近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞91个,影响到Oracle产品的其他厂商漏洞225个。Oracle Mysql、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products等多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、漏洞介绍

2024年10月15日,Oracle发布了2024年10月份安全更新,共316个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products、Oracle PeopleSoft Enterprise HCM Global Payroll、Oracle Hyperion等。CNNVD对其危害等级进行了评价,其中超危漏洞23个,高危漏洞133个,中危漏洞131个,低危漏洞29个。

Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpuoct2024.html

二、漏洞详情

此次更新共316个漏洞的补丁程序,包括85个新增漏洞的补丁程序、6个更新漏洞的补丁程序和225个影响Oracle产品的其他厂商漏洞的补丁程序。

此次更新共包括85个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞32个,中危漏洞36个,低危漏洞15个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle Hospitality Applications 安全漏洞

CNNVD-202410-1411

CVE-2024-21172

超危

https://www.oracle.com/security-alerts/cpuoct2024.html

2

Oracle Fusion Middleware 安全漏洞

CNNVD-202410-1425

CVE-2024-21216

超危

https://www.oracle.com/security-alerts/cpuoct2024.html

3

Oracle Virtualization 安全漏洞

CNNVD-202410-1370

CVE-2024-21259

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

4

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

CNNVD-202410-1374

CVE-2024-21214

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

5

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

CNNVD-202410-1376

CVE-2024-21255

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

6

Oracle PeopleSoft Enterprise HCM Global Payroll 安全漏洞

CNNVD-202410-1378

CVE-2024-21283

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

7

Oracle MySQL 安全漏洞

CNNVD-202410-1406

CVE-2024-21272

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

8

Oracle BI Publisher 安全漏洞

CNNVD-202410-1413

CVE-2024-21195

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

9

Oracle Analytics 安全漏洞

CNNVD-202410-1414

CVE-2024-21254

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

10

Oracle Fusion Middleware 安全漏洞

CNNVD-202410-1417

CVE-2024-21234

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

11

Oracle Fusion Middleware 安全漏洞

CNNVD-202410-1418

CVE-2024-21215

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

12

Oracle Fusion Middleware 安全漏洞

CNNVD-202410-1420

CVE-2024-21260

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

13

Oracle Fusion Middleware 安全漏洞

CNNVD-202410-1421

CVE-2024-21274

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

14

Oracle Fusion Middleware 安全漏洞

CNNVD-202410-1422

CVE-2024-21246

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

15

Oracle Fusion Middleware 安全漏洞

CNNVD-202410-1423

CVE-2024-21190

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

16

Oracle Fusion Middleware 安全漏洞

CNNVD-202410-1424

CVE-2024-21191

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

17

Oracle Financial Services Applications 安全漏洞

CNNVD-202410-1427

CVE-2024-21284

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

18

Oracle Financial Services Applications 安全漏洞

CNNVD-202410-1428

CVE-2024-21285

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

19

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1431

CVE-2024-21276

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

20

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1432

CVE-2024-21279

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

21

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1433

CVE-2024-21265

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

22

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1434

CVE-2024-21252

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

23

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1435

CVE-2024-21280

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

24

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1436

CVE-2024-21275

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

25

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1437

CVE-2024-21277

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

26

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1438

CVE-2024-21269

