安全研究 Safety research
Linux Kernel本地权限提升漏洞 (CVE-2022-2602) 安全通告https://www.secrss.com/articles/50324 Splunk Enterprise远程代码执行漏洞 (CVE-2022-43571) 安全通告https://www.secrss.com/articles/50309 Foxit PDF Reader远程代码执行漏洞 (CVE-2022-28672) 安全通告https://www.secrss.com/articles/50310 Ghost CMS博客软件中报告的两个新的安全漏洞https://thehackernews.com/2022/12/two-new-security-flaws-reported-in.html Zerobot恶意软件正通过利用Apache漏洞传播https://www.bleepingcomputer.com/news/security/zerobot-malware-now-spreads-by-exploiting-apache-vulnerabilities/
发布时间: 2022 - 12 - 23
Samba发布安全更新以修补多个高危漏洞https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html 国家漏洞库CNNVD:关于微软多个安全漏洞的通报https://www.secrss.com/articles/50091 究团队披露乐高BrickLink网站中的API安全漏洞https://redqueen.tj-un.com/InfoDetails.html?id=f16e8fd411d54bf6833f2cdbcf844867 携多漏洞出击的Golang僵尸网络:Zerobothttps://www.freebuf.com/articles/network/351944.html GITHUB ENTERPRISE_SERVER Vulnerability CVE-2022-46256https://redqueen.tj-un.com/IntelDetails.html?id=dc10e79cd7664c6483565e660b01cfe1
发布时间: 2022 - 12 - 20
VMware修复了关键的ESXi和vRealize安全漏洞https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-esxi-and-vrealize-security-flaws/ 微软修补了用来传播勒索软件的 Windows 零日漏洞https://www.freebuf.com/news/352566.html 国家漏洞库CNNVD:关于微软多个安全漏洞的通报https://www.secrss.com/articles/50091 谷歌进军漏洞管理市场,推出免费开源漏洞扫描工具https://www.secrss.com/articles/50063 Apple多款产品漏洞安全风险通告https://www.secrss.com/articles/50046
发布时间: 2022 - 12 - 16
思科爆出严重漏洞,更新补丁明年一月才能发布!https://www.freebuf.com/news/352199.html 超过半数EDR工具存在严重漏洞,数亿端点面临风险https://www.freebuf.com/news/352023.html 谷歌警告ScarCruft黑客利用Internet Explorer零日漏洞https://thehackernews.com/2022/12/google-warns-of-internet-explorer-zero.html 新的基于Go的僵尸网络Zerobot利用了数十个漏洞https://securityaffairs.co/wordpress/139392/malware/zerobot-botnet-dozens-flaws.html Sophos发布更新,修复其Firewall 19.5中的7个漏洞https://redqueen.tj-un.com/InfoDetails.html?id=0218436452eb4102a7c93182e91c2d7f
发布时间: 2022 - 12 - 13
联网车辆服务SiriusXM存在漏洞,允许远程汽车黑客攻击https://securityaffairs.co/wordpress/139345/hacking/vehicle-service-siriusxm-flaw.html 高危AMI MegaRAC漏洞影响AMD、ARM、HPE、Dell等众多服务器https://www.freebuf.com/news/351686.html Cacti命令执行漏洞(CVE-2022-46169)安全风险通告https://www.secrss.com/articles/49767 Ping堆栈溢出漏洞(CVE-2022-23093)安全通告https://www.secrss.com/articles/49752 Google发布12月份的Android更新总计修复81个漏洞https://redqueen.tj-un.com/InfoDetails.html?id=cbda4a20c35645e39e5912766434864e
发布时间: 2022 - 12 - 08
