近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞85个,影响到Oracle产品的其他厂商漏洞221个。包括Oracle E-Business Suite 安全漏洞(CNNVD-202210-1279、CVE-2022-21587)、Oracle E-Business Suite 安全漏洞(CNNVD-202210-1220、CVE-2022-39428)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2022年10月18日,Oracle发布了2022年10月份安全更新,共306个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Enterprise Manager Base Platform 、Oracle Fusion Middleware和Oracle WebLogic Server、Oracle Siebel CRM、Oracle HTTP Server、Oracle PeopleSoft Enterprise Common Components等。CNNVD对其危害等级进行了评价,其中超危漏洞58个,高危漏洞113个,中危漏洞126个,低危漏洞9个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问
https://www.oracle.com/security-alerts/cpuoct2022.html查询。
二、漏洞详情
此次更新共包括79个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞22个,中危漏洞49个,低危漏洞6个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle E-Business Suite 安全漏洞 | CNNVD-202210-1279 | CVE-2022-21587 | 超危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
2 | Oracle E-Business Suite 安全漏洞 | CNNVD-202210-1220 | CVE-2022-39428 | 超危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
3 | Oracle BI Publisher 安全漏洞 | CNNVD-202210-1287 | CVE-2022-21590 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
4 | Oracle HTTP Server 安全漏洞 | CNNVD-202210-1291 | CVE-2022-21593 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
5 | Oracle Database Server 安全漏洞 | CNNVD-202210-1293 | CVE-2022-21596 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
6 | Oracle Siebel CRM 安全漏洞 | CNNVD-202210-1298 | CVE-2022-21598 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
7 | Oracle MySQL 安全漏洞 | CNNVD-202210-1304 | CVE-2022-21600 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
8 | Oracle Database Server 安全漏洞 | CNNVD-202210-1307 | CVE-2022-21603 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
9 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202210-1312 | CVE-2022-21612 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
10 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202210-1308 | CVE-2022-21613 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
11 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202210-1305 | CVE-2022-21614 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
12 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202210-1300 | CVE-2022-21615 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
13 | Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 | CNNVD-202210-1281 | CVE-2022-21620 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
14 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202210-1277 | CVE-2022-21622 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
15 | Oracle Enterprise Manager Base Platform 安全漏洞 | CNNVD-202210-1276 | CVE-2022-21623 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
16 | Oracle Java SE和Oracle GraalVM 安全漏洞 | CNNVD-202210-1258 | CVE-2022-21634 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
17 | Oracle PeopleSoft Enterprise Common Components 安全漏洞 | CNNVD-202210-1237 | CVE-2022-39406 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
18 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202210-1231 | CVE-2022-39412 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
19 | Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 | CNNVD-202210-1227 | CVE-2022-39421 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
20 | Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 | CNNVD-202210-1226 | CVE-2022-39422 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
21 | Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 | CNNVD-202210-1224 | CVE-2022-39424 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
22 | Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 | CNNVD-202210-1223 | CVE-2022-39425 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
23 | Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 | CNNVD-202210-1222 | CVE-2022-39426 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
24 | Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 | CNNVD-202210-1221 | CVE-2022-39427 | 高危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
25 | Oracle MySQL 安全漏洞 | CNNVD-202210-1284 | CVE-2022-21589 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
26 | Oracle Transportation Management 安全漏洞 | CNNVD-202210-1285 | CVE-2022-21591 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
27 | Oracle MySQL 安全漏洞 | CNNVD-202210-1289 | CVE-2022-21592 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
28 | Oracle MySQL 安全漏洞 | CNNVD-202210-1290 | CVE-2022-21594 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
29 | Oracle MySQL 安全漏洞 | CNNVD-202210-1294 | CVE-2022-21595 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
30 | Oracle GraalVM 安全漏洞 | CNNVD-202210-1296 | CVE-2022-21597 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
31 | Oracle MySQL 安全漏洞 | CNNVD-202210-1297 | CVE-2022-21599 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
32 | Oracle Communications Billing and Revenue Management 安全漏洞 | CNNVD-202210-1306 | CVE-2022-21601 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