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

27

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1439

CVE-2024-21250

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

28

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1440

CVE-2024-21271

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

29

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1441

CVE-2024-21282

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

30

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1442

CVE-2024-21267

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

31

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1443

CVE-2024-21278

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

32

Oracle Applications Manager 安全漏洞

CNNVD-202410-1444

CVE-2024-21268

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

33

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1445

CVE-2024-21270

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

34

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1446

CVE-2024-21266

高危

https://www.oracle.com/security-alerts/cpuoct2024.html

35

Oracle Virtualization 安全漏洞

CNNVD-202410-1367

CVE-2024-21248

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

36

Oracle Virtualization 安全漏洞

CNNVD-202410-1368

CVE-2024-21273

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

37

Oracle Virtualization 安全漏洞

CNNVD-202410-1369

CVE-2024-21263

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

38

Oracle PeopleSoft 安全漏洞

CNNVD-202410-1371

CVE-2024-21249

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

39

Oracle PeopleSoft Products 安全漏洞

CNNVD-202410-1372

CVE-2024-21286

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

40

Oracle PeopleSoft Enterprise CC Common Application Objects 安全漏洞

CNNVD-202410-1373

CVE-2024-21264

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

41

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

CNNVD-202410-1375

CVE-2024-21202

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

42

Oracle MySQL 安全漏洞

CNNVD-202410-1382

CVE-2024-21200

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

43

Oracle MySQL 安全漏洞

CNNVD-202410-1385

CVE-2024-21212

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

44

Oracle MySQL 安全漏洞

CNNVD-202410-1386

CVE-2024-21204

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

45

Oracle MySQL 安全漏洞

CNNVD-202410-1387

CVE-2024-21193

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

46

Oracle MySQL 安全漏洞

CNNVD-202410-1389

CVE-2024-21213

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

47

Oracle MySQL 安全漏洞

CNNVD-202410-1390

CVE-2024-21201

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

48

Oracle MySQL 安全漏洞

CNNVD-202410-1391

CVE-2024-21241

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

49

Oracle MySQL 安全漏洞

CNNVD-202410-1392

CVE-2024-21219

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

50

Oracle MySQL 安全漏洞

CNNVD-202410-1393

CVE-2024-21198

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

51

Oracle MySQL 安全漏洞

CNNVD-202410-1394

CVE-2024-21239

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

52

Oracle MySQL 安全漏洞

CNNVD-202410-1395

CVE-2024-21197

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

53

Oracle MySQL 安全漏洞

CNNVD-202410-1396

CVE-2024-21236

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

54

Oracle MySQL 安全漏洞

CNNVD-202410-1397

CVE-2024-21199

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

55

Oracle MySQL 安全漏洞

CNNVD-202410-1398

CVE-2024-21207

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

56

Oracle MySQL 安全漏洞

CNNVD-202410-1399

CVE-2024-21203

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

57

Oracle MySQL 安全漏洞

CNNVD-202410-1400

CVE-2024-21194

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

58

Oracle MySQL 安全漏洞

CNNVD-202410-1401

CVE-2024-21218

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

59

Oracle MySQL 安全漏洞

CNNVD-202410-1402

CVE-2024-21238

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

60

