近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞89个,影响到Oracle产品的其他厂商漏洞169个。包括Oracle Financial Services Applications 安全漏洞(CNNVD-202401-1551、CVE-2023-21901)、Oracle Enterprise Manager Base Platform 安全漏洞(CNNVD-202401-1567、CVE-2024-20916)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2024年1月17日,Oracle发布了2024年1月份安全更新,共258个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle ZFS Storage Appliance、Oracle Business Intelligence Enterprise Edition、Oracle Java SE和Oracle GraalVM、Oracle Audit Vault and Database Firewall等。CNNVD对其危害等级进行了评价,其中超危漏洞30个,高危漏洞94个,中危漏洞116个,低危漏洞18个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpujan2024.html
二、漏洞详情
此次更新共包括86个新增漏洞的补丁程序,其中高危漏洞12个,中危漏洞63个,低危漏洞11个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle部分产品 安全漏洞 | CNNVD-202401-1537 | CVE-2024-20952 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
2 | Oracle部分产品 安全漏洞 | CNNVD-202401-1546 | CVE-2024-20932 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
3 | Oracle Audit Vault and Database Firewall 安全漏洞 | CNNVD-202401-1549 | CVE-2024-20924 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
4 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202401-1551 | CVE-2023-21901 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
5 | Oracle部分产品 安全漏洞 | CNNVD-202401-1563 | CVE-2024-20918 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
6 | Oracle Enterprise Manager Base Platform 安全漏洞 | CNNVD-202401-1567 | CVE-2024-20916 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
7 | Oracle Supply Chain Products Suite 安全漏洞 | CNNVD-202401-1659 | CVE-2024-20956 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
8 | Oracle Supply Chain Products Suite 安全漏洞 | CNNVD-202401-1660 | CVE-2024-20953 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
9 | Oracle WebLogic Server 安全漏洞 | CNNVD-202401-1680 | CVE-2024-20931 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
10 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202401-1681 | CVE-2024-20927 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
11 | Oracle Enterprise Manager Base Platform 安全漏洞 | CNNVD-202401-1682 | CVE-2024-20917 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
12 | Oracle Audit Vault and Database Firewall 安全漏洞 | CNNVD-202401-1696 | CVE-2024-20909 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
13 | Oracle BI Publisher 安全漏洞 | CNNVD-202401-1517 | CVE-2024-20987 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
14 | Oracle MySQL 安全漏洞 | CNNVD-202401-1518 | CVE-2024-20985 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
15 | Oracle MySQL 安全漏洞 | CNNVD-202401-1520 | CVE-2024-20983 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
16 | Oracle MySQL 安全漏洞 | CNNVD-202401-1521 | CVE-2024-20981 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
17 | Oracle BI Publisher 安全漏洞 | CNNVD-202401-1522 | CVE-2024-20979 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
18 | Oracle MySQL 安全漏洞 | CNNVD-202401-1523 | CVE-2024-20975 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
19 | Oracle MySQL 安全漏洞 | CNNVD-202401-1524 | CVE-2024-20977 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
20 | Oracle MySQL 安全漏洞 | CNNVD-202401-1525 | CVE-2024-20973 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
21 | Oracle MySQL 安全漏洞 | CNNVD-202401-1526 | CVE-2024-20967 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
22 | Oracle MySQL 安全漏洞 | CNNVD-202401-1527 | CVE-2024-20969 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
23 | Oracle MySQL 安全漏洞 | CNNVD-202401-1528 | CVE-2024-20971 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
24 | Oracle MySQL 安全漏洞 | CNNVD-202401-1529 | CVE-2024-20965 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
25 | Oracle MySQL 安全漏洞 | CNNVD-202401-1530 | CVE-2024-20963 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
26 | Oracle MySQL 安全漏洞 | CNNVD-202401-1531 | CVE-2024-20961 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
27 | Oracle ZFS Storage Appliance 安全漏洞 | CNNVD-202401-1532 | CVE-2024-20959 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
28 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1535 | CVE-2024-20950 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
29 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1536 | CVE-2024-20948 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