33 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202210-1303 | CVE-2022-21602 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
34 | Oracle MySQL 安全漏洞 | CNNVD-202210-1309 | CVE-2022-21604 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
35 | Oracle MySQL 安全漏洞 | CNNVD-202210-1311 | CVE-2022-21605 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
36 | Oracle Database Server 安全漏洞 | CNNVD-202210-1313 | CVE-2022-21606 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
37 | Oracle MySQL 安全漏洞 | CNNVD-202210-1310 | CVE-2022-21607 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
38 | Oracle MySQL 安全漏洞 | CNNVD-202210-1316 | CVE-2022-21608 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
39 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202210-1314 | CVE-2022-21609 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
40 | Oracle MySQL 安全漏洞 | CNNVD-202210-1315 | CVE-2022-21611 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
41 | Oracle Fusion Middleware和Oracle WebLogic Server 安全漏洞 | CNNVD-202210-1295 | CVE-2022-21616 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
42 | Oracle MySQL 安全漏洞 | CNNVD-202210-1292 | CVE-2022-21617 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
43 | Oracle Java SE和Oracle GraalVM 安全漏洞 | CNNVD-202210-1288 | CVE-2022-21618 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
44 | Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 | CNNVD-202210-1278 | CVE-2022-21621 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
45 | Oracle MySQL 安全漏洞 | CNNVD-202210-1275 | CVE-2022-21625 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
46 | Oracle Java SE 安全漏洞 | CNNVD-202210-1271 | CVE-2022-21626 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
47 | Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 | CNNVD-202210-1269 | CVE-2022-21627 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
48 | Oracle Java SE和Oracle GraalVM 安全漏洞 | CNNVD-202210-1267 | CVE-2022-21628 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
49 | Oracle JD Edwards EnterpriseOne Tools 安全漏洞 | CNNVD-202210-1265 | CVE-2022-21629 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
50 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202210-1264 | CVE-2022-21630 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
51 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202210-1262 | CVE-2022-21631 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
52 | Oracle MySQL 安全漏洞 | CNNVD-202210-1261 | CVE-2022-21632 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
53 | Oracle MySQL 安全漏洞 | CNNVD-202210-1259 | CVE-2022-21633 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
54 | Oracle MySQL 安全漏洞 | CNNVD-202210-1257 | CVE-2022-21635 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
55 | Oracle Applications Framework 安全漏洞 | CNNVD-202210-1254 | CVE-2022-21636 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
56 | Oracle MySQL 安全漏洞 | CNNVD-202210-1255 | CVE-2022-21637 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
57 | Oracle MySQL 安全漏洞 | CNNVD-202210-1253 | CVE-2022-21638 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
58 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202210-1252 | CVE-2022-21639 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
59 | Oracle MySQL 安全漏洞 | CNNVD-202210-1250 | CVE-2022-21640 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
60 | Oracle MySQL 安全漏洞 | CNNVD-202210-1251 | CVE-2022-21641 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
61 | Oracle MySQL 安全漏洞 | CNNVD-202210-1248 | CVE-2022-39400 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
62 | Oracle Solaris 安全漏洞 | CNNVD-202210-1247 | CVE-2022-39401 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
63 | Oracle MySQL 安全漏洞 | CNNVD-202210-1242 | CVE-2022-39402 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
64 | Oracle MySQL 安全漏洞 | CNNVD-202210-1240 | CVE-2022-39404 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
65 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202210-1238 | CVE-2022-39405 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
66 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202210-1236 | CVE-2022-39407 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
67 | Oracle MySQL 安全漏洞 | CNNVD-202210-1235 | CVE-2022-39408 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
68 | Oracle MySQL 安全漏洞 | CNNVD-202210-1233 | CVE-2022-39410 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
69 | Oracle Transportation Management 安全漏洞 | CNNVD-202210-1232 | CVE-2022-39411 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
70 | Oracle Solaris 安全漏洞 | CNNVD-202210-1230 | CVE-2022-39417 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
71 | Oracle Database Server 安全漏洞 | CNNVD-202210-1229 | CVE-2022-39419 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
72 | Oracle Transportation Management 安全漏洞 | CNNVD-202210-1228 | CVE-2022-39420 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
