近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞60个,影响到Oracle产品的其他厂商漏洞247个。包括Oracle Application Express 安全漏洞(CNNVD-202307-1575、CVE-2023-21975)、Oracle Application Express 安全漏洞(CNNVD-202307-1588、CVE-2023-21974)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年7月18日,Oracle发布了2023年7月份安全更新,共307个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Database Server、Oracle Solaris、Oracle Fusion Middleware、Oracle Essbase、Oracle Virtualization等。CNNVD对其危害等级进行了评价,其中超危漏洞52个,高危漏洞129个,中危漏洞111个,低危漏洞15个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpujul2023.html
二、漏洞详情
此次更新共包括56个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞6个,中危漏洞37个,低危漏洞11个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Application Express 安全漏洞 | CNNVD-202307-1575 | CVE-2023-21975 | 超危 | https://www.oracle.com/security-alerts/cpujul2023.html |
2 | Oracle Application Express 安全漏洞 | CNNVD-202307-1588 | CVE-2023-21974 | 超危 | https://www.oracle.com/security-alerts/cpujul2023.html |
3 | Oracle Virtualization 安全漏洞 | CNNVD-202307-1589 | CVE-2023-22018 | 高危 | https://www.oracle.com/security-alerts/cpujul2023.html |
4 | Oracle Solaris 安全漏洞 | CNNVD-202307-1596 | CVE-2023-22023 | 高危 | https://www.oracle.com/security-alerts/cpujul2023.html |
5 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202307-1602 | CVE-2023-22014 | 高危 | https://www.oracle.com/security-alerts/cpujul2023.html |
6 | Oracle PeopleSoft 安全漏洞 | CNNVD-202307-1624 | CVE-2023-22047 | 高危 | https://www.oracle.com/security-alerts/cpujul2023.html |
7 | Oracle Hyperion 安全漏洞 | CNNVD-202307-1631 | CVE-2023-22060 | 高危 | https://www.oracle.com/security-alerts/cpujul2023.html |
8 | Oracle Hyperion 安全漏洞 | CNNVD-202307-1640 | CVE-2023-22062 | 高危 | https://www.oracle.com/security-alerts/cpujul2023.html |
9 | Oracle Essbase 安全漏洞 | CNNVD-202307-1572 | CVE-2023-21961 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
10 | Oracle MySQL 安全漏洞 | CNNVD-202307-1574 | CVE-2023-21950 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
11 | Oracle MySQL 安全漏洞 | CNNVD-202307-1576 | CVE-2023-22005 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
12 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202307-1577 | CVE-2023-21994 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
13 | Oracle E-Business Suite 安全漏洞 | CNNVD-202307-1578 | CVE-2023-22004 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
14 | Oracle MySQL 安全漏洞 | CNNVD-202307-1579 | CVE-2023-22008 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
15 | Oracle MySQL 安全漏洞 | CNNVD-202307-1581 | CVE-2023-22007 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
16 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202307-1584 | CVE-2023-22013 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
17 | Oracle E-Business Suite 安全漏洞 | CNNVD-202307-1585 | CVE-2023-22009 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
18 | Oracle Application Express 安全漏洞 | CNNVD-202307-1586 | CVE-2023-21983 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
19 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202307-1587 | CVE-2023-22011 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
20 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202307-1590 | CVE-2023-22020 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
21 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202307-1591 | CVE-2023-22021 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
22 | Oracle Health Sciences Applications 安全漏洞 | CNNVD-202307-1592 | CVE-2023-22022 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
23 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202307-1593 | CVE-2023-22027 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
24 | Oracle MySQL 安全漏洞 | CNNVD-202307-1594 | CVE-2023-22033 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
25 | Oracle Virtualization 安全漏洞 | CNNVD-202307-1595 | CVE-2023-22017 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
26 | Oracle Database Server 安全漏洞 | CNNVD-202307-1597 | CVE-2023-22034 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
27 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202307-1598 | CVE-2023-22031 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
28 | Oracle E-Business Suite 安全漏洞 | CNNVD-202307-1599 | CVE-2023-22037 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
29 | Oracle E-Business Suite 安全漏洞 | CNNVD-202307-1600 | CVE-2023-22035 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
30 | Oracle Supply Chain Products Suite 安全漏洞 | CNNVD-202307-1604 | CVE-2023-22039 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
31 | Oracle Java SE 安全漏洞 | CNNVD-202307-1605 | CVE-2023-22041 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
32 | Oracle E-Business Suite 安全漏洞 | CNNVD-202307-1606 | CVE-2023-22042 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
33 | Oracle Java SE 安全漏洞 | CNNVD-202307-1608 | CVE-2023-22043 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
34 | Oracle MySQL 安全漏洞 | CNNVD-202307-1610 | CVE-2023-22046 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