三星小米等厂商均受影响,谷歌披露威胁数百万安卓设备的高危漏洞https://www.ithome.com/0/658/513.htm 十年未被发现!现代汽车曝重大安全漏洞,黑客可远程解锁、启动汽车https://www.freebuf.com/news/351422.html Google紧急修复Chrome中被利用的漏洞CVE-2022-4262https://redqueen.tj-un.com/InfoDetails.html?id=8202ed3a024d48098d52fc241b9baa47 安装了200万的Android远程键盘应用程序中存在关键RCE漏洞https://www.bleepingcomputer.com/news/security/critical-rce-bugs-in-android-remote-keyboard-apps-with-2m-installs/ 谷歌发现用于部署间谍软件的Windows漏洞利用框架https://www.bleepingcomputer.com/news/security/google-discovers-windows-exploit-framework-used-to-deploy-spyware/
发布时间: 2022 - 12 - 05
美国CISA警告:Oracle Fusion中间件漏洞已遭在野利用https://www.secrss.com/articles/49563 德国Festo和CODESYS公司的OT产品被曝存在漏洞https://thehackernews.com/2022/11/3-new-vulnerabilities-affect-ot.html 宏碁五款电脑驱动程序存在漏洞,可导致恶意软件入侵https://www.freebuf.com/articles/mobile/351149.html Windows IKE协议扩展远程代码执行漏洞安全风险通告https://www.secrss.com/articles/49503 专家透露AWS AppSync中存在跨租户漏洞https://securityaffairs.co/wordpress/139045/hacking/amazon-web-services-flaw.html
发布时间: 2022 - 12 - 01
微软发布带外更新,紧急修复补丁引发的Kerberos问题https://www.secrss.com/articles/49306 “去中心化版Twitter”Mastodon曝出严重漏洞https://www.secrss.com/articles/49338 数百万Android设备仍然没有针对 Mali GPU 漏洞的补丁 https://thehackernews.com/2022/11/million-of-android-devices-still-dont.html Google Chrome释出紧急更新修复年内的第8个0day漏洞https://www.solidot.org/story?sid=73490 Google Chrome GPU堆溢出漏洞安全风险通告https://www.secrss.com/articles/49381
发布时间: 2022 - 11 - 28
微软Microsoft Exchange爆出高危安全漏洞ProxyNotShell,现已修复https://www.bleepingcomputer.com/news/security/exploit-released-for-actively-abused-proxynotshell-exchange-bug/ Atlassian Bitbucket Server/Data Center命令注入漏洞安全风险通告https://www.secrss.com/articles/49215 某医疗机构公众号系统漏洞遭利用,攻击者窃取10余万条公民数据境外售卖被抓https://www.secrss.com/articles/49228 国家漏洞库CNNVD:关于F5 BIG-IP安全漏洞的通报https://www.secrss.com/articles/49133 IBM URBANCODE_DEPLOY Vulnerability CVE-2022-40751https://redqueen.tj-un.com/IntelDetails.html?id=777030dc09f94f0e98f9bc3a05cff538
发布时间: 2022 - 11 - 22
F5 BIG-IP和BIG-IQ设备中报告高严重性漏洞,现已修复https://thehackernews.com/2022/11/high-severity-vulnerabilities-reported.html 马斯克执掌推特三周后,双因素身份认证出现漏洞https://www.freebuf.com/articles/349902.html Log4j漏洞难修补!美国联邦政府遭入侵,FBI称黑手为伊朗黑客https://www.secrss.com/articles/49097 Varonis披露Zendesk Explore中SQL注入等漏洞的细节https://redqueen.tj-un.com/InfoDetails.html?id=294530918804468a9611008f809a8920 Oxeye披露Spotify Backstage中的远程代码执行漏洞https://redqueen.tj-un.com/InfoDetails.html?id=77c82aff89c44d5bbfa821397e13fcaf
发布时间: 2022 - 11 - 18
黑客敲门:数字门禁系统漏洞让攻击者随意打开你家大门https://www.secrss.com/articles/48936 幽灵必须死:漏洞利用幽灵'msg_msg'以及VED的防护策略https://www.solidot.org/story?sid=73351 多个高严重性漏洞影响OpenLiteSpeed Web服务器软件https://thehackernews.com/2022/11/multiple-high-severity-flaw-affect.html 研究人员因发现谷歌像素锁定屏幕漏洞获得 7 万美元奖励https://securityaffairs.co/wordpress/138372/mobile-2/google-pixel-lock-screen-bypass.html ZOHOCORP ZOHO_CRM_LEAD_MAGNET Vulnerability CVE-2022-41978https://redqueen.tj-un.com/IntelDetails.html?id=b271a1d61bb64c84940738f4fbee0e57