Oracle MySQL 安全漏洞

CNNVD-202410-1403

CVE-2024-21196

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

61

Oracle MySQL 安全漏洞

CNNVD-202410-1404

CVE-2024-21230

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

62

Oracle MySQL 安全漏洞

CNNVD-202410-1405

CVE-2024-21262

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

63

Oracle Java SE 安全漏洞

CNNVD-202410-1412

CVE-2024-21235

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

64

Oracle Fusion Middleware 安全漏洞

CNNVD-202410-1415

CVE-2024-21192

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

65

Oracle Fusion Middleware 安全漏洞

CNNVD-202410-1416

CVE-2024-21205

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

66

Oracle Financial Services Applications 安全漏洞

CNNVD-202410-1426

CVE-2024-21281

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

67

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1429

CVE-2024-21206

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

68

Oracle E-Business Suite 安全漏洞

CNNVD-202410-1430

CVE-2024-21258

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

69

Oracle Database Server 安全漏洞

CNNVD-202410-1515

CVE-2024-21233

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

70

Oracle Application Express 安全漏洞

CNNVD-202410-1517

CVE-2024-21261

中危

https://www.oracle.com/security-alerts/cpuoct2024.html

71

Oracle Virtualization 安全漏洞

CNNVD-202410-1366

CVE-2024-21253

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

72

Oracle MySQL 安全漏洞

CNNVD-202410-1377

CVE-2024-21209

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

73

Oracle MySQL 安全漏洞

CNNVD-202410-1379

CVE-2024-21243

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

74

Oracle MySQL 安全漏洞

CNNVD-202410-1380

CVE-2024-21232

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

75

Oracle MySQL 安全漏洞

CNNVD-202410-1381

CVE-2024-21237

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

76

Oracle MySQL 安全漏洞

CNNVD-202410-1383

CVE-2024-21247

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

77

Oracle MySQL 安全漏洞

CNNVD-202410-1384

CVE-2024-21231

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

78

Oracle MySQL 安全漏洞

CNNVD-202410-1388

CVE-2024-21244

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

79

Oracle Java SE 安全漏洞

CNNVD-202410-1407

CVE-2024-21217

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

80

Oracle Java SE 安全漏洞

CNNVD-202410-1408

CVE-2024-21211

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

81

Oracle Java SE 安全漏洞

CNNVD-202410-1409

CVE-2024-21210

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

82

Oracle Hyperion 安全漏洞

CNNVD-202410-1410

CVE-2024-21257

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

83

Oracle Java SE 安全漏洞

CNNVD-202410-1419

CVE-2024-21208

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

84

Oracle Database Server 安全漏洞

CNNVD-202410-1516

CVE-2024-21242

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

85

Oracle Database Server 安全漏洞

CNNVD-202410-1518

CVE-2024-21251

低危

https://www.oracle.com/security-alerts/cpuoct2024.html

此次更新共包括6个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞2个,低危漏洞3个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle Java SE 安全漏洞

CNNVD-202407-1739

CVE-2024-21147

高危

https://www.oracle.com/security-alerts/cpujul2024.html

2

Oracle Java SE 安全漏洞

CNNVD-202407-1735

CVE-2024-21140

中危

https://www.oracle.com/security-alerts/cpujul2024.html

3

Oracle Java SE 安全漏洞

CNNVD-202407-1737

CVE-2024-21145

中危

https://www.oracle.com/security-alerts/cpujul2024.html

4

Oracle Java SE 安全漏洞

CNNVD-202407-1734

CVE-2024-21131

低危

https://www.oracle.com/security-alerts/cpujul2024.html

5

Oracle Java SE 安全漏洞

CNNVD-202407-1729

CVE-2024-21138

低危

https://www.oracle.com/security-alerts/cpujul2024.html

6

Oracle Java SE 安全漏洞

CNNVD-202407-1732

CVE-2024-21144

低危

https://www.oracle.com/security-alerts/cpujul2024.html

此次更新共包括225个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞21个,高危漏洞100个,中危漏洞93个,低危漏洞11个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