35 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202307-1612 | CVE-2023-22012 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
36 | Oracle Virtualization 安全漏洞 | CNNVD-202307-1613 | CVE-2023-22016 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
37 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202307-1614 | CVE-2023-22040 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
38 | Oracle JD Edwards 安全漏洞 | CNNVD-202307-1617 | CVE-2023-22050 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
39 | Oracle MySQL 安全漏洞 | CNNVD-202307-1621 | CVE-2023-22053 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
40 | Oracle MySQL 安全漏洞 | CNNVD-202307-1625 | CVE-2023-22054 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
41 | Oracle JD Edwards 安全漏洞 | CNNVD-202307-1626 | CVE-2023-22055 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
42 | Oracle MySQL 安全漏洞 | CNNVD-202307-1628 | CVE-2023-22056 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
43 | Oracle MySQL Server 安全漏洞 | CNNVD-202307-1629 | CVE-2023-22057 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
44 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202307-1634 | CVE-2023-22061 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
45 | Oracle MySQL Server 安全漏洞 | CNNVD-202307-1636 | CVE-2023-22058 | 中危 | https://www.oracle.com/security-alerts/cpujul2023.html |
46 | Oracle Database Server 安全漏洞 | CNNVD-202307-1573 | CVE-2023-21949 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
47 | Oracle Java SE 安全漏洞 | CNNVD-202307-1580 | CVE-2023-22006 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
48 | Oracle Essbase 安全漏洞 | CNNVD-202307-1582 | CVE-2023-22010 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
49 | Oracle MySQL 安全漏洞 | CNNVD-202307-1601 | CVE-2023-22038 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
50 | Oracle Java SE 安全漏洞 | CNNVD-202307-1603 | CVE-2023-22036 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
51 | Oracle Java SE 安全漏洞 | CNNVD-202307-1611 | CVE-2023-22044 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
52 | Oracle MySQL 安全漏洞 | CNNVD-202307-1615 | CVE-2023-22048 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
53 | Oracle Java SE 安全漏洞 | CNNVD-202307-1616 | CVE-2023-22045 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
54 | Oracle Java SE 安全漏洞 | CNNVD-202307-1619 | CVE-2023-22049 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
55 | Oracle Java SE 安全漏洞 | CNNVD-202307-1620 | CVE-2023-22051 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
56 | Oracle Database Server 安全漏洞 | CNNVD-202307-1623 | CVE-2023-22052 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
此次更新共包括4个更新漏洞的补丁程序,其中中危漏洞3个,低危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Java SE 安全漏洞 | CNNVD-202301-1353 | CVE-2023-21830 | 中危 | https://www.oracle.com/security-alerts/cpujan2029.html |
2 | Oracle Java SE 安全漏洞 | CNNVD-202301-1360 | CVE-2023-21835 | 中危 | https://www.oracle.com/security-alerts/cpujan2033.html |
3 | Oracle MySQL 安全漏洞 | CNNVD-202304-1486 | CVE-2023-21971 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
4 | Oracle Java SE 安全漏洞 | CNNVD-202301-1370 | CVE-2023-21843 | 低危 | https://www.oracle.com/security-alerts/cpujan2041.html |
此次更新共包括247个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞50个,高危漏洞123个,中危漏洞71个,低危漏洞3个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Apache Hive JDBC驱动程序SQL注入漏洞 | CNNVD-201804-274 | CVE-2018-1282 | 超危 | Apache基金会 | https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E |
2 | Terracotta Quartz Scheduler 代码问题漏洞 | CNNVD-201907-1383 | CVE-2019-13990 | 超危 | softwareag | http://www.quartz-scheduler.org/ |
3 | Swagger UI 跨站请求伪造漏洞 | CNNVD-201910-715 | CVE-2019-17495 | 超危 | 个人开发者 | https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11 |
4 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-201910-774 | CVE-2019-17531 | 超危 | Fasterxml | https://github.com/FasterXML/jackson-databind/issues/2498 |
5 | Apache Log4j 代码问题漏洞 | CNNVD-201912-950 | CVE-2019-17571 | 超危 | Apache基金会 | https://www.apache.org/ |
6 | Apache ActiveMQ 代码注入漏洞 | CNNVD-202009-680 | CVE-2020-11998 | 超危 | Apache基金会 | http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt |
7 | Apache Commons Configuration 输入验证错误漏洞 | CNNVD-202003-821 | CVE-2020-1953 | 超危 | Apache基金会 | https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E |
8 | Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-838 | CVE-2020-29508 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
9 | Dell BSAFE 安全特征问题漏洞 | CNNVD-202207-834 | CVE-2020-35163 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
10 | Dell BSAFE 安全漏洞 | CNNVD-202207-832 | CVE-2020-35166 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
11 | Dell BSAFE 安全漏洞 | CNNVD-202207-831 | CVE-2020-35167 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
12 | Dell BSAFE 安全漏洞 | CNNVD-202207-828 | CVE-2020-35168 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
13 | Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-830 | CVE-2020-35169 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
