近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞60个,影响到Oracle产品的其他厂商漏洞247个。包括Oracle Application Express 安全漏洞(CNNVD-202307-1575、CVE-2023-21975)、Oracle Application Express 安全漏洞(CNNVD-202307-1588、CVE-2023-21974)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2023年7月18日,Oracle发布了2023年7月份安全更新,共307个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Database Server、Oracle Solaris、Oracle Fusion Middleware、Oracle Essbase、Oracle Virtualization等。CNNVD对其危害等级进行了评价,其中超危漏洞52个,高危漏洞129个,中危漏洞111个,低危漏洞15个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpujul2023.html

二、漏洞详情

此次更新共包括56个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞6个,中危漏洞37个,低危漏洞11个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle Application Express 安全漏洞

CNNVD-202307-1575

CVE-2023-21975

超危

https://www.oracle.com/security-alerts/cpujul2023.html

2

Oracle Application Express 安全漏洞

CNNVD-202307-1588

CVE-2023-21974

超危

https://www.oracle.com/security-alerts/cpujul2023.html

3

Oracle Virtualization 安全漏洞

CNNVD-202307-1589

CVE-2023-22018

高危

https://www.oracle.com/security-alerts/cpujul2023.html

4

Oracle Solaris 安全漏洞

CNNVD-202307-1596

CVE-2023-22023

高危

https://www.oracle.com/security-alerts/cpujul2023.html

5

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

CNNVD-202307-1602

CVE-2023-22014

高危

https://www.oracle.com/security-alerts/cpujul2023.html

6

Oracle PeopleSoft 安全漏洞

CNNVD-202307-1624

CVE-2023-22047

高危

https://www.oracle.com/security-alerts/cpujul2023.html

7

Oracle Hyperion 安全漏洞

CNNVD-202307-1631

CVE-2023-22060

高危

https://www.oracle.com/security-alerts/cpujul2023.html

8

Oracle Hyperion 安全漏洞

CNNVD-202307-1640

CVE-2023-22062

高危

https://www.oracle.com/security-alerts/cpujul2023.html

9

Oracle Essbase 安全漏洞

CNNVD-202307-1572

CVE-2023-21961

中危

https://www.oracle.com/security-alerts/cpujul2023.html

10

Oracle MySQL 安全漏洞

CNNVD-202307-1574

CVE-2023-21950

中危

https://www.oracle.com/security-alerts/cpujul2023.html

11

Oracle MySQL 安全漏洞

CNNVD-202307-1576

CVE-2023-22005

中危

https://www.oracle.com/security-alerts/cpujul2023.html

12

Oracle Fusion Middleware 安全漏洞

CNNVD-202307-1577

CVE-2023-21994

中危

https://www.oracle.com/security-alerts/cpujul2023.html

13

Oracle E-Business Suite 安全漏洞

CNNVD-202307-1578

CVE-2023-22004

中危

https://www.oracle.com/security-alerts/cpujul2023.html

14

Oracle MySQL 安全漏洞

CNNVD-202307-1579

CVE-2023-22008

中危

https://www.oracle.com/security-alerts/cpujul2023.html

15

Oracle MySQL 安全漏洞

CNNVD-202307-1581

CVE-2023-22007

中危

https://www.oracle.com/security-alerts/cpujul2023.html

16

Oracle Business Intelligence Enterprise Edition 安全漏洞

CNNVD-202307-1584

CVE-2023-22013

中危

https://www.oracle.com/security-alerts/cpujul2023.html

17

Oracle E-Business Suite 安全漏洞

CNNVD-202307-1585

CVE-2023-22009

中危

https://www.oracle.com/security-alerts/cpujul2023.html

18

Oracle Application Express 安全漏洞

CNNVD-202307-1586

CVE-2023-21983

中危

https://www.oracle.com/security-alerts/cpujul2023.html

19

Oracle Business Intelligence Enterprise Edition 安全漏洞

CNNVD-202307-1587

CVE-2023-22011

中危

https://www.oracle.com/security-alerts/cpujul2023.html

20

Oracle Business Intelligence Enterprise Edition 安全漏洞

CNNVD-202307-1590

CVE-2023-22020

中危

https://www.oracle.com/security-alerts/cpujul2023.html

21

Oracle Business Intelligence Enterprise Edition 安全漏洞

CNNVD-202307-1591

CVE-2023-22021

中危

https://www.oracle.com/security-alerts/cpujul2023.html

22

Oracle Health Sciences Applications 安全漏洞

CNNVD-202307-1592

CVE-2023-22022

中危

https://www.oracle.com/security-alerts/cpujul2023.html

23

Oracle Business Intelligence Enterprise Edition 安全漏洞

CNNVD-202307-1593

CVE-2023-22027

中危

https://www.oracle.com/security-alerts/cpujul2023.html

24

Oracle MySQL 安全漏洞

CNNVD-202307-1594

CVE-2023-22033

中危

https://www.oracle.com/security-alerts/cpujul2023.html

25

Oracle Virtualization 安全漏洞

CNNVD-202307-1595

CVE-2023-22017

中危

https://www.oracle.com/security-alerts/cpujul2023.html

26

Oracle Database Server 安全漏洞

CNNVD-202307-1597

CVE-2023-22034

中危

https://www.oracle.com/security-alerts/cpujul2023.html

27

Oracle Fusion Middleware 安全漏洞

CNNVD-202307-1598

CVE-2023-22031

中危

https://www.oracle.com/security-alerts/cpujul2023.html

28

Oracle E-Business Suite 安全漏洞