73 | Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 | CNNVD-202210-1225 | CVE-2022-39423 | 中危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
74 | Oracle Solaris 安全漏洞 | CNNVD-202210-1317 | CVE-2022-21610 | 低危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
75 | Oracle Java SE 安全漏洞 | CNNVD-202210-1286 | CVE-2022-21619 | 低危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
76 | Oracle Java SE和Oracle GraalVM 安全漏洞 | CNNVD-202210-1274 | CVE-2022-21624 | 低危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
77 | Oracle Java SE和Oracle GraalVM 安全漏洞 | CNNVD-202210-1249 | CVE-2022-39399 | 低危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
78 | Oracle MySQL 安全漏洞 | CNNVD-202210-1241 | CVE-2022-39403 | 低危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
79 | Oracle Transportation Management 安全漏洞 | CNNVD-202210-1234 | CVE-2022-39409 | 低危 | https://www.oracle.com/security-alerts/cpuoct2022.html |
此次更新共包括6个更新漏洞的补丁程序,其中超危漏洞1个,高危漏洞1个,中危漏洞4个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Fusion Middleware 安全漏洞 | CNNVD-201910-1025 | CVE-2019-2904 | 超危 | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html |
2 | Oracle Database Server 输入验证错误漏洞 | CNNVD-202107-1424 | CVE-2021-2351 | 高危 | https://www.oracle.com/security-alerts/cpujul2021.html |
3 | Oracle Fusion Middleware 路径遍历漏洞 | CNNVD-202001-687 | CVE-2020-6950 | 中危 | https://www.oracle.com/security-alerts/cpujan2020.html |
4 | Oracle Java SE 输入验证错误漏洞 | CNNVD-202207-1626 | CVE-2022-21540 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
5 | Oracle Java SE和Oracle GraalVM 输入验证错误漏洞 | CNNVD-202207-1621 | CVE-2022-21541 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
6 | Oracle Java SE 输入验证错误漏洞 | CNNVD-202207-1624 | CVE-2022-21549 | 中危 | https://www.oracle.com/security-alerts/cpujul2022.html |
此次更新共包括221个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞55个,高危漏洞90个,中危漏洞73个,低危漏洞3个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Apache log4net 代码问题漏洞 | CNNVD-202005-442 | CVE-2018-1285 | 超危 | Apache基金会 | https://issues.apache.org/jira/browse/LOG4NET-575 |
2 | Connect2id Nimbus JOSE+JWT 代码问题漏洞 | CNNVD-201910-914 | CVE-2019-17195 | 超危 | Connect2id | https://connect2id.com/blog/nimbus-jose-jwt-7-9 |
3 | libssh2 缓冲区错误漏洞 | CNNVD-201903-650 | CVE-2019-3858 | 超危 | Opensuse | https://www.libssh2.org/CVE-2019-3858.html |
4 | libssh2 缓冲区错误漏洞 | CNNVD-201903-653 | CVE-2019-3859 | 超危 | Opensuse | https://www.libssh2.org/CVE-2019-3859.html |
5 | libssh2 缓冲区错误漏洞 | CNNVD-201903-655 | CVE-2019-3860 | 超危 | Opensuse | https://www.libssh2.org/CVE-2019-3860.html |
6 | libssh2 缓冲区错误漏洞 | CNNVD-201903-657 | CVE-2019-3861 | 超危 | Opensuse | https://www.libssh2.org/CVE-2019-3861.html |
7 | libssh2 缓冲区错误漏洞 | CNNVD-201903-658 | CVE-2019-3862 | 超危 | Opensuse | https://www.libssh2.org/CVE-2019-3862.html |
8 | dom4j 代码问题漏洞 | CNNVD-202004-1133 | CVE-2020-10683 | 超危 | 个人开发者 | https://github.com/dom4j/dom4j/commit/a822852 |
9 | Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-838 | CVE-2020-29508 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
10 | Dell BSAFE 安全特征问题漏洞 | CNNVD-202207-834 | CVE-2020-35163 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
11 | Dell BSAFE 安全漏洞 | CNNVD-202207-832 | CVE-2020-35166 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
12 | Dell BSAFE 安全漏洞 | CNNVD-202207-831 | CVE-2020-35167 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
13 | Dell BSAFE 安全漏洞 | CNNVD-202207-828 | CVE-2020-35168 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
14 | Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-830 | CVE-2020-35169 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
15 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202003-042 | CVE-2020-9546 | 超危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2631 |
16 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202003-039 | CVE-2020-9547 | 超危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2634 |
17 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202003-040 | CVE-2020-9548 | 超危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2634 |
18 | PHP 资源管理错误漏洞 | CNNVD-202202-1398 | CVE-2021-21708 | 超危 | php | https://bugs.php.net/bug.php?id=81708 |
19 | Genivia gSOAP 输入验证错误漏洞 | CNNVD-202103-1447 | CVE-2021-21783 | 超危 | Genivia | https://www.genivia.com/products.html#gsoap |
20 | dojo 安全漏洞 | CNNVD-202112-1483 | CVE-2021-23450 | 超危 | 个人开发者 | https://github.com/dojo/dojo |
21 | Apache Xmlbeans 输入验证错误漏洞 | CNNVD-202101-1146 | CVE-2021-23926 | 超危 | Apache基金会 | https://issues.apache.org/jira/browse/XMLBEANS-517 |
22 | Apache Maven 访问控制错误漏洞 | CNNVD-202104-1824 | CVE-2021-26291 | 超危 | Apache基金会 | https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E |
23 | Apache HTTP Server 缓冲区错误漏洞 | CNNVD-202106-216 | CVE-2021-26691 | 超危 | Apache基金会 | https://news.cpanel.com/easyapache-4-june-2-release/ |
24 | Apache Struts 2 安全漏洞 | CNNVD-202204-3223 | CVE-2021-31805 | 超危 | Apache基金会 | https://cwiki.apache.org/confluence/display/WW/S2-062 |
25 | DevExpress XtraReports.UI 代码问题漏洞 | CNNVD-202108-399 | CVE-2021-36483 | 超危 | DevExpress | https://docs.devexpress.com/ |