30 | Oracle Solaris 安全漏洞 | CNNVD-202401-1538 | CVE-2024-20946 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
31 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1539 | CVE-2024-20944 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
32 | Oracle Supply Chain Products Suite 安全漏洞 | CNNVD-202401-1540 | CVE-2024-20942 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
33 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1541 | CVE-2024-20940 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
34 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1542 | CVE-2024-20938 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
35 | Oracle Installed Base 安全漏洞 | CNNVD-202401-1543 | CVE-2024-20934 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
36 | Oracle One-to-One Fulfillment 安全漏洞 | CNNVD-202401-1544 | CVE-2024-20936 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
37 | Oracle Outside In Technology 安全漏洞 | CNNVD-202401-1545 | CVE-2024-20930 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
38 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202401-1547 | CVE-2024-20928 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
39 | Oracle Java SE和Oracle GraalVM 安全漏洞 | CNNVD-202401-1548 | CVE-2024-20926 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
40 | Oracle Integrated Lights Out Manager 安全漏洞 | CNNVD-202401-1564 | CVE-2024-20906 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
41 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202401-1566 | CVE-2024-20904 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
42 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202401-1568 | CVE-2024-20908 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
43 | Oracle Java SE 安全漏洞 | CNNVD-202401-1582 | CVE-2024-20919 | 中危 | https://www.oracle.com/security-alerts/cpujan2024verbose.html |
44 | Oracle Java SE 安全漏洞 | CNNVD-202401-1583 | CVE-2024-20921 | 中危 | https://www.oracle.com/security-alerts/cpujan2024verbose.html |
45 | Oracle Java SE 安全漏洞 | CNNVD-202401-1584 | CVE-2024-20945 | 中危 | https://www.oracle.com/security-alerts/cpujan2024verbose.html |
46 | Oracle ZFS Storage Appliance 安全漏洞 | CNNVD-202401-1658 | CVE-2023-21833 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
47 | Oracle MySQL 安全漏洞 | CNNVD-202401-1661 | CVE-2024-20984 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
48 | Oracle MySQL 安全漏洞 | CNNVD-202401-1662 | CVE-2024-20982 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
49 | Oracle MySQL 安全漏洞 | CNNVD-202401-1663 | CVE-2024-20968 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
50 | Oracle MySQL 安全漏洞 | CNNVD-202401-1664 | CVE-2024-20978 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
51 | Oracle MySQL 安全漏洞 | CNNVD-202401-1665 | CVE-2024-20976 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
52 | Oracle MySQL 安全漏洞 | CNNVD-202401-1666 | CVE-2024-20974 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
53 | Oracle MySQL 安全漏洞 | CNNVD-202401-1667 | CVE-2024-20972 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
54 | Oracle MySQL 安全漏洞 | CNNVD-202401-1668 | CVE-2024-20970 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
55 | Oracle MySQL 安全漏洞 | CNNVD-202401-1669 | CVE-2024-20966 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
56 | Oracle MySQL 安全漏洞 | CNNVD-202401-1670 | CVE-2024-20960 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
57 | Oracle MySQL 安全漏洞 | CNNVD-202401-1671 | CVE-2024-20962 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
58 | Oracle MySQL 安全漏洞 | CNNVD-202401-1672 | CVE-2024-20964 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
59 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202401-1676 | CVE-2024-20937 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
60 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202401-1677 | CVE-2024-20913 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
61 | Oracle BI Publisher 安全漏洞 | CNNVD-202401-1678 | CVE-2024-20980 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
62 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202401-1679 | CVE-2024-20986 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
63 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1683 | CVE-2024-20939 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