CNNVD-202307-1599

CVE-2023-22037

中危

https://www.oracle.com/security-alerts/cpujul2023.html

29

Oracle E-Business Suite 安全漏洞

CNNVD-202307-1600

CVE-2023-22035

中危

https://www.oracle.com/security-alerts/cpujul2023.html

30

Oracle Supply Chain Products Suite 安全漏洞

CNNVD-202307-1604

CVE-2023-22039

中危

https://www.oracle.com/security-alerts/cpujul2023.html

31

Oracle Java SE 安全漏洞

CNNVD-202307-1605

CVE-2023-22041

中危

https://www.oracle.com/security-alerts/cpujul2023.html

32

Oracle E-Business Suite 安全漏洞

CNNVD-202307-1606

CVE-2023-22042

中危

https://www.oracle.com/security-alerts/cpujul2023.html

33

Oracle Java SE 安全漏洞

CNNVD-202307-1608

CVE-2023-22043

中危

https://www.oracle.com/security-alerts/cpujul2023.html

34

Oracle MySQL 安全漏洞

CNNVD-202307-1610

CVE-2023-22046

中危

https://www.oracle.com/security-alerts/cpujul2023.html

35

Oracle Business Intelligence Enterprise Edition 安全漏洞

CNNVD-202307-1612

CVE-2023-22012

中危

https://www.oracle.com/security-alerts/cpujul2023.html

36

Oracle Virtualization 安全漏洞

CNNVD-202307-1613

CVE-2023-22016

中危

https://www.oracle.com/security-alerts/cpujul2023.html

37

Oracle Fusion Middleware 安全漏洞

CNNVD-202307-1614

CVE-2023-22040

中危

https://www.oracle.com/security-alerts/cpujul2023.html

38

Oracle JD Edwards 安全漏洞

CNNVD-202307-1617

CVE-2023-22050

中危

https://www.oracle.com/security-alerts/cpujul2023.html

39

Oracle MySQL 安全漏洞

CNNVD-202307-1621

CVE-2023-22053

中危

https://www.oracle.com/security-alerts/cpujul2023.html

40

Oracle MySQL 安全漏洞

CNNVD-202307-1625

CVE-2023-22054

中危

https://www.oracle.com/security-alerts/cpujul2023.html

41

Oracle JD Edwards 安全漏洞

CNNVD-202307-1626

CVE-2023-22055

中危

https://www.oracle.com/security-alerts/cpujul2023.html

42

Oracle MySQL 安全漏洞

CNNVD-202307-1628

CVE-2023-22056

中危

https://www.oracle.com/security-alerts/cpujul2023.html

43

Oracle MySQL Server 安全漏洞

CNNVD-202307-1629

CVE-2023-22057

中危

https://www.oracle.com/security-alerts/cpujul2023.html

44

Oracle Business Intelligence Enterprise Edition 安全漏洞

CNNVD-202307-1634

CVE-2023-22061

中危

https://www.oracle.com/security-alerts/cpujul2023.html

45

Oracle MySQL Server 安全漏洞

CNNVD-202307-1636

CVE-2023-22058

中危

https://www.oracle.com/security-alerts/cpujul2023.html

46

Oracle Database Server 安全漏洞

CNNVD-202307-1573

CVE-2023-21949

低危

https://www.oracle.com/security-alerts/cpujul2023.html

47

Oracle Java SE 安全漏洞

CNNVD-202307-1580

CVE-2023-22006

低危

https://www.oracle.com/security-alerts/cpujul2023.html

48

Oracle Essbase 安全漏洞

CNNVD-202307-1582

CVE-2023-22010

低危

https://www.oracle.com/security-alerts/cpujul2023.html

49

Oracle MySQL 安全漏洞

CNNVD-202307-1601

CVE-2023-22038

低危

https://www.oracle.com/security-alerts/cpujul2023.html

50

Oracle Java SE 安全漏洞

CNNVD-202307-1603

CVE-2023-22036

低危

https://www.oracle.com/security-alerts/cpujul2023.html

51

Oracle Java SE 安全漏洞

CNNVD-202307-1611

CVE-2023-22044

低危

https://www.oracle.com/security-alerts/cpujul2023.html

52

Oracle MySQL 安全漏洞

CNNVD-202307-1615

CVE-2023-22048

低危

https://www.oracle.com/security-alerts/cpujul2023.html

53

Oracle Java SE 安全漏洞

CNNVD-202307-1616

CVE-2023-22045

低危

https://www.oracle.com/security-alerts/cpujul2023.html

54

Oracle Java SE 安全漏洞

CNNVD-202307-1619

CVE-2023-22049

低危

https://www.oracle.com/security-alerts/cpujul2023.html

55

Oracle Java SE 安全漏洞

CNNVD-202307-1620

CVE-2023-22051

低危

https://www.oracle.com/security-alerts/cpujul2023.html

56

Oracle Database Server 安全漏洞

CNNVD-202307-1623

CVE-2023-22052

低危

https://www.oracle.com/security-alerts/cpujul2023.html

此次更新共包括4个更新漏洞的补丁程序,其中中危漏洞3个,低危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle Java SE 安全漏洞

CNNVD-202301-1353

CVE-2023-21830

中危

https://www.oracle.com/security-alerts/cpujan2029.html

2

Oracle Java SE 安全漏洞

CNNVD-202301-1360

CVE-2023-21835

中危

https://www.oracle.com/security-alerts/cpujan2033.html

3

Oracle MySQL 安全漏洞

CNNVD-202304-1486

CVE-2023-21971

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

4

Oracle Java SE 安全漏洞

CNNVD-202301-1370

CVE-2023-21843

低危

https://www.oracle.com/security-alerts/cpujan2041.html

此次更新共包括247个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞50个,高危漏洞123个,中危漏洞71个,低危漏洞3个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