14 | Apache Chainsaw 代码问题漏洞 | CNNVD-202106-1293 | CVE-2020-9493 | 超危 | Apache基金会 | https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E |
15 | Apache Xmlbeans 输入验证错误漏洞 | CNNVD-202101-1146 | CVE-2021-23926 | 超危 | Apache基金会 | https://issues.apache.org/jira/browse/XMLBEANS-517 |
16 | Microsoft .NET Core 安全漏洞 | CNNVD-202102-681 | CVE-2021-24112 | 超危 | Microsoft | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112 |
17 | LZ4 输入验证错误漏洞 | CNNVD-202104-2105 | CVE-2021-3520 | 超危 | 个人开发者 | https://github.com/lz4/lz4/pull/972 |
18 | Sanitize 输入验证错误漏洞 | CNNVD-202110-1259 | CVE-2021-42575 | 超危 | 个人开发者 | https://owasp.org/www-project-java-html-sanitizer/ |
19 | iText 命令注入漏洞 | CNNVD-202112-1333 | CVE-2021-43113 | 超危 | 个人开发者 | https://github.com/itext/itext7/releases/tag/7.1.17 |
20 | Apache Log4j 代码问题漏洞 | CNNVD-202112-799 | CVE-2021-44228 | 超危 | Apache基金会 | https://logging.apache.org/log4j/2.x/security.html |
21 | Apache Log4j 代码问题漏洞 | CNNVD-202112-1065 | CVE-2021-45046 | 超危 | Apache基金会 | https://logging.apache.org/log4j/2.x/security.html。 |
22 | SnakeYAML 代码问题漏洞 | CNNVD-202212-1820 | CVE-2022-1471 | 超危 | 个人开发者 | https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 |
23 | Dexie 安全漏洞 | CNNVD-202205-1809 | CVE-2022-21189 | 超危 | 个人开发者 | https://github.com/dexie/Dexie.js |
24 | Apache Log4j SQL注入漏洞 | CNNVD-202201-1421 | CVE-2022-23305 | 超危 | Apache基金会 | https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y |
25 | OWASP ESAPI 路径遍历漏洞 | CNNVD-202204-4378 | CVE-2022-23457 | 超危 | 个人开发者 | https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 |
26 | Apache Hadoop 操作系统命令注入漏洞 | CNNVD-202208-2167 | CVE-2022-25168 | 超危 | Apache基金会 | https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130 |
27 | Apache Hadoop 路径遍历漏洞 | CNNVD-202204-2605 | CVE-2022-26612 | 超危 | Apache基金会 | https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz |
28 | FreeType 缓冲区错误漏洞 | CNNVD-202204-4272 | CVE-2022-27404 | 超危 | 个人开发者 | https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 |
29 | Pallets Werkzeug 环境问题漏洞 | CNNVD-202205-4094 | CVE-2022-29361 | 超危 | 个人开发者 | https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85 |
30 | VMware Spring Security 安全漏洞 | CNNVD-202210-2599 | CVE-2022-31692 | 超危 | VMware | https://tanzu.vmware.com/security/cve-2022-31692 |
31 | Apache Commons Configuration 代码注入漏洞 | CNNVD-202207-428 | CVE-2022-33980 | 超危 | Apache基金会 | https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s |
32 | Apache HTTP Server 环境问题漏洞 | CNNVD-202301-1299 | CVE-2022-36760 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
33 | Scala 代码问题漏洞 | CNNVD-202209-2463 | CVE-2022-36944 | 超危 | Scala | https://www.scala-lang.org/download/ |
34 | zlib 缓冲区错误漏洞 | CNNVD-202208-2276 | CVE-2022-37434 | 超危 | 个人开发者 | https://github.com/madler/zlib/ |
35 | XKCP 输入验证错误漏洞 | CNNVD-202210-1541 | CVE-2022-37454 | 超危 | XKCP | https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a |
36 | Apache Ivy 路径遍历漏洞 | CNNVD-202211-2196 | CVE-2022-37865 | 超危 | Apache基金会 | https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy |
37 | Apache Calcite 代码问题漏洞 | CNNVD-202209-697 | CVE-2022-39135 | 超危 | Apache基金会 | https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082 |
38 | HSQLDB 安全漏洞 | CNNVD-202210-196 | CVE-2022-41853 | 超危 | The HSQL Development Group | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7 |
39 | Apache Commons BCEL 缓冲区错误漏洞 | CNNVD-202211-2199 | CVE-2022-42920 | 超危 | Apache基金会 | https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4 |
40 | Apache MINA 代码问题漏洞 | CNNVD-202211-2918 | CVE-2022-45047 | 超危 | Apache基金会 | https://www.mail-archive.com/dev@mina.apache.org/msg39312.html |
41 | Apache CXF 代码问题漏洞 | CNNVD-202212-3143 | CVE-2022-46364 | 超危 | Apache基金会 | https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c |
42 | Spring Framework 安全漏洞 | CNNVD-202304-1667 | CVE-2023-20862 | 超危 | Spring | https://spring.io/security/cve-2023-20862 |
43 | Spring Framework 安全漏洞 | CNNVD-202304-1732 | CVE-2023-20873 | 超危 | Spring | https://spring.io/security/cve-2023-20873 |
44 | Apache Spark 安全漏洞 | CNNVD-202304-1307 | CVE-2023-22946 | 超危 | Apache基金会 | https://lists.apache.org/thread/yllfl25xh5tbotjmg93zrq4bzwhqc0gv |
45 | curl 安全漏洞 | CNNVD-202302-1929 | CVE-2023-23914 | 超危 | 个人开发者 | https://github.com/curl/curl/releases/tag/curl-7_88_1 |
46 | Google TensorFlow 安全漏洞 | CNNVD-202303-2124 | CVE-2023-25664 | 超危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr | |
47 | Google TensorFlow 安全漏洞 | CNNVD-202303-2120 | CVE-2023-25668 | 超危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96 | |
48 | Apache HTTP Server 环境问题漏洞 | CNNVD-202303-456 | CVE-2023-25690 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
49 | HtmlUnit 安全漏洞 | CNNVD-202304-058 | CVE-2023-26119 | 超危 | 个人开发者 | https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b |
50 | Jenkins 跨站脚本漏洞 | CNNVD-202303-668 | CVE-2023-27898 | 超危 | Jenkins | https://www.jenkins.io/security/advisory/2023-03-08/ |
51 | Apache HTTP Server 缓冲区错误漏洞 | CNNVD-202301-1294 | CVE-2006-20001 | 高危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
52 | zlib 缓冲区错误漏洞 | CNNVD-202203-2221 | CVE-2018-25032 | 高危 | 个人开发者 | https://z-lib.org/ |
