近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞143个,影响到Oracle产品的其他厂商漏洞193个。包括Oracle BI Publisher 安全漏洞(CNNVD-202404-2284、CVE-2024-21082)、Oracle Food and Beverage Applications 安全漏洞(CNNVD-202404-2316、CVE-2024-21014)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据、提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2024年4月16日,Oracle发布了2024年4月份安全更新,共336个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle PeopleSoft Enterprise PeopleTools、Oracle Java SE 的 Oracle GraalVM、Oracle Database Server、Oracle MySQL、Oracle Fusion Middleware等。CNNVD对其危害等级进行了评价,其中超危漏洞31个,高危漏洞122个,中危漏洞158个,低危漏洞25个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpuapr2024.html
二、漏洞详情
此次更新共包括133个新增漏洞的补丁程序,其中超危漏洞5个,高危漏洞26个,中危漏洞86个,低危漏洞16个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle BI Publisher 安全漏洞 | CNNVD-202404-2284 | CVE-2024-21082 | 超危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
2 | Oracle Food and Beverage Applications 安全漏洞 | CNNVD-202404-2316 | CVE-2024-21014 | 超危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
3 | Oracle Food and Beverage Applications 安全漏洞 | CNNVD-202404-2317 | CVE-2024-20997 | 超危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
4 | Oracle Food and Beverage Applications 安全漏洞 | CNNVD-202404-2318 | CVE-2024-21010 | 超危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
5 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2363 | CVE-2024-21071 | 超危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
6 | Oracle Virtualization 安全漏洞 | CNNVD-202404-2199 | CVE-2024-21110 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
7 | Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞 | CNNVD-202404-2200 | CVE-2024-21116 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
8 | Oracle Virtualization 安全漏洞 | CNNVD-202404-2201 | CVE-2024-21111 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
9 | Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞 | CNNVD-202404-2202 | CVE-2024-21103 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
10 | Oracle Virtualization 安全漏洞 | CNNVD-202404-2203 | CVE-2024-21113 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
11 | Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞 | CNNVD-202404-2204 | CVE-2024-21114 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
12 | Oracle Virtualization 安全漏洞 | CNNVD-202404-2205 | CVE-2024-21112 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
13 | Oracle Virtualization 安全漏洞 | CNNVD-202404-2208 | CVE-2024-21115 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
14 | Oracle Solaris 安全漏洞 | CNNVD-202404-2209 | CVE-2024-20999 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
15 | Oracle Solaris 安全漏洞 | CNNVD-202404-2210 | CVE-2024-21059 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
16 | Oracle Supply Chain Products Suite 安全漏洞 | CNNVD-202404-2212 | CVE-2024-21092 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
17 | Oracle MySQL 的 MySQL Connectors 安全漏洞 | CNNVD-202404-2243 | CVE-2024-21090 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
18 | Oracle BI Publisher 安全漏洞 | CNNVD-202404-2277 | CVE-2024-21083 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
19 | Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞 | CNNVD-202404-2304 | CVE-2024-21007 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
20 | Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞 | CNNVD-202404-2306 | CVE-2024-21006 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
21 | Oracle Food and Beverage Applications 安全漏洞 | CNNVD-202404-2315 | CVE-2024-20989 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
22 | Oracle Enterprise Manager Base Platform 安全漏洞 | CNNVD-202404-2319 | CVE-2024-21067 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
23 | Oracle Construction and Engineering Suite 安全漏洞 | CNNVD-202404-2327 | CVE-2024-21095 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
24 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2337 | CVE-2024-21088 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
25 | Oracle E-Business Suite 的 Oracle Marketing 安全漏洞 | CNNVD-202404-2346 | CVE-2024-21079 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
26 | Oracle E-Business Suite 的 Oracle Trade Management 安全漏洞 | CNNVD-202404-2351 | CVE-2024-21077 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
27 | Oracle E-Business Suite 的 Oracle Trade Management 安全漏洞 | CNNVD-202404-2354 | CVE-2024-21075 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
28 | Oracle E-Business Suite 的 Oracle Marketing 安全漏洞 | CNNVD-202404-2355 | CVE-2024-21078 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
29 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2356 | CVE-2024-21076 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
30 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2357 | CVE-2024-21074 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
31 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2360 | CVE-2024-21073 | 高危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
32 | Oracle Virtualization 安全漏洞 | CNNVD-202404-2195 | CVE-2024-21109 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
33 | Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞 | CNNVD-202404-2196 | CVE-2024-21121 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
34 | Oracle Virtualization 安全漏洞 | CNNVD-202404-2197 | CVE-2024-21106 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
35 | Oracle Virtualization 安全漏洞 | CNNVD-202404-2198 | CVE-2024-21107 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
36 | Oracle ZFS Storage Appliance 安全漏洞 | CNNVD-202404-2207 | CVE-2024-21104 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