厂商

官方链接

1

Apache Hive JDBC驱动程序SQL注入漏洞

CNNVD-201804-274

CVE-2018-1282

超危

Apache基金会

https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E

2

Terracotta Quartz Scheduler 代码问题漏洞

CNNVD-201907-1383

CVE-2019-13990

超危

softwareag

http://www.quartz-scheduler.org/

3

Swagger UI 跨站请求伪造漏洞

CNNVD-201910-715

CVE-2019-17495

超危

个人开发者

https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11

4

FasterXML jackson-databind 代码问题漏洞

CNNVD-201910-774

CVE-2019-17531

超危

Fasterxml

https://github.com/FasterXML/jackson-databind/issues/2498

5

Apache Log4j 代码问题漏洞

CNNVD-201912-950

CVE-2019-17571

超危

Apache基金会

https://www.apache.org/

6

Apache ActiveMQ 代码注入漏洞

CNNVD-202009-680

CVE-2020-11998

超危

Apache基金会

http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt

7

Apache Commons Configuration 输入验证错误漏洞

CNNVD-202003-821

CVE-2020-1953

超危

Apache基金会

https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E

8

Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞

CNNVD-202207-838

CVE-2020-29508

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

9

Dell BSAFE 安全特征问题漏洞

CNNVD-202207-834

CVE-2020-35163

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

10

Dell BSAFE 安全漏洞

CNNVD-202207-832

CVE-2020-35166

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

11

Dell BSAFE 安全漏洞

CNNVD-202207-831

CVE-2020-35167

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

12

Dell BSAFE 安全漏洞

CNNVD-202207-828

CVE-2020-35168

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

13

Dell BSAFE 输入验证错误漏洞

CNNVD-202207-830

CVE-2020-35169

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

14

Apache Chainsaw 代码问题漏洞

CNNVD-202106-1293

CVE-2020-9493

超危

Apache基金会

https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E

15

Apache Xmlbeans 输入验证错误漏洞

CNNVD-202101-1146

CVE-2021-23926

超危

Apache基金会

https://issues.apache.org/jira/browse/XMLBEANS-517

16

Microsoft .NET Core 安全漏洞

CNNVD-202102-681

CVE-2021-24112

超危

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112

17

LZ4 输入验证错误漏洞

CNNVD-202104-2105

CVE-2021-3520

超危

个人开发者

https://github.com/lz4/lz4/pull/972

18

Sanitize 输入验证错误漏洞

CNNVD-202110-1259

CVE-2021-42575

超危

个人开发者

https://owasp.org/www-project-java-html-sanitizer/

19

iText 命令注入漏洞

CNNVD-202112-1333

CVE-2021-43113

超危

个人开发者

https://github.com/itext/itext7/releases/tag/7.1.17

20

Apache Log4j 代码问题漏洞

CNNVD-202112-799

CVE-2021-44228

超危

Apache基金会

https://logging.apache.org/log4j/2.x/security.html

21

Apache Log4j 代码问题漏洞

CNNVD-202112-1065

CVE-2021-45046

超危

Apache基金会

https://logging.apache.org/log4j/2.x/security.html。

22

SnakeYAML 代码问题漏洞

CNNVD-202212-1820

CVE-2022-1471

超危

个人开发者

https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2

23

Dexie 安全漏洞

CNNVD-202205-1809

CVE-2022-21189

超危

个人开发者

https://github.com/dexie/Dexie.js

24

Apache Log4j SQL注入漏洞

CNNVD-202201-1421

CVE-2022-23305

超危

Apache基金会

https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y

25

OWASP ESAPI 路径遍历漏洞

CNNVD-202204-4378

CVE-2022-23457

超危

个人开发者

https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2

26

Apache Hadoop 操作系统命令注入漏洞

CNNVD-202208-2167

CVE-2022-25168

超危

Apache基金会

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

27

Apache Hadoop 路径遍历漏洞

CNNVD-202204-2605

CVE-2022-26612

超危

Apache基金会

https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz

28

FreeType 缓冲区错误漏洞

CNNVD-202204-4272

CVE-2022-27404

超危

个人开发者

https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138

29

Pallets Werkzeug 环境问题漏洞

CNNVD-202205-4094

CVE-2022-29361

超危

个人开发者

https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85

30

VMware Spring Security 安全漏洞

CNNVD-202210-2599

CVE-2022-31692

超危

VMware

https://tanzu.vmware.com/security/cve-2022-31692

31

Apache Commons Configuration 代码注入漏洞

CNNVD-202207-428

CVE-2022-33980

超危

Apache基金会

https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s

32

Apache HTTP Server 环境问题漏洞

CNNVD-202301-1299

CVE-2022-36760

超危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

33

Scala 代码问题漏洞

CNNVD-202209-2463

CVE-2022-36944

超危

Scala

https://www.scala-lang.org/download/

34

zlib 缓冲区错误漏洞

CNNVD-202208-2276

CVE-2022-37434

超危

个人开发者

https://github.com/madler/zlib/

35

XKCP 输入验证错误漏洞

CNNVD-202210-1541

CVE-2022-37454

超危

XKCP

https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a

36

Apache Ivy 路径遍历漏洞

CNNVD-202211-2196

CVE-2022-37865

超危

Apache基金会

https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy

37

Apache Calcite 代码问题漏洞

CNNVD-202209-697

CVE-2022-39135

超危

Apache基金会

https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082

38

HSQLDB 安全漏洞

CNNVD-202210-196

CVE-2022-41853

超危

The HSQL Development Group

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7

39

Apache Commons BCEL 缓冲区错误漏洞

CNNVD-202211-2199

CVE-2022-42920

超危

Apache基金会

https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4

40

Apache MINA 代码问题漏洞

CNNVD-202211-2918

CVE-2022-45047

超危

Apache基金会

https://www.mail-archive.com/dev@mina.apache.org/msg39312.html

41

Apache CXF 代码问题漏洞

CNNVD-202212-3143

CVE-2022-46364

超危

Apache基金会

https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c

42

Spring Framework 安全漏洞

CNNVD-202304-1667

CVE-2023-20862

超危

Spring

https://spring.io/security/cve-2023-20862

43

Spring Framework 安全漏洞

CNNVD-202304-1732

CVE-2023-20873

超危

Spring

https://spring.io/security/cve-2023-20873

44

Apache Spark 安全漏洞

CNNVD-202304-1307

CVE-2023-22946

超危

