关注我们
带你读懂网络安全
一、公开漏洞情况
(一)漏洞增长情况
(二)漏洞分布情况
1、漏洞厂商分布
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2、漏洞影响产品分布
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3、漏洞类型分布
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4、漏洞严重等级分布
(三)漏洞修复情况
1、整体修复情况
2、厂商修复情况
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(四)漏洞攻击情况
1、漏洞攻击向量分布
2、漏洞利用情况
|
|
|
|
|
资源管理错误漏洞 |
CVE-2022-0609 |
|
|
代码注入漏洞 |
CVE-2022-22965 |
|
|
代码问题漏洞 |
CVE-2022-27925 |
|
|
授权问题漏洞 |
CVE-2022-37042 |
|
|
代码问题漏洞 |
CVE-2022-41352 |
|
|
|
CVE-2022-1388 |
|
|
操作系统命令注入漏洞 |
CVE-2022-30525 |
|
|
操作系统命令注入漏洞 |
CVE-2022-30190 |
|
|
注入漏洞 |
CVE-2022-26134 |
|
|
安全漏洞 |
CVE-2022-41040 |
|
|
安全漏洞 |
CVE-2022-41082 |
|
(1)Google Chrome 资源管理错误漏洞
(2)Spring Framework 代码注入漏洞
(3)Zimbra Collaboration Suite两个利用链漏洞
(4)Zimbra Collaboration Suite 代码问题漏洞
(5)F5 BIG-IP 访问控制错误漏洞
(6)Zyxel(合勤科技)USG FLEX操作系统命令注入漏洞
(7)Microsoft Windows Support Diagnostic Tool 操作系统命令注入漏洞
(8)Atlassian Confluence Server 注入漏洞
(9)Microsoft Exchange Server两个利用链漏洞
二、漏洞趋势分析
(一)高风险漏洞数量突破新高
(二)零日争夺升级攻防新较量
(三)单边漏洞管控扰乱国际秩序
(四)网络霸权主义冲击网空权益
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
三、下步措施建议
原文始发于微信公众号(安全内参):国家漏洞库CNNVD:2022年度网络安全漏洞态势报告
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论