37 | Oracle Supply Chain Products Suite 安全漏洞 | CNNVD-202404-2211 | CVE-2024-21091 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
38 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202404-2213 | CVE-2024-21097 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
39 | Oracle PeopleSoft 安全漏洞 | CNNVD-202404-2214 | CVE-2024-21070 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
40 | Oracle PeopleSoft Products 安全漏洞 | CNNVD-202404-2215 | CVE-2024-21063 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
41 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202404-2216 | CVE-2024-21065 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
42 | Oracle MySQL 安全漏洞 | CNNVD-202404-2219 | CVE-2024-21013 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
43 | Oracle MySQL 安全漏洞 | CNNVD-202404-2220 | CVE-2024-21008 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
44 | Oracle MySQL 安全漏洞 | CNNVD-202404-2221 | CVE-2024-21096 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
45 | Oracle MySQL 安全漏洞 | CNNVD-202404-2222 | CVE-2024-21057 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
46 | Oracle MySQL 安全漏洞 | CNNVD-202404-2223 | CVE-2024-21062 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
47 | Oracle MySQL 安全漏洞 | CNNVD-202404-2224 | CVE-2024-21055 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
48 | Oracle MySQL 安全漏洞 | CNNVD-202404-2225 | CVE-2024-21054 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
49 | Oracle MySQL 安全漏洞 | CNNVD-202404-2226 | CVE-2024-21009 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
50 | Oracle MySQL 安全漏洞 | CNNVD-202404-2227 | CVE-2024-20993 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
51 | Oracle MySQL 安全漏洞 | CNNVD-202404-2228 | CVE-2024-20998 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
52 | Oracle MySQL 安全漏洞 | CNNVD-202404-2229 | CVE-2024-21087 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
53 | Oracle MySQL 安全漏洞 | CNNVD-202404-2230 | CVE-2024-21060 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
54 | Oracle MySQL 安全漏洞 | CNNVD-202404-2231 | CVE-2024-21056 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
55 | Oracle MySQL 安全漏洞 | CNNVD-202404-2232 | CVE-2024-21053 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
56 | Oracle MySQL 安全漏洞 | CNNVD-202404-2233 | CVE-2024-21052 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
57 | Oracle MySQL 安全漏洞 | CNNVD-202404-2234 | CVE-2024-21051 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
58 | Oracle MySQL 安全漏洞 | CNNVD-202404-2235 | CVE-2024-21050 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
59 | Oracle MySQL 安全漏洞 | CNNVD-202404-2236 | CVE-2024-21049 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
60 | Oracle MySQL 安全漏洞 | CNNVD-202404-2237 | CVE-2024-21069 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
61 | Oracle MySQL 安全漏洞 | CNNVD-202404-2238 | CVE-2024-21061 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
62 | Oracle MySQL 安全漏洞 | CNNVD-202404-2239 | CVE-2024-21047 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
63 | Oracle MySQL 安全漏洞 | CNNVD-202404-2240 | CVE-2024-21102 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
64 | Oracle MySQL 安全漏洞 | CNNVD-202404-2241 | CVE-2024-20994 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
65 | Oracle MySQL 安全漏洞 | CNNVD-202404-2242 | CVE-2024-21015 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
66 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202404-2268 | CVE-2024-21099 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
67 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202404-2271 | CVE-2024-21001 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
68 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202404-2273 | CVE-2024-21064 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
69 | Oracle BI Publisher 安全漏洞 | CNNVD-202404-2275 | CVE-2024-21084 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
70 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202404-2287 | CVE-2024-20992 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
71 | Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞 | CNNVD-202404-2290 | CVE-2024-21118 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
72 | Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞 | CNNVD-202404-2292 | CVE-2024-21120 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
73 | Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞 | CNNVD-202404-2294 | CVE-2024-21117 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
74 | Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞 | CNNVD-202404-2297 | CVE-2024-21119 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
75 | Oracle Fusion Middleware 的 Oracle HTTP Server 安全漏洞 | CNNVD-202404-2298 | CVE-2024-20991 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
76 | Oracle E-Business Suite 的 Oracle Web Applications Desktop Integrator 安全漏洞 | CNNVD-202404-2320 | CVE-2024-21048 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
77 | Oracle Commerce 的 Oracle Commerce Platform 安全漏洞 | CNNVD-202404-2321 | CVE-2024-21100 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
78 | Oracle E-Business Suite 的 Oracle CRM Technical Foundation 安全漏洞 | CNNVD-202404-2322 | CVE-2024-21086 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
79 | Oracle E-Business Suite 的 Oracle Partner Management 安全漏洞 | CNNVD-202404-2323 | CVE-2024-21081 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
80 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2324 | CVE-2024-20990 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
