奇安信集团拥有漏洞研究的专业团队,历年来发现了大量的严重安全漏洞并报告厂商修复,如下为2019年以来部分所提交的漏洞列表:

序号 漏洞名 公布时间 发现团队 CVE编号 参考链接 致谢截图
112 Win32k 信息泄露漏洞 2020-09-09 奇安信代码安全实验室 CVE-2020-1250 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1250
111 Windows 提权漏洞 2020-09-09 奇安信代码安全实验室 CVE-2020-1052 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1052
110 Windows DHCP 服务器信息泄露漏洞 2020-09-09 奇安信代码安全实验室 CVE-2020-1031 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1031
109 Windows 内核信息泄露漏洞 2020-09-09 奇安信代码安全实验室 CVE-2020-0928 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0928
108 Windows DNS 拒绝服务漏洞 2020-09-09 奇安信代码安全实验室 CVE-2020-1228 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1228
107 Windows DNS 拒绝服务漏洞 2020-09-09 奇安信代码安全实验室 CVE-2020-0836 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0836
106 Windows Cryptographic Catalog Services 提权漏洞 2020-09-09 奇安信代码安全实验室 CVE-2020-0782 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0782
105 红帽QEMU 界外访问 2020-04-06 奇安信代码安全实验室 CVE-2020-11102 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11102
104 Juniper Networks Junos 15.1-19.2版本JDHCP 服务 2020-01-01 奇安信代码安全实验室 CVE-2020-1609 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10981
103 Juniper Networks Junos 15.1-19.2版本JDHCP 服务 2020-01-01 奇安信代码安全实验室 CVE-2020-1605 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10981
102 Juniper Networks Junos 15.1-19.2版本JDHCP 服务 2020-01-01 奇安信代码安全实验室 CVE-2020-1602 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10981
101 Linux 内核4.14.x 和4.19.x 稳定版内核中的释放后使用漏洞 2020-01-14 奇安信代码安全实验室 CVE-2020-7053 https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7053
100 红帽QEMU 仿真器 XGMAC 以太网控制器中的缓冲溢出 2020-08-25 奇安信代码安全实验室 CVE-2020-15863 https://access.redhat.com/security/cve/CVE-2020-15863
99 红帽网络数据包处理组件中QEMU断言失败 2020-08-25 奇安信代码安全实验室 CVE-2020-16092 https://access.redhat.com/security/cve/CVE-2020-16092
98 红帽QEMU拒绝服务 2020-08-25 奇安信代码安全实验室 CVE-2020-14415 https://access.redhat.com/security/cve/CVE-2020-14415
97 红帽QEMU 仿真器的 SM501 显示驱动实现中存在一个整数溢出漏洞 2020-08-25 奇安信代码安全实验室 CVE-2020-12829 https://access.redhat.com/security/cve/CVE-2020-12829
96 红帽QEMU 的 USB 仿真器中存在越界读/写访问问题 2020-08-25 奇安信代码安全实验室 CVE-2020-14364 https://access.redhat.com/security/cve/CVE-2020-14364
95 华为 Switch 系列设备漏洞 2020-05-22 奇安信代码安全实验室 CVE-2019-5285 https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190522-01-switch-cn
94 Oracle VM VirtualBox 拒绝服务漏洞 2020-05-22 奇安信代码安全实验室 CVE-2020-14715 https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190522-01-switch-cn
93 Oracle VM VirtualBox 拒绝服务漏洞 2020-07-15 奇安信代码安全实验室 CVE-2020-14714 https://www.oracle.com/security-alerts/cpujul2020verbose.html#OVIR
92 Oracle VM VirtualBox 拒绝服务漏洞 2020-07-15 奇安信代码安全实验室 CVE-2020-14707 https://www.oracle.com/security-alerts/cpujul2020verbose.html#OVIR
91 Oracle VM VirtualBox 整数溢出和越界读取漏洞 2020-07-15 奇安信代码安全实验室 CVE-2020-14700 https://www.oracle.com/security-alerts/cpujul2020verbose.html#OVIR
90 Oracle VM VirtualBox 整数溢出和越界读取漏洞 2020-07-15 奇安信代码安全实验室 CVE-2020-14699 https://www.oracle.com/security-alerts/cpujul2020verbose.html#OVIR
89 Oracle VM VirtualBox 整数溢出和越界读取漏洞 2020-07-15 奇安信代码安全实验室 CVE-2020-14698 https://www.oracle.com/security-alerts/cpujul2020verbose.html#OVIR
88 “重要”级别的微软Windows 内核信息泄露漏洞 2020-07-15 奇安信代码安全实验室 CVE-2020-1426 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1426
87 微软 Graphics Components 远程代码执行漏洞 2020-05-13 奇安信代码安全实验室 CVE-2020-1153 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1153
86 Oracle Virtualbox 拒绝服务漏洞 2020-04-15 奇安信代码安全实验室 CVE-2020-2959 https://www.oracle.com/security-alerts/cpuapr2020verbose.html#OVIR
