d6c4
CVE-2021-46628
2022-03-04 09:25:43
Bentley View越界读取漏洞
详情
f758556fd3106f369067b3621171e297
CVE-2021-46642
2022-03-04 09:25:43
Bentley View越界读取漏洞
详情
88a483d23761742464873ae6402b5600
CVE-2021-46624
2022-03-04 09:25:43
Bentley View越界读取漏洞
详情
01a9b36fbb1b34e7e1c36d1bca562031
CVE-2021-46640
2022-03-04 09:25:43
Bentley View越界写入漏洞
详情
db1c75206c6787fe8bb4bc93d91e099b
CVE-2021-46619
2022-03-04 09:25:43
Bentley MicroStation CONNECT越界读取漏洞
详情
58373494833dafc3a0adbc423734d15c
CVE-2021-46637
2022-03-04 09:25:43
Bentley MicroStation CONNECT越界读取漏洞
详情
30e8de381a86009c18a183e0cc130c70
CVE-2021-46620
2022-03-04 09:25:43
Bentley MicroStation CONNECT越界读取漏洞
详情
c08cadbf488690f12c1766a2be64797f
CVE-2021-46625
2022-03-04 09:25:43
Bentley View双重释放漏洞
详情
43ce9cd2330bc5d28b30c0303a35c98d
CVE-2021-46626
2022-03-04 09:25:43
Bentley View越界读取漏洞
详情
761724b85a6c05a8a29a023e5bb61a11
CVE-2021-46627
2022-03-04 09:25:43
Bentley View内存错误引用漏洞
详情
f59b9005a38df32dac908b79721525a6
CVE-2021-46621
2022-03-04 09:25:43
Bentley MicroStation CONNECT双重释放漏洞
详情
5310084b4bd013f92bf2be9339497743
CVE-2021-46639
2022-03-04 09:25:43
Bentley MicroStation CONNECT越界写入漏洞
详情
0849777e6db603bd5d6258e868d1b529
CVE-2021-46638
2022-03-04 09:25:43
Bentley MicroStation CONNECT堆栈缓冲区溢出漏洞
详情
3a402314f38ed66ac472f155d1fcf076
CVE-2021-41141
2022-03-03 09:26:29
PJSIP拒绝服务漏洞
详情
c875825c5c2c7a17b24f19fb25eadedd
CVE-2021-43852
2022-03-03 09:26:29
OroPlatform原型污染漏洞
详情
9350a17d3cab687002bef374dd74d4d7
CVE-2022-21650
2022-03-03 09:26:29
Nordaaker Convos跨站脚本漏洞
详情
eeef758a7a7f9dc8d8b789836264c3c2
CVE-2021-43946
2022-03-03 09:26:29
Atlassian Jira Server访问控制错误漏洞
详情
bd2f2ebb30617d020c9b045560beaa4b
CVE-2021-41789
2022-03-03 09:25:38
MediaTek Chipsets输入验证错误漏洞
详情
ad6473ee56cb5657a3d095e8a7905c93
CVE-2022-20015
2022-03-03 09:25:38
MediaTek Chipsets信息泄露漏洞
详情
1aaef0e4368a4df5c1d5870344fdc923 CVE-2022-25020 2022-03-02 09:25:38 PluXml跨站脚本漏洞 详情
4767ae726d37c3bb22f3eaeb77c48b68 CVE-2022-25022 2022-03-02 09:25:38 Htmly跨站脚本漏洞 详情
2486b1cfd57bd7f962c7f80f13ab6754 CVE-2022-25099 2022-03-02 09:25:38 WBCE CMS存在未明漏洞 详情
373c8de2df16a4d741eef18e966143a0 CVE-2022-25101 2022-03-02 09:25:38 WBCE CMS存在未明漏洞 详情
c0503ac9605148f57504f8c13e79f043 CVE-2022-25175 2022-03-02 09:25:38 Jenkins Pipeline: Multibranch Plugin OS命令注入漏洞 详情
4dd6f90e2620760d007f0778fd534094 CVE-2022-25173 2022-03-02 09:25:38 Jenkins Pipeline: Groovy Plugin OS命令注入漏洞 详情
35e3c6e88eee4e0ef079bb615829a6d3 CVE-2022-25174 2022-03-02 09:25:38 Jenkins Pipeline: Shared Groovy Libraries Plugin OS命令注入漏洞 详情
b3fc76acb93c314a38578b8e22809bfd CVE-2021-44961 2022-03-02 09:25:38 Slic3r libslic3r越界读取漏洞 详情
c57ec9c85f6310b6e41793e14adf5aac CVE-2021-44962 2022-03-02 09:25:38 Slic3r libslic3r越界读取漏洞 详情
美国国家漏洞数据库(NVD) [TOP 30] CVES TIME TITLE URL a513a8127dd9fd84886adaa7f3ae5240 CVE-2022-25643 2022-02-24 15:15:32 seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. 详情
d92cf84bceb078170a9e9bc8a28ebd8d CVE-2022-25640 2022-02-24 15:15:32 In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate. 详情
a3c92e9d9250f7bb3f8faeef65754fc4 CVE-2022-25638 2022-02-24 15:15:32 In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message. 详情
a4a00ea4e1184fdd010563b627a33728 CVE-2022-25418 2022-02-24 15:15:31 Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. 详情
bda8dc0b9c393a3b693b505bb1ceb8a2 CVE-2022-25403 2022-02-24 15:15:31 HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. 详情
