检测

Nessus 的 CGI abuses 系列

ID名称严重性
159542Spring Framework Spring4Shell (CVE-2022-22965)
critical
159522Sitecore XP 7.5 <= 7.5.2 / 8.0 <= 8.0.7 / 8.1 <= 8.1.3 / 8.2 <= 8.2.7 RCE
critical
159487SonicWall Secure Mobile Access (SMA) SQLi (SNWLID-2021-0017)
critical
159486SonicWall Secure Remote Access (SRA) SQLi (SNWLID-2021-0017)
critical
159377Jenkins 插件 多个漏洞(2022 年 3 月 29 日)
high
159375Spring Cloud 函数 SPEL 表达式注入漏洞(直接检查)
critical
159348Joomla 2.5.x < 3.10.7/4.0.x < 4.1.1 多个漏洞 (5857-joomla-4-1-1-and-3-10-7-release)
critical
159323Apache Shiro 默认加密密钥 (CVE-2016-4437)
critical
159270SonicWall NSv 新一代虚拟防火墙 SSL VPN
info
159203ManageEngine Desktop Central < 10.1.2137.9 身份验证绕过(无凭据检查)
critical
159145Drupal 9.2.x < 9.2.16 / 9.3.x < 9.3.9 Drupal 漏洞 (SA-CORE-2022-006)
high
159092Atlassian Jira < 8.13.18 / 8.14.x < 8.20.6 / 8.21.0 XSRF (JRASERVER-73138)
medium
159009WordPress 5.9 < 5.9.2 / 5.8 < 5.8.4 / 5.7 < 5.7.6 / 5.6 < 5.6.8 / 5.5 < 5.5.9 / 5.4 < 5.4.10 / 5.3 < 5.3.12 / 5.2 < 5.2.15 / 5.1 < 5.1.13 / 5.0 < 5.0.16 / 4.9 < 4.9.20 / 4.8 < 4.8.19 / 4.7 < 4.7.23 / 4.6 < 4.6.23 / 4.5 < 4.5.26 / 4.4 < 4.4.27 / 4.3 < 4.3.28 / 4.2 < 4.2.32 / 4.1 < 4.1.35 / 4.0 < 4.0.35 / 3.9 < 3.9.36 / 3.8 < 3.8.38 / 3.7 < 3.7.38
high
159004SolarWinds Orion Platform 2020.2.0 < 2020.2.4
critical
158982Drupal 9.2.x < 9.2.15 / 9.3.x < 9.3.8 多个漏洞 (drupal-2022-03-16)
medium
158977Jenkins 插件 多个漏洞(2022 年 3 月 15 日)
high
158891GitLab 8.15 < 14.6.5 / 14.7 < 14.7.4 / 14.8 < 14.8.2 (CVE-2022-0489)
medium
158890GitLab 14.6 < 14.6.5/14.7.0 < 14.7.4/14.8.0 < 14.8.2 (CVE-2022-0738)
high
158889GitLab 13.2 < 14.3.6/14.4 < 14.4.4/14.5 < 14.5.2 (CVE-2022-0549)
medium
158888GitLab 13.0 < 14.6.5 / 14.7 < 14.7.4 / 14.8 < 14.8.2 (CVE-2021-4191)
medium
158690Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.7 / 2.303.x < 2.303.30.0.6 / 2.319.3.4 多个漏洞(CloudBees 安全公告 2022-02-15)
high
158687Fortinet FortiWeb - API 控制器中基于堆的缓冲区溢出 (FG-IR-21-160)
high
158672Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.6 / 2.303.x < 2.303.30.0.5 / 2.319.3.3 多个漏洞(CloudBees 安全公告 2022-02-09)
high
158560GitLab 12.10.x < 14.6.5 / 14.7.x < 14.7.4 / 14.8.x < 14.8.2 多个漏洞
critical
158452Zabbix 5.4.x < 5.4.9 多个漏洞
critical
158383Splunk Enterprise 8.1.x < 8.1.7.1 / 8.2.x < 8.2.3.3 Log4j
critical
158361ManageEngine ADManager Plus < Build 7115 RCE
critical
158154PHP 8.1.x < 8.1.3
critical
158133PHP 7.4.x < 7.4.28
critical
158095Drupal 7.x < 7.88 / 9.2.x < 9.2.13 / 9.3.x < 9.3.6 多个漏洞 (drupal-2022-02-16)
high
158092Jenkins Enterprise and Operations Center < 2.277.43.0.3 / 2.319.1.5 多个漏洞(CloudBees 安全公告 2021-12-01)
high
158059Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 多个漏洞(CloudBees 安全公告 2022-01-12)
high
157860Jenkins LTS < 2.319.3 / Jenkins weekly < 2.334 多个漏洞
high
157383ManageEngine ServiceDesk Plus 多种版本认证绕过漏洞
critical
157377Nagios XI 5.7.5 命令注入漏洞
high
157338Jenkins Enterprise and Operations Center < 2.303.30.0.4 / 2.319.2.9 RCE (CloudBees 安全公告 2022-01-28)
medium
157290ManageEngine NCM < 12.5.465 SQLi
critical
157289ManageEngine Network Configuration Manager (NCM) 检测
info
157176Atlassian Jira < 8.13.15 / 8.14.0 < 8.20.3 RCE (JRASERVER-73067)
high
157158Atlassian Jira < 8.19.0 损坏的访问控制 (JRASERVER-72737)
medium
157152Atlassian Jira < 8.21.0 中断访问控制 (JRASERVER-73071)
medium
157069ThinkWorks GoCD 默认管理员访问权限
critical
157068GoCD < 21.3.0 路径遍历(直接)
critical
157066GoCD < 21.3.0 路径遍历
critical
156930Jenkins 插件多个漏洞(2022 年 1 月 12 日)
high
156929Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 多个漏洞
high
156893Oracle Primavera Gateway(2022 年 1 月 CPU)
medium
156891Oracle Primavera P6 Enterprise Project Portfolio Management(2022 年 1 月 CPU)
high
156863Drupal 7.x < 7.86 / 9.2.x < 9.2.11 / 9.3.x < 9.3.3 多个漏洞 (drupal-2022-01-19)
medium
156832Oracle Primavera Unifier(2022 年 1 月 CPU)
critical