85 微软Microsoft Graphics Component信息泄露漏洞 2020-04-15 奇安信代码安全实验室 CVE-2020-1005 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1005
84 微软Windows DNS 拒绝服务漏洞 2020-04-15 奇安信代码安全实验室 CVE-2020-0993 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0993
83 微软Win32k 提权漏洞 2020-04-15 奇安信代码安全实验室 CVE-2020-0958 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0958
82 微软Win32k 提权漏洞 2020-04-15 奇安信代码安全实验室 CVE-2020-0957 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0957
81 微软Adobe Font Manager Library 远程代码执行漏洞 2020-04-15 奇安信代码安全实验室 CVE-2020-0938 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0938
80 微软Win32k 提权漏洞 2020-03-11 奇安信代码安全实验室 CVE-2020-0762 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0762
79 微软WindowsDefender Security Center提权漏洞 2020-03-11 奇安信代码安全实验室 CVE-2020-0877 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0877
78 微软ChakraCore 脚本引擎内存损坏漏洞 2020-03-11 奇安信代码安全实验室 CVE-2020-0848 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0848
77 Oracle Fusion Middleware WebCenter Sites 安全漏洞 2020-07-01 奇安信A-TEAM CVE-2020-14652 https://www.oracle.com/security-alerts/cpujul2020.html
76 Oracle Fusion Middleware WebLogic Server Core组件安全漏洞 2020-07-01 奇安信A-TEAM CVE-2020-14645 https://www.oracle.com/security-alerts/cpujul2020.html
75 Oracle Fusion Middleware WebLogic Server 安全漏洞 2020-07-01 奇安信A-TEAM CVE-2020-14640 https://www.oracle.com/security-alerts/cpujul2020.html
74 Oracle Fusion Middleware WebLogic Server 信息泄露漏洞 2020-07-01 奇安信A-TEAM CVE-2020-14739 https://www.oracle.com/security-alerts/cpujul2020.html
73 Oracle Fusion Middleware WebLogic Server 安全漏洞 2020-07-01 奇安信A-TEAM CVE-2020-14738 https://www.oracle.com/security-alerts/cpujul2020.html
72 Oracle Fusion Middleware WebLogic Server 安全漏洞 2020-07-01 奇安信A-TEAM CVE-2020-14637 https://www.oracle.com/security-alerts/cpujul2020.html
71 Oracle Fusion Middleware WebLogic Server 信息泄露漏洞 2020-07-01 奇安信A-TEAM CVE-2020-14636 https://www.oracle.com/security-alerts/cpujul2020.html
70 FasterXML jackson-databind 代码问题漏洞 2020-04-01 奇安信 A-TEAM CVE-2020-11620 https://www.oracle.com/security-alerts/cpuapr2020.html
69 Oracle Virtualization VM VirtualBox 安全漏洞 2020-04-01 奇安信 A-TEAM CVE-2020-2908 https://www.oracle.com/security-alerts/cpuapr2020.html
68 Oracle Weblogic Server远程信息泄露漏洞 2020-04-01 奇安信A-TEAM CVE-2020-2829 https://www.oracle.com/security-alerts/cpuapr2020.html
67 Weblogic 远程代码执行漏洞 2020-04-01 奇安信 A-TEAM CVE-2020-2798 https://www.oracle.com/security-alerts/cpuapr2020.html
66 Weblogic远程代码执行漏洞 2018-11-07 奇安信 A-TEAM CVE-2018-3245 https://www.oracle.com/security-alerts/cpuoct2018.html
65 微软“重要”的WindowsGraphics 组件提权漏洞 2020-02-12 奇安信代码安全实验室 CVE-2020-0745 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0745
64 微软“重要”的Win32k 信息泄露漏洞 2020-02-12 奇安信代码安全实验室 CVE-2020-0717 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0717
63 微软“重要”的Win32k 信息泄露漏洞 2020-02-12 奇安信代码安全实验室 CVE-2020-0716 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0716
62 微软“重要”的WindowsGraphics 组件提权漏洞 2020-02-12 奇安信代码安全实验室 CVE-2020-0715 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0715
61 微软“严重”的脚本引擎内存损坏漏洞 2020-02-12 奇安信代码安全实验室 CVE-2020-0712 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0712
60 微软“严重”的脚本引擎内存损坏漏洞 2020-02-12 奇安信代码安全实验室 CVE-2020-0710 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0710
59 微软“严重”的远程任意代码可执行漏洞 2020-02-12 奇安信代码安全实验室 CVE-2020-0662 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0662
58 微软提权漏洞 奇安信代码安全实验室 CVE-2019-1434 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1434