26 | json-schema 安全漏洞 | CNNVD-202111-1201 | CVE-2021-3918 | 超危 | 个人开发者 | https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9 |
27 | Apache HTTP Server 缓冲区错误漏洞 | CNNVD-202109-1098 | CVE-2021-39275 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
28 | Lapack 缓冲区错误漏洞 | CNNVD-202112-725 | CVE-2021-4048 | 超危 | Lapack社区 | https://bugzilla.redhat.com/show_bug.cgi?id=2024358 |
29 | Mozilla Network Security Services 缓冲区错误漏洞 | CNNVD-202112-002 | CVE-2021-43527 | 超危 | Mozilla基金会 | https://packetstormsecurity.com/files/165110/NSS-Signature-Validation-Memory-Corruption.html |
30 | Apache Log4j 代码问题漏洞 | CNNVD-202112-799 | CVE-2021-44228 | 超危 | Apache基金会 | https://logging.apache.org/log4j/2.x/security.html |
31 | Apache HTTP Server 缓冲区错误漏洞 | CNNVD-202112-1579 | CVE-2021-44790 | 超危 | Apache基金会 | https://httpd.apache.org/download.cgi#apache24 |
32 | OpenSSL 操作系统命令注入漏洞 | CNNVD-202205-1962 | CVE-2022-1292 | 超危 | Openssl团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 |
33 | PCRE 缓冲区错误漏洞 | CNNVD-202205-3348 | CVE-2022-1586 | 超危 | 个人开发者 | https://fossies.org/linux/pcre2/src/pcre2_jit_compile.c |
34 | PCRE 缓冲区错误漏洞 | CNNVD-202205-3350 | CVE-2022-1587 | 超危 | 个人开发者 | https://fossies.org/linux/pcre2/src/pcre2_jit_compile.c |
35 | OpenSSL 操作系统命令注入漏洞 | CNNVD-202206-2112 | CVE-2022-2068 | 超危 | OpenSSL | https://www.openssl.org/source/ |
36 | Apache HTTP Server 环境问题漏洞 | CNNVD-202203-1236 | CVE-2022-22720 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
37 | VMware Spring Security 授权问题漏洞 | CNNVD-202205-3584 | CVE-2022-22978 | 超危 | VMware | https://tanzu.vmware.com/security/cve-2022-22978 |
38 | glibc 安全漏洞 | CNNVD-202201-1163 | CVE-2022-23218 | 超危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=28768 |
39 | glibc 安全漏洞 | CNNVD-202201-1164 | CVE-2022-23219 | 超危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=22542 |
40 | Apache Log4j SQL注入漏洞 | CNNVD-202201-1421 | CVE-2022-23305 | 超危 | Apache基金会 | https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y |
41 | OWASP ESAPI 路径遍历漏洞 | CNNVD-202204-4378 | CVE-2022-23457 | 超危 | 个人开发者 | https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 |
42 | Containous Traefik 信任管理问题漏洞 | CNNVD-202202-1402 | CVE-2022-23632 | 超危 | Containous | https://github.com/traefik/traefik/pull/8764 |
43 | Apache HTTP Server 缓冲区错误漏洞 | CNNVD-202203-1270 | CVE-2022-23943 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
44 | Expat 输入验证错误漏洞 | CNNVD-202201-2483 | CVE-2022-23990 | 超危 | 个人开发者 | https://github.com/libexpat/libexpat/pull/551 |
45 | Expat 代码注入漏洞 | CNNVD-202202-1315 | CVE-2022-25235 | 超危 | 个人开发者 | https://github.com/libexpat/libexpa |
46 | Expat 输入验证错误漏洞 | CNNVD-202202-1316 | CVE-2022-25236 | 超危 | 个人开发者 | https://github.com/libexpat/libexpa |
47 | Expat 输入验证错误漏洞 | CNNVD-202202-1615 | CVE-2022-25315 | 超危 | 个人开发者 | https://github.com/libexpat/libexpat/pull/559 |
48 | Apache HTTP Server 输入验证错误漏洞 | CNNVD-202206-822 | CVE-2022-28615 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
49 | Apache HTTP Server 数据伪造问题漏洞 | CNNVD-202206-818 | CVE-2022-31813 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
50 | curl 安全漏洞 | CNNVD-202206-2569 | CVE-2022-32207 | 超危 | curl | https://curl.se/docs/CVE-2022-32207.html |
51 | Node.js 环境问题漏洞 | CNNVD-202207-683 | CVE-2022-32213 | 超危 | Node.js | https://access.redhat.com/security/cve/cve-2022-32213 |
52 | IBM Answer Retrieval for Watson Discovery On Prem 环境问题漏洞 | CNNVD-202207-1229 | CVE-2022-32214 | 超危 | IBM | https://www.ibm.com/support/pages/node/6603049 |
53 | Node.js 环境问题漏洞 | CNNVD-202207-678 | CVE-2022-32215 | 超危 | Node.js | https://access.redhat.com/security/cve/cve-2022-32215 |
54 | Apache Shiro 安全漏洞 | CNNVD-202206-2750 | CVE-2022-32532 | 超危 | Apache基金会 | https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh |
55 | Apache Commons Configuration 代码注入漏洞 | CNNVD-202207-428 | CVE-2022-33980 | 超危 | Apache基金会 | https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s |
56 | Apache Xerces-C 资源管理错误漏洞 | CNNVD-201912-755 | CVE-2018-1311 | 高危 | Apache基金会 | https://xerces.apache.org |
57 | zlib 缓冲区错误漏洞 | CNNVD-202203-2221 | CVE-2018-25032 | 高危 | 个人开发者 | https://z-lib.org/ |
58 | Mozilla Firefox和Firefox ESR 安全漏洞 | CNNVD-201805-1085 | CVE-2018-5158 | 高危 | Redhat | https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/ |
59 | Apache Axis 代码问题漏洞 | CNNVD-201904-472 | CVE-2019-0227 | 高危 | apache | http://axis.apache.org/ |
60 | Apache Commons Beanutils 代码问题漏洞 | CNNVD-201908-1140 | CVE-2019-10086 | 高危 | debian | https://issues.apache.org/jira/browse/BEANUTILS-520 |
61 | OpenSSL 安全特征问题漏洞 | CNNVD-201903-162 | CVE-2019-1543 | 高危 | openssl | https://www.openssl.org/news/secadv/20190306.txt |
62 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202006-1585 | CVE-2019-17566 | 高危 | Apache基金会 | https://www.apache.org/ |
63 | libxml2 安全漏洞 | CNNVD-201912-1088 | CVE-2019-19956 | 高危 | https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 | |
64 | libxml2 安全漏洞 | CNNVD-202001-963 | CVE-2019-20388 | 高危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 |
65 | PCRE 缓冲区错误漏洞 | CNNVD-202006-1028 | CVE-2019-20838 | 高危 | 个人开发者 | https://www.pcre.org/original/changelog.txt |