81 | Oracle E-Business Suite 的 Oracle Installed Base 安全漏洞 | CNNVD-202404-2325 | CVE-2024-21072 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
82 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2326 | CVE-2024-21046 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
83 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2328 | CVE-2024-21045 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
84 | Oracle Database Server 安全漏洞 | CNNVD-202404-2329 | CVE-2024-21093 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
85 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2330 | CVE-2024-21044 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
86 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2331 | CVE-2024-21043 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
87 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2332 | CVE-2024-21042 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
88 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2333 | CVE-2024-21041 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
89 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2334 | CVE-2024-21040 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
90 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2335 | CVE-2024-21089 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
91 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2336 | CVE-2024-21039 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
92 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2338 | CVE-2024-21038 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
93 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2339 | CVE-2024-21037 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
94 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2340 | CVE-2024-21036 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
95 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2341 | CVE-2024-21035 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
96 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2342 | CVE-2024-21034 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
97 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2343 | CVE-2024-21033 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
98 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2344 | CVE-2024-21032 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
99 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2345 | CVE-2024-21031 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
100 | Oracle E-Business Suite 的 Oracle Applications Framework 安全漏洞 | CNNVD-202404-2347 | CVE-2024-21080 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
101 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2348 | CVE-2024-21030 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
102 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2349 | CVE-2024-21029 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
103 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2350 | CVE-2024-21028 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
104 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2352 | CVE-2024-21027 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
105 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2353 | CVE-2024-21026 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
106 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2358 | CVE-2024-21025 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
107 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2359 | CVE-2024-21024 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
108 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2361 | CVE-2024-21023 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
109 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2362 | CVE-2024-21021 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
110 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2364 | CVE-2024-21020 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
111 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2365 | CVE-2024-21022 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
112 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2366 | CVE-2024-21018 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
113 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2367 | CVE-2024-21017 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
114 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2368 | CVE-2024-21019 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
115 | Oracle Database Server 安全漏洞 | CNNVD-202404-2369 | CVE-2024-21066 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
116 | Oracle Database Server 安全漏洞 | CNNVD-202404-2370 | CVE-2024-21058 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
117 | Oracle E-Business Suite 安全漏洞 | CNNVD-202404-2371 | CVE-2024-21016 | 中危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
118 | Oracle Virtualization 安全漏洞 | CNNVD-202404-2194 | CVE-2024-21108 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
119 | Oracle Solaris 安全漏洞 | CNNVD-202404-2206 | CVE-2024-21105 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
120 | Oracle MySQL 安全漏洞 | CNNVD-202404-2217 | CVE-2024-21101 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
121 | Oracle MySQL 安全漏洞 | CNNVD-202404-2218 | CVE-2024-21000 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
122 | Oracle Java SE 安全漏洞 | CNNVD-202404-2244 | CVE-2024-21004 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
