奇安信集团拥有漏洞研究的专业团队,历年来发现了大量的严重安全漏洞并报告厂商修复,如下为2019年以来部分所提交的漏洞列表:

序号 漏洞名 CVE编号 参考链接 致谢截图
1 D-linkSetSysLogSettingsCMD Injection CVE-2019-8312 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8312
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/syslog.md
2 D-Link SetIPv6FirewallSettings CMD Injection CVE-2019-8313 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8313
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/firewallv6.md
3 D-Link SetQoSSettings CMD Injection CVE-2019-8314 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8314
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/qos.md
4 D-Link SetStaticRoute CMD Injection CVE-2019-8315 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8315
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/firewallv4.md
5 D-Link SetWebFilterSettings CMD Injection CVE-2019-8316 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8316
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/webfilter.md
6 D-Link SetStaticRoute CMD Injection CVE-2019-8317 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8317
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/staticrouterv6.md
7 D-Link SetSysEmailSettings CMD Injection CVE-2019-8318 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8318
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/mail.md
8 D-Link SetStaticRoute CMD Injection CVE-2019-8319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8319
https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/staticrouterv4.md
9 libsass内存溢出漏洞 CVE-2019-6283 https://github.com/sass/libsass/issues/2814
10 libsass内存溢出漏洞 CVE-2019-6284 https://github.com/sass/libsass/issues/2816
11 yaml-cpp内存溢出漏洞 CVE-2019-6285 https://github.com/jbeder/yaml-cpp/issues/660
12 libsass内存溢出漏洞 CVE-2019-6286 https://github.com/sass/libsass/issues/2815
13 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7454 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7454
14 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7455
15 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7456
16 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7457
17 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7458 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7458
18 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7459 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7459
19 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7460 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7460
20 内存溢出 Mikrotik RouteOS smb remote DOS CVE-2019-7461 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7461
21 Motorola SetStaticRouteSettings CMD Injection CVE-2019-9117 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9117
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md
22 Motorola SetStaticRouteSettings CMD Injection CVE-2019-9118 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9118
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNTPServerSettings.md
23 Motorola SetStaticRouteSettings CMD Injection CVE-2019-9119 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9119
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md
24 Motorola SetWLanACLSettings CMD Injection CVE-2019-9120 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9120
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md
25 Motorola SetSmartQoSSettings CMD Injection CVE-2019-9121 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9121
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md
26 Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2019-0686 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0686
27 Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2019-0724 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0724
28 Windows NTLM Tampering Vulnerability CVE-2019-1040 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1040
29 Win32k Elevation of Privilege Vulnerability CVE-2019-0960 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0960
30 远程命令注入 DIR-823G GetNetwork TomographyResult CMD Injection CVE-2019-7297 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7297
http://www.securityfocus.com/bid/106815
31 远程命令注入 DIR-823G HNAP_Entry_Func CMD Injection CVE-2019-7298 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7298
http://www.securityfocus.com/bid/106814
32 远程信息泄露 DIR-823G GetClientInfo InfoLeak CVE-2019-7388 http://www.securityfocus.com/bid/106852
https://github.com/leonW7/D-Link/blob/master/Vul_3.md
33 远程拒绝服务 DIR-823G SetFactoryDefault DoS CVE-2019-7389 http://www.securityfocus.com/bid/106853
https://github.com/leonW7/D-Link/blob/master/Vul_4.md
34 局域网DNS劫持 DIR-823G SetWanSettings DNS Hijack CVE-2019-7390 http://www.securityfocus.com/bid/106855
https://github.com/leonW7/D-Link/blob/master/Vul_5.md
35 越权启用WiFi DIR-823G SetWLanRadioSettings Guest-WiFi Enable CVE-2019-8392 https://github.com/leonW7/D-Link/blob/master/Vul_6.md
36 Acrobat Reader DC中的uaf漏洞 CVE-2019-8029 https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
37 Acrobat Reader DC中的uaf漏洞 CVE-2019-8030 https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
38 Acrobat Reader DC中的uaf漏洞 CVE-2019-8031 https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
39 Vmware 溢出漏洞 CVE-2019-5527 https://www.vmware.com/security/advisories/VMSA-2019-0014.html
40 Chrome浏览器中的UAF漏洞 CVE-2019-5866 https://chromereleases.googleblog.com/2019/07/stable-channel--for-desktop.html
41 Edge浏览器高危漏洞 CVE-2019-1217 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1217
42 Windows内核高危漏洞 CVE-2019-1285 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1285
43 Exim 远程堆溢出漏洞 CVE-2019-16928 https://seclists.org/oss-sec/2019/q3/256