厂商

官方链接

1

Apache Chainsaw 代码问题漏洞

CNNVD-202106-1293

CVE-2020-9493

超危

Apache基金会

https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E

2

OpenSSL 操作系统命令注入漏洞

CNNVD-202205-1962

CVE-2022-1292

超危

Openssl团队

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2

3

SnakeYAML 代码问题漏洞

CNNVD-202212-1820

CVE-2022-1471

超危

个人开发者

https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2

4

OpenSSL 操作系统命令注入漏洞

CNNVD-202206-2112

CVE-2022-2068

超危

OpenSSL

https://www.openssl.org/source/

5

Apache Log4j SQL注入漏洞

CNNVD-202201-1421

CVE-2022-23305

超危

Apache基金会

https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y

6

Dell BSAFE 安全漏洞

CNNVD-202402-197

CVE-2022-34381

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability

7

Apache HTTP Server 环境问题漏洞

CNNVD-202301-1299

CVE-2022-36760

超危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

8

XKCP 输入验证错误漏洞

CNNVD-202210-1541

CVE-2022-37454

超危

XKCP

https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a

9

Apache Derby 注入漏洞

CNNVD-202311-1655

CVE-2022-46337

超危

Apache基金会

https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3

10

Certifi 数据伪造问题漏洞

CNNVD-202307-2046

CVE-2023-37920

超危

Certifi

https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7

11

OpenSSH 代码问题漏洞

CNNVD-202307-1721

CVE-2023-38408

超危

OpenBSD

https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8

12

curl 缓冲区错误漏洞

CNNVD-202310-917

CVE-2023-38545

超危

curl

https://github.com/curl/curl/commit/fb4415d8aee6c1

13

Apache ZooKeeper 安全漏洞

CNNVD-202310-856

CVE-2023-44981

超危

Apache基金会

https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b

14

zlib 输入验证错误漏洞

CNNVD-202310-1086

CVE-2023-45853

超危

个人开发者

https://github.com/madler/zlib/pull/843

15

Pillow 安全漏洞

CNNVD-202401-1886

CVE-2023-50447

超危

个人开发者

https://github.com/python-pillow/Pillow/releases/tag/10.2

16

OpenSSH 安全漏洞

CNNVD-202312-1665

CVE-2023-51385

超危

OpenBSD

https://www.openssh.com/txt/release-9.6

17

PHP 安全漏洞

CNNVD-202404-3501

CVE-2024-1874

超危

PHP

https://www.php.net/downloads.php

18

RequireJS 安全漏洞

CNNVD-202407-034

CVE-2024-38999

超危

RequireJS

https://github.com/requirejs/r.js

19

Jenkins 安全漏洞

CNNVD-202408-533

CVE-2024-43044

超危

Jenkins

https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430

20

libexpat 安全漏洞

CNNVD-202408-2839

CVE-2024-45490

超危

libexpat

https://github.com/libexpat/libexpat

21

PHP 操作系统命令注入漏洞

CNNVD-202406-852

CVE-2024-4577

超危

PHP

https://www.php.net/downloads

22

jackson-mapper-asl 代码问题漏洞

CNNVD-201911-1110

CVE-2019-10172

高危

个人开发者

https://mvnrepository.com/artifact/org.codehaus.jackson

23

OpenSSH 操作系统命令注入漏洞

CNNVD-202007-1519

CVE-2020-15778

高危

OpenBSD

https://www.openssh.com/

24

Npm underscore 代码注入漏洞

CNNVD-202103-1621

CVE-2021-23358

高危

Npm

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504

25

Netty 资源管理错误漏洞

CNNVD-202110-1442

CVE-2021-37136

高危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv

26

Netty 资源管理错误漏洞

CNNVD-202110-1441

CVE-2021-37137

高危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363

27

Apache Log4j 代码问题漏洞

CNNVD-202201-1420

CVE-2022-23302

高危

Apache基金会

https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w

28

Apache Log4j 代码问题漏洞

CNNVD-202201-1425

CVE-2022-23307

高危

Apache基金会

https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh

29

grub2 安全漏洞

CNNVD-202211-2822

CVE-2022-2601

高危

GNU社区

https://access.redhat.com/security/cve/cve-2022-2601

30

Moment.js 资源管理错误漏洞

CNNVD-202207-502

CVE-2022-31129

高危

个人开发者

https://github.com/moment/moment/pull/6015#issuecomment-1152961973

31

Apache Xalan 输入验证错误漏洞