66 | libssh2 输入验证错误漏洞 | CNNVD-201903-634 | CVE-2019-3855 | 高危 | Redhat | https://www.libssh2.org/CVE-2019-3855.html |
67 | libssh2 输入验证错误漏洞 | CNNVD-201903-638 | CVE-2019-3856 | 高危 | Redhat | https://www.libssh2.org/CVE-2019-3856.html |
68 | libssh2 输入验证错误漏洞 | CNNVD-201903-652 | CVE-2019-3857 | 高危 | 个人开发者 | https://www.libssh2.org/CVE-2019-3857.html |
69 | libssh2 缓冲区错误漏洞 | CNNVD-201903-659 | CVE-2019-3863 | 高危 | 个人开发者 | https://www.libssh2.org/CVE-2019-3863.html |
70 | Perl 输入验证错误漏洞 | CNNVD-202006-145 | CVE-2020-10543 | 高危 | Perl社区 | https://www.perl.org/get.html |
71 | FasterXML jackson-databind 安全漏洞 | CNNVD-202003-1150 | CVE-2020-10672 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2659 |
72 | FasterXML jackson-databind 安全漏洞 | CNNVD-202003-1151 | CVE-2020-10673 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2660 |
73 | Perl 输入验证错误漏洞 | CNNVD-202006-148 | CVE-2020-10878 | 高危 | Perl社区 | https://www.perl.org/get.html |
74 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202003-1625 | CVE-2020-10968 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2662 |
75 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202003-1627 | CVE-2020-10969 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2642 |
76 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202003-1737 | CVE-2020-11111 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2664 |
77 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202003-1736 | CVE-2020-11112 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2666 |
78 | FasterXML jackson-databind代码问题漏洞 | CNNVD-202003-1735 | CVE-2020-11113 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2670 |
79 | Apache Batik 代码问题漏洞 | CNNVD-202102-1586 | CVE-2020-11987 | 高危 | Apache基金会 | https://xmlgraphics.apache.org/security.html |
80 | Perl 安全漏洞 | CNNVD-202006-146 | CVE-2020-12723 | 高危 | Perl社区 | https://www.perl.org/get.html |
81 | Iteris Apache Velocity 安全漏洞 | CNNVD-202103-758 | CVE-2020-13936 | 高危 | Iteris | https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E |
82 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202006-1070 | CVE-2020-14195 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2765 |
83 | Microsoft Visual Studio 安全漏洞 | CNNVD-202009-396 | CVE-2020-16856 | 高危 | Microsoft | https://portal.msrc.microsoft.com/en-us/security-guidance |
84 | Microsoft Visual Studio 代码注入漏洞 | CNNVD-202009-395 | CVE-2020-16874 | 高危 | Microsoft | https://portal.msrc.microsoft.com/en-us/security-guidance |
85 | Fasterxml Jackson 代码问题漏洞 | CNNVD-202010-622 | CVE-2020-25649 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 |
86 | Bouncy Castle BC 安全漏洞 | CNNVD-202012-1340 | CVE-2020-28052 | 高危 | Bouncy Castle | https://www.bouncycastle.org/releasenotes.html |
87 | Dell BSAFE 安全漏洞 | CNNVD-202207-833 | CVE-2020-35164 | 高危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
88 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-329 | CVE-2020-36189 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2996 |
89 | FasterXML jackson-databind 缓冲区错误漏洞 | CNNVD-202203-1165 | CVE-2020-36518 | 高危 | 个人开发者 | https://github.com/FasterXML/jackson-databind/issues/2816 |
90 | libxml2 安全漏洞 | CNNVD-202001-965 | CVE-2020-7595 | 高危 | Libxml2 | https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076 |
91 | joyent json 操作系统命令注入漏洞 | CNNVD-202008-1430 | CVE-2020-7712 | 高危 | 个人开发者 | https://snyk.io/vuln/SNYK-JS-JSON-597481 |
92 | Apache Tomcat 代码问题漏洞 | CNNVD-202005-1078 | CVE-2020-9484 | 高危 | Apache基金会 | https://tomcat.apache.org/security.html |
93 | Apache Hadoop 安全漏洞 | CNNVD-202101-2280 | CVE-2020-9492 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E |
94 | Vmware Spring Framework 权限许可和访问控制问题漏洞 | CNNVD-202105-1663 | CVE-2021-22118 | 高危 | Vmware | https://github.com/spring-projects/spring-framework |
95 | libcurl 安全漏洞 | CNNVD-202109-997 | CVE-2021-22946 | 高危 | Haxx | https://curl.se/docs/CVE-2021-22946.html |
96 | Apache Tomcat 信息泄露漏洞 | CNNVD-202103-008 | CVE-2021-25122 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E |
97 | Apache Tomcat 安全漏洞 | CNNVD-202103-006 | CVE-2021-25329 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E |
98 | Apache HTTP Server 代码问题漏洞 | CNNVD-202106-212 | CVE-2021-26690 | 高危 | Apache基金会 | https://news.cpanel.com/easyapache-4-june-2-release/ |
99 | Eclipse Jetty 资源管理错误漏洞 | CNNVD-202104-034 | CVE-2021-28165 | 高危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w |
100 | Owasp CSRFGuard 跨站请求伪造漏洞 | CNNVD-202108-1692 | CVE-2021-28490 | 高危 | OWASP | https://github.com/reidmefirst/vuln-disclosure/blob/main/2021-01.txt |
101 | Apache Tomcat 安全漏洞 | CNNVD-202107-632 | CVE-2021-30639 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rd84fae1f474597bdf358f5bdc0a5c453c507bd527b83e8be6b5ea3f4%40%3Cannounce.tomcat.apache.org%3E |
102 | Apache HTTP Server 代码问题漏洞 | CNNVD-202109-1109 | CVE-2021-34798 | 高危 | Apache基金会 | httpd.apache.org/security/vulnerabilities_24.html |
103 | libxml2 缓冲区错误漏洞 | CNNVD-202105-234 | CVE-2021-3517 | 高危 | 个人开发者 | https://bugzilla.redhat.com/show_bug.cgi?id=1954232 |
104 | libxml2 资源管理错误漏洞 | CNNVD-202105-238 | CVE-2021-3518 | 高危 | 个人开发者 | https://bugzilla.redhat.com/show_bug.cgi?id=1954242 |
105 | Apache Commons Compress 安全漏洞 | CNNVD-202107-896 | CVE-2021-35515 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E |
106 | Apache Commons Compress 安全漏洞 | CNNVD-202107-897 | CVE-2021-35516 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E |
107 | Apache Commons Compress 安全漏洞 | CNNVD-202107-898 | CVE-2021-35517 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E |
108 | Apache Commons Compress 安全漏洞 | CNNVD-202107-899 | CVE-2021-36090 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E |
109 | SUSE Linux Enterprise Server 代码问题漏洞 | CNNVD-202109-1140 | CVE-2021-3737 | 高危 | SUSE | https://www.python.org/downloads/ |
110 | GNU C Library 代码问题漏洞 | CNNVD-202108-1172 | CVE-2021-38604 | 高危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=28213 |
111 | polkit 缓冲区错误漏洞 | CNNVD-202201-2343 | CVE-2021-4034 | 高危 | 个人开发者 | https://access.redhat.com/security/cve/cve-2021-4034 |
112 | Apache Santuario 信息泄露漏洞 | CNNVD-202109-1259 | CVE-2021-40690 | 高危 | Apache基金会 | https://santuario.apache.org/javaindex.html |
113 | Apache Log4j 代码问题漏洞 | CNNVD-202112-1011 | CVE-2021-4104 | 高危 | Apache基金会 | https://logging.apache.org/log4j/2.x/security.html |
114 | GNU C Library 安全漏洞 | CNNVD-202111-457 | CVE-2021-43396 | 高危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=28524 |
115 | XStream 资源管理错误漏洞 | CNNVD-202201-2709 | CVE-2021-43859 | 高危 | XStream | https://x-stream.github.io/CVE-2021-43859.html |
116 | OpenSSL 安全漏洞 | CNNVD-202203-1394 | CVE-2022-0778 | 高危 | Openssl团队 | https://www.openssl.org/news/secadv/20220315.txt |
117 | vim 资源管理错误漏洞 | CNNVD-202203-2537 | CVE-2022-1154 | 高危 | 个人开发者 | https://www.vim.org/ |
118 | Eclipse Jetty 资源管理错误漏洞 | CNNVD-202207-594 | CVE-2022-2048 | 高危 | 个人开发者 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j |
119 | Eclipse Jetty 安全漏洞 | CNNVD-202207-589 | CVE-2022-2191 | 高危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 |
120 | Spring Framework 代码注入漏洞 | CNNVD-202203-2514 | CVE-2022-22965 | 高危 | Spring团队 | https://tanzu.vmware.com/security/cve-2022-22965 |
121 | Apache Tomcat 权限许可和访问控制问题漏洞 | CNNVD-202201-2423 | CVE-2022-23181 | 高危 | Apache基金会 | https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.75 |
122 | Apache Log4j 代码问题漏洞 | CNNVD-202201-1420 | CVE-2022-23302 | 高危 | Apache基金会 | https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w |
123 | Apache log4j 代码问题漏洞 | CNNVD-202201-1425 | CVE-2022-23307 | 高危 | Apache基金会 | https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh |
124 | Google Go 安全漏洞 | CNNVD-202204-3892 | CVE-2022-24675 | 高危 | https://github.com/golang/go/issues/51853 | |
125 | CKEditor 资源管理错误漏洞 | CNNVD-202203-1545 | CVE-2022-24729 | 高危 | 个人开发者 | https://ckeditor.com/cke4/release/CKEditor-4.18 |
126 | Waitress 环境问题漏洞 | CNNVD-202203-1570 | CVE-2022-24761 | 高危 | 个人开发者 | https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 |
127 | Moment.js 路径遍历漏洞 | CNNVD-202204-1928 | CVE-2022-24785 | 高危 | 个人开发者 | https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 |
128 | Expat 输入验证错误漏洞 | CNNVD-202202-1606 | CVE-2022-25314 | 高危 | 个人开发者 | https://nvd.nist.gov/vuln/detail/CVE-2022-25314 |
129 | gson 代码问题漏洞 | CNNVD-202205-1791 | CVE-2022-25647 | 高危 | 个人开发者 | https://github.com/google/gson/pull/1991/files |
130 | SnakeYAML 资源管理错误漏洞 | CNNVD-202208-4428 | CVE-2022-25857 | 高危 | 个人开发者 | https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174 |
131 | Apache HTTP Server 环境问题漏洞 | CNNVD-202206-832 | CVE-2022-26377 | 高危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
132 | curl 安全漏洞 | CNNVD-202205-3032 | CVE-2022-27778 | 高危 | 个人开发者 | https://curl.se/docs/CVE-2022-27778.html |
133 | curl 代码问题漏洞 | CNNVD-202205-2982 | CVE-2022-27780 | 高危 | 个人开发者 | https://curl.se/docs/CVE-2022-27780.html |
134 | curl 安全漏洞 | CNNVD-202205-2986 | CVE-2022-27781 | 高危 | 个人开发者 | https://curl.se/docs/CVE-2022-27781.html |
135 | curl 信任管理问题漏洞 | CNNVD-202205-2991 | CVE-2022-27782 | 高危 | 个人开发者 | https://curl.se/docs/CVE-2022-27782.html |
136 | Google Go 安全漏洞 | CNNVD-202204-3890 | CVE-2022-28327 | 高危 | https://go.dev/doc/devel/release#go1.18.minor | |
137 | Apache HTTP Server 输入验证错误漏洞 | CNNVD-202206-844 | CVE-2022-29404 | 高危 | Apache基金会 | https://httpd.apache.org/ |
138 | Apache Tomcat 代码问题漏洞 | CNNVD-202205-2969 | CVE-2022-29885 | 高危 | Apache基金会 | https://blogs.apache.org/tomcat/ |
139 | Apache HTTP Server 资源管理错误漏洞 | CNNVD-202206-811 | CVE-2022-30522 | 高危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
140 | Apache HTTP Server 信息泄露漏洞 | CNNVD-202206-836 | CVE-2022-30556 | 高危 | Apache基金会 | https://httpd.apache.org/ |
141 | Moment.js 资源管理错误漏洞 | CNNVD-202207-502 | CVE-2022-31129 | 高危 | 个人开发者 | https://github.com/moment/moment/pull/6015#issuecomment-1152961973 |
142 | Node.js 操作系统命令注入漏洞 | CNNVD-202207-684 | CVE-2022-32212 | 高危 | Node.js | https://access.redhat.com/security/cve/cve-2022-32212 |
143 | IBM Answer Retrieval for Watson Discovery On Prem 代码问题漏洞 | CNNVD-202207-1230 | CVE-2022-32223 | 高危 | IBM | https://www.ibm.com/support/pages/node/6603049 |