53 | Apache Axis 代码问题漏洞 | CNNVD-201904-472 | CVE-2019-0227 | 高危 | apache | http://axis.apache.org/ |
54 | Apache Commons Beanutils 代码问题漏洞 | CNNVD-201908-1140 | CVE-2019-10086 | 高危 | debian | https://issues.apache.org/jira/browse/BEANUTILS-520 |
55 | Apache Commons Compress 资源管理错误漏洞 | CNNVD-201908-2148 | CVE-2019-12402 | 高危 | apache | https://commons.apache.org/proper/commons-compress/security-reports.html |
56 | Python 代码问题漏洞 | CNNVD-202209-155 | CVE-2020-10735 | 高危 | Python基金会 | https://www.python.org/ |
57 | Apache XmlGraphics Commons 代码问题漏洞 | CNNVD-202102-1587 | CVE-2020-11988 | 高危 | Apache基金会 | https://xmlgraphics.apache.org/security.html |
58 | Iteris Apache Velocity 安全漏洞 | CNNVD-202103-758 | CVE-2020-13936 | 高危 | Iteris | https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E |
59 | Apache Thrift 资源管理错误漏洞 | CNNVD-202102-1099 | CVE-2020-13949 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E |
60 | Dell BSAFE 安全漏洞 | CNNVD-202207-833 | CVE-2020-35164 | 高危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
61 | FasterXML jackson-databind 缓冲区错误漏洞 | CNNVD-202203-1165 | CVE-2020-36518 | 高危 | 个人开发者 | https://github.com/FasterXML/jackson-databind/issues/2816 |
62 | joyent json 操作系统命令注入漏洞 | CNNVD-202008-1430 | CVE-2020-7712 | 高危 | 个人开发者 | https://snyk.io/vuln/SNYK-JS-JSON-597481 |
63 | CodeMirror 资源管理错误漏洞 | CNNVD-202010-1679 | CVE-2020-7760 | 高危 | Codemirror | https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb |
64 | Apache Hadoop 代码问题漏洞 | CNNVD-202208-3967 | CVE-2021-25642 | 高危 | Apache基金会 | https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150 |
65 | Apache ActiveMQ 授权问题漏洞 | CNNVD-202101-2471 | CVE-2021-26117 | 高危 | Apache基金会 | https://issues.apache.org/jira/browse/AMQ-8035 |
66 | JDOM 代码问题漏洞 | CNNVD-202106-1323 | CVE-2021-33813 | 高危 | 个人开发者 | https://github.com/hunterhacker/jdom。 |
67 | Apache Hive 访问控制错误漏洞 | CNNVD-202207-1393 | CVE-2021-34538 | 高危 | Apache基金会 | https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354 |
68 | Apache Commons Compress 安全漏洞 | CNNVD-202107-896 | CVE-2021-35515 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E |
69 | Apache Commons Compress 安全漏洞 | CNNVD-202107-897 | CVE-2021-35516 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E |
70 | Apache Commons Compress 安全漏洞 | CNNVD-202107-898 | CVE-2021-35517 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E |
71 | Apache Commons Compress 安全漏洞 | CNNVD-202107-899 | CVE-2021-36090 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E |
72 | Apache Santuario 信息泄露漏洞 | CNNVD-202109-1259 | CVE-2021-40690 | 高危 | Apache基金会 | https://santuario.apache.org/javaindex.html |
73 | Apache Log4j 代码问题漏洞 | CNNVD-202112-1011 | CVE-2021-4104 | 高危 | Apache基金会 | https://logging.apache.org/log4j/2.x/security.html |
74 | XStream 资源管理错误漏洞 | CNNVD-202201-2709 | CVE-2021-43859 | 高危 | XStream | https://x-stream.github.io/CVE-2021-43859.html |
75 | FasterXML jackson-databind 安全漏洞 | CNNVD-202303-1466 | CVE-2021-46877 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3328 |
76 | Eclipse Jetty 资源管理错误漏洞 | CNNVD-202207-594 | CVE-2022-2048 | 高危 | 个人开发者 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j |
77 | Eclipse Jetty 安全漏洞 | CNNVD-202207-589 | CVE-2022-2191 | 高危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 |
78 | Apache Log4j 代码问题漏洞 | CNNVD-202201-1420 | CVE-2022-23302 | 高危 | Apache基金会 | https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w |
79 | Apache Log4j 代码问题漏洞 | CNNVD-202201-1425 | CVE-2022-23307 | 高危 | Apache基金会 | https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh |
80 | Certifi 数据伪造问题漏洞 | CNNVD-202212-2660 | CVE-2022-23491 | 高危 | Certifi | https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 |
81 | DELL BSAFE SSL-J 安全漏洞 | CNNVD-202202-1801 | CVE-2022-24409 | 高危 | DELL | https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel |
82 | CKEditor 资源管理错误漏洞 | CNNVD-202203-1545 | CVE-2022-24729 | 高危 | 个人开发者 | https://ckeditor.com/cke4/release/CKEditor-4.18 |
83 | gson 代码问题漏洞 | CNNVD-202205-1791 | CVE-2022-25647 | 高危 | 个人开发者 | https://github.com/google/gson/pull/1991/files |
84 | FreeType 缓冲区错误漏洞 | CNNVD-202204-4275 | CVE-2022-27405 | 高危 | 个人开发者 | https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139 |
85 | FreeType 缓冲区错误漏洞 | CNNVD-202204-4261 | CVE-2022-27406 | 高危 | 个人开发者 | http://freetype.com |
86 | HtmlUnit 安全漏洞 | CNNVD-202204-4297 | CVE-2022-29546 | 高危 | 个人开发者 | https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg |
87 | JasPer 安全漏洞 | CNNVD-202210-1004 | CVE-2022-2963 | 高危 | 个人开发者 | https://github.com/jasper-software/jasper/commit/270000671d4f411fe7e65c7bc02fd6ff14dd6946 |
88 | Moment.js 资源管理错误漏洞 | CNNVD-202207-502 | CVE-2022-31129 | 高危 | 个人开发者 | https://github.com/moment/moment/pull/6015#issuecomment-1152961973 |
89 | PostgreSQL JDBC Driver SQL注入漏洞 | CNNVD-202208-2126 | CVE-2022-31197 | 高危 | PostgreSQL | https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2 |
90 | PHP 缓冲区错误漏洞 | CNNVD-202210-2512 | CVE-2022-31630 | 高危 | PHP | https://www.php.net/ChangeLog-8.php#8.0. |