发布时间: 2022 - 11 - 15
石油和天然气企业使用的关键系统中被曝高危漏洞https://www.secrss.com/articles/48841 联想更新笔记本固件修复允许禁用UEFI的漏洞https://www.solidot.org/story?sid=73329 与俄有关的间谍组织APT29利用Windows漏洞入侵欧洲外交实体网络https://www.freebuf.com/news/349385.html VMware修复了三个身份认证绕过漏洞https://www.freebuf.com/articles/349339.html Citrix发布更新,修复其ADC和Gateway中的多个漏洞https://redqueen.tj-un.com/InfoDetails.html?id=5efcc7201fdc4910987d643a6084d050
发布时间: 2022 - 11 - 11
CISA警告三个工业控制系统软件的严重漏洞https://thehackernews.com/2022/11/cisa-warns-of-critical-vulnerabilities.html Cisco发布安全更新,修复其部分产品中的多个漏洞https://redqueen.tj-un.com/InfoDetails.html?id=eb6e148d4d174db58d4607daa1965a8e 零日在越来越短的时间内被大规模利用https://securityaffairs.co/wordpress/138100/security/treat-actors-zero-day.html WiFi漏洞被掌握,密码形同虚设,攻击者能用智能设备几秒内“穿墙透壁”http://www.chinahightech.com/html/chany/xxjs/2022/1107/5651509.html SCHNEIDER-ELECTRIC Multiple product Vulnerability CVE-2022-41668https://redqueen.tj-un.com/IntelDetails.html?id=b7de8e23d0c34a70b253a27f591a276a
发布时间: 2022 - 11 - 08
Checkmk IT基础设施监控软件中报告了多个漏洞https://thehackernews.com/2022/11/multiple-vulnerabilities-reported-in.html 三星Galaxy Store曝严重漏洞,黑客可在目标设备上”偷偷“安装 APPhttps://www.freebuf.com/news/348588.html 研究人员披露Azure Cosmos DB中的RCE漏洞CosMisshttps://redqueen.tj-un.com/InfoDetails.html?id=107104d29e6b433bbac82b6141948682 Horner Automation Cscape缓冲区错误漏洞CVE-2022-3379https://redqueen.tj-un.com/IntelDetails.html?id=882c230e9470421d9497b0a3e83d6a92 ConnectWise修复可影响数千台服务器的RCE漏洞https://www.anquanke.com/post/id/282519
发布时间: 2022 - 11 - 04
VMware修补了一个危险等级 9.8/10高危漏洞https://www.solidot.org/story?sid=73209 Google Chrome释出紧急更新修复一个0dayhttps://www.solidot.org/story?sid=73206 iOS和macOS中的SiriSpy漏洞可窃听用户与Siri的对话https://redqueen.tj-un.com/InfoDetails.html?id=bb01674ce4724176b8a9e7eb8011d384 新西兰航空公司警告正在进行的撞库攻击https://securityaffairs.co/wordpress/137793/cyber-crime/air-new-zealand-breach.html CVE-2022-24112 Apache APISIX 远程代码执行漏洞https://www.freebuf.com/vuls/345926.html
发布时间: 2022 - 11 - 01
苹果曝严重漏洞,可窃听用户与Siri对话https://www.freebuf.com/news/348108.html 一个隐藏SQLite数据库长达22年的漏洞https://www.freebuf.com/news/348001.html 提高警惕!有人在GitHub上利用虚假 PoC 漏洞钓鱼https://www.freebuf.com/news/347905.html OpenSSL即将修复继Heartbleed以来又一严重漏洞https://redqueen.tj-un.com/InfoDetails.html?id=10994bd2f7a34281aa9463d5eabdc805 VMware修复Cloud Foundation产品中的RCE漏洞https://redqueen.tj-un.com/InfoDetails.html?id=7cbda464876b41309381dbb292b1ba58