Apache基金会

https://lists.apache.org/thread/yllfl25xh5tbotjmg93zrq4bzwhqc0gv

45

curl 安全漏洞

CNNVD-202302-1929

CVE-2023-23914

超危

个人开发者

https://github.com/curl/curl/releases/tag/curl-7_88_1

46

Google TensorFlow 安全漏洞

CNNVD-202303-2124

CVE-2023-25664

超危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr

47

Google TensorFlow 安全漏洞

CNNVD-202303-2120

CVE-2023-25668

超危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96

48

Apache HTTP Server 环境问题漏洞

CNNVD-202303-456

CVE-2023-25690

超危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

49

HtmlUnit 安全漏洞

CNNVD-202304-058

CVE-2023-26119

超危

个人开发者

https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b

50

Jenkins 跨站脚本漏洞

CNNVD-202303-668

CVE-2023-27898

超危

Jenkins

https://www.jenkins.io/security/advisory/2023-03-08/

51

Apache HTTP Server 缓冲区错误漏洞

CNNVD-202301-1294

CVE-2006-20001

高危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

52

zlib 缓冲区错误漏洞

CNNVD-202203-2221

CVE-2018-25032

高危

个人开发者

https://z-lib.org/

53

Apache Axis 代码问题漏洞

CNNVD-201904-472

CVE-2019-0227

高危

apache

http://axis.apache.org/

54

Apache Commons Beanutils 代码问题漏洞

CNNVD-201908-1140

CVE-2019-10086

高危

debian

https://issues.apache.org/jira/browse/BEANUTILS-520

55

Apache Commons Compress 资源管理错误漏洞

CNNVD-201908-2148

CVE-2019-12402

高危

apache

https://commons.apache.org/proper/commons-compress/security-reports.html

56

Python 代码问题漏洞

CNNVD-202209-155

CVE-2020-10735

高危

Python基金会

https://www.python.org/

57

Apache XmlGraphics Commons 代码问题漏洞

CNNVD-202102-1587

CVE-2020-11988

高危

Apache基金会

https://xmlgraphics.apache.org/security.html

58

Iteris Apache Velocity 安全漏洞

CNNVD-202103-758

CVE-2020-13936

高危

Iteris

https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E

59

Apache Thrift 资源管理错误漏洞

CNNVD-202102-1099

CVE-2020-13949

高危

Apache基金会

https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E

60

Dell BSAFE 安全漏洞

CNNVD-202207-833

CVE-2020-35164

高危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

61

FasterXML jackson-databind 缓冲区错误漏洞

CNNVD-202203-1165

CVE-2020-36518

高危

个人开发者

https://github.com/FasterXML/jackson-databind/issues/2816

62

joyent json 操作系统命令注入漏洞

CNNVD-202008-1430

CVE-2020-7712

高危

个人开发者

https://snyk.io/vuln/SNYK-JS-JSON-597481

63

CodeMirror 资源管理错误漏洞

CNNVD-202010-1679

CVE-2020-7760

高危

Codemirror

https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb

64

Apache Hadoop 代码问题漏洞

CNNVD-202208-3967

CVE-2021-25642

高危

Apache基金会

https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150

65

Apache ActiveMQ 授权问题漏洞

CNNVD-202101-2471

CVE-2021-26117

高危

Apache基金会

https://issues.apache.org/jira/browse/AMQ-8035

66

JDOM 代码问题漏洞

CNNVD-202106-1323

CVE-2021-33813

高危

个人开发者

https://github.com/hunterhacker/jdom。

67

Apache Hive 访问控制错误漏洞

CNNVD-202207-1393

CVE-2021-34538

高危

Apache基金会

https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354

68

Apache Commons Compress 安全漏洞

CNNVD-202107-896

CVE-2021-35515

高危

Apache基金会

https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E

69

Apache Commons Compress 安全漏洞

CNNVD-202107-897

CVE-2021-35516

高危

Apache基金会

https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E

70

Apache Commons Compress 安全漏洞

CNNVD-202107-898

CVE-2021-35517

高危

Apache基金会

https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E

71

Apache Commons Compress 安全漏洞

CNNVD-202107-899

CVE-2021-36090

高危

Apache基金会

https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E

72

Apache Santuario 信息泄露漏洞

CNNVD-202109-1259

CVE-2021-40690

高危

Apache基金会

https://santuario.apache.org/javaindex.html

73

Apache Log4j 代码问题漏洞

CNNVD-202112-1011

CVE-2021-4104

高危

Apache基金会

https://logging.apache.org/log4j/2.x/security.html

74

XStream 资源管理错误漏洞

CNNVD-202201-2709

CVE-2021-43859

高危

XStream

https://x-stream.github.io/CVE-2021-43859.html

75

FasterXML jackson-databind 安全漏洞

CNNVD-202303-1466

CVE-2021-46877

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3328

76

Eclipse Jetty 资源管理错误漏洞

CNNVD-202207-594

CVE-2022-2048

高危

个人开发者

https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j

77

Eclipse Jetty 安全漏洞

CNNVD-202207-589

CVE-2022-2191

高危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28

78

Apache Log4j 代码问题漏洞

CNNVD-202201-1420

CVE-2022-23302

高危

Apache基金会

https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w

79

Apache Log4j 代码问题漏洞

CNNVD-202201-1425

CVE-2022-23307

高危

Apache基金会

https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh

80

Certifi 数据伪造问题漏洞

CNNVD-202212-2660

CVE-2022-23491

高危

Certifi

https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8

81

DELL BSAFE SSL-J 安全漏洞

CNNVD-202202-1801

CVE-2022-24409

高危

DELL

https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel

82

CKEditor 资源管理错误漏洞

CNNVD-202203-1545

CVE-2022-24729

高危

个人开发者

https://ckeditor.com/cke4/release/CKEditor-4.18

83

gson 代码问题漏洞

CNNVD-202205-1791

CVE-2022-25647

高危

个人开发者

https://github.com/google/gson/pull/1991/files

84

FreeType 缓冲区错误漏洞

CNNVD-202204-4275

CVE-2022-27405

高危

个人开发者

https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139

85

FreeType 缓冲区错误漏洞

CNNVD-202204-4261

CVE-2022-27406

高危

个人开发者

http://freetype.com

86

HtmlUnit 安全漏洞

CNNVD-202204-4297

CVE-2022-29546

高危

个人开发者

https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg

87

JasPer 安全漏洞

CNNVD-202210-1004

CVE-2022-2963

高危

个人开发者

https://github.com/jasper-software/jasper/commit/270000671d4f411fe7e65c7bc02fd6ff14dd6946