64 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1684 | CVE-2024-20915 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
65 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1685 | CVE-2024-20943 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
66 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1686 | CVE-2024-20958 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
67 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1687 | CVE-2024-20907 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
68 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1688 | CVE-2024-20947 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
69 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1689 | CVE-2024-20941 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
70 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1690 | CVE-2024-20935 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
71 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1691 | CVE-2024-20933 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
72 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1692 | CVE-2024-20951 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
73 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1693 | CVE-2024-20949 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
74 | Oracle E-Business Suite 安全漏洞 | CNNVD-202401-1694 | CVE-2024-20929 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
75 | Oracle Database Server 安全漏洞 | CNNVD-202401-1697 | CVE-2024-20903 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
76 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202401-1533 | CVE-2024-20957 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
77 | Oracle部分产品 安全漏洞 | CNNVD-202401-1534 | CVE-2024-20955 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
78 | Oracle部分产品 安全漏洞 | CNNVD-202401-1556 | CVE-2024-20922 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
79 | Oracle Solaris 安全漏洞 | CNNVD-202401-1557 | CVE-2024-20920 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
80 | Oracle ZFS Storage Appliance 安全漏洞 | CNNVD-202401-1569 | CVE-2024-20914 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
81 | Oracle Audit Vault and Database Firewall 安全漏洞 | CNNVD-202401-1571 | CVE-2024-20912 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
82 | Oracle Audit Vault and Database Firewall 安全漏洞 | CNNVD-202401-1575 | CVE-2024-20910 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
83 | Oracle Java SE和Oracle GraalVM 安全漏洞 | CNNVD-202401-1673 | CVE-2024-20925 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
84 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202401-1674 | CVE-2024-20905 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
85 | Oracle部分产品 安全漏洞 | CNNVD-202401-1675 | CVE-2024-20923 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
86 | Oracle Audit Vault and Database Firewall 安全漏洞 | CNNVD-202401-1695 | CVE-2024-20911 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
此次更新共包括3个更新漏洞的补丁程序,其中高危漏洞1个,低危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle MySQL 安全漏洞 | CNNVD-202310-1410 | CVE-2023-22102 | 高危 | https://www.oracle.com/security-alerts/cpuoct2023.html |
2 | Oracle Database Server 安全漏洞 | CNNVD-202207-1680 | CVE-2022-21432 | 低危 | https://www.oracle.com/security-alerts/cpujul2022.html |
3 | Oracle Database Server 安全漏洞 | CNNVD-202307-1573 | CVE-2023-21949 | 低危 | https://www.oracle.com/security-alerts/cpujul2023.html |
此次更新共包括169个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞30个,高危漏洞81个,中危漏洞53个,低危漏洞5个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-838 | CVE-2020-29508 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
2 | Dell BSAFE 安全特征问题漏洞 | CNNVD-202207-834 | CVE-2020-35163 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
3 | Dell BSAFE 安全漏洞 | CNNVD-202207-832 | CVE-2020-35166 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
4 | Dell BSAFE 安全漏洞 | CNNVD-202207-831 | CVE-2020-35167 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
5 | Dell BSAFE 安全漏洞 | CNNVD-202207-828 | CVE-2020-35168 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
6 | H2database代码问题漏洞 | CNNVD-202201-572 | CVE-2021-42392 | 超危 | 个人开发者 | https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6 |