57 微软提权漏洞 奇安信代码安全实验室 CVE-2019-1435 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1435
56 微软提权漏洞 奇安信代码安全实验室 CVE-2019-1433 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1433
55 微软提权漏洞 奇安信代码安全实验室 CVE-2019-1407 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1407
54 微软Win32k 信息泄露漏洞 2020-01-15 奇安信代码安全实验室 CVE-2020-0608 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0608
53 VMware 声卡设备的uaf漏洞 2019-09-19 奇安信代码安全实验室 CVE-2019-5527 https://www.vmware.com/security/advisories/VMSA-2019-0014.html
52 微软Windows 内核信息泄漏漏洞 2019-08-13 奇安信代码安全实验室 CVE-2020-1228 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1228
51 Buffer error 2020-08-11 奇安信技术研究院 CVE-2020-9704 https://helpx.adobe.com/si/security/products/acrobat/apsb20-48.html
50 Stack exhaustion 2020-08-11 奇安信技术研究院 CVE-2020-9703 https://helpx.adobe.com/si/security/products/acrobat/apsb20-48.html
49 Stack exhaustion 2020-08-11 奇安信技术研究院 CVE-2020-9702 https://helpx.adobe.com/si/security/products/acrobat/apsb20-48.html
48 Buffer error 2020-08-11 奇安信技术研究院 CVE-2020-9701 https://helpx.adobe.com/si/security/products/acrobat/apsb20-48.html
47 Buffer error 2020-08-11 奇安信技术研究院 CVE-2020-9700 https://helpx.adobe.com/si/security/products/acrobat/apsb20-48.html
46 Buffer error 2020-08-11 奇安信技术研究院 CVE-2020-9699 https://helpx.adobe.com/si/security/products/acrobat/apsb20-48.html
45 Buffer error 2020-08-11 奇安信技术研究院 CVE-2020-9698 https://helpx.adobe.com/si/security/products/acrobat/apsb20-48.html
44 Stack-based buffer overflow 2020-03-17 奇安信技术研究院 CVE-2020-3799 https://helpx.adobe.com/si/security/products/acrobat/apsb20-13.html
43 Exim 远程堆溢出漏洞 CVE-2019-16928 https://seclists.org/oss-sec/2019/q3/256
42 Windows内核高危漏洞 CVE-2019-1285 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1285
41 Edge浏览器高危漏洞 CVE-2019-1217 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1217
40 Chrome浏览器中的UAF漏洞 CVE-2019-5866 https://chromereleases.googleblog.com/2019/07/stable-channel--for-desktop.html
39 Vmware 溢出漏洞 CVE-2019-5527 https://www.vmware.com/security/advisories/VMSA-2019-0014.html
38 Acrobat Reader DC中的uaf漏洞 CVE-2019-8031 https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
37 Acrobat Reader DC中的uaf漏洞 CVE-2019-8030 https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
36 Acrobat Reader DC中的uaf漏洞 CVE-2019-8029 https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
35 越权启用WiFi DIR-823G SetWLanRadioSettings Guest-WiFi Enable CVE-2019-8392 https://github.com/leonW7/D-Link/blob/master/Vul_6.md
34 局域网DNS劫持 DIR-823G SetWanSettings DNS Hijack CVE-2019-7390 http://www.securityfocus.com/bid/106855
https://github.com/leonW7/D-Link/blob/master/Vul_5.md
33 远程拒绝服务 DIR-823G SetFactoryDefault DoS CVE-2019-7389 http://www.securityfocus.com/bid/106853
https://github.com/leonW7/D-Link/blob/master/Vul_4.md
32 远程信息泄露 DIR-823G GetClientInfo InfoLeak CVE-2019-7388 http://www.securityfocus.com/bid/106852
https://github.com/leonW7/D-Link/blob/master/Vul_3.md
31 远程命令注入 DIR-823G HNAP_Entry_Func CMD Injection CVE-2019-7298 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7298
http://www.securityfocus.com/bid/106814
30 远程命令注入 DIR-823G GetNetwork TomographyResult CMD Injection CVE-2019-7297 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7297
http://www.securityfocus.com/bid/106815
29 Win32k Elevation of Privilege Vulnerability CVE-2019-0960 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0960
28 Windows NTLM Tampering Vulnerability CVE-2019-1040 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1040
27 Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2019-0724 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0724