91 | VMware Spring Security 安全漏洞 | CNNVD-202210-2598 | CVE-2022-31690 | 高危 | VMware | https://tanzu.vmware.com/security/cve-2022-31690 |
92 | Google protobuf 安全漏洞 | CNNVD-202210-769 | CVE-2022-3171 | 高危 | https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 | |
93 | NSS 安全漏洞 | CNNVD-202210-947 | CVE-2022-3479 | 高危 | Mozilla基金会 | https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 |
94 | OpenSSL 安全漏洞 | CNNVD-202210-2605 | CVE-2022-3602 | 高危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20221101.txt |
95 | OpenSSL 安全漏洞 | CNNVD-202210-2604 | CVE-2022-3786 | 高危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20221101.txt |
96 | Apache Ivy 路径遍历漏洞 | CNNVD-202211-2195 | CVE-2022-37866 | 高危 | Apache基金会 | https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b |
97 | OpenSSL 安全漏洞 | CNNVD-202212-2982 | CVE-2022-3996 | 高危 | OpenSSL | https://github.com/openssl/openssl/ |
98 | Apache XML Graphics Batik代码问题漏洞 | CNNVD-202209-2287 | CVE-2022-40146 | 高危 | Apache基金会 | https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx |
99 | Jettison 缓冲区错误漏洞 | CNNVD-202209-1235 | CVE-2022-40149 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/issues/45 |
100 | Jettison 资源管理错误漏洞 | CNNVD-202209-1233 | CVE-2022-40150 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/issues/45 |
101 | XStream 缓冲区错误漏洞 | CNNVD-202209-1234 | CVE-2022-40151 | 高危 | XStream | https://github.com/x-stream/xstream/issues/304 |
102 | XStream 缓冲区错误漏洞 | CNNVD-202209-1230 | CVE-2022-40152 | 高危 | XStream | https://github.com/x-stream/xstream/issues/304 |
103 | Apache SOAP 代码问题漏洞 | CNNVD-202209-2283 | CVE-2022-40705 | 高危 | Apache基金会 | https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl |
104 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202210-1712 | CVE-2022-41704 | 高危 | Apache基金会 | https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf |
105 | Netty 安全漏洞 | CNNVD-202212-2914 | CVE-2022-41881 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v |
106 | XStream 安全漏洞 | CNNVD-202212-4034 | CVE-2022-41966 | 高危 | XStream | https://x-stream.github.io/CVE-2022-41966.html |
107 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202210-007 | CVE-2022-42003 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 |
108 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202210-006 | CVE-2022-42004 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 |
109 | Apache Tomcat 环境问题漏洞 | CNNVD-202210-2602 | CVE-2022-42252 | 高危 | Apache基金会 | https://tomcat.apache.org/security-8.html |
110 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202210-1707 | CVE-2022-42890 | 高危 | Apache基金会 | https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly |
111 | MIT Kerberos 输入验证错误漏洞 | CNNVD-202211-2910 | CVE-2022-42898 | 高危 | MIT | https://web.mit.edu/kerberos/ |
112 | Python 安全漏洞 | CNNVD-202210-2513 | CVE-2022-42919 | 高危 | Python基金会 | https://github.com/python/cpython/issues/97514 |
113 | Node.js 操作系统命令注入漏洞 | CNNVD-202211-2070 | CVE-2022-43548 | 高危 | 个人开发者 | https://nodejs.org/en/ |
114 | libexpat 资源管理错误漏洞 | CNNVD-202210-1676 | CVE-2022-43680 | 高危 | 个人开发者 | https://github.com/libexpat/libexpat/issues/649 |
115 | OpenSSL 资源管理错误漏洞 | CNNVD-202302-510 | CVE-2022-4450 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
116 | Python 资源管理错误漏洞 | CNNVD-202211-2414 | CVE-2022-45061 | 高危 | Python基金会 | https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html |
117 | Apache Tomcat 注入漏洞 | CNNVD-202301-137 | CVE-2022-45143 | 高危 | Apache基金会 | https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj |
118 | Pillow 资源管理错误漏洞 | CNNVD-202211-2677 | CVE-2022-45199 | 高危 | 个人开发者 | https://github.com/python-pillow/Pillow/releases/tag/9.3 |
119 | Jettison 缓冲区错误漏洞 | CNNVD-202212-3132 | CVE-2022-45685 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3 |
120 | Hutool 缓冲区错误漏洞 | CNNVD-202212-3131 | CVE-2022-45688 | 高危 | Dromara社区 | https://github.com/dromara/hutool/issues/2748 |
121 | Jettison 缓冲区错误漏洞 | CNNVD-202212-3128 | CVE-2022-45693 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3 |
122 | Apache CXF 输入验证错误漏洞 | CNNVD-202212-3125 | CVE-2022-46363 | 高危 | Apache基金会 | https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c |
123 | jszip 路径遍历漏洞 | CNNVD-202301-2295 | CVE-2022-48285 | 高危 | 个人开发者 | https://github.com/Stuk/jszip/releases/tag/v3.10.1 |
124 | Zstandard 资源管理错误漏洞 | CNNVD-202303-2716 | CVE-2022-4899 | 高危 | https://github.com/facebook/zstd/pull/3220 | |
125 | OpenSSL 资源管理错误漏洞 | CNNVD-202302-521 | CVE-2023-0215 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5845-1 |
126 | OpenSSL 代码问题漏洞 | CNNVD-202302-512 | CVE-2023-0216 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5844-1 |
127 | OpenSSL 代码问题漏洞 | CNNVD-202302-516 | CVE-2023-0217 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5844-1 |
128 | OpenSSL 安全漏洞 | CNNVD-202302-524 | CVE-2023-0286 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5845-1 |
129 | GnuTLS 安全漏洞 | CNNVD-202302-884 | CVE-2023-0361 | 高危 | 个人开发者 | https://gitlab.com/gnutls/gnutls/-/issues/1050 |
130 | OpenSSL 代码问题漏洞 | CNNVD-202302-518 | CVE-2023-0401 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5844-1 |