88

Moment.js 资源管理错误漏洞

CNNVD-202207-502

CVE-2022-31129

高危

个人开发者

https://github.com/moment/moment/pull/6015#issuecomment-1152961973

89

PostgreSQL JDBC Driver SQL注入漏洞

CNNVD-202208-2126

CVE-2022-31197

高危

PostgreSQL

https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2

90

PHP 缓冲区错误漏洞

CNNVD-202210-2512

CVE-2022-31630

高危

PHP

https://www.php.net/ChangeLog-8.php#8.0.

91

VMware Spring Security 安全漏洞

CNNVD-202210-2598

CVE-2022-31690

高危

VMware

https://tanzu.vmware.com/security/cve-2022-31690

92

Google protobuf 安全漏洞

CNNVD-202210-769

CVE-2022-3171

高危

Google

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2

93

NSS 安全漏洞

CNNVD-202210-947

CVE-2022-3479

高危

Mozilla基金会

https://bugzilla.mozilla.org/show_bug.cgi?id=1774654

94

OpenSSL 安全漏洞

CNNVD-202210-2605

CVE-2022-3602

高危

OpenSSL团队

https://www.openssl.org/news/secadv/20221101.txt

95

OpenSSL 安全漏洞

CNNVD-202210-2604

CVE-2022-3786

高危

OpenSSL团队

https://www.openssl.org/news/secadv/20221101.txt

96

Apache Ivy 路径遍历漏洞

CNNVD-202211-2195

CVE-2022-37866

高危

Apache基金会

https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b

97

OpenSSL 安全漏洞

CNNVD-202212-2982

CVE-2022-3996

高危

OpenSSL

https://github.com/openssl/openssl/

98

Apache XML Graphics Batik代码问题漏洞

CNNVD-202209-2287

CVE-2022-40146

高危

Apache基金会

https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx

99

Jettison 缓冲区错误漏洞

CNNVD-202209-1235

CVE-2022-40149

高危

个人开发者

https://github.com/jettison-json/jettison/issues/45

100

Jettison 资源管理错误漏洞

CNNVD-202209-1233

CVE-2022-40150

高危

个人开发者

https://github.com/jettison-json/jettison/issues/45

101

XStream 缓冲区错误漏洞

CNNVD-202209-1234

CVE-2022-40151

高危

XStream

https://github.com/x-stream/xstream/issues/304

102

XStream 缓冲区错误漏洞

CNNVD-202209-1230

CVE-2022-40152

高危

XStream

https://github.com/x-stream/xstream/issues/304

103

Apache SOAP 代码问题漏洞

CNNVD-202209-2283

CVE-2022-40705

高危

Apache基金会

https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl

104

Apache XML Graphics Batik 代码问题漏洞

CNNVD-202210-1712

CVE-2022-41704

高危

Apache基金会

https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf

105

Netty 安全漏洞

CNNVD-202212-2914

CVE-2022-41881

高危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v

106

XStream 安全漏洞

CNNVD-202212-4034

CVE-2022-41966

高危

XStream

https://x-stream.github.io/CVE-2022-41966.html

107

FasterXML jackson-databind 代码问题漏洞

CNNVD-202210-007

CVE-2022-42003

高危

FasterXML

https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33

108

FasterXML jackson-databind 代码问题漏洞

CNNVD-202210-006

CVE-2022-42004

高危

FasterXML

https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88

109

Apache Tomcat 环境问题漏洞

CNNVD-202210-2602

CVE-2022-42252

高危

Apache基金会

https://tomcat.apache.org/security-8.html

110

Apache XML Graphics Batik 代码问题漏洞

CNNVD-202210-1707

CVE-2022-42890

高危

Apache基金会

https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly

111

MIT Kerberos 输入验证错误漏洞

CNNVD-202211-2910

CVE-2022-42898

高危

MIT

https://web.mit.edu/kerberos/

112

Python 安全漏洞

CNNVD-202210-2513

CVE-2022-42919

高危

Python基金会

https://github.com/python/cpython/issues/97514

113

Node.js 操作系统命令注入漏洞

CNNVD-202211-2070

CVE-2022-43548

高危

个人开发者

https://nodejs.org/en/

114

libexpat 资源管理错误漏洞

CNNVD-202210-1676

CVE-2022-43680

高危

个人开发者

https://github.com/libexpat/libexpat/issues/649

115

OpenSSL 资源管理错误漏洞

CNNVD-202302-510

CVE-2022-4450

高危

OpenSSL

https://www.openssl.org/news/secadv/20230207.txt

116

Python 资源管理错误漏洞

CNNVD-202211-2414

CVE-2022-45061

高危

Python基金会

https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html

117

Apache Tomcat 注入漏洞

CNNVD-202301-137

CVE-2022-45143

高危

Apache基金会

https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj

118

Pillow 资源管理错误漏洞

CNNVD-202211-2677

CVE-2022-45199

高危

个人开发者

https://github.com/python-pillow/Pillow/releases/tag/9.3

119

Jettison 缓冲区错误漏洞

CNNVD-202212-3132

CVE-2022-45685

高危

个人开发者

https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3

120

Hutool 缓冲区错误漏洞

CNNVD-202212-3131

CVE-2022-45688

高危

Dromara社区

https://github.com/dromara/hutool/issues/2748

121

Jettison 缓冲区错误漏洞

CNNVD-202212-3128

CVE-2022-45693

高危

个人开发者

https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3

122

Apache CXF 输入验证错误漏洞

CNNVD-202212-3125

CVE-2022-46363

高危

Apache基金会

https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c

123

jszip 路径遍历漏洞

CNNVD-202301-2295

CVE-2022-48285

高危

个人开发者

https://github.com/Stuk/jszip/releases/tag/v3.10.1

124

Zstandard 资源管理错误漏洞

CNNVD-202303-2716

CVE-2022-4899

高危

Facebook

https://github.com/facebook/zstd/pull/3220

125

OpenSSL 资源管理错误漏洞

CNNVD-202302-521

CVE-2023-0215

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5845-1

126

OpenSSL 代码问题漏洞

CNNVD-202302-512

CVE-2023-0216

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5844-1

127

OpenSSL 代码问题漏洞

CNNVD-202302-516

CVE-2023-0217

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5844-1

128

OpenSSL 安全漏洞

CNNVD-202302-524

CVE-2023-0286

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5845-1

129

GnuTLS 安全漏洞

CNNVD-202302-884

CVE-2023-0361

高危

个人开发者

https://gitlab.com/gnutls/gnutls/-/issues/1050

130

OpenSSL 代码问题漏洞

CNNVD-202302-518

CVE-2023-0401