26 Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2019-0686 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0686
25 Motorola SetSmartQoSSettings CMD Injection CVE-2019-9121 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9121
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md
24 Motorola SetWLanACLSettings CMD Injection CVE-2019-9120 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9120
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md
23 Motorola SetStaticRouteSettings CMD Injection CVE-2019-9119 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9119
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md
22 Motorola SetStaticRouteSettings CMD Injection CVE-2019-9118 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9118
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNTPServerSettings.md
21 Motorola SetStaticRouteSettings CMD Injection CVE-2019-9117 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9117
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md
20 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7461 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7461
19 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7460 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7460
18 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7459 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7459
17 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7458 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7458
16 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7457
15 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7456
14 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7455
13 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7454 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7454
12 libsass内存溢出漏洞 CVE-2019-6286 https://github.com/sass/libsass/issues/2815
11 yaml-cpp内存溢出漏洞 CVE-2019-6285 https://github.com/jbeder/yaml-cpp/issues/660
10 libsass内存溢出漏洞 CVE-2019-6284 https://github.com/sass/libsass/issues/2816
9 libsass内存溢出漏洞 CVE-2019-6283 https://github.com/sass/libsass/issues/2814
8 D-Link SetStaticRoute CMD Injection CVE-2019-8319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8319
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/staticrouterv4.md
7 D-Link SetSysEmailSettings CMD Injection CVE-2019-8318 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8318
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/mail.md
6 D-Link SetStaticRoute CMD Injection CVE-2019-8317 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8317
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/staticrouterv6.md
5 D-Link SetWebFilterSettings CMD Injection CVE-2019-8316 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8316
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/webfilter.md
4 D-Link SetStaticRoute CMD Injection CVE-2019-8315 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8315
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/firewallv4.md
3 D-Link SetQoSSettings CMD Injection CVE-2019-8314 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8314
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/qos.md
2 D-Link SetIPv6FirewallSettings CMD Injection CVE-2019-8313 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8313
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/firewallv6.md
1 D-linkSetSysLogSettingsCMD Injection CVE-2019-8312 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8312
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/syslog.md