123 | Oracle Java SE 安全漏洞 | CNNVD-202404-2245 | CVE-2024-21002 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
124 | Oracle Java SE 和 Oracle GraalVM 安全漏洞 | CNNVD-202404-2246 | CVE-2024-21005 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
125 | Oracle Java SE 安全漏洞 | CNNVD-202404-2247 | CVE-2024-21003 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
126 | Oracle Java SE 和Oracle GraalVM 安全漏洞 | CNNVD-202404-2248 | CVE-2024-21012 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
127 | Oracle Java SE 安全漏洞 | CNNVD-202404-2249 | CVE-2024-21094 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
128 | Oracle Java SE 安全漏洞 | CNNVD-202404-2250 | CVE-2024-21068 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
129 | Oracle Java SE 安全漏洞 | CNNVD-202404-2251 | CVE-2024-21011 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
130 | Oracle Java SE 安全漏洞 | CNNVD-202404-2252 | CVE-2024-21085 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
131 | Oracle Java SE 安全漏洞 | CNNVD-202404-2253 | CVE-2024-21098 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
132 | Oracle Java SE 的 Oracle GraalVM 安全漏洞 | CNNVD-202404-2256 | CVE-2024-20954 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
133 | Oracle Database Server 安全漏洞 | CNNVD-202404-2372 | CVE-2024-20995 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
此次更新共包括10个更新漏洞的补丁程序,其中高危漏洞3个,中危漏洞4个,低危漏洞3个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle部分产品 安全漏洞 | CNNVD-202401-1563 | CVE-2024-20918 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
2 | Oracle部分产品 安全漏洞 | CNNVD-202401-1546 | CVE-2024-20932 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
3 | Oracle部分产品 安全漏洞 | CNNVD-202401-1537 | CVE-2024-20952 | 高危 | https://www.oracle.com/security-alerts/cpujan2024.html |
4 | Oracle Java SE 安全漏洞 | CNNVD-202401-1582 | CVE-2024-20919 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
5 | Oracle Java SE 安全漏洞 | CNNVD-202401-1583 | CVE-2024-20921 | 中危 | https://www.oracle.com/security-alerts/cpujan2024verbose.html |
6 | Oracle Java SE和Oracle GraalVM 安全漏洞 | CNNVD-202401-1548 | CVE-2024-20926 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
7 | Oracle Java SE 安全漏洞 | CNNVD-202401-1584 | CVE-2024-20945 | 中危 | https://www.oracle.com/security-alerts/cpujan2024.html |
8 | Oracle部分产品 安全漏洞 | CNNVD-202401-1556 | CVE-2024-20922 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
9 | Oracle部分产品安全漏洞 | CNNVD-202401-1675 | CVE-2024-20923 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
10 | Oracle Java SE和Oracle GraalVM 安全漏洞 | CNNVD-202401-1673 | CVE-2024-20925 | 低危 | https://www.oracle.com/security-alerts/cpujan2024.html |
此次更新共包括193个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞26个,高危漏洞93个,中危漏洞68个,低危漏洞6个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Terracotta Quartz Scheduler 代码问题漏洞 | CNNVD-201907-1383 | CVE-2019-13990 | 超危 | softwareag | http://www.quartz-scheduler.org/ |
2 | Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-838 | CVE-2020-29508 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
3 | Dell BSAFE 安全特征问题漏洞 | CNNVD-202207-834 | CVE-2020-35163 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
4 | Dell BSAFE 安全漏洞 | CNNVD-202207-832 | CVE-2020-35166 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
5 | Dell BSAFE 安全漏洞 | CNNVD-202207-831 | CVE-2020-35167 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
6 | Dell BSAFE 安全漏洞 | CNNVD-202207-828 | CVE-2020-35168 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
7 | handlebars 安全漏洞 | CNNVD-202104-686 | CVE-2021-23369 | 超危 | 个人开发者 | https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 |
8 | handlebars 安全漏洞 | CNNVD-202105-130 | CVE-2021-23383 | 超危 | 个人开发者 | https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 |
9 | Apache DB DdlUtils 代码问题漏洞 | CNNVD-202109-1960 | CVE-2021-41616 | 超危 | Apache基金会 | https://lists.apache.org/thread.html/r3d7a8303a820144f5e2d1fd0b067e18d419421b58346b53b58d3fa72%40%3Cannounce.apache.org%3E |
10 | iText 命令注入漏洞 | CNNVD-202112-1333 | CVE-2021-43113 | 超危 | 个人开发者 | https://github.com/itext/itext7/releases/tag/7.1.17 |
11 | SnakeYAML 代码问题漏洞 | CNNVD-202212-1820 | CVE-2022-1471 | 超危 | 个人开发者 | https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 |
12 | Dell BSAFE 安全漏洞 | CNNVD-202402-197 | CVE-2022-34381 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability |
13 | HSQLDB 安全漏洞 | CNNVD-202210-196 | CVE-2022-41853 | 超危 | The HSQL Development Group | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7 |
14 | Apache Commons Text 代码注入漏洞 | CNNVD-202210-790 | CVE-2022-42889 | 超危 | Apache基金会 | https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om |
15 | Apache Commons BCEL 缓冲区错误漏洞 | CNNVD-202211-2199 | CVE-2022-42920 | 超危 | Apache基金会 | https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4 |
16 | Apache SOAP 访问控制错误漏洞 | CNNVD-202211-2683 | CVE-2022-45378 | 超危 | Apache | https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31 |
17 | Apache Derby 注入漏洞 | CNNVD-202311-1655 | CVE-2022-46337 | 超危 | Apache基金会 | https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 |
18 | Apache CXF 代码问题漏洞 | CNNVD-202212-3143 | CVE-2022-46364 | 超危 | Apache基金会 | https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c |
19 | VMware Spring Security 安全漏洞 | CNNVD-202307-1680 | CVE-2023-34034 | 超危 | VMware | https://spring.io/security/cve-2023-34034 |
20 | curl 缓冲区错误漏洞 | CNNVD-202310-917 | CVE-2023-38545 | 超危 | curl | https://github.com/curl/curl/commit/fb4415d8aee6c1 |
21 | Apple Safari 代码问题漏洞 | CNNVD-202309-2063 | CVE-2023-41993 | 超危 | Apple | https://support.apple.com/en-us/HT213930 |