994ccfefa0272da0a77de8816fa6cb4b CVE-2022-25402 2022-02-24 15:15:31 An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. 详情
a27bad55c4864d43592e6ee5c29273a7 CVE-2022-25401 2022-02-24 15:15:31 The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. 详情
2d4d5b2c5365cf1293199947b611e995 CVE-2022-25405 2022-02-24 15:15:31 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. 详情
a689a3952f056e7d4c8161f49d219c08 CVE-2022-25404 2022-02-24 15:15:31 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. 详情
3b6bcb8fdb892c0953df3e5f4e848020 CVE-2022-25414 2022-02-24 15:15:31 Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. 详情
5276aa2cf75f7bffc5704cbee8b9d308 CVE-2022-25406 2022-02-24 15:15:31 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. 详情
f2efc18eaa4ad73381a69152dbf21fe9 CVE-2022-25417 2022-02-24 15:15:31 Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. 详情
f4f186295071975b09e8c957fde777c0 CVE-2022-25098 2022-02-24 15:15:30 ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. 详情
aaa76a75b97c3078b890f44f65c700bc CVE-2022-25075 2022-02-24 15:15:30 TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 详情
6dd96471e49bbbebf8aeaafcee5615cc CVE-2022-25331 2022-02-24 03:15:44 Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. 详情
6ccc3baedf66e39bed1a0045fda505a3 CVE-2022-25330 2022-02-24 03:15:44 Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. 详情
a2cb8a4cc4cd6a13400032fec28350c8 CVE-2022-25329 2022-02-24 03:15:43 Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions. 详情
b88fb4e37070e5ea0c8c7c8d7a0245e3 CVE-2022-0726 2022-02-23 14:15:07 Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. 详情
b46fe65867435ab6327ce9376480fafc CVE-2022-24295 2022-02-21 18:15:09 Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. 详情
9203ebee3ae959dec247301987db0b6a CVE-2022-25599 2022-02-21 18:15:09 Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). 详情
c9a5486d9dfa8ecea1290b779e3031f5 CVE-2022-24553 2022-02-21 12:15:13 An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution. 详情
e80872fc76352b9e5b122cdab679f9a4 CVE-2022-25297 2022-02-21 08:15:06 This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder. 详情
47ee9de71ceaf950e8dd877717666b74 CVE-2022-25375 2022-02-20 20:15:18 An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. 详情
93120f87f34dc3285d00d78a8f314457 CVE-2022-25372 2022-02-20 20:15:18 Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. 详情
ed881902a4030dc844d95ee06fdb39a9 CVE-2022-23053 2022-02-20 19:15:09 Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widgetâ€� element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. 详情
bc5a87395a667ee7bb34d1890bf674b1 CVE-2022-25137 2022-02-19 00:15:17 A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. 详情
24f64d39239fe2ddd38b72e5afb410c7 CVE-2022-25136 2022-02-19 00:15:17 A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. 详情
ed0ee4646b31cc59c6f6aea80927193e CVE-2022-25135 2022-02-19 00:15:17 A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. 详情
b32ff3d22e750e7aa1e56de25d80f827 CVE-2022-25133 2022-02-19 00:15:17 A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. 详情
1e5a4ac8e767f27d5bc9dbcec69d6d97 CVE-2022-25132 2022-02-19 00:15:17 A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. 详情
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK