近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞85个,影响到Oracle产品的其他厂商漏洞231个。包括Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞(CNNVD-202207-1715、CVE-2022-21543)、Oracle Communications Billing and Revenue Management 安全漏洞(CNNVD-202207-1677、CVE-2022-21429)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2022年7月19日,Oracle发布了2022年7月份安全更新,共316个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Communications Applications、Oracle E-Business Suite、Oracle Fusion Middleware和Oracle BI Publisher、Oracle Communications Billing and Revenue Management、Oracle Financial Services Applications等。CNNVD对其危害等级进行了评价,其中超危漏洞45个,高危漏洞132个,中危漏洞133个,低危漏洞6个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问

https://www.oracle.com/security-alerts/cpujul2022.html查询。

二、漏洞详情

此次更新共包括84个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞18个,中危漏洞61个,低危漏洞4个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞

CNNVD-202207-1715

CVE-2022-21543

超危

https://www.oracle.com/security-alerts/cpujul2022.html

2

Oracle Communications Billing and Revenue Management 安全漏洞

CNNVD-202207-1677

CVE-2022-21429

高危

https://www.oracle.com/security-alerts/cpujul2022.html

3

Oracle E-Business Suite 信息泄露漏洞

CNNVD-202205-3832

CVE-2022-21500

高危

https://www.oracle.com/security-alerts/alert-cve-2022-21500.html

4

Oracle Database Server 安全漏洞

CNNVD-202207-1682

CVE-2022-21510

高危

https://www.oracle.com/security-alerts/cpujul2022.html

5

Oracle Database Server 安全漏洞

CNNVD-202207-1686

CVE-2022-21511

高危

https://www.oracle.com/security-alerts/cpujul2022.html

6

Oracle ZFS Storage Appliance 安全漏洞

CNNVD-202207-1685

CVE-2022-21513

高危

https://www.oracle.com/security-alerts/cpujul2022.html

7

Oracle Solaris 安全漏洞

CNNVD-202207-1691

CVE-2022-21514

高危

https://www.oracle.com/security-alerts/cpujul2022.html

8

Oracle Enterprise Manager Base Platform 输入验证错误漏洞

CNNVD-202207-1582

CVE-2022-21516

高危

https://www.oracle.com/security-alerts/cpujul2022.html

9

Oracle Solaris 安全漏洞

CNNVD-202207-1701

CVE-2022-21524

高危

https://www.oracle.com/security-alerts/cpujul2022.html

10

Oracle Enterprise Manager Base Platform 输入验证错误漏洞

CNNVD-202207-1579

CVE-2022-21536

高危

https://www.oracle.com/security-alerts/cpujul2022.html

11

Oracle JD Edwards Products 输入验证错误漏洞

CNNVD-202207-1627

CVE-2022-21542

高危

https://www.oracle.com/security-alerts/cpujul2022.html

12

Oracle FLEXCUBE Universal Banking 输入验证错误漏洞

CNNVD-202207-1583

CVE-2022-21544

高危

https://www.oracle.com/security-alerts/cpujul2022.html

13

Oracle Fusion Middleware 输入验证错误漏洞

CNNVD-202207-1599

CVE-2022-21552

高危

https://www.oracle.com/security-alerts/cpujul2022.html

14

Oracle Construction and Engineering Suite 输入验证错误漏洞

CNNVD-202207-1576

CVE-2022-21558

高危

https://www.oracle.com/security-alerts/cpujul2022.html

15

Oracle Fusion Middleware 输入验证错误漏洞

CNNVD-202207-1598

CVE-2022-21562

高危

https://www.oracle.com/security-alerts/cpujul2022.html

16

Oracle Applications Framework 输入验证错误漏洞

CNNVD-202207-1575

CVE-2022-21566

高危

https://www.oracle.com/security-alerts/cpujul2022.html

17

Oracle E-Business Suite 输入验证错误漏洞

CNNVD-202207-1573

CVE-2022-21567

高危

https://www.oracle.com/security-alerts/cpujul2022.html

18

Oracle Fusion Middleware 输入验证错误漏洞

CNNVD-202207-1601

CVE-2022-21570

高危

https://www.oracle.com/security-alerts/cpujul2022.html

19

Oracle Virtualization 安全漏洞

CNNVD-202207-1721

CVE-2022-21571

高危

https://www.oracle.com/security-alerts/cpujul2022.html

20

Oracle FLEXCUBE Universal Banking 输入验证错误漏洞

CNNVD-202207-1580

CVE-2022-21428

中危

https://www.oracle.com/security-alerts/cpujul2022.html

21

Oracle Solaris 安全漏洞

CNNVD-202204-4026

CVE-2022-21439

中危

https://www.oracle.com/security-alerts/cpuapr2022.html

22

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1681

CVE-2022-21455

中危

https://www.oracle.com/security-alerts/cpujul2022.html

23

Oracle Essbase 安全漏洞

CNNVD-202207-1687

CVE-2022-21508

中危

https://www.oracle.com/security-alerts/cpujul2022.html

24

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1679

CVE-2022-21509

中危

https://www.oracle.com/security-alerts/cpujul2022.html

25

Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞

CNNVD-202207-1688

CVE-2022-21512

中危

https://www.oracle.com/security-alerts/cpujul2022.html

26

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1692

CVE-2022-21515

中危

https://www.oracle.com/security-alerts/cpujul2022.html

27

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1684

CVE-2022-21517

中危

https://www.oracle.com/security-alerts/cpujul2022.html

28

Oracle Health Sciences Applications 输入验证错误漏洞

CNNVD-202207-1610

CVE-2022-21518

中危

https://www.oracle.com/security-alerts/cpujul2022.html

29

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1695

CVE-2022-21519

中危

https://www.oracle.com/security-alerts/cpujul2022.html

30

Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞

CNNVD-202207-1702

CVE-2022-21520

中危

https://www.oracle.com/security-alerts/cpujul2022.html

31

Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞

CNNVD-202207-1698

CVE-2022-21521

中危

https://www.oracle.com/security-alerts/cpujul2022.html

32

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1699

CVE-2022-21522

中危

https://www.oracle.com/security-alerts/cpujul2022.html

33

Oracle Fusion Middleware和Oracle BI Publisher 输入验证错误漏洞

CNNVD-202207-1602

CVE-2022-21523

中危

https://www.oracle.com/security-alerts/cpujul2022.html

34

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1694

CVE-2022-21525

中危

https://www.oracle.com/security-alerts/cpujul2022.html

35

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1696

CVE-2022-21526

中危

https://www.oracle.com/security-alerts/cpujul2022.html

36

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1670

CVE-2022-21527

中危

https://www.oracle.com/security-alerts/cpujul2022.html

37

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1676

CVE-2022-21528

中危

https://www.oracle.com/security-alerts/cpujul2022.html

38

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1697

CVE-2022-21529

中危

https://www.oracle.com/security-alerts/cpujul2022.html

39

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1703

CVE-2022-21530

中危

https://www.oracle.com/security-alerts/cpujul2022.html

40

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1704

CVE-2022-21531

中危

https://www.oracle.com/security-alerts/cpujul2022.html

41

Oracle JD Edwards Products 输入验证错误漏洞

CNNVD-202207-1614

CVE-2022-21532

中危

https://www.oracle.com/security-alerts/cpujul2022.html

42

Oracle Solaris 安全漏洞

CNNVD-202207-1707

CVE-2022-21533

中危

https://www.oracle.com/security-alerts/cpujul2022.html

43

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1706

CVE-2022-21534

中危

https://www.oracle.com/security-alerts/cpujul2022.html

44

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1690

CVE-2022-21537

中危

https://www.oracle.com/security-alerts/cpujul2022.html

45

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1683

CVE-2022-21539

中危

https://www.oracle.com/security-alerts/cpujul2022.html

46

Oracle Java SE 输入验证错误漏洞

CNNVD-202207-1626

CVE-2022-21540

中危

https://www.oracle.com/security-alerts/cpujul2022.html

47

Oracle Java SE和Oracle GraalVM 输入验证错误漏洞

CNNVD-202207-1621

CVE-2022-21541

中危

https://www.oracle.com/security-alerts/cpujul2022.html

48

Oracle E-Business Suite 输入验证错误漏洞

CNNVD-202207-1577

CVE-2022-21545

中危

https://www.oracle.com/security-alerts/cpujul2022.html

49

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1693

CVE-2022-21547

中危

https://www.oracle.com/security-alerts/cpujul2022.html

50

Oracle Fusion Middleware和Oracle WebLogic Server 输入验证错误漏洞

CNNVD-202207-1604

CVE-2022-21548

中危

https://www.oracle.com/security-alerts/cpujul2022.html

51

Oracle Java SE 输入验证错误漏洞

CNNVD-202207-1624

CVE-2022-21549

中危

https://www.oracle.com/security-alerts/cpujul2022.html

52

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1709

CVE-2022-21550

中危

https://www.oracle.com/security-alerts/cpujul2022.html

53

Oracle GoldenGate 安全漏洞

CNNVD-202207-1710

CVE-2022-21551

中危

https://www.oracle.com/security-alerts/cpujul2022.html

54

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1705

CVE-2022-21553

中危

https://www.oracle.com/security-alerts/cpujul2022.html

55

Oracle Virtualization 安全漏洞

CNNVD-202207-1711

CVE-2022-21554

中危

https://www.oracle.com/security-alerts/cpujul2022.html

56

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1712

CVE-2022-21555

中危

https://www.oracle.com/security-alerts/cpujul2022.html

57

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1651

CVE-2022-21556

中危

58

Oracle Fusion Middleware和Oracle WebLogic Server 输入验证错误漏洞

CNNVD-202207-1605

CVE-2022-21557

中危

https://www.oracle.com/security-alerts/cpujul2022.html

59

Oracle Commerce 安全漏洞

CNNVD-202207-1716

CVE-2022-21559

中危

https://www.oracle.com/security-alerts/cpujul2022.html

60

Oracle Fusion Middleware和Oracle WebLogic Server 输入验证错误漏洞

CNNVD-202207-1608

CVE-2022-21560

中危

https://www.oracle.com/security-alerts/cpujul2022.html

61

Oracle JD Edwards Products 输入验证错误漏洞

CNNVD-202207-1628

CVE-2022-21561

中危

https://www.oracle.com/security-alerts/cpujul2022.html

62

Oracle Fusion Middleware和Oracle WebLogic Server 输入验证错误漏洞

CNNVD-202207-1606

CVE-2022-21564

中危

https://www.oracle.com/security-alerts/cpujul2022.html

63

Oracle Database Server 安全漏洞

CNNVD-202207-1719

CVE-2022-21565

中危

https://www.oracle.com/security-alerts/cpujul2022.html

64

Oracle E-Business Suite 输入验证错误漏洞

CNNVD-202207-1574

CVE-2022-21568

中危

https://www.oracle.com/security-alerts/cpujul2022.html

65

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1665

CVE-2022-21569

中危

https://www.oracle.com/security-alerts/cpujul2022.html

66

Oracle Communications Applications 安全漏洞

CNNVD-202207-1724

CVE-2022-21572

中危

https://www.oracle.com/security-alerts/cpujul2022.html

67

Oracle Communications Applications 安全漏洞

CNNVD-202207-1722

CVE-2022-21573

中危

https://www.oracle.com/security-alerts/cpujul2022.html

68

Oracle Communications Applications 安全漏洞

CNNVD-202207-1727

CVE-2022-21574

中危

https://www.oracle.com/security-alerts/cpujul2022.html

69

Oracle Fusion Middleware 输入验证错误漏洞

CNNVD-202207-1600

CVE-2022-21575

中危

https://www.oracle.com/security-alerts/cpujul2022.html

70

Oracle FLEXCUBE Universal Banking 输入验证错误漏洞

CNNVD-202207-1588

CVE-2022-21576

中危

https://www.oracle.com/security-alerts/cpujul2022.html

71

Oracle FLEXCUBE Universal Banking 输入验证错误漏洞

CNNVD-202207-1591

CVE-2022-21577

中危

https://www.oracle.com/security-alerts/cpujul2022.html

72

Oracle FLEXCUBE Universal Banking 输入验证错误漏洞

CNNVD-202207-1586

CVE-2022-21578

中危

https://www.oracle.com/security-alerts/cpujul2022.html

73

Oracle FLEXCUBE Universal Banking 输入验证错误漏洞

CNNVD-202207-1589

CVE-2022-21579

中危

https://www.oracle.com/security-alerts/cpujul2022.html

74

Oracle Financial Services Applications 输入验证错误漏洞

CNNVD-202207-1581

CVE-2022-21580

中危

https://www.oracle.com/security-alerts/cpujul2022.html

75

Oracle Financial Services Applications 输入验证错误漏洞

CNNVD-202207-1595

CVE-2022-21581

中危

https://www.oracle.com/security-alerts/cpujul2022.html

76

Oracle Financial Services Applications 输入验证错误漏洞

CNNVD-202207-1585

CVE-2022-21582

中危

https://www.oracle.com/security-alerts/cpujul2022.html

77

Oracle Financial Services Applications 输入验证错误漏洞

CNNVD-202207-1590

CVE-2022-21583

中危

https://www.oracle.com/security-alerts/cpujul2022.html

78

Oracle Financial Services Applications 输入验证错误漏洞

CNNVD-202207-1593

CVE-2022-21584

中危

https://www.oracle.com/security-alerts/cpujul2022.html

79

Oracle Financial Services Applications 输入验证错误漏洞

CNNVD-202207-1584

CVE-2022-21585

中危

https://www.oracle.com/security-alerts/cpujul2022.html

80

Oracle Financial Services Applications 输入验证错误漏洞

CNNVD-202207-1594

CVE-2022-21586

中危

https://www.oracle.com/security-alerts/cpujul2022.html

81

Oracle Database Server 安全漏洞

CNNVD-202207-1680

CVE-2022-21432

低危

https://www.oracle.com/security-alerts/cpujul2022.html

82

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1631

CVE-2022-21535

低危

https://www.oracle.com/security-alerts/cpujul2022.html

83

Oracle MySQL 输入验证错误漏洞

CNNVD-202207-1708

CVE-2022-21538

低危

https://www.oracle.com/security-alerts/cpujul2022.html

84

Oracle ZFS Storage Appliance 安全漏洞

CNNVD-202207-1718

CVE-2022-21563

低危

https://www.oracle.com/security-alerts/cpujul2022.html

此次更新共包括1个更新漏洞的补丁程序,其中高危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle Database Server 输入验证错误漏洞

CNNVD-202107-1424

CVE-2021-2351

高危

https://www.oracle.com/security-alerts/cpujul2021.html

此次更新共包括231个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞44个,高危漏洞113个,中危漏洞72个,低危漏洞2个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

厂商

官方链接

1

Pivotal Software Spring Data Commons和Spring Data REST 输入验证错误漏洞

CNNVD-201804-564

CVE-2018-1273

超危

Pivotal_software

https://pivotal.io/security/cve-2018-1273

2

Apache Cordova 跨站脚本漏洞

CNNVD-202001-439

CVE-2019-0219

超危

Apache基金会

https://www.apache.org/

3

Apache HTTP Server 资源管理错误漏洞

CNNVD-201908-1143

CVE-2019-10082

超危

apache

http://httpd.apache.org/security/vulnerabilities_24.html

4

Swagger UI 跨站请求伪造漏洞

CNNVD-201910-715

CVE-2019-17495

超危

个人开发者

https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11

5

Apache Log4j 代码问题漏洞

CNNVD-201912-950

CVE-2019-17571

超危

Apache基金会

https://www.apache.org/

6

Python 信任管理问题漏洞

CNNVD-201903-311

CVE-2019-9636

超危

redhat

https://bugs.python.org/issue36216

7

dom4j 代码问题漏洞

CNNVD-202004-1133

CVE-2020-10683

超危

个人开发者

https://github.com/dom4j/dom4j/commit/a822852

8

PyYAML 输入验证错误漏洞

CNNVD-202102-918

CVE-2020-14343

超危

个人开发者

https://bugzilla.redhat.com/show_bug.cgi?id=1860466

9

PyYAML 输入验证错误漏洞

CNNVD-202003-034

CVE-2020-1747

超危

Yaml

https://pyyaml.org/

10

Python 安全漏洞

CNNVD-202010-1189

CVE-2020-27619

超危

Python软件基金会

https://bugs.python.org/issue41944

11

Dell BSAFE 安全漏洞

CNNVD-202207-835

CVE-2020-29506

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

12

Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞

CNNVD-202207-837

CVE-2020-29507

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

13

Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞

CNNVD-202207-838

CVE-2020-29508

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

14

Dell BSAFE 安全特征问题漏洞

CNNVD-202207-834

CVE-2020-35163

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

15

Dell BSAFE 安全漏洞

CNNVD-202207-832

CVE-2020-35166

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

16

Dell BSAFE 安全漏洞

CNNVD-202207-831

CVE-2020-35167

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

17

Dell BSAFE 安全漏洞

CNNVD-202207-828

CVE-2020-35168

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

18

Dell BSAFE 输入验证错误漏洞

CNNVD-202207-830

CVE-2020-35169

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

19

node core 输入验证错误漏洞

CNNVD-202108-1142

CVE-2021-22931

超危

个人开发者

https://www.npmjs.com/package/node-core

20

dojo 安全漏洞

CNNVD-202112-1483

CVE-2021-23450

超危

个人开发者

https://github.com/dojo/dojo

21

Apache Xmlbeans 输入验证错误漏洞

CNNVD-202101-1146

CVE-2021-23926

超危

Apache基金会

https://issues.apache.org/jira/browse/XMLBEANS-517

22

Apache Maven 访问控制错误漏洞

CNNVD-202104-1824

CVE-2021-26291

超危

Apache基金会

https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E

23

Python 安全漏洞

CNNVD-202104-2308

CVE-2021-29921

超危

Python基金会

https://www.python.org/

24

Python 缓冲区错误漏洞

CNNVD-202101-1467

CVE-2021-3177

超危

Python基金会

https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html

25

Apache Struts 2 安全漏洞

CNNVD-202204-3223

CVE-2021-31805

超危

Apache基金会

https://cwiki.apache.org/confluence/display/WW/S2-062

26

netfilter 信息泄露漏洞

CNNVD-202202-1356

CVE-2021-3773

超危

netfilter

https://www.kernel.org/

27

Apache Shiro 授权问题漏洞

CNNVD-202109-1230

CVE-2021-41303

超危

Apache基金会

https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E

28

Sanitize 输入验证错误漏洞

CNNVD-202110-1259

CVE-2021-42575

超危

个人开发者

https://owasp.org/www-project-java-html-sanitizer/

29

Github liquibase 代码问题漏洞

CNNVD-202203-471

CVE-2022-0839

超危

个人开发者

https://github.com/liquibase/liquibase/commit/33d9d925082097fb1a3d2fc8e44423d964cd9381

30

vim 资源管理错误漏洞

CNNVD-202203-2537

CVE-2022-1154

超危

个人开发者

https://www.vim.org/

31

OpenSSL 操作系统命令注入漏洞

CNNVD-202205-1962

CVE-2022-1292

超危

Openssl团队

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2

32

Apache HTTP Server 环境问题漏洞

CNNVD-202203-1236

CVE-2022-22720

超危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

33

Apache HTTP Server 输入验证错误漏洞

CNNVD-202203-1299

CVE-2022-22721

超危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

34

VMware Spring Cloud Gateway 代码注入漏洞

CNNVD-202203-161

CVE-2022-22947

超危

VMware

https://tanzu.vmware.com/security/cve-2022-22947

35

Spring Framework 代码注入漏洞

CNNVD-202203-2641

CVE-2022-22963

超危

Spring社区

https://spring.io/projects/spring-cloud

36

Spring Framework 代码注入漏洞

CNNVD-202203-2514

CVE-2022-22965

超危

Spring团队

https://tanzu.vmware.com/security/cve-2022-22965

37

VMware Spring Security 授权问题漏洞

CNNVD-202205-3584

CVE-2022-22978

超危

VMware

https://tanzu.vmware.com/security/cve-2022-22978

38

glibc 安全漏洞

CNNVD-202201-1163

CVE-2022-23218

超危

个人开发者

https://sourceware.org/bugzilla/show_bug.cgi?id=28768

39

glibc 安全漏洞

CNNVD-202201-1164

CVE-2022-23219

超危

个人开发者

https://sourceware.org/bugzilla/show_bug.cgi?id=22542

40

Apache Log4j SQL注入漏洞

CNNVD-202201-1421

CVE-2022-23305

超危

Apache基金会

https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y

41

OWASP ESAPI 路径遍历漏洞

CNNVD-202204-4378

CVE-2022-23457

超危

个人开发者

https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2

42

Containous Traefik 信任管理问题漏洞

CNNVD-202202-1402

CVE-2022-23632

超危

Containous

https://github.com/traefik/traefik/pull/8764

43

Elliptic package 安全漏洞

CNNVD-202202-930

CVE-2022-23806

超危

个人开发者

https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ

44

Fastjson 代码问题漏洞

CNNVD-202206-1037

CVE-2022-25845

超危

阿里巴巴

https://github.com/alibaba/fastjson/wiki/security_update_20220523

45

Pivotal Spring Data Commons 安全漏洞

CNNVD-201805-403

CVE-2018-1259

高危

Xmlbeam

https://pivotal.io/security/cve-2018-1259

46

Spring Data Commons 安全漏洞

CNNVD-201804-842

CVE-2018-1274

高危

Pivotal_software

https://pivotal.io/security/cve-2018-1274

47

Python 信任管理问题漏洞

CNNVD-201810-457

CVE-2018-18074

高危

canonical

https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff

48

zlib 缓冲区错误漏洞

CNNVD-202203-2221

CVE-2018-25032

高危

个人开发者

https://z-lib.org/

49

Apache Axis 代码问题漏洞

CNNVD-201904-472

CVE-2019-0227

高危

apache

http://axis.apache.org/

50

Apache Commons Beanutils 代码问题漏洞

CNNVD-201908-1140

CVE-2019-10086

高危

debian

https://issues.apache.org/jira/browse/BEANUTILS-520

51

Python 路径遍历漏洞

CNNVD-202009-303

CVE-2019-20916

高危

Python软件基金会

https://github.com/pypa/pip/issues/6413

52

Apache Batik 代码问题漏洞

CNNVD-202102-1586

CVE-2020-11987

高危

Apache基金会

https://xmlgraphics.apache.org/security.html

53

Linux kernel 输入验证错误漏洞

CNNVD-202006-740

CVE-2020-13974

高危

Linux基金会

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae

54

Fasterxml Jackson 代码问题漏洞

CNNVD-202010-622

CVE-2020-25649

高危

Fasterxml

https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59

55

Dell BSAFE Micro Edition Suite 信任管理问题漏洞

CNNVD-202206-119

CVE-2020-26184

高危

Dell

https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en

56

Dell BSAFE Micro Edition Suite 缓冲区错误漏洞

CNNVD-202206-118

CVE-2020-26185

高危

Dell

https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en

57

Bouncy Castle BC 安全漏洞

CNNVD-202012-1340

CVE-2020-28052

高危

Bouncy Castle

https://www.bouncycastle.org/releasenotes.html

58

FasterXML Jackson 资源管理错误漏洞

CNNVD-202102-1356

CVE-2020-28491

高危

Fasterxml

https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6

59

Odoo 安全漏洞

CNNVD-202012-1476

CVE-2020-29396

高危

Odoo

https://github.com/odoo/odoo/issues/63712

60

Dell BSAFE Micro Edition Suite和Dell BSAFE 安全特征问题漏洞

CNNVD-202207-836

CVE-2020-29505

高危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

61

Pytest 安全漏洞

CNNVD-202012-785

CVE-2020-29651

高危

Pytest团队

https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144

62

Dell BSAFE 安全漏洞

CNNVD-202207-833

CVE-2020-35164

高危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

63

FasterXML jackson-databind 代码问题漏洞

CNNVD-202012-1285

CVE-2020-35490

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2986

64

FasterXML jackson-databind 代码问题漏洞

CNNVD-202012-1270

CVE-2020-35491

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2986

65

FasterXML jackson-databind 代码问题漏洞

CNNVD-202012-1602

CVE-2020-35728

高危

个人开发者

https://github.com/FasterXML/jackson-databind/issues/2999

66

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-327

CVE-2020-36179

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3004

67

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-326

CVE-2020-36180

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3004

68

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-330

CVE-2020-36181

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3004

69

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-325

CVE-2020-36182

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3004

70

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-371

CVE-2020-36183

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3003

71

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-344

CVE-2020-36184

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2998

72

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-337

CVE-2020-36185

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2998

73

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-333

CVE-2020-36186

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2997

74

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-331

CVE-2020-36187

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2997

75

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-355

CVE-2020-36188

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2996

76

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-329

CVE-2020-36189

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2996

77

FasterXML jackson-databind 缓冲区错误漏洞

CNNVD-202203-1165

CVE-2020-36518

高危

个人开发者

https://github.com/FasterXML/jackson-databind/issues/2816

78

dojo 代码注入漏洞

CNNVD-202003-462

CVE-2020-5258

高危

个人开发者

https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2

79

Vmware Spring Framework 跨站脚本漏洞

CNNVD-202001-839

CVE-2020-5398

高危

Vmware

https://spring.io/

80

joyent json 操作系统命令注入漏洞

CNNVD-202008-1430

CVE-2020-7712

高危

个人开发者

https://snyk.io/vuln/SNYK-JS-JSON-597481

81

Apache Tomcat 代码问题漏洞

CNNVD-202005-1078

CVE-2020-9484

高危

Apache基金会

https://tomcat.apache.org/security.html

82

Apache Hadoop 安全漏洞

CNNVD-202101-2280

CVE-2020-9492

高危

Apache基金会

https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E

83

Linux kernel 安全特征问题漏洞

CNNVD-202111-2081

CVE-2021-20322

高危

Linux基金会

https://access.redhat.com/security/cve/cve-2021-20322。

84

Vmware Spring Framework 权限许可和访问控制问题漏洞

CNNVD-202105-1663

CVE-2021-22118

高危

Vmware

https://github.com/spring-projects/spring-framework

85

VMware Spring Security 安全漏洞

CNNVD-202106-1916

CVE-2021-22119

高危

Vmware

https://tanzu.vmware.com/security/cve-2021-22119

86

node core 资源管理错误漏洞

CNNVD-202108-1099

CVE-2021-22940

高危

个人开发者

https://vigilance.fr/vulnerability/Node-Core-three-vulnerabilities-36118

87

HAXX Haxx libcurl 安全漏洞

CNNVD-202109-997

CVE-2021-22946

高危

Haxx

https://curl.se/docs/CVE-2021-22946.html

88

lodash 命令注入漏洞

CNNVD-202102-1137

CVE-2021-23337

高危

个人开发者

https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932

89

Linux kernel 命令注入漏洞

CNNVD-202104-471

CVE-2021-29154

高危

Linux基金会

https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098

90

XStream 代码问题漏洞

CNNVD-202105-1981

CVE-2021-29505

高危

XStream团队

https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc

91

Github json-smart-v1 缓冲区错误漏洞

CNNVD-202106-103

CVE-2021-31684

高危

个人开发者

https://github.com/netplex

92

Libgcrypt 安全漏洞

CNNVD-202106-573

CVE-2021-33560

高危

GNU计划

https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61

93

JDOM 代码问题漏洞

CNNVD-202106-1323

CVE-2021-33813

高危

个人开发者

https://github.com/hunterhacker/jdom。

94

OpenSSL 信任管理问题漏洞

CNNVD-202103-1456

CVE-2021-3450

高危

Openssl团队

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd

95

Apache Commons Compress 安全漏洞

CNNVD-202107-896

CVE-2021-35515

高危

Apache基金会

https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E

96

Apache Commons Compress 安全漏洞

CNNVD-202107-897

CVE-2021-35516

高危

Apache基金会

https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E

97

Apache Commons Compress 安全漏洞

CNNVD-202107-898

CVE-2021-35517

高危

Apache基金会

https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E

98

Apache Portable Runtime 缓冲区错误漏洞

CNNVD-202108-1852

CVE-2021-35940

高危

Apache基金会

https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E

99

Apache Commons Compress 安全漏洞

CNNVD-202107-899

CVE-2021-36090

高危

Apache基金会

https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E

100

Linux kernel 缓冲区错误漏洞

CNNVD-202106-1443

CVE-2021-3612

高危

Linux基金会

https://www.linuxkernelcves.com/

101

Netty 资源管理错误漏洞

CNNVD-202110-1442

CVE-2021-37136

高危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv

102

Netty 资源管理错误漏洞

CNNVD-202110-1441

CVE-2021-37137

高危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363

103

SUSE Linux Enterprise Server 代码问题漏洞

CNNVD-202109-1140

CVE-2021-3737

高危

SUSE

https://www.python.org/downloads/

104

Linux kernel 缓冲区错误漏洞

CNNVD-202108-2658

CVE-2021-3743

高危

Linux基金会

https://vigilance.fr/vulnerability/Linux-kernel-out-of-bounds-memory-reading-via-qrtr-endpoint-post-36254

105

Axios 资源管理错误漏洞

CNNVD-202108-2780

CVE-2021-3749

高危

个人开发者

https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31

106

Linux kernel 资源管理错误漏洞

CNNVD-202109-996

CVE-2021-3752

高危

Linux基金会

https://access.redhat.com/security/cve/cve-2021-3752

107

Github jsoup 安全漏洞

CNNVD-202108-1636

CVE-2021-37714

高危

个人开发者

https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c

108

Apache Spark 加密问题漏洞

CNNVD-202203-838

CVE-2021-38296

高危

Apache基金会

https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd

109

GNU C Library 代码问题漏洞

CNNVD-202108-1172

CVE-2021-38604

高危

个人开发者

https://sourceware.org/bugzilla/show_bug.cgi?id=28213

110

XStream 代码问题漏洞

CNNVD-202108-1885

CVE-2021-39139

高危

XStream团队

https://x-stream.github.io/CVE-2021-39139.html

111

XStream 代码问题漏洞

CNNVD-202108-1887

CVE-2021-39141

高危

XStream团队

https://x-stream.github.io/CVE-2021-39141.html

112

XStream 代码问题漏洞

CNNVD-202108-1890

CVE-2021-39144

高危

XStream团队

https://x-stream.github.io/CVE-2021-39144.html

113

XStream 代码问题漏洞

CNNVD-202108-1886

CVE-2021-39145

高危

XStream团队

https://x-stream.github.io/CVE-2021-39145.html

114

XStream 代码问题漏洞

CNNVD-202108-1895

CVE-2021-39146

高危

XStream团队

https://x-stream.github.io/CVE-2021-39146.html

115

XStream 代码问题漏洞

CNNVD-202108-1888

CVE-2021-39147

高危

XStream团队

https://x-stream.github.io/CVE-2021-39147.html

116

XStream 代码问题漏洞

CNNVD-202108-1894

CVE-2021-39148

高危

XStream团队

https://x-stream.github.io/CVE-2021-39148.html

117

XStream 代码问题漏洞

CNNVD-202108-1898

CVE-2021-39149

高危

XStream团队

https://x-stream.github.io/CVE-2021-39149.html

118

XStream 代码问题漏洞

CNNVD-202108-1901

CVE-2021-39150

高危

XStream团队

https://x-stream.github.io/CVE-2021-39150.html

119

XStream 代码问题漏洞

CNNVD-202108-1896

CVE-2021-39151

高危

XStream团队

https://x-stream.github.io/CVE-2021-39151.html

120

XStream 代码问题漏洞

CNNVD-202108-1902

CVE-2021-39152

高危

XStream团队

https://x-stream.github.io/CVE-2021-39152.html

121

XStream 代码问题漏洞

CNNVD-202108-1897

CVE-2021-39153

高危

XStream团队

https://x-stream.github.io/CVE-2021-39153.html

122

XStream 代码问题漏洞

CNNVD-202108-1899

CVE-2021-39154

高危

XStream团队

https://x-stream.github.io/CVE-2021-39154.html

123

Apache Santuario 信息泄露漏洞

CNNVD-202109-1259

CVE-2021-40690

高危

Apache基金会

https://santuario.apache.org/javaindex.html

124

Linux kernel 资源管理错误漏洞

CNNVD-202201-468

CVE-2021-4083

高危

Linux基金会

https://access.redhat.com/security/cve/cve-2021-4083

125

Apache Log4j 代码问题漏洞

CNNVD-202112-1011

CVE-2021-4104

高危

Apache基金会

https://logging.apache.org/log4j/2.x/security.html

126

NumPy 代码问题漏洞

CNNVD-202112-1488

CVE-2021-41495

高危

个人开发者

https://github.com/numpy/numpy

127

Linux kernel缓冲区错误漏洞

CNNVD-202203-2249

CVE-2021-4157

高危

Linux基金会

https://bugzilla.redhat.com/show_bug.cgi?id=2034342

128

OpenSSH 安全漏洞

CNNVD-202109-1695

CVE-2021-41617

高危

个人开发者

暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:https://www.openssh.com/security.html

129

Google Go 缓冲区错误漏洞

CNNVD-202111-671

CVE-2021-41771

高危

Google

https://groups.google.com/g/golang-announce/c/0fM21h43arc

130

Golang 输入验证错误漏洞

CNNVD-202111-673

CVE-2021-41772

高危

Google

https://groups.google.com/g/golang-announce/c/0fM21h43arc

131

Linux kernel 授权问题漏洞

CNNVD-202201-1396

CVE-2021-4197

高危

Linux基金会

https://vigilance.fr/vulnerability/Linux-kernel-privilege-escalation-via-Cgroup-Fd-Writing-37262

132

Apache Tomcat 资源管理错误漏洞

CNNVD-202110-1057

CVE-2021-42340

高危

Apache基金会

https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E

133

GNU C Library 安全漏洞

CNNVD-202111-457

CVE-2021-43396

高危

个人开发者

https://sourceware.org/bugzilla/show_bug.cgi?id=28524

134

lxml 注入漏洞

CNNVD-202112-1050

CVE-2021-43818

高危

个人开发者

https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8

135

XStream 资源管理错误漏洞

CNNVD-202201-2709

CVE-2021-43859

高危

XStream

https://x-stream.github.io/CVE-2021-43859.html

136

nodejs 信任管理问题漏洞

CNNVD-202201-727

CVE-2021-44531

高危

个人开发者

https://nodejs.org/en/

137

Linux kernel加密问题漏洞

CNNVD-202112-2265

CVE-2021-45485

高危

Linux基金会

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99

138

OpenSSL 安全漏洞

CNNVD-202203-1394

CVE-2022-0778

高危

Openssl团队

https://www.openssl.org/news/secadv/20220315.txt

139

Linux kernel 资源管理错误漏洞

CNNVD-202203-1821

CVE-2022-1011

高危

Linux基金会

https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next

140

GNU Gzip 输入验证错误漏洞

CNNVD-202204-2632

CVE-2022-1271

高危

GNU社区

http://savannah.gnu.org/forum/forum.php?forum_id=10157

141

nodejs 代码注入漏洞

CNNVD-202201-726

CVE-2022-21824

高危

个人开发者

https://nodejs.org/en/

142

Apache Tomcat 权限许可和访问控制问题漏洞

CNNVD-202201-2423

CVE-2022-23181

高危

Apache基金会

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.75

143

Apache Log4j 代码问题漏洞

CNNVD-202201-1420

CVE-2022-23302

高危

Apache基金会

https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w

144

Apache log4j 代码问题漏洞

CNNVD-202201-1425

CVE-2022-23307

高危

Apache基金会

https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh

145

libxml2 资源管理错误漏洞

CNNVD-202202-1722

CVE-2022-23308

高危

个人开发者

https://vigilance.fr/vulnerability/libxml2-five-vulnerabilities-37614

146

Google Golang 输入验证错误漏洞

CNNVD-202202-928

CVE-2022-23772

高危

Google

https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ

147

cmd/go 安全漏洞

CNNVD-202202-929

CVE-2022-23773

高危

Google

https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ

148

Cyrus Sasl SQL注入漏洞

CNNVD-202202-1766

CVE-2022-24407

高危

The Cyrus Team团队

https://ubuntu.com/security/notices/USN-5301-1

149

CKEditor 安全漏洞

CNNVD-202203-1545

CVE-2022-24729

高危

个人开发者

https://ckeditor.com/cke4/release/CKEditor-4.18

150

Redis Labs Redis 代码注入漏洞

CNNVD-202204-4527

CVE-2022-24735

高危

Redis Labs

https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq

151

Twisted 环境问题漏洞

CNNVD-202204-1931

CVE-2022-24801

高危

个人开发者

https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac

152

nekohtml资源管理错误漏洞

CNNVD-202204-2918

CVE-2022-24839

高危

个人开发者

https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d

153

Linux kernel 安全漏洞

CNNVD-202202-1743

CVE-2022-25636

高危

Linux基金会

https://access.redhat.com/security/cve/cve-2022-25636

154

gson 代码问题漏洞

CNNVD-202205-1791

CVE-2022-25647

高危

个人开发者

https://github.com/google/gson/pull/1991/files

155

Apache Tomcat 代码问题漏洞

CNNVD-202205-3290

CVE-2022-25762

高危

Apache基金会

https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c

156

curl 安全漏洞

CNNVD-202205-3032

CVE-2022-27778

高危

个人开发者

https://curl.se/docs/CVE-2022-27778.html

157

Apache Tomcat 代码问题漏洞

CNNVD-202205-2969

CVE-2022-29885

高危

Apache基金会

https://blogs.apache.org/tomcat/

158

Apache Axis 跨站脚本漏洞

CNNVD-201808-082

CVE-2018-8032

中危

apache

https://issues.apache.org/jira/browse/AXIS-2924

159

Apache HTTP Server 资源管理错误漏洞

CNNVD-201904-043

CVE-2019-0220

中危

opensuse

https://httpd.apache.org/security/vulnerabilities_24.html

160

Python 注入漏洞

CNNVD-201903-484

CVE-2019-9740

中危

python

https://www.python.org/

161

Google Android 代码问题漏洞

CNNVD-202009-550

CVE-2020-0404

中危

Google

https://source.android.com/security/bulletin/2020-09-01

162

jQuery 跨站脚本漏洞

CNNVD-202004-2429

CVE-2020-11022

中危

个人开发者

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

163

jQuery 跨站脚本漏洞

CNNVD-202004-2420

CVE-2020-11023

中危

个人开发者

https://jquery.com/upgrade-guide/3.5/

164

Apache Groovy 安全漏洞

CNNVD-202012-422

CVE-2020-17521

中危

Apache基金会

https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel

165

Apache HTTP Server 输入验证错误漏洞

CNNVD-202004-060

CVE-2020-1927

中危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

166

urllib3 注入漏洞

CNNVD-202009-1751

CVE-2020-26137

中危

个人开发者

https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

167

Highlightjs 安全漏洞

CNNVD-202011-1841

CVE-2020-26237

中危

Highlightjs

https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0

168

Linux kernel 资源管理错误漏洞

CNNVD-202111-346

CVE-2020-27820

中危

Linux基金会

https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/。

169

lodash 安全漏洞

CNNVD-202102-1168

CVE-2020-28500

中危

个人开发者

https://github.com/lodash/lodash/pull/5065

170

IBM i 安全漏洞

CNNVD-202011-1710

CVE-2020-4788

中危

IBM

https://www.ibm.com/support/pages/node/6370729

171

Pivotal Software Spring Framework 跨站请求伪造漏洞

CNNVD-202001-841

CVE-2020-5397

中危

Pivotal Software

https://spring.io/

172

jQuery 跨站脚本漏洞

CNNVD-202005-968

CVE-2020-7656

中危

个人开发者

https://jquery.com/

173

node core 信任管理问题漏洞

CNNVD-202108-1119

CVE-2021-22939

中危

个人开发者

https://vigilance.fr/vulnerability/Node-Core-three-vulnerabilities-36118

174

Migration Toolkit For Containers 数据伪造问题漏洞

CNNVD-202109-999

CVE-2021-22947

中危

Red Hat

https://access.redhat.com/security/cve/cve-2021-22947

175

Apache Commons IO 路径遍历漏洞

CNNVD-202104-702

CVE-2021-29425

中危

Apache基金会

https://issues.apache.org/jira/browse/IO-556

176

Apache MINA 安全漏洞

CNNVD-202107-630

CVE-2021-30129

中危

Apache基金会

https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E

177

Apache PDFBox 安全漏洞

CNNVD-202106-1201

CVE-2021-31811

中危

Apache基金会

https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f71402809baa81548fc20e%40%3Cusers.pdfbox.apache.org%3E

178

Apache PDFBox 安全漏洞

CNNVD-202106-1200

CVE-2021-31812

中危

Apache基金会

https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E

179

NumPy 安全漏洞

CNNVD-202112-1481

CVE-2021-34141

中危

个人开发者

https://github.com/numpy/numpy/pull/19539

180

Eclipse Jetty 信息泄露漏洞

CNNVD-202107-1094

CVE-2021-34429

中危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm

181

OpenSSL 代码问题漏洞

CNNVD-202103-1458

CVE-2021-3449

中危

Openssl团队

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd

182

OWASP AntiSamy 跨站脚本漏洞

CNNVD-202107-1281

CVE-2021-35043

中危

OWASP基金会

https://owasp.org/

183

pip 输入验证错误漏洞

CNNVD-202107-978

CVE-2021-3572

中危

python软件基金会

https://www.auscert.org.au/bulletins/ESB-2021.2367

184

Apache Ant 安全漏洞

CNNVD-202107-983

CVE-2021-36373

中危

Apache基金会

https://ant.apache.org/

185

Apache Ant 安全漏洞

CNNVD-202107-984

CVE-2021-36374

中危

Apache基金会

https://ant.apache.org/

186

libcares2 跨站脚本漏洞

CNNVD-202108-883

CVE-2021-3672

中危

openSUSE项目

https://www.suse.com/support/update/announcement/2021/suse-su-202114776-1/

187

Linux kernel 资源管理错误漏洞

CNNVD-202107-1632

CVE-2021-37159

中危

Linux基金会

暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:https://www.spinics.net/lists/linux-usb/msg202228.html

188

Linux kernel 安全漏洞

CNNVD-202109-1000

CVE-2021-3744

中危

Linux基金会

https://vigilance.fr/vulnerability/Linux-kernel-memory-leak-via-ccp-run-aes-gcm-cmd-36416

189

Linux kernel 安全漏洞

CNNVD-202109-438

CVE-2021-3772

中危

Linux基金会

https://bugzilla.redhat.com/show_bug.cgi?id=2000694

190

MIT Kerberos 代码问题漏洞

CNNVD-202108-1847

CVE-2021-37750

中危

MIT

https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49

191

Apache Kafka 安全漏洞

CNNVD-202109-1476

CVE-2021-38153

中危

Apache基金会

https://kafka.apache.org/cve-list

192

XStream 安全漏洞

CNNVD-202108-1900

CVE-2021-39140

中危

XStream团队

https://x-stream.github.io/CVE-2021-39140.html

193

Linux kernel 安全漏洞

CNNVD-202111-2102

CVE-2021-4002

中危

Linux基金会

https://bugzilla.redhat.com/show_bug.cgi?id=2025726

194

polkit 资源管理错误漏洞

CNNVD-202202-1202

CVE-2021-4115

中危

个人开发者

https://access.redhat.com/security/cve/cve-2021-4115

195

jQuery 跨站脚本漏洞

CNNVD-202110-1843

CVE-2021-41182

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc

196

jQuery 跨站脚本漏洞

CNNVD-202110-1839

CVE-2021-41183

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4

197

Openjs Jquery Ui 跨站脚本漏洞

CNNVD-202110-1845

CVE-2021-41184

中危

Openjs基金会

https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327

198

NumPy 安全漏洞

CNNVD-202112-1484

CVE-2021-41496

中危

个人开发者

https://github.com/numpy/numpy

199

OpenSSL 加密问题漏洞

CNNVD-202201-2650

CVE-2021-4160

中危

Openssl团队

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f

200

Linux kernel 资源管理错误漏洞

CNNVD-202203-835

CVE-2021-4203

中危

Linux基金会

https://lists.debian.org/debian-security-announce/2022/msg00063.html

201

Linux kernel 缓冲区错误漏洞

CNNVD-202110-1485

CVE-2021-42739

中危

Linux基金会

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e。

202

Linux kernel 缓冲区错误漏洞

CNNVD-202111-454

CVE-2021-43389

中危

Linux基金会

https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/。

203

Netty 环境问题漏洞

CNNVD-202112-767

CVE-2021-43797

中危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq

204

Linux kernel 安全漏洞

CNNVD-202111-1544

CVE-2021-43976

中危

Linux基金会

https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/

205

nodejs 信任管理问题漏洞

CNNVD-202201-728

CVE-2021-44532

中危

个人开发者

https://nodejs.org/en/

206

nodejs 信任管理问题漏洞

CNNVD-202201-725

CVE-2021-44533

中危

个人开发者

https://nodejs.org/en/

207

Apache Log4j 注入漏洞

CNNVD-202112-2743

CVE-2021-44832

中危

Apache基金会

https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf

208

GDAL 缓冲区错误漏洞

CNNVD-202201-031

CVE-2021-45943

中危

个人开发者

https://github.com/OSGeo/gdal/

209

AMD Processors 信息泄露漏洞

CNNVD-202203-688

CVE-2022-0001

中危

AMD

https://ubuntu.com/security/notices/USN-5317-1

210

AMD Processors 信息泄露漏洞

CNNVD-202203-690

CVE-2022-0002

中危

AMD

https://ubuntu.com/security/notices/USN-5317-1

211

Linux kernel 代码问题漏洞

CNNVD-202201-2722

CVE-2022-0286

中危

Linux基金会

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=105cd17a866017b45f3c45901b394c711c97bf40

212

Linux kernel 代码问题漏洞

CNNVD-202201-2313

CVE-2022-0322

中危

Linux基金会

https://vigilance.fr/vulnerability/Linux-kernel-assertion-error-via-sctp-make-strreset-req-37380

213

Vmware VMware Spring Cloud Gateway 信任管理问题漏洞

CNNVD-202203-158

CVE-2022-22946

中危

VMware

http://tanzu.vmware.com/security/cve-2022-22947

214

Vmware Spring Framework 安全特征问题漏洞

CNNVD-202204-3302

CVE-2022-22968

中危

VMware

https://tanzu.vmware.com/security/cve-2022-22968

215

Pivotal Spring Security OAuth 资源管理错误漏洞

CNNVD-202204-3951

CVE-2022-22969

中危

Pivotal

https://tanzu.vmware.com/security/cve-2022-22969

216

Spring Framework 输入验证错误漏洞

CNNVD-202205-2988

CVE-2022-22970

中危

Spring团队

https://spring.io/projects/spring-framework

217

Spring Framework 输入验证错误漏洞

CNNVD-202205-2980

CVE-2022-22971

中危

Spring团队

https://spring.io/projects/spring-framework

218

Spring Framework 输入验证错误漏洞

CNNVD-202205-3586

CVE-2022-22976

中危

Spring团队

https://tanzu.vmware.com/security/cve-2022-22976

219

Xerces 安全漏洞

CNNVD-202201-2238

CVE-2022-23437

中危

Apache基金会

https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl

220

JetBrains Kotlin 安全特征问题漏洞

CNNVD-202202-606

CVE-2022-24329

中危

JetBrains

http://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021

221

CKEditor 跨站脚本漏洞

CNNVD-202203-1546

CVE-2022-24728

中危

个人开发者

https://ckeditor.com/cke4/release/CKEditor-4.18

222

Redis Labs Redis 代码问题漏洞

CNNVD-202204-4526

CVE-2022-24736

中危

Redis Labs

https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984

223

Netty 安全漏洞

CNNVD-202205-2566

CVE-2022-24823

中危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2

224

OWASP ESAPI 跨站脚本漏洞

CNNVD-202204-4523

CVE-2022-24891

中危

个人开发者

https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q

225

Apache Tika 资源管理错误漏洞

CNNVD-202205-3505

CVE-2022-25169

中危

Apache基金会

https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk

226

OWASP AntiSamy 跨站脚本漏洞

CNNVD-202204-4024

CVE-2022-29577

中危

Owasp基金会

https://github.com/nahsra/antisamy/releases/tag/v1.6.7

227

libxslt和libxml2 输入验证错误漏洞

CNNVD-202205-1926

CVE-2022-29824

中危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab

228

Apache Tika 安全漏洞

CNNVD-202205-3498

CVE-2022-30126

中危

Apache基金会

https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4

229

Apache Xalan 输入验证错误漏洞

CNNVD-202207-1617

CVE-2022-34169

中危

Apache

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

230

Linux kernel安全漏洞

CNNVD-202106-1736

CVE-2021-21781

低危

Linux基金会

https://www.cybersecurity-help.cz/vdb/SB2021062704

231

Linux kernel 加密问题漏洞

CNNVD-202112-2270

CVE-2021-45486

低危

Linux基金会

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba

三、修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:

https://www.oracle.com/security-alerts/cpujul2022.html

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。