CVE中文漏洞信息库 - SCAP中文社区

CVE漏洞信息库 (117,552项)		2,188个相关厂商或团体; 117,552条漏洞信息; 38,594条到OVAL定义的映射
		55,630条到CWE定义的映射; 90,883篇机器译文; 70,643条CNNVD映射
		22,650条Exploit-DB数据 13,576条到Exploit-DB的映射
		98,193条PacketStorm数据 26,167条到PacketStorm的映射

最近发布的CVE条目

CVE-2018-9059
2018-04-20 17:29:01

[原文]Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a ...

CVSS

N/A

CVE-2017-2825
2018-04-20 17:29:00

[原文]In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resu...

CVSS

N/A

CVE-2014-0883
2018-04-20 17:29:00

[原文]Cross-site scripting (XSS) vulnerability in IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 through 7R7....

CVSS

N/A

CVE-2014-0900
2018-04-20 17:29:00

[原文]The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently...

CVSS

N/A

CVE-2014-0912
2018-04-20 17:29:00

[原文]IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive produ...

CVSS

N/A

CVE-2014-0927
2018-04-20 17:29:00

[原文]The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remo...

CVSS

N/A

CVE-2014-0931
2018-04-20 17:29:00

[原文]Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger ...

CVSS

N/A

CVE-2014-0950
2018-04-20 17:29:00

[原文]Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Ecli...

CVSS

N/A

最近修订的CVE条目

CVE-2018-9230
2018-04-20 21:29:07

[原文]** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_...

CVSS

N/A

CVE-2018-9857
2018-04-20 21:29:07

[原文]PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen)....

CVSS

N/A

CVE-2018-2839
2018-04-20 21:29:06

[原文]Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected ...

CVSS

N/A

CVE-2018-2846
2018-04-20 21:29:06

[原文]Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions tha...

CVSS

N/A

CVE-2018-2877
2018-04-20 21:29:06

[原文]Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin). Supported versions th...

CVSS

N/A

TOP50 厂商或团体

CVSS基础分值

CWE/SANS Top 25^[?] 2011

OWASP TOP 10 2010^[?]

OWASP TOP 10 2013 Candidate^[?]

[1] 注入 [CWE-77,CWE-89,CWE-564]
[2] 错误的认证和会话管理 [CWE-287]
[3] 跨站脚本（XSS） [CWE-79]
[4] 不安全的直接对象引用 [CWE-639,CWE-22]
[5] 安全配置缺陷 [CWE-2]
[6] 敏感数据暴露 [CWE-310,CWE-312,CWE-319,CWE-326]
[7] 缺少功能级别访问控制 [CWE-285]
[8] 跨站请求伪造（CSRF） [CWE-352]
[9] 使用已知包含漏洞的组件 [-]
[10] 未验证的重定向和传递 [CWE-601]

CVE数据库

检索CVE

关于CVE

CVE资源

Wise Words

这世界并不会在意你的自尊。这世界指望你在自我感觉良好之前先要有所成就。

-- 比尔·盖茨

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息，请查阅[关于本站]。

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标，它们的官方数据源均保存在MITRE公司的相关网站。

CVE 通用漏洞与披露Common Vulnerabilities and Exposures

最近发布的CVE条目

最近修订的CVE条目

TOP50 厂商或团体

CVSS基础分值

CWE/SANS Top 25[?] 2011

OWASP TOP 10 2010[?]

OWASP TOP 10 2013 Candidate[?]

CVE数据库

检索CVE

关于CVE

CVE资源

Wise Words

关于SCAP中文社区

版权声明

CWE/SANS Top 25^[?] 2011

OWASP TOP 10 2010^[?]

OWASP TOP 10 2013 Candidate^[?]