近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞85个,影响到Oracle产品的其他厂商漏洞231个。包括Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞(CNNVD-202207-1715、CVE-2022-21543)、Oracle Communications Billing and Revenue Management 安全漏洞(CNNVD-202207-1677、CVE-2022-21429)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2022年7月19日,Oracle发布了2022年7月份安全更新,共316个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Communications Applications、Oracle E-Business Suite、Oracle Fusion Middleware和Oracle BI Publisher、Oracle Communications Billing and Revenue Management、Oracle Financial Services Applications等。CNNVD对其危害等级进行了评价,其中超危漏洞45个,高危漏洞132个,中危漏洞133个,低危漏洞6个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问
https://www.oracle.com/security-alerts/cpujul2022.html查询。
二、漏洞详情
此次更新共包括84个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞18个,中危漏洞61个,低危漏洞4个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞 | CNNVD-202207-1715 | CVE-2022-21543 | 超危 | https://www.oracle.com/security-alerts/cpujul2022.html |
2 | Oracle Communications Billing and Revenue Management 安全漏洞 | CNNVD-202207-1677 | CVE-2022-21429 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
3 | Oracle E-Business Suite 信息泄露漏洞 | CNNVD-202205-3832 | CVE-2022-21500 | 高危 | https://www.oracle.com/security-alerts/alert-cve-2022-21500.html |
4 | Oracle Database Server 安全漏洞 | CNNVD-202207-1682 | CVE-2022-21510 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
5 | Oracle Database Server 安全漏洞 | CNNVD-202207-1686 | CVE-2022-21511 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
6 | Oracle ZFS Storage Appliance 安全漏洞 | CNNVD-202207-1685 | CVE-2022-21513 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
7 | Oracle Solaris 安全漏洞 | CNNVD-202207-1691 | CVE-2022-21514 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
8 | Oracle Enterprise Manager Base Platform 输入验证错误漏洞 | CNNVD-202207-1582 | CVE-2022-21516 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
9 | Oracle Solaris 安全漏洞 | CNNVD-202207-1701 | CVE-2022-21524 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
10 | Oracle Enterprise Manager Base Platform 输入验证错误漏洞 | CNNVD-202207-1579 | CVE-2022-21536 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
11 | Oracle JD Edwards Products 输入验证错误漏洞 | CNNVD-202207-1627 | CVE-2022-21542 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
12 | Oracle FLEXCUBE Universal Banking 输入验证错误漏洞 | CNNVD-202207-1583 | CVE-2022-21544 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
13 | Oracle Fusion Middleware 输入验证错误漏洞 | CNNVD-202207-1599 | CVE-2022-21552 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
14 | Oracle Construction and Engineering Suite 输入验证错误漏洞 | CNNVD-202207-1576 | CVE-2022-21558 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
15 | Oracle Fusion Middleware 输入验证错误漏洞 | CNNVD-202207-1598 | CVE-2022-21562 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
16 | Oracle Applications Framework 输入验证错误漏洞 | CNNVD-202207-1575 | CVE-2022-21566 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
17 | Oracle E-Business Suite 输入验证错误漏洞 | CNNVD-202207-1573 | CVE-2022-21567 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
18 | Oracle Fusion Middleware 输入验证错误漏洞 | CNNVD-202207-1601 | CVE-2022-21570 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
19 | Oracle Virtualization 安全漏洞 | CNNVD-202207-1721 | CVE-2022-21571 | 高危 | https://www.oracle.com/security-alerts/cpujul2022.html |
20 | Oracle FLEXCUBE Universal Banking 输入验证错误漏洞 | CNNVD-202207-1580 | CVE-2022-21428 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
21 | Oracle Solaris 安全漏洞 | CNNVD-202204-4026 | CVE-2022-21439 | 中危 | https://www.oracle.com/security-alerts/cpuapr2022.html |
22 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1681 | CVE-2022-21455 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
23 | Oracle Essbase 安全漏洞 | CNNVD-202207-1687 | CVE-2022-21508 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
24 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1679 | CVE-2022-21509 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
25 | Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞 | CNNVD-202207-1688 | CVE-2022-21512 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
26 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1692 | CVE-2022-21515 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
27 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1684 | CVE-2022-21517 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
28 | Oracle Health Sciences Applications 输入验证错误漏洞 | CNNVD-202207-1610 | CVE-2022-21518 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
29 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1695 | CVE-2022-21519 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
30 | Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞 | CNNVD-202207-1702 | CVE-2022-21520 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
31 | Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞 | CNNVD-202207-1698 | CVE-2022-21521 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
32 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1699 | CVE-2022-21522 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
33 | Oracle Fusion Middleware和Oracle BI Publisher 输入验证错误漏洞 | CNNVD-202207-1602 | CVE-2022-21523 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
34 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1694 | CVE-2022-21525 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
35 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1696 | CVE-2022-21526 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
36 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1670 | CVE-2022-21527 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
37 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1676 | CVE-2022-21528 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
38 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1697 | CVE-2022-21529 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
39 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1703 | CVE-2022-21530 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
40 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1704 | CVE-2022-21531 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
41 | Oracle JD Edwards Products 输入验证错误漏洞 | CNNVD-202207-1614 | CVE-2022-21532 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
42 | Oracle Solaris 安全漏洞 | CNNVD-202207-1707 | CVE-2022-21533 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
43 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1706 | CVE-2022-21534 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
44 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1690 | CVE-2022-21537 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
45 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1683 | CVE-2022-21539 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
46 | Oracle Java SE 输入验证错误漏洞 | CNNVD-202207-1626 | CVE-2022-21540 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
47 | Oracle Java SE和Oracle GraalVM 输入验证错误漏洞 | CNNVD-202207-1621 | CVE-2022-21541 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
48 | Oracle E-Business Suite 输入验证错误漏洞 | CNNVD-202207-1577 | CVE-2022-21545 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
49 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1693 | CVE-2022-21547 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
50 | Oracle Fusion Middleware和Oracle WebLogic Server 输入验证错误漏洞 | CNNVD-202207-1604 | CVE-2022-21548 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
51 | Oracle Java SE 输入验证错误漏洞 | CNNVD-202207-1624 | CVE-2022-21549 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
52 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1709 | CVE-2022-21550 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
53 | Oracle GoldenGate 安全漏洞 | CNNVD-202207-1710 | CVE-2022-21551 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
54 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1705 | CVE-2022-21553 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
55 | Oracle Virtualization 安全漏洞 | CNNVD-202207-1711 | CVE-2022-21554 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
56 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1712 | CVE-2022-21555 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
57 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1651 | CVE-2022-21556 | 中危 | |
58 | Oracle Fusion Middleware和Oracle WebLogic Server 输入验证错误漏洞 | CNNVD-202207-1605 | CVE-2022-21557 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
59 | Oracle Commerce 安全漏洞 | CNNVD-202207-1716 | CVE-2022-21559 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
60 | Oracle Fusion Middleware和Oracle WebLogic Server 输入验证错误漏洞 | CNNVD-202207-1608 | CVE-2022-21560 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
61 | Oracle JD Edwards Products 输入验证错误漏洞 | CNNVD-202207-1628 | CVE-2022-21561 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
62 | Oracle Fusion Middleware和Oracle WebLogic Server 输入验证错误漏洞 | CNNVD-202207-1606 | CVE-2022-21564 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
63 | Oracle Database Server 安全漏洞 | CNNVD-202207-1719 | CVE-2022-21565 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
64 | Oracle E-Business Suite 输入验证错误漏洞 | CNNVD-202207-1574 | CVE-2022-21568 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
65 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1665 | CVE-2022-21569 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
66 | Oracle Communications Applications 安全漏洞 | CNNVD-202207-1724 | CVE-2022-21572 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
67 | Oracle Communications Applications 安全漏洞 | CNNVD-202207-1722 | CVE-2022-21573 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
68 | Oracle Communications Applications 安全漏洞 | CNNVD-202207-1727 | CVE-2022-21574 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
69 | Oracle Fusion Middleware 输入验证错误漏洞 | CNNVD-202207-1600 | CVE-2022-21575 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
70 | Oracle FLEXCUBE Universal Banking 输入验证错误漏洞 | CNNVD-202207-1588 | CVE-2022-21576 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
71 | Oracle FLEXCUBE Universal Banking 输入验证错误漏洞 | CNNVD-202207-1591 | CVE-2022-21577 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
72 | Oracle FLEXCUBE Universal Banking 输入验证错误漏洞 | CNNVD-202207-1586 | CVE-2022-21578 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
73 | Oracle FLEXCUBE Universal Banking 输入验证错误漏洞 | CNNVD-202207-1589 | CVE-2022-21579 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
74 | Oracle Financial Services Applications 输入验证错误漏洞 | CNNVD-202207-1581 | CVE-2022-21580 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
75 | Oracle Financial Services Applications 输入验证错误漏洞 | CNNVD-202207-1595 | CVE-2022-21581 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
76 | Oracle Financial Services Applications 输入验证错误漏洞 | CNNVD-202207-1585 | CVE-2022-21582 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
77 | Oracle Financial Services Applications 输入验证错误漏洞 | CNNVD-202207-1590 | CVE-2022-21583 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
78 | Oracle Financial Services Applications 输入验证错误漏洞 | CNNVD-202207-1593 | CVE-2022-21584 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
79 | Oracle Financial Services Applications 输入验证错误漏洞 | CNNVD-202207-1584 | CVE-2022-21585 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
80 | Oracle Financial Services Applications 输入验证错误漏洞 | CNNVD-202207-1594 | CVE-2022-21586 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
81 | Oracle Database Server 安全漏洞 | CNNVD-202207-1680 | CVE-2022-21432 | 低危 | https://www.oracle.com/security-alerts/cpujul2022.html |
82 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1631 | CVE-2022-21535 | 低危 | https://www.oracle.com/security-alerts/cpujul2022.html |
83 | Oracle MySQL 输入验证错误漏洞 | CNNVD-202207-1708 | CVE-2022-21538 | 低危 | https://www.oracle.com/security-alerts/cpujul2022.html |
84 | Oracle ZFS Storage Appliance 安全漏洞 | CNNVD-202207-1718 | CVE-2022-21563 | 低危 | https://www.oracle.com/security-alerts/cpujul2022.html |
此次更新共包括1个更新漏洞的补丁程序,其中高危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Database Server 输入验证错误漏洞 | CNNVD-202107-1424 | CVE-2021-2351 | 高危 | https://www.oracle.com/security-alerts/cpujul2021.html |
此次更新共包括231个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞44个,高危漏洞113个,中危漏洞72个,低危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Pivotal Software Spring Data Commons和Spring Data REST 输入验证错误漏洞 | CNNVD-201804-564 | CVE-2018-1273 | 超危 | Pivotal_software | https://pivotal.io/security/cve-2018-1273 |
2 | Apache Cordova 跨站脚本漏洞 | CNNVD-202001-439 | CVE-2019-0219 | 超危 | Apache基金会 | https://www.apache.org/ |
3 | Apache HTTP Server 资源管理错误漏洞 | CNNVD-201908-1143 | CVE-2019-10082 | 超危 | apache | http://httpd.apache.org/security/vulnerabilities_24.html |
4 | Swagger UI 跨站请求伪造漏洞 | CNNVD-201910-715 | CVE-2019-17495 | 超危 | 个人开发者 | https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11 |
5 | Apache Log4j 代码问题漏洞 | CNNVD-201912-950 | CVE-2019-17571 | 超危 | Apache基金会 | https://www.apache.org/ |
6 | Python 信任管理问题漏洞 | CNNVD-201903-311 | CVE-2019-9636 | 超危 | redhat | https://bugs.python.org/issue36216 |
7 | dom4j 代码问题漏洞 | CNNVD-202004-1133 | CVE-2020-10683 | 超危 | 个人开发者 | https://github.com/dom4j/dom4j/commit/a822852 |
8 | PyYAML 输入验证错误漏洞 | CNNVD-202102-918 | CVE-2020-14343 | 超危 | 个人开发者 | https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
9 | PyYAML 输入验证错误漏洞 | CNNVD-202003-034 | CVE-2020-1747 | 超危 | Yaml | https://pyyaml.org/ |
10 | Python 安全漏洞 | CNNVD-202010-1189 | CVE-2020-27619 | 超危 | Python软件基金会 | https://bugs.python.org/issue41944 |
11 | Dell BSAFE 安全漏洞 | CNNVD-202207-835 | CVE-2020-29506 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
12 | Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-837 | CVE-2020-29507 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
13 | Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-838 | CVE-2020-29508 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
14 | Dell BSAFE 安全特征问题漏洞 | CNNVD-202207-834 | CVE-2020-35163 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
15 | Dell BSAFE 安全漏洞 | CNNVD-202207-832 | CVE-2020-35166 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
16 | Dell BSAFE 安全漏洞 | CNNVD-202207-831 | CVE-2020-35167 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
17 | Dell BSAFE 安全漏洞 | CNNVD-202207-828 | CVE-2020-35168 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
18 | Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-830 | CVE-2020-35169 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
19 | node core 输入验证错误漏洞 | CNNVD-202108-1142 | CVE-2021-22931 | 超危 | 个人开发者 | https://www.npmjs.com/package/node-core |
20 | dojo 安全漏洞 | CNNVD-202112-1483 | CVE-2021-23450 | 超危 | 个人开发者 | https://github.com/dojo/dojo |
21 | Apache Xmlbeans 输入验证错误漏洞 | CNNVD-202101-1146 | CVE-2021-23926 | 超危 | Apache基金会 | https://issues.apache.org/jira/browse/XMLBEANS-517 |
22 | Apache Maven 访问控制错误漏洞 | CNNVD-202104-1824 | CVE-2021-26291 | 超危 | Apache基金会 | https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E |
23 | Python 安全漏洞 | CNNVD-202104-2308 | CVE-2021-29921 | 超危 | Python基金会 | https://www.python.org/ |
24 | Python 缓冲区错误漏洞 | CNNVD-202101-1467 | CVE-2021-3177 | 超危 | Python基金会 | https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html |
25 | Apache Struts 2 安全漏洞 | CNNVD-202204-3223 | CVE-2021-31805 | 超危 | Apache基金会 | https://cwiki.apache.org/confluence/display/WW/S2-062 |
26 | netfilter 信息泄露漏洞 | CNNVD-202202-1356 | CVE-2021-3773 | 超危 | netfilter | https://www.kernel.org/ |
27 | Apache Shiro 授权问题漏洞 | CNNVD-202109-1230 | CVE-2021-41303 | 超危 | Apache基金会 | https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E |
28 | Sanitize 输入验证错误漏洞 | CNNVD-202110-1259 | CVE-2021-42575 | 超危 | 个人开发者 | https://owasp.org/www-project-java-html-sanitizer/ |
29 | Github liquibase 代码问题漏洞 | CNNVD-202203-471 | CVE-2022-0839 | 超危 | 个人开发者 | https://github.com/liquibase/liquibase/commit/33d9d925082097fb1a3d2fc8e44423d964cd9381 |
30 | vim 资源管理错误漏洞 | CNNVD-202203-2537 | CVE-2022-1154 | 超危 | 个人开发者 | https://www.vim.org/ |
31 | OpenSSL 操作系统命令注入漏洞 | CNNVD-202205-1962 | CVE-2022-1292 | 超危 | Openssl团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 |
32 | Apache HTTP Server 环境问题漏洞 | CNNVD-202203-1236 | CVE-2022-22720 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
33 | Apache HTTP Server 输入验证错误漏洞 | CNNVD-202203-1299 | CVE-2022-22721 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
34 | VMware Spring Cloud Gateway 代码注入漏洞 | CNNVD-202203-161 | CVE-2022-22947 | 超危 | VMware | https://tanzu.vmware.com/security/cve-2022-22947 |
35 | Spring Framework 代码注入漏洞 | CNNVD-202203-2641 | CVE-2022-22963 | 超危 | Spring社区 | https://spring.io/projects/spring-cloud |
36 | Spring Framework 代码注入漏洞 | CNNVD-202203-2514 | CVE-2022-22965 | 超危 | Spring团队 | https://tanzu.vmware.com/security/cve-2022-22965 |
37 | VMware Spring Security 授权问题漏洞 | CNNVD-202205-3584 | CVE-2022-22978 | 超危 | VMware | https://tanzu.vmware.com/security/cve-2022-22978 |
38 | glibc 安全漏洞 | CNNVD-202201-1163 | CVE-2022-23218 | 超危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=28768 |
39 | glibc 安全漏洞 | CNNVD-202201-1164 | CVE-2022-23219 | 超危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=22542 |
40 | Apache Log4j SQL注入漏洞 | CNNVD-202201-1421 | CVE-2022-23305 | 超危 | Apache基金会 | https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y |
41 | OWASP ESAPI 路径遍历漏洞 | CNNVD-202204-4378 | CVE-2022-23457 | 超危 | 个人开发者 | https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 |
42 | Containous Traefik 信任管理问题漏洞 | CNNVD-202202-1402 | CVE-2022-23632 | 超危 | Containous | https://github.com/traefik/traefik/pull/8764 |
43 | Elliptic package 安全漏洞 | CNNVD-202202-930 | CVE-2022-23806 | 超危 | 个人开发者 | https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ |
44 | Fastjson 代码问题漏洞 | CNNVD-202206-1037 | CVE-2022-25845 | 超危 | 阿里巴巴 | https://github.com/alibaba/fastjson/wiki/security_update_20220523 |
45 | Pivotal Spring Data Commons 安全漏洞 | CNNVD-201805-403 | CVE-2018-1259 | 高危 | Xmlbeam | https://pivotal.io/security/cve-2018-1259 |
46 | Spring Data Commons 安全漏洞 | CNNVD-201804-842 | CVE-2018-1274 | 高危 | Pivotal_software | https://pivotal.io/security/cve-2018-1274 |
47 | Python 信任管理问题漏洞 | CNNVD-201810-457 | CVE-2018-18074 | 高危 | canonical | https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff |
48 | zlib 缓冲区错误漏洞 | CNNVD-202203-2221 | CVE-2018-25032 | 高危 | 个人开发者 | https://z-lib.org/ |
49 | Apache Axis 代码问题漏洞 | CNNVD-201904-472 | CVE-2019-0227 | 高危 | apache | http://axis.apache.org/ |
50 | Apache Commons Beanutils 代码问题漏洞 | CNNVD-201908-1140 | CVE-2019-10086 | 高危 | debian | https://issues.apache.org/jira/browse/BEANUTILS-520 |
51 | Python 路径遍历漏洞 | CNNVD-202009-303 | CVE-2019-20916 | 高危 | Python软件基金会 | https://github.com/pypa/pip/issues/6413 |
52 | Apache Batik 代码问题漏洞 | CNNVD-202102-1586 | CVE-2020-11987 | 高危 | Apache基金会 | https://xmlgraphics.apache.org/security.html |
53 | Linux kernel 输入验证错误漏洞 | CNNVD-202006-740 | CVE-2020-13974 | 高危 | Linux基金会 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae |
54 | Fasterxml Jackson 代码问题漏洞 | CNNVD-202010-622 | CVE-2020-25649 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 |
55 | Dell BSAFE Micro Edition Suite 信任管理问题漏洞 | CNNVD-202206-119 | CVE-2020-26184 | 高危 | Dell | https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en |
56 | Dell BSAFE Micro Edition Suite 缓冲区错误漏洞 | CNNVD-202206-118 | CVE-2020-26185 | 高危 | Dell | https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en |
57 | Bouncy Castle BC 安全漏洞 | CNNVD-202012-1340 | CVE-2020-28052 | 高危 | Bouncy Castle | https://www.bouncycastle.org/releasenotes.html |
58 | FasterXML Jackson 资源管理错误漏洞 | CNNVD-202102-1356 | CVE-2020-28491 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6 |
59 | Odoo 安全漏洞 | CNNVD-202012-1476 | CVE-2020-29396 | 高危 | Odoo | https://github.com/odoo/odoo/issues/63712 |
60 | Dell BSAFE Micro Edition Suite和Dell BSAFE 安全特征问题漏洞 | CNNVD-202207-836 | CVE-2020-29505 | 高危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
61 | Pytest 安全漏洞 | CNNVD-202012-785 | CVE-2020-29651 | 高危 | Pytest团队 | https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 |
62 | Dell BSAFE 安全漏洞 | CNNVD-202207-833 | CVE-2020-35164 | 高危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
63 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202012-1285 | CVE-2020-35490 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2986 |
64 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202012-1270 | CVE-2020-35491 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2986 |
65 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202012-1602 | CVE-2020-35728 | 高危 | 个人开发者 | https://github.com/FasterXML/jackson-databind/issues/2999 |
66 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-327 | CVE-2020-36179 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3004 |
67 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-326 | CVE-2020-36180 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3004 |
68 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-330 | CVE-2020-36181 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3004 |
69 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-325 | CVE-2020-36182 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3004 |
70 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-371 | CVE-2020-36183 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3003 |
71 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-344 | CVE-2020-36184 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2998 |
72 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-337 | CVE-2020-36185 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2998 |
73 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-333 | CVE-2020-36186 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2997 |
74 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-331 | CVE-2020-36187 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2997 |
75 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-355 | CVE-2020-36188 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2996 |
76 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-329 | CVE-2020-36189 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2996 |
77 | FasterXML jackson-databind 缓冲区错误漏洞 | CNNVD-202203-1165 | CVE-2020-36518 | 高危 | 个人开发者 | https://github.com/FasterXML/jackson-databind/issues/2816 |
78 | dojo 代码注入漏洞 | CNNVD-202003-462 | CVE-2020-5258 | 高危 | 个人开发者 | https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 |
79 | Vmware Spring Framework 跨站脚本漏洞 | CNNVD-202001-839 | CVE-2020-5398 | 高危 | Vmware | https://spring.io/ |
80 | joyent json 操作系统命令注入漏洞 | CNNVD-202008-1430 | CVE-2020-7712 | 高危 | 个人开发者 | https://snyk.io/vuln/SNYK-JS-JSON-597481 |
81 | Apache Tomcat 代码问题漏洞 | CNNVD-202005-1078 | CVE-2020-9484 | 高危 | Apache基金会 | https://tomcat.apache.org/security.html |
82 | Apache Hadoop 安全漏洞 | CNNVD-202101-2280 | CVE-2020-9492 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E |
83 | Linux kernel 安全特征问题漏洞 | CNNVD-202111-2081 | CVE-2021-20322 | 高危 | Linux基金会 | https://access.redhat.com/security/cve/cve-2021-20322。 |
84 | Vmware Spring Framework 权限许可和访问控制问题漏洞 | CNNVD-202105-1663 | CVE-2021-22118 | 高危 | Vmware | https://github.com/spring-projects/spring-framework |
85 | VMware Spring Security 安全漏洞 | CNNVD-202106-1916 | CVE-2021-22119 | 高危 | Vmware | https://tanzu.vmware.com/security/cve-2021-22119 |
86 | node core 资源管理错误漏洞 | CNNVD-202108-1099 | CVE-2021-22940 | 高危 | 个人开发者 | https://vigilance.fr/vulnerability/Node-Core-three-vulnerabilities-36118 |
87 | HAXX Haxx libcurl 安全漏洞 | CNNVD-202109-997 | CVE-2021-22946 | 高危 | Haxx | https://curl.se/docs/CVE-2021-22946.html |
88 | lodash 命令注入漏洞 | CNNVD-202102-1137 | CVE-2021-23337 | 高危 | 个人开发者 | https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 |
89 | Linux kernel 命令注入漏洞 | CNNVD-202104-471 | CVE-2021-29154 | 高危 | Linux基金会 | https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098 |
90 | XStream 代码问题漏洞 | CNNVD-202105-1981 | CVE-2021-29505 | 高危 | XStream团队 | https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc |
91 | Github json-smart-v1 缓冲区错误漏洞 | CNNVD-202106-103 | CVE-2021-31684 | 高危 | 个人开发者 | https://github.com/netplex |
92 | Libgcrypt 安全漏洞 | CNNVD-202106-573 | CVE-2021-33560 | 高危 | GNU计划 | https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61 |
93 | JDOM 代码问题漏洞 | CNNVD-202106-1323 | CVE-2021-33813 | 高危 | 个人开发者 | https://github.com/hunterhacker/jdom。 |
94 | OpenSSL 信任管理问题漏洞 | CNNVD-202103-1456 | CVE-2021-3450 | 高危 | Openssl团队 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd |
95 | Apache Commons Compress 安全漏洞 | CNNVD-202107-896 | CVE-2021-35515 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E |
96 | Apache Commons Compress 安全漏洞 | CNNVD-202107-897 | CVE-2021-35516 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E |
97 | Apache Commons Compress 安全漏洞 | CNNVD-202107-898 | CVE-2021-35517 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E |
98 | Apache Portable Runtime 缓冲区错误漏洞 | CNNVD-202108-1852 | CVE-2021-35940 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E |
99 | Apache Commons Compress 安全漏洞 | CNNVD-202107-899 | CVE-2021-36090 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E |
100 | Linux kernel 缓冲区错误漏洞 | CNNVD-202106-1443 | CVE-2021-3612 | 高危 | Linux基金会 | https://www.linuxkernelcves.com/ |
101 | Netty 资源管理错误漏洞 | CNNVD-202110-1442 | CVE-2021-37136 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv |
102 | Netty 资源管理错误漏洞 | CNNVD-202110-1441 | CVE-2021-37137 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 |
103 | SUSE Linux Enterprise Server 代码问题漏洞 | CNNVD-202109-1140 | CVE-2021-3737 | 高危 | SUSE | https://www.python.org/downloads/ |
104 | Linux kernel 缓冲区错误漏洞 | CNNVD-202108-2658 | CVE-2021-3743 | 高危 | Linux基金会 | https://vigilance.fr/vulnerability/Linux-kernel-out-of-bounds-memory-reading-via-qrtr-endpoint-post-36254 |
105 | Axios 资源管理错误漏洞 | CNNVD-202108-2780 | CVE-2021-3749 | 高危 | 个人开发者 | https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31 |
106 | Linux kernel 资源管理错误漏洞 | CNNVD-202109-996 | CVE-2021-3752 | 高危 | Linux基金会 | https://access.redhat.com/security/cve/cve-2021-3752 |
107 | Github jsoup 安全漏洞 | CNNVD-202108-1636 | CVE-2021-37714 | 高危 | 个人开发者 | https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c |
108 | Apache Spark 加密问题漏洞 | CNNVD-202203-838 | CVE-2021-38296 | 高危 | Apache基金会 | https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd |
109 | GNU C Library 代码问题漏洞 | CNNVD-202108-1172 | CVE-2021-38604 | 高危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=28213 |
110 | XStream 代码问题漏洞 | CNNVD-202108-1885 | CVE-2021-39139 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39139.html |
111 | XStream 代码问题漏洞 | CNNVD-202108-1887 | CVE-2021-39141 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39141.html |
112 | XStream 代码问题漏洞 | CNNVD-202108-1890 | CVE-2021-39144 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39144.html |
113 | XStream 代码问题漏洞 | CNNVD-202108-1886 | CVE-2021-39145 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39145.html |
114 | XStream 代码问题漏洞 | CNNVD-202108-1895 | CVE-2021-39146 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39146.html |
115 | XStream 代码问题漏洞 | CNNVD-202108-1888 | CVE-2021-39147 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39147.html |
116 | XStream 代码问题漏洞 | CNNVD-202108-1894 | CVE-2021-39148 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39148.html |
117 | XStream 代码问题漏洞 | CNNVD-202108-1898 | CVE-2021-39149 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39149.html |
118 | XStream 代码问题漏洞 | CNNVD-202108-1901 | CVE-2021-39150 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39150.html |
119 | XStream 代码问题漏洞 | CNNVD-202108-1896 | CVE-2021-39151 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39151.html |
120 | XStream 代码问题漏洞 | CNNVD-202108-1902 | CVE-2021-39152 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39152.html |
121 | XStream 代码问题漏洞 | CNNVD-202108-1897 | CVE-2021-39153 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39153.html |
122 | XStream 代码问题漏洞 | CNNVD-202108-1899 | CVE-2021-39154 | 高危 | XStream团队 | https://x-stream.github.io/CVE-2021-39154.html |
123 | Apache Santuario 信息泄露漏洞 | CNNVD-202109-1259 | CVE-2021-40690 | 高危 | Apache基金会 | https://santuario.apache.org/javaindex.html |
124 | Linux kernel 资源管理错误漏洞 | CNNVD-202201-468 | CVE-2021-4083 | 高危 | Linux基金会 | https://access.redhat.com/security/cve/cve-2021-4083 |
125 | Apache Log4j 代码问题漏洞 | CNNVD-202112-1011 | CVE-2021-4104 | 高危 | Apache基金会 | https://logging.apache.org/log4j/2.x/security.html |
126 | NumPy 代码问题漏洞 | CNNVD-202112-1488 | CVE-2021-41495 | 高危 | 个人开发者 | https://github.com/numpy/numpy |
127 | Linux kernel缓冲区错误漏洞 | CNNVD-202203-2249 | CVE-2021-4157 | 高危 | Linux基金会 | https://bugzilla.redhat.com/show_bug.cgi?id=2034342 |
128 | OpenSSH 安全漏洞 | CNNVD-202109-1695 | CVE-2021-41617 | 高危 | 个人开发者 | 暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:https://www.openssh.com/security.html |
129 | Google Go 缓冲区错误漏洞 | CNNVD-202111-671 | CVE-2021-41771 | 高危 | https://groups.google.com/g/golang-announce/c/0fM21h43arc | |
130 | Golang 输入验证错误漏洞 | CNNVD-202111-673 | CVE-2021-41772 | 高危 | https://groups.google.com/g/golang-announce/c/0fM21h43arc | |
131 | Linux kernel 授权问题漏洞 | CNNVD-202201-1396 | CVE-2021-4197 | 高危 | Linux基金会 | https://vigilance.fr/vulnerability/Linux-kernel-privilege-escalation-via-Cgroup-Fd-Writing-37262 |
132 | Apache Tomcat 资源管理错误漏洞 | CNNVD-202110-1057 | CVE-2021-42340 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E |
133 | GNU C Library 安全漏洞 | CNNVD-202111-457 | CVE-2021-43396 | 高危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=28524 |
134 | lxml 注入漏洞 | CNNVD-202112-1050 | CVE-2021-43818 | 高危 | 个人开发者 | https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8 |
135 | XStream 资源管理错误漏洞 | CNNVD-202201-2709 | CVE-2021-43859 | 高危 | XStream | https://x-stream.github.io/CVE-2021-43859.html |
136 | nodejs 信任管理问题漏洞 | CNNVD-202201-727 | CVE-2021-44531 | 高危 | 个人开发者 | https://nodejs.org/en/ |
137 | Linux kernel加密问题漏洞 | CNNVD-202112-2265 | CVE-2021-45485 | 高危 | Linux基金会 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99 |
138 | OpenSSL 安全漏洞 | CNNVD-202203-1394 | CVE-2022-0778 | 高危 | Openssl团队 | https://www.openssl.org/news/secadv/20220315.txt |
139 | Linux kernel 资源管理错误漏洞 | CNNVD-202203-1821 | CVE-2022-1011 | 高危 | Linux基金会 | https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next |
140 | GNU Gzip 输入验证错误漏洞 | CNNVD-202204-2632 | CVE-2022-1271 | 高危 | GNU社区 | http://savannah.gnu.org/forum/forum.php?forum_id=10157 |
141 | nodejs 代码注入漏洞 | CNNVD-202201-726 | CVE-2022-21824 | 高危 | 个人开发者 | https://nodejs.org/en/ |
142 | Apache Tomcat 权限许可和访问控制问题漏洞 | CNNVD-202201-2423 | CVE-2022-23181 | 高危 | Apache基金会 | https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.75 |
143 | Apache Log4j 代码问题漏洞 | CNNVD-202201-1420 | CVE-2022-23302 | 高危 | Apache基金会 | https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w |
144 | Apache log4j 代码问题漏洞 | CNNVD-202201-1425 | CVE-2022-23307 | 高危 | Apache基金会 | https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh |
145 | libxml2 资源管理错误漏洞 | CNNVD-202202-1722 | CVE-2022-23308 | 高危 | 个人开发者 | https://vigilance.fr/vulnerability/libxml2-five-vulnerabilities-37614 |
146 | Google Golang 输入验证错误漏洞 | CNNVD-202202-928 | CVE-2022-23772 | 高危 | https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | |
147 | cmd/go 安全漏洞 | CNNVD-202202-929 | CVE-2022-23773 | 高危 | https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | |
148 | Cyrus Sasl SQL注入漏洞 | CNNVD-202202-1766 | CVE-2022-24407 | 高危 | The Cyrus Team团队 | https://ubuntu.com/security/notices/USN-5301-1 |
149 | CKEditor 安全漏洞 | CNNVD-202203-1545 | CVE-2022-24729 | 高危 | 个人开发者 | https://ckeditor.com/cke4/release/CKEditor-4.18 |
150 | Redis Labs Redis 代码注入漏洞 | CNNVD-202204-4527 | CVE-2022-24735 | 高危 | Redis Labs | https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq |
151 | Twisted 环境问题漏洞 | CNNVD-202204-1931 | CVE-2022-24801 | 高危 | 个人开发者 | https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac |
152 | nekohtml资源管理错误漏洞 | CNNVD-202204-2918 | CVE-2022-24839 | 高危 | 个人开发者 | https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d |
153 | Linux kernel 安全漏洞 | CNNVD-202202-1743 | CVE-2022-25636 | 高危 | Linux基金会 | https://access.redhat.com/security/cve/cve-2022-25636 |
154 | gson 代码问题漏洞 | CNNVD-202205-1791 | CVE-2022-25647 | 高危 | 个人开发者 | https://github.com/google/gson/pull/1991/files |
155 | Apache Tomcat 代码问题漏洞 | CNNVD-202205-3290 | CVE-2022-25762 | 高危 | Apache基金会 | https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c |
156 | curl 安全漏洞 | CNNVD-202205-3032 | CVE-2022-27778 | 高危 | 个人开发者 | https://curl.se/docs/CVE-2022-27778.html |
157 | Apache Tomcat 代码问题漏洞 | CNNVD-202205-2969 | CVE-2022-29885 | 高危 | Apache基金会 | https://blogs.apache.org/tomcat/ |
158 | Apache Axis 跨站脚本漏洞 | CNNVD-201808-082 | CVE-2018-8032 | 中危 | apache | https://issues.apache.org/jira/browse/AXIS-2924 |
159 | Apache HTTP Server 资源管理错误漏洞 | CNNVD-201904-043 | CVE-2019-0220 | 中危 | opensuse | https://httpd.apache.org/security/vulnerabilities_24.html |
160 | Python 注入漏洞 | CNNVD-201903-484 | CVE-2019-9740 | 中危 | python | https://www.python.org/ |
161 | Google Android 代码问题漏洞 | CNNVD-202009-550 | CVE-2020-0404 | 中危 | https://source.android.com/security/bulletin/2020-09-01 | |
162 | jQuery 跨站脚本漏洞 | CNNVD-202004-2429 | CVE-2020-11022 | 中危 | 个人开发者 | https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ |
163 | jQuery 跨站脚本漏洞 | CNNVD-202004-2420 | CVE-2020-11023 | 中危 | 个人开发者 | https://jquery.com/upgrade-guide/3.5/ |
164 | Apache Groovy 安全漏洞 | CNNVD-202012-422 | CVE-2020-17521 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel |
165 | Apache HTTP Server 输入验证错误漏洞 | CNNVD-202004-060 | CVE-2020-1927 | 中危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
166 | urllib3 注入漏洞 | CNNVD-202009-1751 | CVE-2020-26137 | 中危 | 个人开发者 | https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b |
167 | Highlightjs 安全漏洞 | CNNVD-202011-1841 | CVE-2020-26237 | 中危 | Highlightjs | https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0 |
168 | Linux kernel 资源管理错误漏洞 | CNNVD-202111-346 | CVE-2020-27820 | 中危 | Linux基金会 | https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/。 |
169 | lodash 安全漏洞 | CNNVD-202102-1168 | CVE-2020-28500 | 中危 | 个人开发者 | https://github.com/lodash/lodash/pull/5065 |
170 | IBM i 安全漏洞 | CNNVD-202011-1710 | CVE-2020-4788 | 中危 | IBM | https://www.ibm.com/support/pages/node/6370729 |
171 | Pivotal Software Spring Framework 跨站请求伪造漏洞 | CNNVD-202001-841 | CVE-2020-5397 | 中危 | Pivotal Software | https://spring.io/ |
172 | jQuery 跨站脚本漏洞 | CNNVD-202005-968 | CVE-2020-7656 | 中危 | 个人开发者 | https://jquery.com/ |
173 | node core 信任管理问题漏洞 | CNNVD-202108-1119 | CVE-2021-22939 | 中危 | 个人开发者 | https://vigilance.fr/vulnerability/Node-Core-three-vulnerabilities-36118 |
174 | Migration Toolkit For Containers 数据伪造问题漏洞 | CNNVD-202109-999 | CVE-2021-22947 | 中危 | Red Hat | https://access.redhat.com/security/cve/cve-2021-22947 |
175 | Apache Commons IO 路径遍历漏洞 | CNNVD-202104-702 | CVE-2021-29425 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/IO-556 |
176 | Apache MINA 安全漏洞 | CNNVD-202107-630 | CVE-2021-30129 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E |
177 | Apache PDFBox 安全漏洞 | CNNVD-202106-1201 | CVE-2021-31811 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f71402809baa81548fc20e%40%3Cusers.pdfbox.apache.org%3E |
178 | Apache PDFBox 安全漏洞 | CNNVD-202106-1200 | CVE-2021-31812 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E |
179 | NumPy 安全漏洞 | CNNVD-202112-1481 | CVE-2021-34141 | 中危 | 个人开发者 | https://github.com/numpy/numpy/pull/19539 |
180 | Eclipse Jetty 信息泄露漏洞 | CNNVD-202107-1094 | CVE-2021-34429 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm |
181 | OpenSSL 代码问题漏洞 | CNNVD-202103-1458 | CVE-2021-3449 | 中危 | Openssl团队 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd |
182 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202107-1281 | CVE-2021-35043 | 中危 | OWASP基金会 | https://owasp.org/ |
183 | pip 输入验证错误漏洞 | CNNVD-202107-978 | CVE-2021-3572 | 中危 | python软件基金会 | https://www.auscert.org.au/bulletins/ESB-2021.2367 |
184 | Apache Ant 安全漏洞 | CNNVD-202107-983 | CVE-2021-36373 | 中危 | Apache基金会 | https://ant.apache.org/ |
185 | Apache Ant 安全漏洞 | CNNVD-202107-984 | CVE-2021-36374 | 中危 | Apache基金会 | https://ant.apache.org/ |
186 | libcares2 跨站脚本漏洞 | CNNVD-202108-883 | CVE-2021-3672 | 中危 | openSUSE项目 | https://www.suse.com/support/update/announcement/2021/suse-su-202114776-1/ |
187 | Linux kernel 资源管理错误漏洞 | CNNVD-202107-1632 | CVE-2021-37159 | 中危 | Linux基金会 | 暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:https://www.spinics.net/lists/linux-usb/msg202228.html |
188 | Linux kernel 安全漏洞 | CNNVD-202109-1000 | CVE-2021-3744 | 中危 | Linux基金会 | https://vigilance.fr/vulnerability/Linux-kernel-memory-leak-via-ccp-run-aes-gcm-cmd-36416 |
189 | Linux kernel 安全漏洞 | CNNVD-202109-438 | CVE-2021-3772 | 中危 | Linux基金会 | https://bugzilla.redhat.com/show_bug.cgi?id=2000694 |
190 | MIT Kerberos 代码问题漏洞 | CNNVD-202108-1847 | CVE-2021-37750 | 中危 | MIT | https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 |
191 | Apache Kafka 安全漏洞 | CNNVD-202109-1476 | CVE-2021-38153 | 中危 | Apache基金会 | https://kafka.apache.org/cve-list |
192 | XStream 安全漏洞 | CNNVD-202108-1900 | CVE-2021-39140 | 中危 | XStream团队 | https://x-stream.github.io/CVE-2021-39140.html |