131 | OpenSSL 信任管理问题漏洞 | CNNVD-202303-1681 | CVE-2023-0464 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230322.txt |
132 | Mozilla Firefox 安全漏洞 | CNNVD-202302-1554 | CVE-2023-0767 | 高危 | Mozilla基金会 | https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-0767 |
133 | netplex json-smart 安全漏洞 | CNNVD-202303-1658 | CVE-2023-1370 | 高危 | netplex | https://netplex.github.io/json-smart/ |
134 | Jettison 安全漏洞 | CNNVD-202303-1656 | CVE-2023-1436 | 高危 | Jettison | https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ |
135 | libwebp 资源管理错误漏洞 | CNNVD-202305-177 | CVE-2023-1999 | 高危 | WebP项目 | https://github.com/webmproject/libwebp |
136 | Spring Framework 安全漏洞 | CNNVD-202303-2401 | CVE-2023-20860 | 高危 | Spring | https://spring.io/security/cve-2023-20860 |
137 | Sudo 安全漏洞 | CNNVD-202301-1468 | CVE-2023-22809 | 高危 | 个人开发者 | https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf |
138 | Apache Commons FileUpload 安全漏洞 | CNNVD-202302-1610 | CVE-2023-24998 | 高危 | Apache基金会 | https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy |
139 | HarfBuzz 安全漏洞 | CNNVD-202302-331 | CVE-2023-25193 | 高危 | 个人开发者 | https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc |
140 | Apache Kafka 代码问题漏洞 | CNNVD-202302-515 | CVE-2023-25194 | 高危 | Apache基金会 | https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz |
141 | Git 路径遍历漏洞 | CNNVD-202304-2045 | CVE-2023-25652 | 高危 | github | https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx |
142 | Google TensorFlow 缓冲区错误漏洞 | CNNVD-202303-2129 | CVE-2023-25658 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6 | |
143 | Google TensorFlow 缓冲区错误漏洞 | CNNVD-202303-2128 | CVE-2023-25659 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p | |
144 | Google TensorFlow 代码问题漏洞 | CNNVD-202303-2127 | CVE-2023-25660 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj | |
145 | Google TensorFlow 输入验证错误漏洞 | CNNVD-202303-2126 | CVE-2023-25662 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw | |
146 | Google TensorFlow 代码问题漏洞 | CNNVD-202303-2125 | CVE-2023-25663 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w | |
147 | Google TensorFlow 代码问题漏洞 | CNNVD-202303-2123 | CVE-2023-25665 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g | |
148 | Google TensorFlow 安全漏洞 | CNNVD-202303-2122 | CVE-2023-25666 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2 | |
149 | Google TensorFlow 输入验证错误漏洞 | CNNVD-202303-2121 | CVE-2023-25667 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68 | |
150 | Google TensorFlow 安全漏洞 | CNNVD-202303-2119 | CVE-2023-25669 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p | |
151 | Google TensorFlow 代码问题漏洞 | CNNVD-202303-2118 | CVE-2023-25670 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w | |
152 | Google TensorFlow 缓冲区错误漏洞 | CNNVD-202303-2117 | CVE-2023-25671 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6 | |
153 | Google TensorFlow 代码问题漏洞 | CNNVD-202303-2114 | CVE-2023-25672 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r | |
154 | Google TensorFlow 安全漏洞 | CNNVD-202303-2116 | CVE-2023-25673 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh | |
155 | Google TensorFlow 代码问题漏洞 | CNNVD-202303-2115 | CVE-2023-25674 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579 | |
156 | Google TensorFlow 安全漏洞 | CNNVD-202303-2113 | CVE-2023-25675 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj | |
157 | Google TensorFlow 代码问题漏洞 | CNNVD-202303-2112 | CVE-2023-25676 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq | |
158 | Google TensorFlow 资源管理错误漏洞 | CNNVD-202303-2111 | CVE-2023-25801 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q | |
159 | OpenSSL 安全漏洞 | CNNVD-202305-2503 | CVE-2023-2650 | 高危 | OpenSSL | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a |
160 | Apache HTTP Server 环境问题漏洞 | CNNVD-202303-452 | CVE-2023-27522 | 高危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
161 | curl 注入漏洞 | CNNVD-202303-1551 | CVE-2023-27533 | 高危 | 个人开发者 | https://curl.se/download.html |
162 | curl 路径遍历漏洞 | CNNVD-202303-1547 | CVE-2023-27534 | 高危 | 个人开发者 | https://curl.se/download.html |
163 | Google TensorFlow 安全漏洞 | CNNVD-202303-2110 | CVE-2023-27579 | 高危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8 | |
164 | Jenkins 安全漏洞 | CNNVD-202303-670 | CVE-2023-27899 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-03-08/ |
165 | Jenkins 安全漏洞 | CNNVD-202303-669 | CVE-2023-27900 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-03-08/ |
166 | Jenkins 安全漏洞 | CNNVD-202303-671 | CVE-2023-27901 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-03-08/ |
167 | Apache Tomcat 安全漏洞 | CNNVD-202305-1931 | CVE-2023-28709 | 高危 | Apache基金会 | https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j |
168 | Git 注入漏洞 | CNNVD-202304-2063 | CVE-2023-29007 | 高危 | github | https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 |
169 | SheetJS 安全漏洞 | CNNVD-202304-1870 | CVE-2023-30533 | 高危 | sheetjs | https://cdn.sheetjs.com/advisories/CVE-2023-30533 |
170 | Snowflake JDBC 命令注入漏洞 | CNNVD-202304-1210 | CVE-2023-30535 | 高危 | Snowflake | https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-4g3j-c4wg-6j7x |