7 | Sanitize 输入验证错误漏洞 | CNNVD-202110-1259 | CVE-2021-42575 | 超危 | 个人开发者 | https://owasp.org/www-project-java-html-sanitizer/ |
8 | Mozilla Network Security Services 缓冲区错误漏洞 | CNNVD-202112-002 | CVE-2021-43527 | 超危 | Mozilla基金会 | https://packetstormsecurity.com/files/165110/NSS-Signature-Validation-Memory-Corruption.html |
9 | GNU Libtasn1 缓冲区错误漏洞 | CNNVD-202210-1689 | CVE-2021-46848 | 超危 | GNU基金会 | https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 |
10 | SnakeYAML 代码问题漏洞 | CNNVD-202212-1820 | CVE-2022-1471 | 超危 | 个人开发者 | https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 |
11 | H2Console 参数注入漏洞 | CNNVD-202201-1749 | CVE-2022-23221 | 超危 | 个人开发者 | https://github.com/h2database/h2database/releases/tag/version-2.1.210 |
12 | OpenLDAP SQL注入漏洞 | CNNVD-202205-2146 | CVE-2022-29155 | 超危 | Openldap基金会 | https://bugs.openldap.org/show_bug.cgi?id=9815 |
13 | VMware Spring Security 安全漏洞 | CNNVD-202210-2599 | CVE-2022-31692 | 超危 | VMware | https://tanzu.vmware.com/security/cve-2022-31692 |
14 | Scala 代码问题漏洞 | CNNVD-202209-2463 | CVE-2022-36944 | 超危 | Scala | https://www.scala-lang.org/download/ |
15 | zlib 缓冲区错误漏洞 | CNNVD-202208-2276 | CVE-2022-37434 | 超危 | 个人开发者 | https://github.com/madler/zlib/ |
16 | Apache Commons Text 代码注入漏洞 | CNNVD-202210-790 | CVE-2022-42889 | 超危 | Apache基金会 | https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om |
17 | Apache Commons BCEL 缓冲区错误漏洞 | CNNVD-202211-2199 | CVE-2022-42920 | 超危 | Apache基金会 | https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4 |
18 | Apache Derby 注入漏洞 | CNNVD-202311-1655 | CVE-2022-46337 | 超危 | Apache基金会 | https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 |
19 | BusyBox 缓冲区错误漏洞 | CNNVD-202208-4625 | CVE-2022-48174 | 超危 | 个人开发者 | https://bugs.busybox.net/show_bug.cgi?id=15216 |
20 | Node.js 安全漏洞 | CNNVD-202308-1703 | CVE-2023-32002 | 超危 | 个人开发者 | https://nodejs.org/en |
21 | SQLite 代码注入漏洞 | CNNVD-202305-2084 | CVE-2023-32697 | 超危 | SQLite | https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2 |
22 | VMware Spring Security 安全漏洞 | CNNVD-202307-1680 | CVE-2023-34034 | 超危 | VMware | https://spring.io/security/cve-2023-34034 |
23 | PHP 缓冲区错误漏洞 | CNNVD-202308-1102 | CVE-2023-3824 | 超危 | PHP | https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv |
24 | curl 缓冲区错误漏洞 | CNNVD-202310-917 | CVE-2023-38545 | 超危 | curl | https://github.com/curl/curl/commit/fb4415d8aee6c1 |
25 | Google Go 代码注入漏洞 | CNNVD-202309-669 | CVE-2023-39320 | 超危 | https://github.com/golang/go/issues/62198 | |
26 | Apache ZooKeeper 安全漏洞 | CNNVD-202310-856 | CVE-2023-44981 | 超危 | Apache基金会 | https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b |
27 | Apache ActiveMQ 代码问题漏洞 | CNNVD-202310-2332 | CVE-2023-46604 | 超危 | Apache基金会 | https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt |
28 | Apache Arrow 代码问题漏洞 | CNNVD-202311-735 | CVE-2023-47248 | 超危 | Apache基金会 | https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n |
29 | HtmlUnit 安全漏洞 | CNNVD-202312-267 | CVE-2023-49093 | 超危 | HtmlUnit | https://www.htmlunit.org/changes-report.html#a3.9 |
30 | Apache Struts 安全漏洞 | CNNVD-202312-546 | CVE-2023-50164 | 超危 | Apache基金会 | https://struts.apache.org/download.cgi#struts-ga |
31 | Apache Commons Beanutils 代码问题漏洞 | CNNVD-201908-1140 | CVE-2019-10086 | 高危 | debian | https://issues.apache.org/jira/browse/BEANUTILS-520 |
32 | Dell BSAFE 安全漏洞 | CNNVD-202207-833 | CVE-2020-35164 | 高危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
33 | VMware Spring Cloud Config 路径遍历漏洞 | CNNVD-202006-075 | CVE-2020-5410 | 高危 | Vmware | https://tanzu.vmware.com/security/cve-2020-5410 |
34 | CodeMirror 资源管理错误漏洞 | CNNVD-202010-1679 | CVE-2020-7760 | 高危 | Codemirror | https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb |
35 | Google Android 信任管理问题漏洞 | CNNVD-202102-128 | CVE-2021-0341 | 高危 | https://source.android.com/security/bulletin/2021-02-01 | |
36 | JDOM 代码问题漏洞 | CNNVD-202106-1323 | CVE-2021-33813 | 高危 | 个人开发者 | https://github.com/hunterhacker/jdom。 |
37 | Apache Commons Compress 安全漏洞 | CNNVD-202107-896 | CVE-2021-35515 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E |
38 | Apache Commons Compress 安全漏洞 | CNNVD-202107-897 | CVE-2021-35516 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E |
39 | Apache Commons Compress 安全漏洞 | CNNVD-202107-898 | CVE-2021-35517 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E |