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5844-1

131

OpenSSL 信任管理问题漏洞

CNNVD-202303-1681

CVE-2023-0464

高危

OpenSSL

https://www.openssl.org/news/secadv/20230322.txt

132

Mozilla Firefox 安全漏洞

CNNVD-202302-1554

CVE-2023-0767

高危

Mozilla基金会

https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-0767

133

netplex json-smart 安全漏洞

CNNVD-202303-1658

CVE-2023-1370

高危

netplex

https://netplex.github.io/json-smart/

134

Jettison 安全漏洞

CNNVD-202303-1656

CVE-2023-1436

高危

Jettison

https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/

135

libwebp 资源管理错误漏洞

CNNVD-202305-177

CVE-2023-1999

高危

WebP项目

https://github.com/webmproject/libwebp

136

Spring Framework 安全漏洞

CNNVD-202303-2401

CVE-2023-20860

高危

Spring

https://spring.io/security/cve-2023-20860

137

Sudo 安全漏洞

CNNVD-202301-1468

CVE-2023-22809

高危

个人开发者

https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf

138

Apache Commons FileUpload 安全漏洞

CNNVD-202302-1610

CVE-2023-24998

高危

Apache基金会

https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy

139

HarfBuzz 安全漏洞

CNNVD-202302-331

CVE-2023-25193

高危

个人开发者

https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc

140

Apache Kafka 代码问题漏洞

CNNVD-202302-515

CVE-2023-25194

高危

Apache基金会

https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz

141

Git 路径遍历漏洞

CNNVD-202304-2045

CVE-2023-25652

高危

github

https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx

142

Google TensorFlow 缓冲区错误漏洞

CNNVD-202303-2129

CVE-2023-25658

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6

143

Google TensorFlow 缓冲区错误漏洞

CNNVD-202303-2128

CVE-2023-25659

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p

144

Google TensorFlow 代码问题漏洞

CNNVD-202303-2127

CVE-2023-25660

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj

145

Google TensorFlow 输入验证错误漏洞

CNNVD-202303-2126

CVE-2023-25662

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw

146

Google TensorFlow 代码问题漏洞

CNNVD-202303-2125

CVE-2023-25663

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w

147

Google TensorFlow 代码问题漏洞

CNNVD-202303-2123

CVE-2023-25665

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g

148

Google TensorFlow 安全漏洞

CNNVD-202303-2122

CVE-2023-25666

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2

149

Google TensorFlow 输入验证错误漏洞

CNNVD-202303-2121

CVE-2023-25667

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68

150

Google TensorFlow 安全漏洞

CNNVD-202303-2119

CVE-2023-25669

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p

151

Google TensorFlow 代码问题漏洞

CNNVD-202303-2118

CVE-2023-25670

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w

152

Google TensorFlow 缓冲区错误漏洞

CNNVD-202303-2117

CVE-2023-25671

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6

153

Google TensorFlow 代码问题漏洞

CNNVD-202303-2114

CVE-2023-25672

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r

154

Google TensorFlow 安全漏洞

CNNVD-202303-2116

CVE-2023-25673

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh

155

Google TensorFlow 代码问题漏洞

CNNVD-202303-2115

CVE-2023-25674

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579

156

Google TensorFlow 安全漏洞

CNNVD-202303-2113

CVE-2023-25675

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj

157

Google TensorFlow 代码问题漏洞

CNNVD-202303-2112

CVE-2023-25676

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq

158

Google TensorFlow 资源管理错误漏洞

CNNVD-202303-2111

CVE-2023-25801

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q

159

OpenSSL 安全漏洞

CNNVD-202305-2503

CVE-2023-2650

高危

OpenSSL

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a

160

Apache HTTP Server 环境问题漏洞

CNNVD-202303-452

CVE-2023-27522

高危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

161

curl 注入漏洞

CNNVD-202303-1551

CVE-2023-27533

高危

个人开发者

https://curl.se/download.html

162

curl 路径遍历漏洞

CNNVD-202303-1547

CVE-2023-27534

高危

个人开发者

https://curl.se/download.html

163

Google TensorFlow 安全漏洞

CNNVD-202303-2110

CVE-2023-27579

高危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8

164

Jenkins 安全漏洞

CNNVD-202303-670

CVE-2023-27899

高危

Jenkins

https://www.jenkins.io/security/advisory/2023-03-08/

165

Jenkins 安全漏洞

CNNVD-202303-669

CVE-2023-27900

高危

Jenkins

https://www.jenkins.io/security/advisory/2023-03-08/

166

Jenkins 安全漏洞

CNNVD-202303-671

CVE-2023-27901

高危

Jenkins

https://www.jenkins.io/security/advisory/2023-03-08/

167

Apache Tomcat 安全漏洞

CNNVD-202305-1931

CVE-2023-28709

高危

Apache基金会

https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j

168

Git 注入漏洞

CNNVD-202304-2063

CVE-2023-29007

高危

github

https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844

169

SheetJS 安全漏洞

CNNVD-202304-1870

CVE-2023-30533

高危

sheetjs

https://cdn.sheetjs.com/advisories/CVE-2023-30533

170

Snowflake JDBC 命令注入漏洞

CNNVD-202304-1210

CVE-2023-30535

高危

Snowflake

https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-4g3j-c4wg-6j7x

171

Flask 安全漏洞

CNNVD-202305-091

CVE-2023-30861

高危

Pallets

https://github.com/pallets/flask/releases/tag/2.3.2

172

illumos 缓冲区错误漏洞

CNNVD-202305-266

CVE-2023-31284

高危

个人开发者

https://illumos.topicbox.com/groups/developer/T13ef186a53edeb5c-M821cc18b5884e04e16daa8fd/cve-2023-31284-buffer-overflow-in-dev-net