171 | Flask 安全漏洞 | CNNVD-202305-091 | CVE-2023-30861 | 高危 | Pallets | https://github.com/pallets/flask/releases/tag/2.3.2 |
172 | illumos 缓冲区错误漏洞 | CNNVD-202305-266 | CVE-2023-31284 | 高危 | 个人开发者 | https://illumos.topicbox.com/groups/developer/T13ef186a53edeb5c-M821cc18b5884e04e16daa8fd/cve-2023-31284-buffer-overflow-in-dev-net |
173 | Apache Tomcat 安全漏洞 | CNNVD-202306-1525 | CVE-2023-34981 | 高危 | Apache基金会 | https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz |
174 | Apache Axis 跨站脚本漏洞 | CNNVD-201808-082 | CVE-2018-8032 | 中危 | apache | https://issues.apache.org/jira/browse/AXIS-2924 |
175 | Apache ActiveMQ 跨站脚本漏洞 | CNNVD-202102-588 | CVE-2020-13947 | 中危 | Apache基金会 | http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt |
176 | Apache HttpClient 安全漏洞 | CNNVD-202010-372 | CVE-2020-13956 | 中危 | Apache基金会 | https://www.apache.org/ |
177 | Junit 信息泄露漏洞 | CNNVD-202010-445 | CVE-2020-15250 | 中危 | 个人开发者 | https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md |
178 | Apache Groovy 安全漏洞 | CNNVD-202012-422 | CVE-2020-17521 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel |
179 | Apache Hive 信息泄露漏洞 | CNNVD-202103-1010 | CVE-2020-1926 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E |
180 | Netty 环境问题漏洞 | CNNVD-202103-713 | CVE-2021-21295 | 中危 | Netty社区 | https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4 |
181 | Google protobuf 安全漏洞 | CNNVD-202201-628 | CVE-2021-22569 | 中危 | https://cloud.google.com/support/bulletins#gcp-2022-001 | |
182 | ISC BIND 环境问题漏洞 | CNNVD-202203-1514 | CVE-2021-25220 | 中危 | ISC | https://vigilance.fr/vulnerability/ISC-BIND-spoofing-via-DNS-Forwarders-Cache-Poisoning-37754 |
183 | Maxim Nesen jersey 安全漏洞 | CNNVD-202104-1669 | CVE-2021-28168 | 中危 | Maxim Nesen | https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv |
184 | OpenJPEG 输入验证错误漏洞 | CNNVD-202104-1124 | CVE-2021-29338 | 中危 | 个人开发者 | https://github.com/uclouvain/openjpeg |
185 | Apache Commons IO 路径遍历漏洞 | CNNVD-202104-702 | CVE-2021-29425 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/IO-556 |
186 | Eclipse Jetty 安全漏洞 | CNNVD-202107-1094 | CVE-2021-34429 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm |
187 | Apache Ant 安全漏洞 | CNNVD-202107-983 | CVE-2021-36373 | 中危 | Apache基金会 | https://ant.apache.org/ |
188 | Apache Ant 安全漏洞 | CNNVD-202107-984 | CVE-2021-36374 | 中危 | Apache基金会 | https://ant.apache.org/ |
189 | Apache Commons Net 输入验证错误漏洞 | CNNVD-202212-2188 | CVE-2021-37533 | 中危 | Apache基金会 | https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 |
190 | Libgcrypt 加密问题漏洞 | CNNVD-202109-275 | CVE-2021-40528 | 中危 | GNU社区 | https://gnupg.org/index.html |
191 | jQuery 跨站脚本漏洞 | CNNVD-202110-1843 | CVE-2021-41182 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
192 | jQuery 跨站脚本漏洞 | CNNVD-202110-1839 | CVE-2021-41183 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
193 | Openjs Jquery Ui 跨站脚本漏洞 | CNNVD-202110-1845 | CVE-2021-41184 | 中危 | Openjs基金会 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
194 | Apache MINA 安全漏洞 | CNNVD-202111-238 | CVE-2021-41973 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E |
195 | Apache Log4j 输入验证错误漏洞 | CNNVD-202112-2743 | CVE-2021-44832 | 中危 | Apache基金会 | https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf |
196 | Apache Log4j 安全漏洞 | CNNVD-202112-1493 | CVE-2021-45105 | 中危 | Apache基金会 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd |
197 | OpenJPEG 安全漏洞 | CNNVD-202203-2498 | CVE-2022-1122 | 中危 | 个人开发者 | https://github.com/uclouvain/openjpeg/issues/1368 |
198 | Vmware Spring Framework 安全漏洞 | CNNVD-202203-2333 | CVE-2022-22950 | 中危 | VMware | https://tanzu.vmware.com/security/cve-2022-22950 |
199 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-2988 | CVE-2022-22970 | 中危 | Spring团队 | https://spring.io/projects/spring-framework |
200 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-2980 | CVE-2022-22971 | 中危 | Spring团队 | https://spring.io/projects/spring-framework |
201 | Xerces 安全漏洞 | CNNVD-202201-2238 | CVE-2022-23437 | 中危 | Apache基金会 | https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl |
202 | Containous Traefik 日志信息泄露漏洞 | CNNVD-202212-2756 | CVE-2022-23469 | 中危 | Containous | https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp |
203 | CKEditor 跨站脚本漏洞 | CNNVD-202203-1546 | CVE-2022-24728 | 中危 | 个人开发者 | https://ckeditor.com/cke4/release/CKEditor-4.18 |
204 | OWASP ESAPI 安全漏洞 | CNNVD-202204-4523 | CVE-2022-24891 | 中危 | 个人开发者 | https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q |
205 | Apache Portable Runtime 输入验证错误漏洞 | CNNVD-202301-2414 | CVE-2022-25147 | 中危 | Apache基金会 | https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 |
206 | ISC BIND 资源管理错误漏洞 | CNNVD-202209-1695 | CVE-2022-2795 | 中危 | ISC | https://kb.isc.org/docs/cve-2022-2795 |
207 | jQuery 跨站脚本漏洞 | CNNVD-202207-2121 | CVE-2022-31160 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
208 | Apache Spark 注入漏洞 | CNNVD-202211-1852 | CVE-2022-31777 | 中危 | Apache基金会 | https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q |