40 | Apache Commons Compress 安全漏洞 | CNNVD-202107-899 | CVE-2021-36090 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E |
41 | Apache Log4j 代码问题漏洞 | CNNVD-202112-1011 | CVE-2021-4104 | 高危 | Apache基金会 | https://logging.apache.org/log4j/2.x/security.html |
42 | npm jquery-validation 安全漏洞 | CNNVD-202206-318 | CVE-2021-43306 | 高危 | 个人开发者 | https://www.npmjs.com/package/jquery-validation |
43 | Spring Cloud 安全漏洞 | CNNVD-202206-2126 | CVE-2022-22979 | 高危 | Spring | https://tanzu.vmware.com/security/cve-2022-22979 |
44 | nekohtml资源管理错误漏洞 | CNNVD-202204-2918 | CVE-2022-24839 | 高危 | 个人开发者 | https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d |
45 | gson 代码问题漏洞 | CNNVD-202205-1791 | CVE-2022-25647 | 高危 | 个人开发者 | https://github.com/google/gson/pull/1991/files |
46 | jquery-validation 安全漏洞 | CNNVD-202207-1332 | CVE-2022-31147 | 高危 | 个人开发者 | https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3 |
47 | VMware Spring Security 安全漏洞 | CNNVD-202210-2598 | CVE-2022-31690 | 高危 | VMware | https://tanzu.vmware.com/security/cve-2022-31690 |
48 | Apache Xalan 输入验证错误漏洞 | CNNVD-202207-1617 | CVE-2022-34169 | 高危 | Apache基金会 | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
49 | NSS 安全漏洞 | CNNVD-202210-947 | CVE-2022-3479 | 高危 | Mozilla基金会 | https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 |
50 | Google protobuf 安全漏洞 | CNNVD-202212-2865 | CVE-2022-3510 | 高危 | https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48 | |
51 | OpenSSL 缓冲区错误漏洞 | CNNVD-202210-2605 | CVE-2022-3602 | 高危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20221101.txt |
52 | OpenSSL 安全漏洞 | CNNVD-202210-2604 | CVE-2022-3786 | 高危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20221101.txt |
53 | XStream 缓冲区错误漏洞 | CNNVD-202209-1230 | CVE-2022-40152 | 高危 | XStream | https://github.com/x-stream/xstream/issues/304 |
54 | PCRE2 输入验证错误漏洞 | CNNVD-202307-1523 | CVE-2022-41409 | 高危 | PCRE2Project | https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 |
55 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202210-1712 | CVE-2022-41704 | 高危 | Apache基金会 | https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf |
56 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202210-007 | CVE-2022-42003 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 |
57 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202210-006 | CVE-2022-42004 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 |
58 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202210-1707 | CVE-2022-42890 | 高危 | Apache基金会 | https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly |
59 | OpenSSL 资源管理错误漏洞 | CNNVD-202302-510 | CVE-2022-4450 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
60 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202308-1802 | CVE-2022-44729 | 高危 | Apache基金会 | https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2 |
61 | H2database 安全漏洞 | CNNVD-202211-3421 | CVE-2022-45868 | 高危 | 个人开发者 | https://github.com/h2database/h2database/ |
62 | Apache Ivy 代码问题漏洞 | CNNVD-202308-1684 | CVE-2022-46751 | 高危 | Apache基金会 | https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8 |
63 | SQLite 安全漏洞 | CNNVD-202212-2843 | CVE-2022-46908 | 高危 | 个人开发者 | https://sqlite.org/src/info/cefc032473ac5ad2 |
64 | OpenSSL 信任管理问题漏洞 | CNNVD-202303-1681 | CVE-2023-0464 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230322.txt |
65 | Red Hat JBoss Enterprise Application Platform 安全漏洞 | CNNVD-202303-798 | CVE-2023-1108 | 高危 | Red Hat | https://github.com/ICEPAY/REST-API-NET/commit/61f6b8758e5c971abff5f901cfa9f231052b775f |
66 | netplex json-smart 安全漏洞 | CNNVD-202303-1658 | CVE-2023-1370 | 高危 | netplex | https://netplex.github.io/json-smart/ |
67 | Jettison 安全漏洞 | CNNVD-202303-1656 | CVE-2023-1436 | 高危 | Jettison | https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ |
68 | Spring Framework 资源管理错误漏洞 | CNNVD-202305-2284 | CVE-2023-20883 | 高危 | Spring | https://spring.io/security/cve-2023-20883 |
69 | Apache Commons FileUpload 安全漏洞 | CNNVD-202302-1610 | CVE-2023-24998 | 高危 | Apache基金会 | https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy |
70 | Apache Kafka 代码问题漏洞 | CNNVD-202302-515 | CVE-2023-25194 | 高危 | Apache基金会 | https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz |
71 | OpenCV 代码问题漏洞 | CNNVD-202305-852 | CVE-2023-2617 | 高危 | OpenCV | https://github.com/opencv/opencv_contrib/pull/3480 |
72 | OpenCV 安全漏洞 | CNNVD-202305-851 | CVE-2023-2618 | 高危 | OpenCV | https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
73 | Intel oneAPI Toolkits 代码问题漏洞 | CNNVD-202308-1031 | CVE-2023-28823 | 高危 | Intel | http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
74 | Google Guava 安全漏洞 | CNNVD-202306-1141 | CVE-2023-2976 | 高危 | https://github.com/google/guava | |
75 | Flask 安全漏洞 | CNNVD-202305-091 | CVE-2023-30861 | 高危 | Pallets | https://github.com/pallets/flask/releases/tag/2.3.2 |
76 | Apache HTTP Server 缓冲区错误漏洞 | CNNVD-202310-1640 | CVE-2023-31122 | 高危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
77 | Comprehensive Perl Archive Network 信任管理问题漏洞 | CNNVD-202304-2326 | CVE-2023-31484 | 高危 | CPAN | https://github.com/andk/cpanpm/releases/tag/2.35 |
78 | HTTP::Tiny 信任管理问题漏洞 | CNNVD-202304-2318 | CVE-2023-31486 | 高危 | Perldoc | https://perldoc.perl.org/HTTP::Tiny |
79 | jose4j 安全特征问题漏洞 | CNNVD-202310-2110 | CVE-2023-31582 | 高危 | 个人开发者 | https://bitbucket.org/b_c/jose4j/commits/1929fe3 |
80 | Node.js 安全漏洞 | CNNVD-202308-1336 | CVE-2023-32006 | 高危 | Nodejs | https://nodejs.org/en/blog/vulnerability/august-2023-security-releases |
81 | Node.js 安全漏洞 | CNNVD-202308-1984 | CVE-2023-32559 | 高危 | 个人开发者 | https://nodejs.org/en/blog/vulnerability/august-2023-security-releases |
82 | Spring Framework 安全漏洞 | CNNVD-202311-2123 | CVE-2023-34053 | 高危 | Spring团队 | https://github.com/spring-projects/spring-framework/releases/tag/v6.0. |
83 | snappy-java 输入验证错误漏洞 | CNNVD-202306-1200 | CVE-2023-34453 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf |
84 | snappy-java 输入验证错误漏洞 | CNNVD-202306-1198 | CVE-2023-34454 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r |
85 | Snappy 输入验证错误漏洞 | CNNVD-202306-1248 | CVE-2023-34455 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh |
86 | htmlcleaner 缓冲区错误漏洞 | CNNVD-202306-1106 | CVE-2023-34624 | 高危 | 个人开发者 | https://github.com/amplafi/htmlcleaner/issues/13 |
87 | Apache Tomcat 安全漏洞 | CNNVD-202306-1525 | CVE-2023-34981 | 高危 | Apache基金会 | https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz |
88 | Jenkins 跨站请求伪造漏洞 | CNNVD-202306-1089 | CVE-2023-35141 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135 |
89 | Okio 安全漏洞 | CNNVD-202307-1161 | CVE-2023-3635 | 高危 | square | https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b |
90 | Eclipse Jetty 资源管理错误漏洞 | CNNVD-202310-691 | CVE-2023-36478 | 高危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r |
91 | Python 安全漏洞 | CNNVD-202306-1804 | CVE-2023-36632 | 高危 | Python基金会 | https://docs.python.org/3/library/email.html |
92 | HCL BigFix Platform 输入验证错误漏洞 | CNNVD-202310-848 | CVE-2023-37536 | 高危 | HCL Technologies | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 |
93 | curl 安全漏洞 | CNNVD-202309-1067 | CVE-2023-38039 | 高危 | curl | https://github.com/curl/curl |
94 | PHP 代码问题漏洞 | CNNVD-202308-1104 | CVE-2023-3823 | 高危 | PHP | https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr |
95 | python-cryptography 信任管理问题漏洞 | CNNVD-202307-1332 | CVE-2023-38325 | 高危 | Cryptographic团队 | https://github.com/pyca/cryptography/issues/9207 |
96 | Google Golang 安全漏洞 | CNNVD-202309-663 | CVE-2023-39321 | 高危 | https://github.com/golang/go/issues/62266 | |
97 | Google Go 安全漏洞 | CNNVD-202309-662 | CVE-2023-39322 | 高危 | https://github.com/golang/go/issues/62266 | |
98 | Apache Avro 代码问题漏洞 | CNNVD-202309-2636 | CVE-2023-39410 | 高危 | Apache基金会 | https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds |
99 | MIT Kerberos 资源管理错误漏洞 | CNNVD-202308-1454 | CVE-2023-39975 | 高危 | MIT | https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840 |
100 | Eclipse Parsson 安全漏洞 | CNNVD-202311-268 | CVE-2023-4043 | 高危 | Eclipse基金会 | https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31 |
101 | Python 代码问题漏洞 | CNNVD-202308-1930 | CVE-2023-41105 | 高危 | Python基金会 | https://github.com/python/cpython/pull/107982 |
102 | Jenkins 安全漏洞 | CNNVD-202309-1972 | CVE-2023-43496 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072 |
103 | Jenkins 代码问题漏洞 | CNNVD-202309-1971 | CVE-2023-43497 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 |
104 | Jenkins 安全漏洞 | CNNVD-202309-1970 | CVE-2023-43498 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 |