173

Apache Tomcat 安全漏洞

CNNVD-202306-1525

CVE-2023-34981

高危

Apache基金会

https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz

174

Apache Axis 跨站脚本漏洞

CNNVD-201808-082

CVE-2018-8032

中危

apache

https://issues.apache.org/jira/browse/AXIS-2924

175

Apache ActiveMQ 跨站脚本漏洞

CNNVD-202102-588

CVE-2020-13947

中危

Apache基金会

http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt

176

Apache HttpClient 安全漏洞

CNNVD-202010-372

CVE-2020-13956

中危

Apache基金会

https://www.apache.org/

177

Junit 信息泄露漏洞

CNNVD-202010-445

CVE-2020-15250

中危

个人开发者

https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md

178

Apache Groovy 安全漏洞

CNNVD-202012-422

CVE-2020-17521

中危

Apache基金会

https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel

179

Apache Hive 信息泄露漏洞

CNNVD-202103-1010

CVE-2020-1926

中危

Apache基金会

https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E

180

Netty 环境问题漏洞

CNNVD-202103-713

CVE-2021-21295

中危

Netty社区

https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4

181

Google protobuf 安全漏洞

CNNVD-202201-628

CVE-2021-22569

中危

Google

https://cloud.google.com/support/bulletins#gcp-2022-001

182

ISC BIND 环境问题漏洞

CNNVD-202203-1514

CVE-2021-25220

中危

ISC

https://vigilance.fr/vulnerability/ISC-BIND-spoofing-via-DNS-Forwarders-Cache-Poisoning-37754