发布时间: 2022 - 10 - 28
针对Apache Commons Text4Shell漏洞的利用尝试正在进行中https://www.darkreading.com/attacks-breaches/exploit-attempts-are-under-way-for-apache-commons-text4shell-vulnerability Orca Security披露Azure SFX漏洞FabriXss细节https://www.anquanke.com/post/id/282019 Apple修复被利用的越界写入漏洞CVE-2022-42827https://redqueen.tj-un.com/InfoDetails.html?id=767989307c9b46debff41071dd3d4136 Fortinet发现利用VMware漏洞传播多个恶意软件的活动https://redqueen.tj-un.com/InfoDetails.html?id=56f36ed3282d4d5db8f59e11f79afb86 数千GitHub存储库提供带有恶意软件的假PoC漏洞https://www.bleepingcomputer.com/news/security/thousands-of-github-repositories-deliver-fake-poc-exploits-with-malware/
发布时间: 2022 - 10 - 25
Zoom修复适用于macOS的产品中的漏洞CVE-2022-28762https://redqueen.tj-un.com/InfoDetails.html?id=5beb7c7f0e8d4f7886300e1f23c165e5 Oracle发布2022年10月份安全更新修复366个漏洞https://redqueen.tj-un.com/InfoDetails.html?id=0bc5be1b43d240fea648c4da48a3b1cb  HelpSystems带外更新修复Cobalt Strike中的RCE漏洞https://redqueen.tj-un.com/InfoDetails.html?id=1389b4ec34b349a68c215fa224bf2493 Xen安全漏洞 CVE-2022-33748https://redqueen.tj-un.com/IntelDetails.html?id=c05699814f584ba093edab7077d958ab Siemens Nucleus NET和Nucleus ReadyStart 资源管理错误漏洞 CVE-2022-38371https://redqueen.tj-un.com/IntelDetails.html?id=e8afffff0ad540d38b24252fb79e3d2c
发布时间: 2022 - 10 - 20
近900台服务器被黑客利用Zimbra零日漏洞入侵https://www.bleepingcomputer.com/news/security/almost-900-servers-hacked-using-zimbra-zero-day-flaw/ 高危!最新发现的西门子工业网络软件漏洞已影响多款产品https://www.sohu.com/a/592604688_257305 0patch比微软官方更早推出MotW零日漏洞补丁https://www.cnbeta.com/articles/tech/1328283.htm OTFCC_PROJECT OTFCC Vulnerability CVE-2022-35040https://redqueen.tj-un.com/IntelDetails.html?id=2af4261ede414a70ba095ac55dfafbe4 关键Fortinet身份验证绕过漏洞的POC已经发布https://thehackernews.com/2022/10/poc-exploit-released-for-critical.html
发布时间: 2022 - 10 - 18
近一年时间过去了,VMware的这一漏洞仍悬而未决https://www.freebuf.com/news/346632.html Fortinet证实了CVE-2022-40684身份验证绕过安全漏洞的野外利用https://www.cnbeta.com/articles/tech/1325827.htm 研发团队修复JavaScript沙箱vm2的漏洞CVE-2022-36067https://redqueen.tj-un.com/InfoDetails.html?id=ac26bdd51b074f83a1f2b45d60c3b882 Adobe 10月份周二补丁修复多个产品中的29个漏洞https://redqueen.tj-un.com/InfoDetails.html?id=84b753dc03ef47458a363fb2aa27a2ed Lockbit团伙利用Exchange中的漏洞来安装恶意软件https://redqueen.tj-un.com/InfoDetails.html?id=b1d5a1f34fd54333a1426389b2d5affb
发布时间: 2022 - 10 - 13
294页次8/15首页上一页...  3456789101112...下一页尾页
友情连接:
免费服务热线 ree service hotline 400-613-1868 手机端
法律声明 Copyright  西安交大捷普网络科技有限公司  陕ICP备18022218号-1

陕公网安备 61019002000857号

犀牛云提供云计算服务