105 | Apache HTTP Server 资源管理错误漏洞 | CNNVD-202310-1641 | CVE-2023-43622 | 高危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
106 | Snappy 安全漏洞 | CNNVD-202309-2204 | CVE-2023-43642 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv |
107 | Apache HTTP/2 资源管理错误漏洞 | CNNVD-202310-667 | CVE-2023-44487 | 高危 | Apache基金会 | https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
108 | Apache Tomcat 环境问题漏洞 | CNNVD-202311-2168 | CVE-2023-46589 | 高危 | Apache基金会 | https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr |
109 | glibc 缓冲区错误漏洞 | CNNVD-202310-197 | CVE-2023-4911 | 高危 | GNU社区 | https://www.gnu.org/software/libc/ |
110 | JSON-Java 安全漏洞 | CNNVD-202310-951 | CVE-2023-5072 | 高危 | 个人开发者 | https://github.com/stleary/JSON-java/ |
111 | OpenSSL 安全漏洞 | CNNVD-202310-1871 | CVE-2023-5363 | 高危 | OpenSSL团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d |
112 | Junit 信息泄露漏洞 | CNNVD-202010-445 | CVE-2020-15250 | 中危 | 个人开发者 | https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md |
113 | DOMPurify 跨站脚本漏洞 | CNNVD-202010-199 | CVE-2020-26870 | 中危 | 个人开发者 | https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d |
114 | Vmware Spring Framework 安全漏洞 | CNNVD-202009-1050 | CVE-2020-5421 | 中危 | Vmware | https://tanzu.vmware.com/security/cve-2020-5421 |
115 | Apache Commons IO 路径遍历漏洞 | CNNVD-202104-702 | CVE-2021-29425 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/IO-556 |
116 | Apache Commons Net 输入验证错误漏洞 | CNNVD-202212-2188 | CVE-2021-37533 | 中危 | Apache基金会 | https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 |
117 | jQuery 跨站脚本漏洞 | CNNVD-202110-1843 | CVE-2021-41182 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
118 | jQuery 跨站脚本漏洞 | CNNVD-202110-1839 | CVE-2021-41183 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
119 | Openjs Jquery Ui 跨站脚本漏洞 | CNNVD-202110-1845 | CVE-2021-41184 | 中危 | Openjs基金会 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
120 | Vmware Spring Framework 安全漏洞 | CNNVD-202203-2333 | CVE-2022-22950 | 中危 | VMware | https://tanzu.vmware.com/security/cve-2022-22950 |
121 | Pivotal Spring Security OAuth 资源管理错误漏洞 | CNNVD-202204-3951 | CVE-2022-22969 | 中危 | Pivotal | https://tanzu.vmware.com/security/cve-2022-22969 |
122 | Apache Portable Runtime 输入验证错误漏洞 | CNNVD-202301-2414 | CVE-2022-25147 | 中危 | Apache基金会 | https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 |
123 | jQuery 跨站脚本漏洞 | CNNVD-202207-2121 | CVE-2022-31160 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
124 | jsoup 跨站脚本漏洞 | CNNVD-202208-4329 | CVE-2022-36033 | 中危 | 个人开发者 | https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
125 | Matthäus G. Chajdas pygments 代码问题漏洞 | CNNVD-202307-1683 | CVE-2022-40896 | 中危 | Matthäus G. Chajdas | https://pypi.org/project/Pygments/ |
126 | OpenSSL 安全漏洞 | CNNVD-202302-514 | CVE-2022-4304 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
127 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202308-1801 | CVE-2022-44730 | 中危 | Apache基金会 | https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0 |
128 | OpenSSL 信任管理问题漏洞 | CNNVD-202303-2432 | CVE-2023-0465 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230328.txt |
129 | OpenSSL 信任管理问题漏洞 | CNNVD-202303-2431 | CVE-2023-0466 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230328.txt |
130 | Spring Framework 安全漏洞 | CNNVD-202304-1094 | CVE-2023-20863 | 中危 | Spring | https://spring.io/security/cve-2023-20863 |
131 | libssh 授权问题漏洞 | CNNVD-202305-2087 | CVE-2023-2283 | 中危 | libssh | https://www.debian.org/security/2023/ |
132 | cryptography 代码问题漏洞 | CNNVD-202302-523 | CVE-2023-23931 | 中危 | Cryptographic | https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r |
133 | OpenSSL 安全漏洞 | CNNVD-202305-2503 | CVE-2023-2650 | 中危 | OpenSSL | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a |
134 | Intel oneAPI Toolkits 安全漏洞 | CNNVD-202308-1047 | CVE-2023-27391 | 中危 | Intel | http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
135 | CKEditor 跨站脚本漏洞 | CNNVD-202303-1790 | CVE-2023-28439 | 中危 | CKEditor | https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g |
136 | libxml2 代码问题漏洞 | CNNVD-202304-908 | CVE-2023-28484 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f |
137 | Ruby 安全漏洞 | CNNVD-202303-2412 | CVE-2023-28755 | 中危 | 个人开发者 | https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ |
138 | Ruby 安全漏洞 | CNNVD-202303-2720 | CVE-2023-28756 | 中危 | 个人开发者 | https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ |
139 | libxml2 资源管理错误漏洞 | CNNVD-202304-907 | CVE-2023-29469 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 |
140 | OpenSSL 授权问题漏洞 | CNNVD-202307-1295 | CVE-2023-2975 | 中危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20230714.txt |
141 | Bouncy Castle 信任管理问题漏洞 | CNNVD-202307-168 | CVE-2023-33201 | 中危 | Bouncy Castle | https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc |
142 | Spring Security 安全漏洞 | CNNVD-202307-1539 | CVE-2023-34035 | 中危 | Spring | https://spring.io/security/cve-2023-34035 |
143 | VMware Spring Boot 安全漏洞 | CNNVD-202311-2124 | CVE-2023-34055 | 中危 | VMware | https://github.com/spring-projects/spring-boot/releases/tag/v3.0. |
144 | OpenSSL 安全漏洞 | CNNVD-202307-1681 | CVE-2023-3446 | 中危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20230719.txt |
145 | Netty 资源管理错误漏洞 | CNNVD-202306-1639 | CVE-2023-34462 | 中危 | Netty | https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845 |
146 | Apache MINA 路径遍历漏洞 | CNNVD-202307-582 | CVE-2023-35887 | 中危 | Apache基金会 | https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2 |
147 | MIT Kerberos 缓冲区错误漏洞 | CNNVD-202308-488 | CVE-2023-36054 | 中危 | MIT | https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd |
148 | Eclipse Jetty 安全漏洞 | CNNVD-202309-1093 | CVE-2023-36479 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j |
149 | OpenSSL 安全漏洞 | CNNVD-202307-2314 | CVE-2023-3817 | 中危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20230731.txt |
150 | Jenkins 跨站脚本漏洞 | CNNVD-202307-2099 | CVE-2023-39151 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188 |
151 | Google Golang 跨站脚本漏洞 | CNNVD-202309-671 | CVE-2023-39318 | 中危 | https://github.com/golang/go/issues/62196 | |
152 | Google Golang 跨站脚本漏洞 | CNNVD-202309-667 | CVE-2023-39319 | 中危 | https://github.com/golang/go/issues/62197 | |
153 | Eclipse Jetty 安全漏洞 | CNNVD-202309-1102 | CVE-2023-40167 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 |
154 | Eclipse Jetty 安全漏洞 | CNNVD-202309-1113 | CVE-2023-41900 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 |
155 | Apache Commons Compress 资源管理错误漏洞 | CNNVD-202309-1000 | CVE-2023-42503 | 中危 | Apache基金会 | https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c |
156 | Apache Tomcat 安全漏洞 | CNNVD-202310-717 | CVE-2023-42794 | 中危 | Apache基金会 | https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82 |
157 | Apache Tomcat 安全漏洞 | CNNVD-202310-716 | CVE-2023-42795 | 中危 | Apache基金会 | https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw |
158 | Jenkins 安全漏洞 | CNNVD-202309-1974 | CVE-2023-43494 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261 |
159 | Jenkins 跨站脚本漏洞 | CNNVD-202309-1973 | CVE-2023-43495 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245 |
160 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202310-525 | CVE-2023-43643 | 中危 | OWASP基金会 | https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2 |
161 | Apache Santuario 日志信息泄露漏洞 | CNNVD-202310-1720 | CVE-2023-44483 | 中危 | Apache基金会 | https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 |
162 | Apache Tomcat 输入验证错误漏洞 | CNNVD-202310-712 | CVE-2023-45648 | 中危 | Apache基金会 | https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp |
163 | Apache HTTP Server 资源管理错误漏洞 | CNNVD-202310-1636 | CVE-2023-45802 | 中危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
164 | OpenSSH 安全漏洞 | CNNVD-202312-1668 | CVE-2023-48795 | 中危 | OpenBSD | https://www.openssh.com/openbsd.html |
165 | Apache Tika 安全漏洞 | CNNVD-202206-2671 | CVE-2022-33879 | 低危 | Apache基金会 | https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh |
166 | curl 安全漏洞 | CNNVD-202310-916 | CVE-2023-38546 | 低危 | curl | https://github.com/curl/curl/releases |
167 | Redis Labs Redis 安全漏洞 | CNNVD-202309-560 | CVE-2023-41053 | 低危 | Redis Labs | https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6 |
168 | undici 信息泄露漏洞 | CNNVD-202310-953 | CVE-2023-45143 | 低危 | nodejs | https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76 |
169 | Redis Labs Redis 安全漏洞 | CNNVD-202310-1522 | CVE-2023-45145 | 低危 | Redis Labs | https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpujan2024.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。