漏洞研究

奇安信集团拥有漏洞研究的专业团队，历年来发现了大量的严重安全漏洞并报告厂商修复，如下为2019年以来部分所提交的漏洞列表：

序号	漏洞名	CVE编号	参考链接
1	D-linkSetSysLogSettingsCMD Injection	CVE-2019-8312	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8312 https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/syslog.md
2	D-Link SetIPv6FirewallSettings CMD Injection	CVE-2019-8313	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8313 https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/firewallv6.md
3	D-Link SetQoSSettings CMD Injection	CVE-2019-8314	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8314 https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/qos.md
4	D-Link SetStaticRoute CMD Injection	CVE-2019-8315	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8315 https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/firewallv4.md
5	D-Link SetWebFilterSettings CMD Injection	CVE-2019-8316	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8316 https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/webfilter.md
6	D-Link SetStaticRoute CMD Injection	CVE-2019-8317	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8317 https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/staticrouterv6.md
7	D-Link SetSysEmailSettings CMD Injection	CVE-2019-8318	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8318 https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/mail.md
8	D-Link SetStaticRoute CMD Injection	CVE-2019-8319	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8319 https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/staticrouterv4.md
9	libsass内存溢出漏洞	CVE-2019-6283	https://github.com/sass/libsass/issues/2814
10	libsass内存溢出漏洞	CVE-2019-6284	https://github.com/sass/libsass/issues/2816
11	yaml-cpp内存溢出漏洞	CVE-2019-6285	https://github.com/jbeder/yaml-cpp/issues/660
12	libsass内存溢出漏洞	CVE-2019-6286	https://github.com/sass/libsass/issues/2815
13	内存溢出 Mikrotik RouteOS smb remote DOS	CVE-2019-7454	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7454
14	内存溢出 Mikrotik RouteOS smb remote DOS	CVE-2019-7455	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7455
15	内存溢出 Mikrotik RouteOS smb remote DOS	CVE-2019-7456	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7456
16	内存溢出 Mikrotik RouteOS smb remote DOS	CVE-2019-7457	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7457
17	内存溢出 Mikrotik RouteOS smb remote DOS	CVE-2019-7458	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7458
18	内存溢出 Mikrotik RouteOS smb remote DOS	CVE-2019-7459	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7459
19	内存溢出 Mikrotik RouteOS smb remote DOS	CVE-2019-7460	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7460
20	内存溢出 Mikrotik RouteOS smb remote DOS	CVE-2019-7461	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7461
21	Motorola SetStaticRouteSettings CMD Injection	CVE-2019-9117	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9117 https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md
22	Motorola SetStaticRouteSettings CMD Injection	CVE-2019-9118	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9118 https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNTPServerSettings.md
23	Motorola SetStaticRouteSettings CMD Injection	CVE-2019-9119	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9119 https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md
24	Motorola SetWLanACLSettings CMD Injection	CVE-2019-9120	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9120 https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md
25	Motorola SetSmartQoSSettings CMD Injection	CVE-2019-9121	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9121 https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md
26	Microsoft Exchange Server Elevation of Privilege Vulnerability	CVE-2019-0686	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0686
27	Microsoft Exchange Server Elevation of Privilege Vulnerability	CVE-2019-0724	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0724
28	Windows NTLM Tampering Vulnerability	CVE-2019-1040	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1040
29	Win32k Elevation of Privilege Vulnerability	CVE-2019-0960	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0960
30	远程命令注入 DIR-823G GetNetwork TomographyResult CMD Injection	CVE-2019-7297	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7297 http://www.securityfocus.com/bid/106815
31	远程命令注入 DIR-823G HNAP_Entry_Func CMD Injection	CVE-2019-7298	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7298 http://www.securityfocus.com/bid/106814
32	远程信息泄露 DIR-823G GetClientInfo InfoLeak	CVE-2019-7388	http://www.securityfocus.com/bid/106852 https://github.com/leonW7/D-Link/blob/master/Vul_3.md
33	远程拒绝服务 DIR-823G SetFactoryDefault DoS	CVE-2019-7389	http://www.securityfocus.com/bid/106853 https://github.com/leonW7/D-Link/blob/master/Vul_4.md
34	局域网DNS劫持 DIR-823G SetWanSettings DNS Hijack	CVE-2019-7390	http://www.securityfocus.com/bid/106855 https://github.com/leonW7/D-Link/blob/master/Vul_5.md
35	越权启用WiFi DIR-823G SetWLanRadioSettings Guest-WiFi Enable	CVE-2019-8392	https://github.com/leonW7/D-Link/blob/master/Vul_6.md
36	Acrobat Reader DC中的uaf漏洞	CVE-2019-8029	https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
37	Acrobat Reader DC中的uaf漏洞	CVE-2019-8030	https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
38	Acrobat Reader DC中的uaf漏洞	CVE-2019-8031	https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
39	Vmware 溢出漏洞	CVE-2019-5527	https://www.vmware.com/security/advisories/VMSA-2019-0014.html
40	Chrome浏览器中的UAF漏洞	CVE-2019-5866	https://chromereleases.googleblog.com/2019/07/stable-channel--for-desktop.html
41	Edge浏览器高危漏洞	CVE-2019-1217	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1217
42	Windows内核高危漏洞	CVE-2019-1285	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1285
43	Exim 远程堆溢出漏洞	CVE-2019-16928	https://seclists.org/oss-sec/2019/q3/256

奇安信创新团队和平台