CNNVD-202207-1617

CVE-2022-34169

高危

Apache基金会

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

32

Intel(R) oneAPI DPC++/C++ Compiler 代码问题漏洞

CNNVD-202301-904

CVE-2022-38136

高危

Intel

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html

33

OpenSSL 安全漏洞

CNNVD-202212-2982

CVE-2022-3996

高危

OpenSSL

https://github.com/openssl/openssl/

34

Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞

CNNVD-202301-905

CVE-2022-40196

高危

Intel

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html

35

Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞

CNNVD-202301-906

CVE-2022-41342

高危

Intel

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html

36

Python 安全漏洞

CNNVD-202210-2513

CVE-2022-42919

高危

Python基金会

https://github.com/python/cpython/issues/97514

37

OpenSSL 资源管理错误漏洞

CNNVD-202302-510

CVE-2022-4450

高危

OpenSSL

https://www.openssl.org/news/secadv/20230207.txt

38

Python 资源管理错误漏洞

CNNVD-202211-2414

CVE-2022-45061

高危

Python基金会

https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html

39

OpenSSL 资源管理错误漏洞

CNNVD-202302-521

CVE-2023-0215

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5845-1

40

OpenSSL 代码问题漏洞

CNNVD-202302-512

CVE-2023-0216

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5844-1

41

OpenSSL 代码问题漏洞

CNNVD-202302-516

CVE-2023-0217

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5844-1

42

OpenSSL 安全漏洞

CNNVD-202302-524

CVE-2023-0286

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5845-1

43

OpenSSL 代码问题漏洞

CNNVD-202302-518

CVE-2023-0401

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5844-1

44

Apache Hadoop 代码问题漏洞

CNNVD-202311-1444

CVE-2023-26031

高危

Apache基金会

https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r

45

Apache Log4j 代码问题漏洞

CNNVD-202303-736

CVE-2023-26464

高危

Apache基金会

https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t

46

Intel oneAPI Toolkits 代码问题漏洞

CNNVD-202308-1031

CVE-2023-28823

高危

Intel

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html

47

OpenLDAP 代码问题漏洞

CNNVD-202305-2588

CVE-2023-2953

高危

OpenLDAP

https://www.openldap.org/software/download/

48

Google Guava 安全漏洞

CNNVD-202306-1141

CVE-2023-2976

高危

Google

https://github.com/google/guava

49

snappy-java 输入验证错误漏洞

CNNVD-202306-1200

CVE-2023-34453

高危

个人开发者

https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf

50

snappy-java 输入验证错误漏洞

CNNVD-202306-1198

CVE-2023-34454

高危

个人开发者

https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r

51

Snappy 输入验证错误漏洞

CNNVD-202306-1248

CVE-2023-34455

高危

个人开发者

https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh

52

Okio 安全漏洞

CNNVD-202307-1161

CVE-2023-3635

高危

square

https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b

53

Apache Avro 代码问题漏洞

CNNVD-202309-2636

CVE-2023-39410

高危

Apache基金会

https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds

54

Eclipse Parsson 安全漏洞

CNNVD-202311-268

CVE-2023-4043

高危

Eclipse基金会

https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31

55

Apple iOS 和 iPadOS 安全漏洞

CNNVD-202403-3045

CVE-2023-42950

高危

Apple

https://support.apple.com/en-us/HT214035

56

Snappy 安全漏洞

CNNVD-202309-2204

CVE-2023-43642

高危

个人开发者

https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv

57

Apache HTTP/2 资源管理错误漏洞

CNNVD-202310-667

CVE-2023-44487

高危

Apache基金会

https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q

58

Google Go 安全漏洞

CNNVD-202404-632

CVE-2023-45288

高危

Google

https://pkg.go.dev/vuln/GO-2024-2687

59

Pallets Werkzeug 缓冲区错误漏洞

CNNVD-202310-2005

CVE-2023-46136

高危

Pallets

https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw

60

Eclipse JGit 安全漏洞

CNNVD-202309-850

CVE-2023-4759

高危

Eclipse基金会

https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11

61

OpenSSL 安全漏洞

CNNVD-202309-665

CVE-2023-4807

高危

OpenSSL

https://www.openssl.org/news/secadv/20230908.txt

62

Google Chrome 缓冲区错误漏洞

CNNVD-202309-784

CVE-2023-4863

高危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

63

JSON-Java 安全漏洞

CNNVD-202310-951

CVE-2023-5072

高危

个人开发者

https://github.com/stleary/JSON-java/

64

jose4j 安全漏洞

CNNVD-202402-2688

CVE-2023-51775

高危

Bitbucket

https://bitbucket.org/b_c/jose4j/downloads/

65

libexpat 安全漏洞

CNNVD-202402-245

CVE-2023-52425

高危

个人开发者

https://github.com/libexpat/libexpat/pull/789

66

Connect2id Nimbus JOSE+JWT 安全漏洞

CNNVD-202402-845

CVE-2023-52428

高危

Connect2id

https://connect2id.com/products/nimbus-jose-jwt

67

OpenSSL 安全漏洞

CNNVD-202310-1871

CVE-2023-5363

高危

OpenSSL团队

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d

68

Red Hat XNIO 资源管理错误漏洞

CNNVD-202403-455

CVE-2023-5685

高危

Red Hat

https://github.com/xnio/xnio/tags

69

Python 安全漏洞

CNNVD-202403-1882

CVE-2023-6597

高危

Python

https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b

70

X.org Server 安全漏洞

CNNVD-202401-1731

CVE-2023-6816

高危

X.org

https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11

71

X.org Server 安全漏洞

CNNVD-202401-1736

CVE-2024-0229

高危

X.org

https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11

72

X.org Server 安全漏洞

CNNVD-202401-1733

CVE-2024-21885

高危

X.org

https://www.x.org/wiki/XServer/

73

X.org Server 安全漏洞

CNNVD-202401-1732

CVE-2024-21886

高危

X.org

https://www.x.org/wiki/XServer/

74

Node.js 安全漏洞

CNNVD-202407-536

CVE-2024-22020

高危

Node.js

https://nodejs.org/en/blog/vulnerability/july-2024-security-releases

75

Eclipse Jetty 安全漏洞

CNNVD-202402-2103

CVE-2024-22201

高危

Eclipse

https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98

76

VMware Spring Security 安全漏洞

CNNVD-202403-1650

CVE-2024-22257

高危

VMware

https://spring.io/security/cve-2024-22257

77

Spring Framework 安全漏洞

CNNVD-202404-2193

CVE-2024-22262

高危

Spring

https://spring.io/security/cve-2024-22262

78

Apache Tomcat 安全漏洞

CNNVD-202403-1180

CVE-2024-23672

高危

Apache

https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

79

Apache Xerces-C 资源管理错误漏洞

CNNVD-202402-1469

CVE-2024-23807

高危

Apache

https://github.com/apache/xerces-c/pull/54

80

Curl 安全漏洞

CNNVD-202403-2674

CVE-2024-2398

高危

Curl

https://curl.se/docs/CVE-2024-2398.html

81

Apache Tomcat 输入验证错误漏洞

CNNVD-202403-1179

CVE-2024-24549

高危

Apache

https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg

82

F5 Nginx 安全漏洞

CNNVD-202402-1248

CVE-2024-24989

高危

F5

https://my.f5.com/manage/s/article/K000138444

83

F5 Nginx 安全漏洞

CNNVD-202402-1247

CVE-2024-24990

高危

F5

https://my.f5.com/manage/s/article/K000138445

84

libxml2 安全漏洞

CNNVD-202402-242

CVE-2024-25062

高危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/-/tags

85

OpenSSL 安全漏洞

CNNVD-202404-941

CVE-2024-2511

高危

OpenSSL

https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce

86

libheif 安全漏洞

CNNVD-202403-378

CVE-2024-25269

高危

个人开发者

https://github.com/strukturag/libheif/pull/1074

87

python-cryptography 安全漏洞

CNNVD-202402-1783

CVE-2024-26130

高危

Cryptographic

https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55

88

Node.js 安全漏洞

CNNVD-202404-991

CVE-2024-27983

高危

Node.js

https://nodejs.org/en/blog/vulnerability/april-2024-security-releases

89

Apache Commons Configuration 缓冲区错误漏洞

CNNVD-202403-2143

CVE-2024-29131

高危

Apache