183

Maxim Nesen jersey 安全漏洞

CNNVD-202104-1669

CVE-2021-28168

中危

Maxim Nesen

https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv

184

OpenJPEG 输入验证错误漏洞

CNNVD-202104-1124

CVE-2021-29338

中危

个人开发者

https://github.com/uclouvain/openjpeg

185

Apache Commons IO 路径遍历漏洞

CNNVD-202104-702

CVE-2021-29425

中危

Apache基金会

https://issues.apache.org/jira/browse/IO-556

186

Eclipse Jetty 安全漏洞

CNNVD-202107-1094

CVE-2021-34429

中危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm

187

Apache Ant 安全漏洞

CNNVD-202107-983

CVE-2021-36373

中危

Apache基金会

https://ant.apache.org/

188

Apache Ant 安全漏洞

CNNVD-202107-984

CVE-2021-36374

中危

Apache基金会

https://ant.apache.org/

189

Apache Commons Net 输入验证错误漏洞

CNNVD-202212-2188

CVE-2021-37533

中危

Apache基金会

https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7

190

Libgcrypt 加密问题漏洞

CNNVD-202109-275

CVE-2021-40528

中危

GNU社区

https://gnupg.org/index.html

191

jQuery 跨站脚本漏洞

CNNVD-202110-1843

CVE-2021-41182

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc

192

jQuery 跨站脚本漏洞

CNNVD-202110-1839

CVE-2021-41183

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4

193

Openjs Jquery Ui 跨站脚本漏洞

CNNVD-202110-1845

CVE-2021-41184

中危

Openjs基金会

https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327

194

Apache MINA 安全漏洞

CNNVD-202111-238

CVE-2021-41973

中危

Apache基金会

https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E

195

Apache Log4j 输入验证错误漏洞

CNNVD-202112-2743

CVE-2021-44832

中危

Apache基金会

https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf

196

Apache Log4j 安全漏洞

CNNVD-202112-1493

CVE-2021-45105

中危

Apache基金会

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

197

OpenJPEG 安全漏洞

CNNVD-202203-2498

CVE-2022-1122

中危

个人开发者

https://github.com/uclouvain/openjpeg/issues/1368

198

Vmware Spring Framework 安全漏洞

CNNVD-202203-2333

CVE-2022-22950

中危

VMware

https://tanzu.vmware.com/security/cve-2022-22950

199

Spring Framework 输入验证错误漏洞

CNNVD-202205-2988

CVE-2022-22970

中危

Spring团队

https://spring.io/projects/spring-framework

200

Spring Framework 输入验证错误漏洞

CNNVD-202205-2980

CVE-2022-22971

中危

Spring团队

https://spring.io/projects/spring-framework

201

Xerces 安全漏洞

CNNVD-202201-2238

CVE-2022-23437

中危

Apache基金会

https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl

202

Containous Traefik 日志信息泄露漏洞

CNNVD-202212-2756

CVE-2022-23469

中危

Containous

https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp

203

CKEditor 跨站脚本漏洞

CNNVD-202203-1546

CVE-2022-24728

中危

个人开发者

https://ckeditor.com/cke4/release/CKEditor-4.18

204

OWASP ESAPI 安全漏洞

CNNVD-202204-4523

CVE-2022-24891

中危

个人开发者

https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q

205

Apache Portable Runtime 输入验证错误漏洞

CNNVD-202301-2414

CVE-2022-25147

中危

Apache基金会

https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8

206

ISC BIND 资源管理错误漏洞

CNNVD-202209-1695

CVE-2022-2795

中危

ISC

https://kb.isc.org/docs/cve-2022-2795

207

jQuery 跨站脚本漏洞

CNNVD-202207-2121

CVE-2022-31160

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9

208

Apache Spark 注入漏洞

CNNVD-202211-1852

CVE-2022-31777

中危

Apache基金会

https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q

209

Apache Tomcat 跨站脚本漏洞

CNNVD-202206-2227

CVE-2022-34305

中危

Apache基金会

https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k

210

Dell BSAFE 安全漏洞

CNNVD-202302-738

CVE-2022-34364

中危

Dell

https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability

211

jsoup 跨站脚本漏洞

CNNVD-202208-4329

CVE-2022-36033

中危

个人开发者

https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369

212

Apache HTTP Server 注入漏洞

CNNVD-202301-1298

CVE-2022-37436

中危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

213

Apache XML Graphics Batik 代码问题漏洞

CNNVD-202209-2289

CVE-2022-38398

中危

Apache基金会

https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx

214

Apache XML Graphics Batik 代码问题漏洞

CNNVD-202209-2288

CVE-2022-38648

中危

Apache基金会

https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b

215

SnakeYAML 缓冲区错误漏洞

CNNVD-202209-169

CVE-2022-38751

中危

SnakeYAML

https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open

216

SnakeYAML 缓冲区错误漏洞

CNNVD-202209-171

CVE-2022-38752

中危

snakeYAML

https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open

217

JasPer 安全漏洞

CNNVD-202209-1374

CVE-2022-40755

中危

个人开发者

https://github.com/jasper-software/jasper/issues/338

218

Python 安全漏洞

CNNVD-202212-3796

CVE-2022-40897

中危

Python基金会

https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be

219

Netty 安全漏洞

CNNVD-202212-3060

CVE-2022-41915

中危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp

220

OpenSSL 缓冲区错误漏洞

CNNVD-202302-506

CVE-2022-4203

中危

OpenSSL

https://www.openssl.org/news/secadv/20230207.txt

221

OpenSSL 安全漏洞

CNNVD-202302-514

CVE-2022-4304

中危

OpenSSL

https://www.openssl.org/news/secadv/20230207.txt

222

Apache James 信息泄露漏洞

CNNVD-202301-447

CVE-2022-45787

中危

Apache基金会

https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj

223

Containous Traefik 信任管理问题漏洞

CNNVD-202212-2752

CVE-2022-46153

中危

Containous

https://github.com/traefik/traefik/releases/tag/v2.9.6

224

OpenSSL 信任管理问题漏洞

CNNVD-202303-2432

CVE-2023-0465

中危

OpenSSL

https://www.openssl.org/news/secadv/20230328.txt

225

OpenSSL 信任管理问题漏洞

CNNVD-202303-2431

CVE-2023-0466

中危

OpenSSL

https://www.openssl.org/news/secadv/20230328.txt

226

OpenSSL 缓冲区错误漏洞

CNNVD-202304-1714

CVE-2023-1255

中危

OpenSSL

https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255

227

Spring Framework 安全漏洞

CNNVD-202303-1917

CVE-2023-20861

中危

Spring

https://spring.io/security/cve-2023-20861

228

Spring Framework 安全漏洞

CNNVD-202304-1094

CVE-2023-20863

中危

Spring

https://spring.io/security/cve-2023-20863

229

Zip4j 访问控制错误漏洞

CNNVD-202301-648

CVE-2023-22899

中危

个人开发者

https://github.com/srikanth-lingala/zip4j/releases

230

curl 安全漏洞

CNNVD-202302-1928

CVE-2023-23915

中危

个人开发者

https://github.com/curl/curl/releases/tag/curl-7_88_1

231

curl 安全漏洞

CNNVD-202302-1927

CVE-2023-23916

中危

个人开发者

https://github.com/curl/curl/releases/tag/curl-7_88_1

232

cryptography 代码问题漏洞

CNNVD-202302-523

CVE-2023-23931

中危

Cryptographic

https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r

233

Google Golang 安全漏洞

CNNVD-202303-632

CVE-2023-24532

中危

Google

https://github.com/golang/go/issues/58647

234

TensorFlow 输入验证错误漏洞

CNNVD-202303-2284

CVE-2023-25661

中危

Google

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq

235

Eclipse Jetty 资源管理错误漏洞

CNNVD-202304-1443

CVE-2023-26048

中危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8

236

Eclipse Jetty 信息泄露漏洞

CNNVD-202304-1442

CVE-2023-26049

中危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c

237

Jenkins 安全漏洞

CNNVD-202303-675

CVE-2023-27902

中危

Jenkins

https://www.jenkins.io/security/advisory/2023-03-08/

238

Jenkins 安全漏洞

CNNVD-202303-674

CVE-2023-27903

中危

Jenkins

https://www.jenkins.io/security/advisory/2023-03-08/

239

Jenkins 安全漏洞

CNNVD-202303-673

CVE-2023-27904

中危

Jenkins

https://www.jenkins.io/security/advisory/2023-03-08/

240

CKEditor 跨站脚本漏洞

CNNVD-202303-1790

CVE-2023-28439

中危

CKEditor

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g

241

libxml2 代码问题漏洞

CNNVD-202304-908

CVE-2023-28484

中危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f

242

Apache Tomcat 安全漏洞

CNNVD-202303-1662

CVE-2023-28708

中危

Apache基金会

https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67

243

Redis 安全漏洞

CNNVD-202304-1384

CVE-2023-28856

中危

Redis Labs

https://github.com/redis/redis/

244

libxml2 资源管理错误漏洞

CNNVD-202304-907

CVE-2023-29469

中危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64

245

Google Guava 访问控制错误漏洞

CNNVD-202012-827

CVE-2020-8908

低危

Google

https://github.com/google/guava/issues/4011

246

Eclipse Jetty 输入验证错误漏洞

CNNVD-202207-599

CVE-2022-2047

低危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q

247

Apache Tika 安全漏洞

CNNVD-202206-2671

CVE-2022-33879

低危

Apache基金会

https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

三、修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:

https://www.oracle.com/security-alerts/cpujul2023.html

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。