22 | npm IP Package 代码问题漏洞 | CNNVD-202402-689 | CVE-2023-42282 | 超危 | npm | https://www.npmjs.com/package/ip |
23 | Apache ZooKeeper 安全漏洞 | CNNVD-202310-856 | CVE-2023-44981 | 超危 | Apache基金会 | https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b |
24 | Apache ActiveMQ 代码问题漏洞 | CNNVD-202310-2332 | CVE-2023-46604 | 超危 | Apache基金会 | https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt |
25 | Perl 安全漏洞 | CNNVD-202312-067 | CVE-2023-47100 | 超危 | Perl | https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 |
26 | PostgreSQL JDBC Driver 安全漏洞 | CNNVD-202402-1534 | CVE-2024-1597 | 超危 | PostgreSQL | https://github.com/pgjdbc/pgjdbc/releases/tag/REL42.7.2 |
27 | Apache MINA 安全漏洞 | CNNVD-201910-048 | CVE-2019-0231 | 高危 | Apache基金会 | http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019 |
28 | jackson-mapper-asl 代码问题漏洞 | CNNVD-201911-1110 | CVE-2019-10172 | 高危 | 个人开发者 | https://mvnrepository.com/artifact/org.codehaus.jackson |
29 | Red Hat Hibernate ORM SQL注入漏洞 | CNNVD-202011-1706 | CVE-2020-25638 | 高危 | Red Hat | https://hibernate.org/ |
30 | Dell BSAFE 安全漏洞 | CNNVD-202207-833 | CVE-2020-35164 | 高危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
31 | Python 输入验证错误漏洞 | CNNVD-202208-3716 | CVE-2021-28861 | 高危 | Python | https://bugs.python.org/issue43223 |
32 | Perl 代码问题漏洞 | CNNVD-202108-807 | CVE-2021-36770 | 高危 | Perl | https://access.redhat.com/security/cve/cve-2021-36770 |
33 | Certifi 数据伪造问题漏洞 | CNNVD-202212-2660 | CVE-2022-23491 | 高危 | Certifi | https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 |
34 | nekohtml资源管理错误漏洞 | CNNVD-202204-2918 | CVE-2022-24839 | 高危 | 个人开发者 | https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d |
35 | Google protobuf 安全漏洞 | CNNVD-202210-769 | CVE-2022-3171 | 高危 | https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 | |
36 | Apache Xalan 输入验证错误漏洞 | CNNVD-202207-1617 | CVE-2022-34169 | 高危 | Apache基金会 | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
37 | XStream 缓冲区错误漏洞 | CNNVD-202209-1230 | CVE-2022-40152 | 高危 | XStream | https://github.com/x-stream/xstream/issues/304 |
38 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202210-1712 | CVE-2022-41704 | 高危 | Apache基金会 | https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf |
39 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202210-007 | CVE-2022-42003 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 |
40 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202210-006 | CVE-2022-42004 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 |
41 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202210-1707 | CVE-2022-42890 | 高危 | Apache基金会 | https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly |
42 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202308-1802 | CVE-2022-44729 | 高危 | Apache基金会 | https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2 |
43 | Hutool 缓冲区错误漏洞 | CNNVD-202212-3131 | CVE-2022-45688 | 高危 | Dromara社区 | https://github.com/dromara/hutool/issues/2748 |
44 | Apache Ivy 代码问题漏洞 | CNNVD-202308-1684 | CVE-2022-46751 | 高危 | Apache基金会 | https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8 |
45 | UnRAR 后置链接漏洞 | CNNVD-202308-425 | CVE-2022-48579 | 高危 | 个人开发者 | https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee |
46 | OpenSSL 信任管理问题漏洞 | CNNVD-202303-1681 | CVE-2023-0464 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230322.txt |
47 | Red Hat JBoss Enterprise Application Platform 安全漏洞 | CNNVD-202303-798 | CVE-2023-1108 | 高危 | Red Hat | https://github.com/ICEPAY/REST-API-NET/commit/61f6b8758e5c971abff5f901cfa9f231052b775f |
48 | netplex json-smart 安全漏洞 | CNNVD-202303-1658 | CVE-2023-1370 | 高危 | netplex | https://netplex.github.io/json-smart/ |
49 | Jettison 安全漏洞 | CNNVD-202303-1656 | CVE-2023-1436 | 高危 | Jettison | https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ |
50 | Spring Framework 安全漏洞 | CNNVD-202303-2401 | CVE-2023-20860 | 高危 | Spring | https://spring.io/security/cve-2023-20860 |
51 | ModSecurity 安全漏洞 | CNNVD-202301-1585 | CVE-2023-24021 | 高危 | 个人开发者 | https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334 |
52 | Apache Commons FileUpload 安全漏洞 | CNNVD-202302-1610 | CVE-2023-24998 | 高危 | Apache基金会 | https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy |
53 | OpenCV 代码问题漏洞 | CNNVD-202305-852 | CVE-2023-2617 | 高危 | OpenCV | https://github.com/opencv/opencv_contrib/pull/3480 |
54 | OpenCV 安全漏洞 | CNNVD-202305-851 | CVE-2023-2618 | 高危 | OpenCV | https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
55 | Intel oneAPI Toolkits 代码问题漏洞 | CNNVD-202308-1031 | CVE-2023-28823 | 高危 | Intel | http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
56 | glib2 资源管理错误漏洞 | CNNVD-202306-1169 | CVE-2023-29499 | 高危 | GNOME | https://gitlab.gnome.org/GNOME/glib/ |
57 | Google Guava 安全漏洞 | CNNVD-202306-1141 | CVE-2023-2976 | 高危 | https://github.com/google/guava | |
58 | Apache HTTP Server 缓冲区错误漏洞 | CNNVD-202310-1640 | CVE-2023-31122 | 高危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
59 | Red Hat Undertow 安全漏洞 | CNNVD-202308-506 | CVE-2023-3223 | 高危 | Red Hat | https://undertow.io/ |
60 | glib2 资源管理错误漏洞 | CNNVD-202306-1170 | CVE-2023-32636 | 高危 | GNOME | https://gitlab.gnome.org/GNOME/glib/ |
61 | glib2 缓冲区错误漏洞 | CNNVD-202306-1172 | CVE-2023-32643 | 高危 | GNOME | https://gitlab.gnome.org/GNOME/glib/ |
62 | Spring Framework 安全漏洞 | CNNVD-202311-2123 | CVE-2023-34053 | 高危 | Spring团队 | https://github.com/spring-projects/spring-framework/releases/tag/v6.0. |
63 | Apache Tomcat 安全漏洞 | CNNVD-202306-1525 | CVE-2023-34981 | 高危 | Apache基金会 | https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz |
64 | Jenkins 跨站请求伪造漏洞 | CNNVD-202306-1089 | CVE-2023-35141 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135 |
65 | Okio 安全漏洞 | CNNVD-202307-1161 | CVE-2023-3635 | 高危 | square | https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b |
66 | Eclipse Jetty 资源管理错误漏洞 | CNNVD-202310-691 | CVE-2023-36478 | 高危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r |
67 | Python 安全漏洞 | CNNVD-202306-1804 | CVE-2023-36632 | 高危 | Python基金会 | https://docs.python.org/3/library/email.html |
68 | HCL BigFix Platform 输入验证错误漏洞 | CNNVD-202310-848 | CVE-2023-37536 | 高危 | HCL Technologies | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 |
69 | curl 安全漏洞 | CNNVD-202309-1067 | CVE-2023-38039 | 高危 | curl | https://github.com/curl/curl |
70 | python-cryptography 信任管理问题漏洞 | CNNVD-202307-1332 | CVE-2023-38325 | 高危 | Cryptographic团队 | https://github.com/pyca/cryptography/issues/9207 |
71 | MIT Kerberos 资源管理错误漏洞 | CNNVD-202308-1454 | CVE-2023-39975 | 高危 | MIT | https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840 |
72 | Eclipse Parsson 安全漏洞 | CNNVD-202311-268 | CVE-2023-4043 | 高危 | Eclipse基金会 | https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31 |
73 | Redis 安全漏洞 | CNNVD-202401-776 | CVE-2023-41056 | 高危 | Redis Labs | https://github.com/redis/redis/commit/e351099e1119fb89496be578f5232c61ce300224 |
74 | Apple iOS 和 iPadOS 安全漏洞 | CNNVD-202309-2265 | CVE-2023-41074 | 高危 | Apple | https://support.apple.com/en-us/HT213938 |
75 | Python 代码问题漏洞 | CNNVD-202308-1930 | CVE-2023-41105 | 高危 | Python基金会 | https://github.com/python/cpython/pull/107982 |
76 | Apple Safari 安全漏洞 | CNNVD-202311-2397 | CVE-2023-42917 | 高危 | Apple | https://support.apple.com/en-us/HT214033 |
77 | Jenkins 安全漏洞 | CNNVD-202309-1972 | CVE-2023-43496 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072 |
78 | Jenkins 代码问题漏洞 | CNNVD-202309-1971 | CVE-2023-43497 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 |
79 | Jenkins 安全漏洞 | CNNVD-202309-1970 | CVE-2023-43498 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 |
80 | Apache HTTP Server 资源管理错误漏洞 | CNNVD-202310-1641 | CVE-2023-43622 | 高危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
81 | urllib3 信息泄露漏洞 | CNNVD-202310-281 | CVE-2023-43804 | 高危 | 个人开发者 | https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
82 | Pillow 安全漏洞 | CNNVD-202311-282 | CVE-2023-44271 | 高危 | 个人开发者 | https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 |
83 | Apache HTTP/2 资源管理错误漏洞 | CNNVD-202310-667 | CVE-2023-44487 | 高危 | Apache基金会 | https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
84 | OpenTelemetry-Go Contrib 安全漏洞 | CNNVD-202310-955 | CVE-2023-45142 | 高危 | OpenTelemetry | https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh |
85 | Plotly.js 安全漏洞 | CNNVD-202401-128 | CVE-2023-46308 | 高危 | 个人开发者 | https://github.com/plotly/plotly.js/releases/tag/v2.25.2 |
86 | shadow 安全漏洞 | CNNVD-202310-843 | CVE-2023-4641 | 高危 | 个人开发者 | https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904 |
87 | Apache Tomcat 环境问题漏洞 | CNNVD-202311-2168 | CVE-2023-46589 | 高危 | Apache基金会 | https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr |
88 | Perl 安全漏洞 | CNNVD-202311-2025 | CVE-2023-47038 | 高危 | PERL社区 | https://bugzilla.redhat.com/show_bug.cgi?id=2249523 |
89 | Perl 安全漏洞 | CNNVD-202311-2026 | CVE-2023-47039 | 高危 | PERL社区 | https://www.perl.org/ |
90 | OpenSSL 安全漏洞 | CNNVD-202309-665 | CVE-2023-4807 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230908.txt |
91 | Google Chrome 缓冲区错误漏洞 | CNNVD-202309-784 | CVE-2023-4863 | 高危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html | |
92 | glibc 缓冲区错误漏洞 | CNNVD-202310-197 | CVE-2023-4911 | 高危 | GNU社区 | https://www.gnu.org/software/libc/ |
93 | Apache Solr 安全漏洞 | CNNVD-202402-792 | CVE-2023-50298 | 高危 | Apache | https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions |
94 | Apache Solr 代码问题漏洞 | CNNVD-202402-791 | CVE-2023-50386 | 高危 | Apache | https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets |
95 | JSON-Java 安全漏洞 | CNNVD-202310-951 | CVE-2023-5072 | 高危 | 个人开发者 | https://github.com/stleary/JSON-java/ |
96 | Jasper 安全漏洞 | CNNVD-202401-1315 | CVE-2023-51257 | 高危 | Jasper | https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a |
97 | GNU C Library 安全漏洞 | CNNVD-202309-2162 | CVE-2023-5156 | 高危 | GNU社区 | https://sourceware.org/bugzilla/show_bug.cgi?id=30884 |
98 | jose4j 安全漏洞 | CNNVD-202402-2688 | CVE-2023-51775 | 高危 | Bitbucket | https://bitbucket.org/b_c/jose4j/downloads/ |
99 | Connect2id Nimbus JOSE+JWT 安全漏洞 | CNNVD-202402-845 | CVE-2023-52428 | 高危 | Connect2id | https://connect2id.com/products/nimbus-jose-jwt |
100 | OpenSSL 安全漏洞 | CNNVD-202310-1871 | CVE-2023-5363 | 高危 | OpenSSL团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d |
101 | Red Hat Undertow 安全漏洞 | CNNVD-202312-977 | CVE-2023-5379 | 高危 | Red Hat | https://bugzilla.redhat.com/show_bug.cgi?id=2242099 |
102 | glibc 缓冲区错误漏洞 | CNNVD-202401-2632 | CVE-2023-6246 | 高危 | 个人开发者 | https://github.com/kraj/glibc/releases/tag/glibc-2.37 |
103 | logback 代码问题漏洞 | CNNVD-202311-2206 | CVE-2023-6378 | 高危 | Quality Open Software | https://logback.qos.ch/download.html |
104 | Quality Open Software Logback 安全漏洞 | CNNVD-202312-277 | CVE-2023-6481 | 高危 | Quality Open Software | https://logback.qos.ch/news.html |
105 | glibc 缓冲区错误漏洞 | CNNVD-202401-2633 | CVE-2023-6779 | 高危 | 个人开发者 | https://github.com/kraj/glibc/releases/tag/glibc-2.38 |
106 | Red Hat Undertow 资源管理错误漏洞 | CNNVD-202402-1551 | CVE-2024-1635 | 高危 | Red Hat | https://undertow.io/ |
107 | runc 安全漏洞 | CNNVD-202401-2725 | CVE-2024-21626 | 高危 | 个人开发者 | https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv |
108 | Amazon Ion 安全漏洞 | CNNVD-202401-216 | CVE-2024-21634 | 高危 | Amazon | https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6 |
109 | Node.js 安全漏洞 | CNNVD-202402-1466 | CVE-2024-21892 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high |
110 | Node.js 安全漏洞 | CNNVD-202402-1467 | CVE-2024-22019 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high |
111 | Eclipse Jetty 安全漏洞 | CNNVD-202402-2103 | CVE-2024-22201 | 高危 | Eclipse | https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 |
112 | Spring Framework 安全漏洞 | CNNVD-202401-1957 | CVE-2024-22233 | 高危 | Spring | https://spring.io/security/cve-2024-22233/ |
113 | Spring Framework 安全漏洞 | CNNVD-202402-1929 | CVE-2024-22243 | 高危 | Spring | https://spring.io/projects/spring-framework#support |
114 | VMware Spring Security 安全漏洞 | CNNVD-202403-1650 | CVE-2024-22257 | 高危 | VMware | https://spring.io/security/cve-2024-22257 |
115 | Spring Framework 安全漏洞 | CNNVD-202403-1543 | CVE-2024-22259 | 高危 | Spring | https://spring.io/security/cve-2024-22259 |
116 | Apache Tomcat 安全漏洞 | CNNVD-202403-1180 | CVE-2024-23672 | 高危 | Apache | https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f |
117 | Apache Tomcat 输入验证错误漏洞 | CNNVD-202403-1179 | CVE-2024-24549 | 高危 | Apache | https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg |
118 | libxml2 安全漏洞 | CNNVD-202402-242 | CVE-2024-25062 | 高危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/tags |
119 | python-cryptography 安全漏洞 | CNNVD-202402-1783 | CVE-2024-26130 | 高危 | Cryptographic | https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 |
120 | Apache Ant 安全漏洞 | CNNVD-202107-983 | CVE-2021-36373 | 中危 | Apache基金会 | https://ant.apache.org/ |
121 | Apache Ant 安全漏洞 | CNNVD-202107-984 | CVE-2021-36374 | 中危 | Apache基金会 | https://ant.apache.org/ |
122 | Apache Commons Net 输入验证错误漏洞 | CNNVD-202212-2188 | CVE-2021-37533 | 中危 | Apache基金会 | https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 |
123 | JetBrains Kotlin 安全特征问题漏洞 | CNNVD-202202-606 | CVE-2022-24329 | 中危 | JetBrains | http://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 |
124 | MetadataExtractor 安全漏洞 | CNNVD-202202-1859 | CVE-2022-24613 | 中危 | 个人开发者 | https://cxsecurity.com/cveshow/CVE-2022-24613/ |
125 | MetadataExtractor 安全漏洞 | CNNVD-202202-1858 | CVE-2022-24614 | 中危 | 个人开发者 | https://cxsecurity.com/cveshow/CVE-2022-24614/ |
126 | Apache Portable Runtime 输入验证错误漏洞 | CNNVD-202301-2414 | CVE-2022-25147 | 中危 | Apache基金会 | https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 |
127 | jQuery 跨站脚本漏洞 | CNNVD-202207-2121 | CVE-2022-31160 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
128 | jsoup 跨站脚本漏洞 | CNNVD-202208-4329 | CVE-2022-36033 | 中危 | 个人开发者 | https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
129 | Matthäus G. Chajdas pygments 代码问题漏洞 | CNNVD-202307-1683 | CVE-2022-40896 | 中危 | Matthäus G. Chajdas | https://pypi.org/project/Pygments/ |
130 | OpenSSL 信任管理问题漏洞 | CNNVD-202303-2432 | CVE-2023-0465 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230328.txt |
131 | OpenSSL 信任管理问题漏洞 | CNNVD-202303-2431 | CVE-2023-0466 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230328.txt |
132 | Red Hat AMQ 安全漏洞 | CNNVD-202302-1203 | CVE-2023-0833 | 中危 | Red Hat | https://www.redhat.com/en/resources/amq-streams-datasheet |
133 | OpenSSL 缓冲区错误漏洞 | CNNVD-202304-1714 | CVE-2023-1255 | 中危 | OpenSSL | https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 |
134 | Spring Framework 安全漏洞 | CNNVD-202303-1917 | CVE-2023-20861 | 中危 | Spring | https://spring.io/security/cve-2023-20861 |
135 | Spring Framework 安全漏洞 | CNNVD-202304-1667 | CVE-2023-20862 | 中危 | Spring | https://spring.io/security/cve-2023-20862 |
136 | Spring Framework 安全漏洞 | CNNVD-202304-1094 | CVE-2023-20863 | 中危 | Spring | https://spring.io/security/cve-2023-20863 |
137 | libssh 授权问题漏洞 | CNNVD-202305-2087 | CVE-2023-2283 | 中危 | libssh | https://www.debian.org/security/2023/ |
138 | OpenSSL 安全漏洞 | CNNVD-202305-2503 | CVE-2023-2650 | 中危 | OpenSSL | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a |
139 | Intel oneAPI Toolkits 安全漏洞 | CNNVD-202308-1047 | CVE-2023-27391 | 中危 | Intel | http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
140 | Apache Tomcat 安全漏洞 | CNNVD-202303-1662 | CVE-2023-28708 | 中危 | Apache基金会 | https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 |
141 | Flexera InstallShield 安全漏洞 | CNNVD-202401-2402 | CVE-2023-29081 | 中危 | Flexera | https://community.flexera.com/t5/Product-Downloads/ct-p/Downloads |
142 | OpenSSL 授权问题漏洞 | CNNVD-202307-1295 | CVE-2023-2975 | 中危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20230714.txt |
143 | glib2 资源管理错误漏洞 | CNNVD-202306-1171 | CVE-2023-32611 | 中危 | GNOME | https://gitlab.gnome.org/GNOME/glib/ |
144 | glib2 代码问题漏洞 | CNNVD-202306-1168 | CVE-2023-32665 | 中危 | GNOME | https://gitlab.gnome.org/GNOME/glib/ |
145 | Bouncy Castle 信任管理问题漏洞 | CNNVD-202307-168 | CVE-2023-33201 | 中危 | Bouncy Castle | https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc |
146 | Bouncy Castle 资源管理错误漏洞 | CNNVD-202311-1981 | CVE-2023-33202 | 中危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
147 | Spring Security 安全漏洞 | CNNVD-202307-1539 | CVE-2023-34035 | 中危 | Spring | https://spring.io/security/cve-2023-34035 |
148 | VMware Spring Boot 安全漏洞 | CNNVD-202311-2124 | CVE-2023-34055 | 中危 | VMware | https://github.com/spring-projects/spring-boot/releases/tag/v3.0. |
149 | OpenSSL 安全漏洞 | CNNVD-202307-1681 | CVE-2023-3446 | 中危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20230719.txt |
150 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202306-1121 | CVE-2023-35116 | 中危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3972 |