144 | Apache Xalan 输入验证错误漏洞 | CNNVD-202207-1617 | CVE-2022-34169 | 高危 | Apache基金会 | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
145 | SQLite 输入验证错误漏洞 | CNNVD-202207-2282 | CVE-2022-35737 | 高危 | SQLite | https://www.sqlite.org/cgi/docsrc/info/6c12812e54d369d5ba596fba91c29f08b325d237f69eace6e6eb6feed835c817 |
146 | Jinjava 安全漏洞 | CNNVD-201901-030 | CVE-2018-18893 | 中危 | Hubspot | https://github.com/HubSpot/jinjava/blob/master/CHANGES.md |
147 | Apache Axis 跨站脚本漏洞 | CNNVD-201808-082 | CVE-2018-8032 | 中危 | apache | https://issues.apache.org/jira/browse/AXIS-2924 |
148 | Apache HTTP Server 跨站脚本漏洞 | CNNVD-201908-1144 | CVE-2019-10092 | 中危 | Apache基金会 | http://httpd.apache.org/security/vulnerabilities_24.html |
149 | Apache POI 代码问题漏洞 | CNNVD-201910-1431 | CVE-2019-12415 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@ |
150 | jackson-databind 安全漏洞 | CNNVD-202007-1028 | CVE-2020-10650 | 中危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2658 |
151 | jQuery 跨站脚本漏洞 | CNNVD-202004-2429 | CVE-2020-11022 | 中危 | 个人开发者 | https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ |
152 | jQuery 跨站脚本漏洞 | CNNVD-202004-2420 | CVE-2020-11023 | 中危 | 个人开发者 | https://jquery.com/upgrade-guide/3.5/ |
153 | Apache HttpClient 安全漏洞 | CNNVD-202010-372 | CVE-2020-13956 | 中危 | Apache基金会 | https://www.apache.org/ |
154 | PCRE 输入验证错误漏洞 | CNNVD-202006-1036 | CVE-2020-14155 | 中危 | 个人开发者 | https://www.pcre.org/original/changelog.txt |
155 | Apache Groovy 安全漏洞 | CNNVD-202012-422 | CVE-2020-17521 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel |
156 | Apache HTTP Server 安全漏洞 | CNNVD-202004-039 | CVE-2020-1934 | 中危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
157 | libxml2 缓冲区错误漏洞 | CNNVD-202009-268 | CVE-2020-24977 | 中危 | Libxml2 | https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 |
158 | JetBrains Kotlin 授权问题漏洞 | CNNVD-202102-298 | CVE-2020-29582 | 中危 | JetBrains | https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/ |
159 | Vmware Spring Framework 安全漏洞 | CNNVD-202009-1050 | CVE-2020-5421 | 中危 | Vmware | https://tanzu.vmware.com/security/cve-2020-5421 |
160 | Netty 安全漏洞 | CNNVD-202102-612 | CVE-2021-21290 | 中危 | Netty社区 | https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec |
161 | Netty 环境问题漏洞 | CNNVD-202103-713 | CVE-2021-21295 | 中危 | Netty社区 | https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4 |
162 | Netty 环境问题漏洞 | CNNVD-202103-1685 | CVE-2021-21409 | 中危 | Netty社区 | https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432 |
163 | PHP 安全漏洞 | CNNVD-202111-1606 | CVE-2021-21707 | 中危 | 个人开发者 | https://www.php.net/ |
164 | Elastic 资源管理错误漏洞 | CNNVD-202107-414 | CVE-2021-22144 | 中危 | Elastic | https://vigilance.fr/vulnerability/Elasticsearch-denial-of-service-via-Grok-35840 |
165 | Migration Toolkit For Containers 数据伪造问题漏洞 | CNNVD-202109-999 | CVE-2021-22947 | 中危 | Red Hat | https://access.redhat.com/security/cve/cve-2021-22947 |
166 | Eclipse Jetty 安全漏洞 | CNNVD-202104-036 | CVE-2021-28164 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w |
167 | Apache Commons IO 路径遍历漏洞 | CNNVD-202104-702 | CVE-2021-29425 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/IO-556 |
168 | Apache MINA 安全漏洞 | CNNVD-202107-630 | CVE-2021-30129 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E |
169 | Python 信息泄露漏洞 | CNNVD-202103-798 | CVE-2021-3426 | 中危 | Python基金会 | https://bugzilla.redhat.com/show_bug.cgi?id=1935913 |
170 | Eclipse Jetty 信息泄露漏洞 | CNNVD-202107-1094 | CVE-2021-34429 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm |
171 | libxml2 代码问题漏洞 | CNNVD-202105-002 | CVE-2021-3537 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61 |
172 | Red Hat Undertow 竞争条件问题漏洞 | CNNVD-202106-1197 | CVE-2021-3597 | 中危 | Red Hat | https://undertow.io/ |
173 | Apache Ant 安全漏洞 | CNNVD-202107-983 | CVE-2021-36373 | 中危 | Apache基金会 | https://ant.apache.org/ |
174 | Apache Ant 安全漏洞 | CNNVD-202107-984 | CVE-2021-36374 | 中危 | Apache基金会 | https://ant.apache.org/ |
175 | Apache Kafka 安全漏洞 | CNNVD-202109-1476 | CVE-2021-38153 | 中危 | Apache基金会 | https://kafka.apache.org/cve-list |
176 | Libgcrypt 加密问题漏洞 | CNNVD-202109-275 | CVE-2021-40528 | 中危 | GNU社区 | https://gnupg.org/index.html |
177 | jQuery 跨站脚本漏洞 | CNNVD-202110-1843 | CVE-2021-41182 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
178 | jQuery 跨站脚本漏洞 | CNNVD-202110-1839 | CVE-2021-41183 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
179 | Openjs Jquery Ui 跨站脚本漏洞 | CNNVD-202110-1845 | CVE-2021-41184 | 中危 | Openjs基金会 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
180 | NumPy 代码问题漏洞 | CNNVD-202112-1488 | CVE-2021-41495 | 中危 | 个人开发者 | https://github.com/numpy/numpy |
181 | NumPy 安全漏洞 | CNNVD-202112-1484 | CVE-2021-41496 | 中危 | 个人开发者 | https://github.com/numpy/numpy |
182 | Kubernetes 代码问题漏洞 | CNNVD-202201-395 | CVE-2021-4178 | 中危 | Cloud Native Computing Foundation | https://access.redhat.com/security/cve/cve-2021-4178 |
183 | Netty 环境问题漏洞 | CNNVD-202112-767 | CVE-2021-43797 | 中危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq |
184 | Apache Log4j 输入验证错误漏洞 | CNNVD-202112-2743 | CVE-2021-44832 | 中危 | Apache基金会 | https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf |
185 | OpenSSL 加密问题漏洞 | CNNVD-202207-379 | CVE-2022-2097 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20220705.txt |
186 | Microsoft Windows 信息泄露漏洞 | CNNVD-202206-1336 | CVE-2022-21123 | 中危 | Microsoft | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21123 |
187 | Microsoft Windows 信息泄露漏洞 | CNNVD-202206-1339 | CVE-2022-21125 | 中危 | Microsoft | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21125 |
188 | Microsoft Windows 安全漏洞 | CNNVD-202206-1332 | CVE-2022-21127 | 中危 | Microsoft | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21127 |
189 | Microsoft Windows 信息泄露漏洞 | CNNVD-202206-1330 | CVE-2022-21166 | 中危 | Microsoft | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21166 |
190 | Vmware Spring Framework 安全特征问题漏洞 | CNNVD-202204-3302 | CVE-2022-22968 | 中危 | VMware | https://tanzu.vmware.com/security/cve-2022-22968 |
191 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-2988 | CVE-2022-22970 | 中危 | Spring团队 | https://spring.io/projects/spring-framework |
192 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-2980 | CVE-2022-22971 | 中危 | Spring团队 | https://spring.io/projects/spring-framework |
193 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-3586 | CVE-2022-22976 | 中危 | Spring团队 | https://tanzu.vmware.com/security/cve-2022-22976 |
194 | Xerces 安全漏洞 | CNNVD-202201-2238 | CVE-2022-23437 | 中危 | Apache基金会 | https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl |
195 | CKEditor 跨站脚本漏洞 | CNNVD-202203-1546 | CVE-2022-24728 | 中危 | 个人开发者 | https://ckeditor.com/cke4/release/CKEditor-4.18 |
196 | Netty 安全漏洞 | CNNVD-202205-2566 | CVE-2022-24823 | 中危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 |
197 | OWASP ESAPI 跨站脚本漏洞 | CNNVD-202204-4523 | CVE-2022-24891 | 中危 | 个人开发者 | https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q |
198 | Apache Tika 资源管理错误漏洞 | CNNVD-202205-3505 | CVE-2022-25169 | 中危 | Apache基金会 | https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk |
199 | Expat 资源管理错误漏洞 | CNNVD-202202-1613 | CVE-2022-25313 | 中危 | 个人开发者 | https://github.com/libexpat/libexpat/pull/558 |
200 | curl 信息泄露漏洞 | CNNVD-202205-3033 | CVE-2022-27779 | 中危 | 个人开发者 | https://curl.se/docs/CVE-2022-27779.html |
201 | Apache HTTP Server 缓冲区错误漏洞 | CNNVD-202206-851 | CVE-2022-28330 | 中危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
202 | Apache HTTP Server 输入验证错误漏洞 | CNNVD-202206-847 | CVE-2022-28614 | 中危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
203 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202204-4024 | CVE-2022-29577 | 中危 | Owasp基金会 | https://github.com/nahsra/antisamy/releases/tag/v1.6.7 |
204 | libxslt和libxml2 输入验证错误漏洞 | CNNVD-202205-1926 | CVE-2022-29824 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab |
205 | curl 安全漏洞 | CNNVD-202205-3034 | CVE-2022-30115 | 中危 | 个人开发者 | https://curl.se/docs/CVE-2022-30115.html |
206 | Apache Tika 安全漏洞 | CNNVD-202205-3498 | CVE-2022-30126 | 中危 | Apache基金会 | https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4 |
207 | curl 资源管理错误漏洞 | CNNVD-202206-2562 | CVE-2022-32205 | 中危 | curl | https://curl.se/docs/CVE-2022-32205.html |
208 | curl 资源管理错误漏洞 | CNNVD-202206-2565 | CVE-2022-32206 | 中危 | curl | https://curl.se/docs/CVE-2022-32206.html |
209 | curl 缓冲区错误漏洞 | CNNVD-202206-2573 | CVE-2022-32208 | 中危 | curl | https://curl.se/download.html |
210 | Node.js 加密问题漏洞 | CNNVD-202207-682 | CVE-2022-32222 | 中危 | Node.js | https://nodejs.org/zh-cn/ |
211 | Apache Tomcat 跨站脚本漏洞 | CNNVD-202206-2227 | CVE-2022-34305 | 中危 | Apache基金会 | https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k |
212 | jsoup 安全漏洞 | CNNVD-202208-4329 | CVE-2022-36033 | 中危 | 个人开发者 | https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
213 | SnakeYAML 缓冲区错误漏洞 | CNNVD-202209-183 | CVE-2022-38749 | 中危 | SnakeYAML | https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
214 | SnakeYAML 缓冲区错误漏洞 | CNNVD-202209-172 | CVE-2022-38750 | 中危 | snakeYAML | https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
215 | SnakeYAML 缓冲区错误漏洞 | CNNVD-202209-169 | CVE-2022-38751 | 中危 | SnakeYAML | https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
216 | SnakeYAML 缓冲区错误漏洞 | CNNVD-202209-171 | CVE-2022-38752 | 中危 | snakeYAML | https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
217 | Node.js 安全漏洞 | CNNVD-202210-1268 | CVE-2022-35255 | 中危 | 个人开发者 | https://access.redhat.com/errata/RHSA-2022:6963 |
218 | Node.js 安全漏洞 | CNNVD-202210-1266 | CVE-2022-35256 | 中危 | 个人开发者 | https://access.redhat.com/errata/RHSA-2022:6963 |
219 | Eclipse Jetty 后置链接漏洞 | CNNVD-202104-042 | CVE-2021-28163 | 低危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w |
220 | Eclipse Jetty 输入验证错误漏洞 | CNNVD-202207-599 | CVE-2022-2047 | 低危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q |
221 | Apache Tika 安全漏洞 | CNNVD-202206-2671 | CVE-2022-33879 | 低危 | Apache基金会 | https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpuoct2022.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