209 | Apache Tomcat 跨站脚本漏洞 | CNNVD-202206-2227 | CVE-2022-34305 | 中危 | Apache基金会 | https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k |
210 | Dell BSAFE 安全漏洞 | CNNVD-202302-738 | CVE-2022-34364 | 中危 | Dell | https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability |
211 | jsoup 跨站脚本漏洞 | CNNVD-202208-4329 | CVE-2022-36033 | 中危 | 个人开发者 | https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
212 | Apache HTTP Server 注入漏洞 | CNNVD-202301-1298 | CVE-2022-37436 | 中危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
213 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202209-2289 | CVE-2022-38398 | 中危 | Apache基金会 | https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx |
214 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202209-2288 | CVE-2022-38648 | 中危 | Apache基金会 | https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b |
215 | SnakeYAML 缓冲区错误漏洞 | CNNVD-202209-169 | CVE-2022-38751 | 中危 | SnakeYAML | https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
216 | SnakeYAML 缓冲区错误漏洞 | CNNVD-202209-171 | CVE-2022-38752 | 中危 | snakeYAML | https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
217 | JasPer 安全漏洞 | CNNVD-202209-1374 | CVE-2022-40755 | 中危 | 个人开发者 | https://github.com/jasper-software/jasper/issues/338 |
218 | Python 安全漏洞 | CNNVD-202212-3796 | CVE-2022-40897 | 中危 | Python基金会 | https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be |
219 | Netty 安全漏洞 | CNNVD-202212-3060 | CVE-2022-41915 | 中危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp |
220 | OpenSSL 缓冲区错误漏洞 | CNNVD-202302-506 | CVE-2022-4203 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
221 | OpenSSL 安全漏洞 | CNNVD-202302-514 | CVE-2022-4304 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
222 | Apache James 信息泄露漏洞 | CNNVD-202301-447 | CVE-2022-45787 | 中危 | Apache基金会 | https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj |
223 | Containous Traefik 信任管理问题漏洞 | CNNVD-202212-2752 | CVE-2022-46153 | 中危 | Containous | https://github.com/traefik/traefik/releases/tag/v2.9.6 |
224 | OpenSSL 信任管理问题漏洞 | CNNVD-202303-2432 | CVE-2023-0465 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230328.txt |
225 | OpenSSL 信任管理问题漏洞 | CNNVD-202303-2431 | CVE-2023-0466 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230328.txt |
226 | OpenSSL 缓冲区错误漏洞 | CNNVD-202304-1714 | CVE-2023-1255 | 中危 | OpenSSL | https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 |
227 | Spring Framework 安全漏洞 | CNNVD-202303-1917 | CVE-2023-20861 | 中危 | Spring | https://spring.io/security/cve-2023-20861 |
228 | Spring Framework 安全漏洞 | CNNVD-202304-1094 | CVE-2023-20863 | 中危 | Spring | https://spring.io/security/cve-2023-20863 |
229 | Zip4j 访问控制错误漏洞 | CNNVD-202301-648 | CVE-2023-22899 | 中危 | 个人开发者 | https://github.com/srikanth-lingala/zip4j/releases |
230 | curl 安全漏洞 | CNNVD-202302-1928 | CVE-2023-23915 | 中危 | 个人开发者 | https://github.com/curl/curl/releases/tag/curl-7_88_1 |
231 | curl 安全漏洞 | CNNVD-202302-1927 | CVE-2023-23916 | 中危 | 个人开发者 | https://github.com/curl/curl/releases/tag/curl-7_88_1 |
232 | cryptography 代码问题漏洞 | CNNVD-202302-523 | CVE-2023-23931 | 中危 | Cryptographic | https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r |
233 | Google Golang 安全漏洞 | CNNVD-202303-632 | CVE-2023-24532 | 中危 | https://github.com/golang/go/issues/58647 | |
234 | TensorFlow 输入验证错误漏洞 | CNNVD-202303-2284 | CVE-2023-25661 | 中危 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq | |
235 | Eclipse Jetty 资源管理错误漏洞 | CNNVD-202304-1443 | CVE-2023-26048 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8 |
236 | Eclipse Jetty 信息泄露漏洞 | CNNVD-202304-1442 | CVE-2023-26049 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c |
237 | Jenkins 安全漏洞 | CNNVD-202303-675 | CVE-2023-27902 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2023-03-08/ |
238 | Jenkins 安全漏洞 | CNNVD-202303-674 | CVE-2023-27903 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2023-03-08/ |
239 | Jenkins 安全漏洞 | CNNVD-202303-673 | CVE-2023-27904 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2023-03-08/ |
240 | CKEditor 跨站脚本漏洞 | CNNVD-202303-1790 | CVE-2023-28439 | 中危 | CKEditor | https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g |
241 | libxml2 代码问题漏洞 | CNNVD-202304-908 | CVE-2023-28484 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f |
242 | Apache Tomcat 安全漏洞 | CNNVD-202303-1662 | CVE-2023-28708 | 中危 | Apache基金会 | https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 |
243 | Redis 安全漏洞 | CNNVD-202304-1384 | CVE-2023-28856 | 中危 | Redis Labs | https://github.com/redis/redis/ |
244 | libxml2 资源管理错误漏洞 | CNNVD-202304-907 | CVE-2023-29469 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 |
245 | Google Guava 访问控制错误漏洞 | CNNVD-202012-827 | CVE-2020-8908 | 低危 | https://github.com/google/guava/issues/4011 | |
246 | Eclipse Jetty 输入验证错误漏洞 | CNNVD-202207-599 | CVE-2022-2047 | 低危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q |
247 | Apache Tika 安全漏洞 | CNNVD-202206-2671 | CVE-2022-33879 | 低危 | Apache基金会 | https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpujul2023.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。