https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37

90

Apache Commons Configuration 缓冲区错误漏洞

CNNVD-202403-2142

CVE-2024-29133

高危

Apache

https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2

91

Bouncy Castle 安全漏洞

CNNVD-202405-2601

CVE-2024-29857

高危

Bouncy Castle

https://www.bouncycastle.org/latest_releases.html

92

aiohttp 安全漏洞

CNNVD-202405-305

CVE-2024-30251

高危

aio-libs

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5

93

X.org Server 安全漏洞

CNNVD-202404-510

CVE-2024-31080

高危

X.org

https://www.x.org/wiki/Development/Documentation/SubmittingPatches/

94

X.org Server 资源管理错误漏洞

CNNVD-202404-682

CVE-2024-31083

高危

X.org

https://www.x.org/wiki/Development/Documentation/SubmittingPatches/

95

Apache CXF 安全漏洞

CNNVD-202407-1957

CVE-2024-32007

高危

Apache

https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633

96

Apache ActiveMQ 安全漏洞

CNNVD-202405-256

CVE-2024-32114

高危

Apache

https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt

97

glibc 安全漏洞

CNNVD-202405-1511

CVE-2024-33599

高危

GNU

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005

98

glibc 安全漏洞

CNNVD-202404-3209

CVE-2024-33602

高危

GNU

https://sourceware.org/bugzilla/show_bug.cgi?id=31680

99

Apache Tomcat 安全漏洞

CNNVD-202407-326

CVE-2024-34750

高危

Apache

https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l

100

Node.js 安全漏洞

CNNVD-202409-508

CVE-2024-36138

高危

Node.js

https://nodejs.org/en/blog/vulnerability/july-2024-security-releases

101

MIT Kerberos 安全漏洞

CNNVD-202406-3113

CVE-2024-37370

高危

MIT

https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef

102

Apache HTTP Server 安全漏洞

CNNVD-202407-094

CVE-2024-38474

高危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

103

Apache HTTP Server 安全漏洞

CNNVD-202407-093

CVE-2024-38475

高危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

104

Apache HTTP Server 代码问题漏洞

CNNVD-202407-091

CVE-2024-38477

高危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

105

VMware Spring Framework 安全漏洞

CNNVD-202409-1142

CVE-2024-38816

高危

VMware

https://spring.io/security/cve-2024-38816

106

Certifi 安全漏洞

CNNVD-202407-421

CVE-2024-39689

高危

Certifi

https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc

107

Apache HTTP Server 安全漏洞

CNNVD-202407-339

CVE-2024-39884

高危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

108

Apache CXF 安全漏洞

CNNVD-202407-1956

CVE-2024-41172

高危

Apache

https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6

109

ImageMagick 安全漏洞

CNNVD-202407-2766

CVE-2024-41817

高危

ImageMagick

https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.1-36

110

libexpat 输入验证错误漏洞

CNNVD-202408-2842

CVE-2024-45491

高危

libexpat

https://github.com/libexpat/libexpat

111

libexpat 输入验证错误漏洞

CNNVD-202408-2841

CVE-2024-45492

高危

libexpat

https://github.com/libexpat/libexpat

112

DOMPurify 安全漏洞

CNNVD-202409-1375

CVE-2024-45801

高危

个人开发者

https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674

113

PHP 安全漏洞

CNNVD-202406-829

CVE-2024-5458

高危

PHP

https://www.php.net/downloads

114

PHP 安全漏洞

CNNVD-202406-828

CVE-2024-5585

高危

PHP

https://www.php.net/downloads

115

Red Hat Undertow 安全漏洞

CNNVD-202407-518

CVE-2024-5971

高危

Red Hat

https://access.redhat.com/security/cve/CVE-2024-5971

116

Red Hat Undertow 资源管理错误漏洞

CNNVD-202406-2368

CVE-2024-6162

高危

Red Hat

https://bugzilla.redhat.com/show_bug.cgi?id=2293069

117

setuptools 代码注入漏洞

CNNVD-202407-1480

CVE-2024-6345

高危

PyPI

https://github.com/pypa/setuptools/releases/tag/v70.3

118

OpenSSH 竞争条件问题漏洞

CNNVD-202407-017

CVE-2024-6387

高危

OpenBSD

https://www.openssh.com/txt/release-9.8

119