151 | Apache MINA 路径遍历漏洞 | CNNVD-202307-582 | CVE-2023-35887 | 中危 | Apache基金会 | https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2 |
152 | Eclipse Jetty 安全漏洞 | CNNVD-202309-1093 | CVE-2023-36479 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j |
153 | OpenSSL 安全漏洞 | CNNVD-202307-2314 | CVE-2023-3817 | 中危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20230731.txt |
154 | Jenkins 跨站脚本漏洞 | CNNVD-202307-2099 | CVE-2023-39151 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188 |
155 | procps 缓冲区错误漏洞 | CNNVD-202308-085 | CVE-2023-4016 | 中危 | procps-ng | https://gitlab.com/procps-ng/procps |
156 | Eclipse Jetty 安全漏洞 | CNNVD-202309-1102 | CVE-2023-40167 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 |
157 | Python 安全漏洞 | CNNVD-202308-2059 | CVE-2023-40217 | 中危 | Python基金会 | https://www.python.org/dev/security/ |
158 | Apache Tomcat 输入验证错误漏洞 | CNNVD-202308-2096 | CVE-2023-41080 | 中危 | Apache基金会 | https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f |
159 | Eclipse Jetty 安全漏洞 | CNNVD-202309-1113 | CVE-2023-41900 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 |
160 | Apache Commons Compress 资源管理错误漏洞 | CNNVD-202309-1000 | CVE-2023-42503 | 中危 | Apache基金会 | https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c |
161 | Jenkins 安全漏洞 | CNNVD-202309-1974 | CVE-2023-43494 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261 |
162 | Jenkins 跨站脚本漏洞 | CNNVD-202309-1973 | CVE-2023-43495 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245 |
163 | Apache Santuario 日志信息泄露漏洞 | CNNVD-202310-1720 | CVE-2023-44483 | 中危 | Apache基金会 | https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 |
164 | glibc 缓冲区错误漏洞 | CNNVD-202309-933 | CVE-2023-4527 | 中危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=30842 |
165 | Apache HTTP Server 资源管理错误漏洞 | CNNVD-202310-1636 | CVE-2023-45802 | 中危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
166 | urllib3 信息泄露漏洞 | CNNVD-202310-1359 | CVE-2023-45803 | 中危 | urllib3 | https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
167 | curl 安全漏洞 | CNNVD-202312-490 | CVE-2023-46218 | 中危 | curl | https://curl.se/docs/CVE-2023-46218.html |
168 | curl 安全漏洞 | CNNVD-202312-499 | CVE-2023-46219 | 中危 | curl | https://curl.se/docs/CVE-2023-46219.html |
169 | Node.js 安全漏洞 | CNNVD-202402-1465 | CVE-2023-46809 | 中危 | Node.js | https://nodejs.org/ |
170 | glibc 资源管理错误漏洞 | CNNVD-202309-932 | CVE-2023-4806 | 中危 | GNU社区 | https://sourceware.org/bugzilla/show_bug.cgi?id=30843 |
171 | OpenSSH 安全漏洞 | CNNVD-202312-1668 | CVE-2023-48795 | 中危 | OpenBSD | https://www.openssh.com/openbsd.html |
172 | Python cryptography 代码问题漏洞 | CNNVD-202311-2230 | CVE-2023-49083 | 中危 | Python基金会 | https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 |
173 | python-cryptography 安全漏洞 | CNNVD-202312-1318 | CVE-2023-50782 | 中危 | Cryptographic团队 | https://cryptography.io/en/latest/ |
174 | Jayway JsonPath 安全漏洞 | CNNVD-202312-2349 | CVE-2023-51074 | 中危 | json-path | https://github.com/json-path/JsonPath/issues/973 |
175 | ImageMagick 资源管理错误漏洞 | CNNVD-202310-092 | CVE-2023-5341 | 中危 | ImageMagick | https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1 |
176 | OpenSSL 代码问题漏洞 | CNNVD-202311-423 | CVE-2023-5678 | 中危 | OpenSSL | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 |
177 | OpenSSL 安全漏洞 | CNNVD-202401-736 | CVE-2023-6129 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20240109.txt |
178 | Python 安全漏洞 | CNNVD-202312-708 | CVE-2023-6507 | 中危 | Python基金会 | https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/ |
179 | glibc 缓冲区错误漏洞 | CNNVD-202401-2631 | CVE-2023-6780 | 中危 | 个人开发者 | https://github.com/kraj/glibc/releases/tag/glibc-2.38 |
180 | curl 安全漏洞 | CNNVD-202401-2732 | CVE-2024-0853 | 中危 | curl | https://curl.se/docs/CVE-2024-0853.html |
181 | Red Hat Undertow 安全漏洞 | CNNVD-202402-940 | CVE-2024-1459 | 中危 | Red Hat | https://undertow.io/downloads.html |
182 | Jinja 跨站脚本漏洞 | CNNVD-202401-963 | CVE-2024-22195 | 中危 | 个人开发者 | https://github.com/pallets/jinja/releases/tag/3.1.3 |
183 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202402-204 | CVE-2024-23635 | 中危 | OWASP | https://github.com/nahsra/antisamy/releases/tag/v1.7.5 |
184 | CKEditor 跨站脚本漏洞 | CNNVD-202402-598 | CVE-2024-24815 | 中危 | CKEditor | https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb |
185 | CKEditor 跨站脚本漏洞 | CNNVD-202402-605 | CVE-2024-24816 | 中危 | CKEditor | https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb |
186 | Apache Commons Compress 安全漏洞 | CNNVD-202402-1528 | CVE-2024-25710 | 中危 | Apache | https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf |
187 | Apache Commons Compress 安全漏洞 | CNNVD-202402-1527 | CVE-2024-26308 | 中危 | Apache | https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg |
188 | Google Guava 访问控制错误漏洞 | CNNVD-202012-827 | CVE-2020-8908 | 低危 | https://github.com/google/guava/issues/4011 | |
189 | curl 安全漏洞 | CNNVD-202310-916 | CVE-2023-38546 | 低危 | curl | https://github.com/curl/curl/releases |
190 | Pip 命令注入漏洞 | CNNVD-202310-1912 | CVE-2023-5752 | 低危 | Python Packaging Authority | https://github.com/pypa/pip/releases/tag/23.3.1 |
191 | libssh 安全漏洞 | CNNVD-202312-1736 | CVE-2023-6004 | 低危 | libssh | https://www.libssh.org/files/0.10/ |
192 | libssh 安全漏洞 | CNNVD-202312-1734 | CVE-2023-6918 | 低危 | libssh | https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ |
193 | OpenSSL 安全漏洞 | CNNVD-202401-2353 | CVE-2024-0727 | 低危 | OpenSSL | https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpuapr2024.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
