CVE中文漏洞信息库 - SCAP中文社区

CVE漏洞信息库 (117,555项)		2,188个相关厂商或团体; 117,555条漏洞信息; 38,594条到OVAL定义的映射
		56,546条到CWE定义的映射; 90,883篇机器译文; 70,643条CNNVD映射
		22,650条Exploit-DB数据 13,576条到Exploit-DB的映射
		98,628条PacketStorm数据 26,491条到PacketStorm的映射

最近发布的CVE条目

CVE-2018-6378
2018-05-22 11:29:00

[原文]In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media m...

CVSS

N/A

CVE-2018-1583
2018-05-22 09:29:00

[原文]IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted...

CVSS

N/A

CVE-2018-6962
2018-05-22 09:29:00

[原文]VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.

CVSS

N/A

CVE-2018-6963
2018-05-22 09:29:00

[原文]VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities tha...

CVSS

N/A

CVE-2018-3639
2018-05-22 08:29:00

[原文]On Intel-based platforms, systems with microprocessors utilizing speculative execution and speculative execution of memory rea...

CVSS

N/A

CVE-2018-3640
2018-05-22 08:29:00

[原文]On Intel-based platforms, systems with microprocessors utilizing speculative execution and that perform speculative reads of s...

CVSS

N/A

CVE-2017-2607
2018-05-21 19:29:00

[原文]jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURIT...

CVSS

N/A

CVE-2018-1108
2018-05-21 17:29:00

[原文]kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. ...

CVSS

N/A

最近修订的CVE条目

CVE-2017-2871
2018-05-22 11:58:19

[原文]Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmwa...

CVSS

5.8

CVE-2016-9645
2018-05-22 11:57:34

[原文]The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git ve...

CVSS

4.0

CVE-2018-7747
2018-05-22 11:51:09

[原文]Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote a...

CVSS

3.5

CVE-2018-6960
2018-05-22 11:35:10

[原文]VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two...

CVSS

6.5

CVE-2017-8315
2018-05-22 11:33:42

[原文]Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An...

CVSS

7.8

TOP50 厂商或团体

CVSS基础分值

CWE/SANS Top 25^[?] 2011

OWASP TOP 10 2010^[?]

OWASP TOP 10 2013 Candidate^[?]

[1] 注入 [CWE-77,CWE-89,CWE-564]
[2] 错误的认证和会话管理 [CWE-287]
[3] 跨站脚本（XSS） [CWE-79]
[4] 不安全的直接对象引用 [CWE-639,CWE-22]
[5] 安全配置缺陷 [CWE-2]
[6] 敏感数据暴露 [CWE-310,CWE-312,CWE-319,CWE-326]
[7] 缺少功能级别访问控制 [CWE-285]
[8] 跨站请求伪造（CSRF） [CWE-352]
[9] 使用已知包含漏洞的组件 [-]
[10] 未验证的重定向和传递 [CWE-601]

CVE数据库

检索CVE

关于CVE

CVE资源

Wise Words

人生的价值，并不是用时间，而是用深度去衡量的。

-- 列夫·托尔斯泰

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息，请查阅[关于本站]。

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标，它们的官方数据源均保存在MITRE公司的相关网站。

CVE 通用漏洞与披露Common Vulnerabilities and Exposures

最近发布的CVE条目

最近修订的CVE条目

TOP50 厂商或团体

CVSS基础分值

CWE/SANS Top 25[?] 2011

OWASP TOP 10 2010[?]

OWASP TOP 10 2013 Candidate[?]

CVE数据库

检索CVE

关于CVE

CVE资源

Wise Words

关于SCAP中文社区

版权声明

CWE/SANS Top 25^[?] 2011

OWASP TOP 10 2010^[?]

OWASP TOP 10 2013 Candidate^[?]