2022安全漏洞之花点时间整理一波（花点时间企查查）

漏洞类型比较多，回头抽点时间搞个wp平台。

代码执行漏洞：

microsoft:windows_os
vmware:vrealize_operations
apache:superset
openbsd:opensmtpd
drupal:drupal
cisco:imc
dpdk:dpdk
teamviewer:teamviewer
apche:guacamole
apple:ios
cisco:ios
sonatype:nexus_repository_manager
microsoft:exchange_server
point-to-point_protocol_project:point-topoint_protocol
microsoft:sharepoint_server
microsoft:net_core
oracle:virtualbox
zoom:zoom
yongyou:yongyou_nc
cisco:ios_xe
gnu:grub
apache:struts2
adobe:magento_commerce
tp-link:ac1750_fri

命令执行漏洞 :

fusionauth:fusionauth
fasterxml:jackson-databind
cisco:ios apache:shardingsphere
apache:spark apache:struts2
microsoft:exchange_server_2016
mongo-express:mongo-express
microsoft:exchange_server_2019
Shiro Padding Oracle 远程代码执行漏洞
CVE-2019-2725：Weblogic XMLDecoder 代码执行漏洞

序列化漏洞：

apache:dubbo
apache:tomcat
fastjson:fastjson
microsoft:sql_server
f5:big-ip
ibm:websphere
oracle:weblogic
zoho:manageengine_desktop_central
xstream:xstream
fasterxml:jackson-databind
microsoft:exchange_server
fastxml:jackson-databind
JAVA 应用中，影响面较大的序列化漏洞有：
CVE-2020-2551: Weblogic IIOP 序列化漏洞
CVE-2020-2555: Weblogic T3 序列化漏洞
Fastjson 组件序列化漏洞
Jackson-Databind 组件序列化漏洞
CVE-2020-4450: Websphere IIOP 序列化漏洞
CVE-2020-1948: Apache Dubbo 序列化漏洞
.NET组件 CVE-2020-0688: Exchange 序列化漏洞
.NET组件 CVE-2020-0932: Sharepoint 序列化漏洞

权限提升漏洞：

containerd:containerd
vmware:vmware_cloud_foundation
vmware:horizon_client_for_mac
ibm:websphere_application_server
debain:debain_linux
intel:wireless_bluetooth
citrix:sd_wan
通达信科 :tongdaoa
vmware:fusion
ubuntu:ubuntu_linux
vmware:esxi
centos:centos
intel:amt/ism

工欲善其事，必先利其器。加油！