193 | Linux kernel 安全漏洞 | CNNVD-202111-2102 | CVE-2021-4002 | 中危 | Linux基金会 | https://bugzilla.redhat.com/show_bug.cgi?id=2025726 |
194 | polkit 资源管理错误漏洞 | CNNVD-202202-1202 | CVE-2021-4115 | 中危 | 个人开发者 | https://access.redhat.com/security/cve/cve-2021-4115 |
195 | jQuery 跨站脚本漏洞 | CNNVD-202110-1843 | CVE-2021-41182 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
196 | jQuery 跨站脚本漏洞 | CNNVD-202110-1839 | CVE-2021-41183 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
197 | Openjs Jquery Ui 跨站脚本漏洞 | CNNVD-202110-1845 | CVE-2021-41184 | 中危 | Openjs基金会 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
198 | NumPy 安全漏洞 | CNNVD-202112-1484 | CVE-2021-41496 | 中危 | 个人开发者 | https://github.com/numpy/numpy |
199 | OpenSSL 加密问题漏洞 | CNNVD-202201-2650 | CVE-2021-4160 | 中危 | Openssl团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f |
200 | Linux kernel 资源管理错误漏洞 | CNNVD-202203-835 | CVE-2021-4203 | 中危 | Linux基金会 | https://lists.debian.org/debian-security-announce/2022/msg00063.html |
201 | Linux kernel 缓冲区错误漏洞 | CNNVD-202110-1485 | CVE-2021-42739 | 中危 | Linux基金会 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e。 |
202 | Linux kernel 缓冲区错误漏洞 | CNNVD-202111-454 | CVE-2021-43389 | 中危 | Linux基金会 | https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/。 |
203 | Netty 环境问题漏洞 | CNNVD-202112-767 | CVE-2021-43797 | 中危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq |
204 | Linux kernel 安全漏洞 | CNNVD-202111-1544 | CVE-2021-43976 | 中危 | Linux基金会 | https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/ |
205 | nodejs 信任管理问题漏洞 | CNNVD-202201-728 | CVE-2021-44532 | 中危 | 个人开发者 | https://nodejs.org/en/ |
206 | nodejs 信任管理问题漏洞 | CNNVD-202201-725 | CVE-2021-44533 | 中危 | 个人开发者 | https://nodejs.org/en/ |
207 | Apache Log4j 注入漏洞 | CNNVD-202112-2743 | CVE-2021-44832 | 中危 | Apache基金会 | https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf |
208 | GDAL 缓冲区错误漏洞 | CNNVD-202201-031 | CVE-2021-45943 | 中危 | 个人开发者 | https://github.com/OSGeo/gdal/ |
209 | AMD Processors 信息泄露漏洞 | CNNVD-202203-688 | CVE-2022-0001 | 中危 | AMD | https://ubuntu.com/security/notices/USN-5317-1 |
210 | AMD Processors 信息泄露漏洞 | CNNVD-202203-690 | CVE-2022-0002 | 中危 | AMD | https://ubuntu.com/security/notices/USN-5317-1 |
211 | Linux kernel 代码问题漏洞 | CNNVD-202201-2722 | CVE-2022-0286 | 中危 | Linux基金会 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=105cd17a866017b45f3c45901b394c711c97bf40 |
212 | Linux kernel 代码问题漏洞 | CNNVD-202201-2313 | CVE-2022-0322 | 中危 | Linux基金会 | https://vigilance.fr/vulnerability/Linux-kernel-assertion-error-via-sctp-make-strreset-req-37380 |
213 | Vmware VMware Spring Cloud Gateway 信任管理问题漏洞 | CNNVD-202203-158 | CVE-2022-22946 | 中危 | VMware | http://tanzu.vmware.com/security/cve-2022-22947 |
214 | Vmware Spring Framework 安全特征问题漏洞 | CNNVD-202204-3302 | CVE-2022-22968 | 中危 | VMware | https://tanzu.vmware.com/security/cve-2022-22968 |
215 | Pivotal Spring Security OAuth 资源管理错误漏洞 | CNNVD-202204-3951 | CVE-2022-22969 | 中危 | Pivotal | https://tanzu.vmware.com/security/cve-2022-22969 |
216 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-2988 | CVE-2022-22970 | 中危 | Spring团队 | https://spring.io/projects/spring-framework |
217 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-2980 | CVE-2022-22971 | 中危 | Spring团队 | https://spring.io/projects/spring-framework |
218 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-3586 | CVE-2022-22976 | 中危 | Spring团队 | https://tanzu.vmware.com/security/cve-2022-22976 |
219 | Xerces 安全漏洞 | CNNVD-202201-2238 | CVE-2022-23437 | 中危 | Apache基金会 | https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl |
220 | JetBrains Kotlin 安全特征问题漏洞 | CNNVD-202202-606 | CVE-2022-24329 | 中危 | JetBrains | http://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 |
221 | CKEditor 跨站脚本漏洞 | CNNVD-202203-1546 | CVE-2022-24728 | 中危 | 个人开发者 | https://ckeditor.com/cke4/release/CKEditor-4.18 |
222 | Redis Labs Redis 代码问题漏洞 | CNNVD-202204-4526 | CVE-2022-24736 | 中危 | Redis Labs | https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984 |
223 | Netty 安全漏洞 | CNNVD-202205-2566 | CVE-2022-24823 | 中危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 |
224 | OWASP ESAPI 跨站脚本漏洞 | CNNVD-202204-4523 | CVE-2022-24891 | 中危 | 个人开发者 | https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q |
225 | Apache Tika 资源管理错误漏洞 | CNNVD-202205-3505 | CVE-2022-25169 | 中危 | Apache基金会 | https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk |
226 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202204-4024 | CVE-2022-29577 | 中危 | Owasp基金会 | https://github.com/nahsra/antisamy/releases/tag/v1.6.7 |
227 | libxslt和libxml2 输入验证错误漏洞 | CNNVD-202205-1926 | CVE-2022-29824 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab |
228 | Apache Tika 安全漏洞 | CNNVD-202205-3498 | CVE-2022-30126 | 中危 | Apache基金会 | https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4 |
229 | Apache Xalan 输入验证错误漏洞 | CNNVD-202207-1617 | CVE-2022-34169 | 中危 | Apache | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
230 | Linux kernel安全漏洞 | CNNVD-202106-1736 | CVE-2021-21781 | 低危 | Linux基金会 | https://www.cybersecurity-help.cz/vdb/SB2021062704 |
231 | Linux kernel 加密问题漏洞 | CNNVD-202112-2270 | CVE-2021-45486 | 低危 | Linux基金会 | https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpujul2022.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