Protocol Buffers 安全漏洞

CNNVD-202409-1841

CVE-2024-7254

高危

Protocol Buffers

http://protobuf.dev/

120

curl 安全漏洞

CNNVD-202407-3105

CVE-2024-7264

高危

cURL

https://curl.se/docs/CVE-2024-7264.html

121

Red Hat Undertow 竞争条件问题漏洞

CNNVD-202408-2070

CVE-2024-7885

高危

Red Hat

https://undertow.io/

122

jQuery 跨站脚本漏洞

CNNVD-202004-2429

CVE-2020-11022

中危

个人开发者

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

123

jQuery 跨站脚本漏洞

CNNVD-202004-2420

CVE-2020-11023

中危

个人开发者

https://jquery.com/upgrade-guide/3.5/

124

Apache HttpClient 安全漏洞

CNNVD-202010-372

CVE-2020-13956

中危

Apache基金会

https://www.apache.org/

125

OpenSSH 信息泄露漏洞

CNNVD-202006-1822

CVE-2020-14145

中危

Openbsd计划组

https://www.openssh.com/

126

Apache Groovy 安全漏洞

CNNVD-202012-422

CVE-2020-17521

中危

Apache基金会

https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel

127

Jakarta Expression Language 输入验证错误漏洞

CNNVD-202105-1760

CVE-2021-28170

中危

Jakarta

https://jakarta.ee/specifications/expression-language/3.

128

Sprymedia Datatables 跨站脚本漏洞

CNNVD-202303-377

CVE-2021-36713

中危

Sprymedia

https://github.com/DataTables/DataTables/releases/tag/1.10.21

129

jQuery 跨站脚本漏洞

CNNVD-202110-1843

CVE-2021-41182

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc

130

jQuery 跨站脚本漏洞

CNNVD-202110-1839

CVE-2021-41183

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4

131

Openjs Jquery Ui 跨站脚本漏洞

CNNVD-202110-1845

CVE-2021-41184

中危

Openjs基金会

https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327

132

Xerces 安全漏洞

CNNVD-202201-2238

CVE-2022-23437

中危

Apache基金会

https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl

133

jQuery 跨站脚本漏洞

CNNVD-202207-2121

CVE-2022-31160

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9

134

jsoup 跨站脚本漏洞

CNNVD-202208-4329

CVE-2022-36033

中危

个人开发者

https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369

135

OpenSSL 缓冲区错误漏洞

CNNVD-202302-506

CVE-2022-4203

中危

OpenSSL

https://www.openssl.org/news/secadv/20230207.txt

136

OpenSSL 安全漏洞

CNNVD-202302-514

CVE-2022-4304

中危

OpenSSL

https://www.openssl.org/news/secadv/20230207.txt

137

Spring Framework 安全漏洞

CNNVD-202304-1094

CVE-2023-20863

中危

Spring

https://spring.io/security/cve-2023-20863

138

NTP 缓冲区错误漏洞

CNNVD-202304-899

CVE-2023-26551

中危

nwtime

https://www.ntppool.org/zh/

139

NTP 缓冲区错误漏洞

CNNVD-202304-898

CVE-2023-26552

中危

nwtime

https://www.ntppool.org/zh/

140

NTP 缓冲区错误漏洞

CNNVD-202304-897

CVE-2023-26553

中危

nwtime

https://www.ntppool.org/zh/

141

NTP 缓冲区错误漏洞

CNNVD-202304-892

CVE-2023-26554

中危

nwtime

https://www.ntppool.org/zh/

142

NTP 缓冲区错误漏洞

CNNVD-202304-891

CVE-2023-26555

中危

nwtime

https://www.ntppool.org/zh/

143

Intel oneAPI Toolkits 安全漏洞

CNNVD-202308-1047

CVE-2023-27391

中危

Intel

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html

144

CKEditor 跨站脚本漏洞

CNNVD-202303-1790

CVE-2023-28439

中危

CKEditor

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g

145

libxml2 代码问题漏洞

CNNVD-202304-908

CVE-2023-28484

中危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f

146

libxml2 资源管理错误漏洞

CNNVD-202304-907

CVE-2023-29469

中危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64

147

Bouncy Castle 信任管理问题漏洞

CNNVD-202307-168

CVE-2023-33201

中危

Bouncy Castle

https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc

148

VMware Spring Boot 安全漏洞

CNNVD-202311-2124

CVE-2023-34055

中危

VMware

https://github.com/spring-projects/spring-boot/releases/tag/v3.0.

149

FasterXML jackson-databind 代码问题漏洞

CNNVD-202306-1121

CVE-2023-35116

中危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3972

150

lrzip 安全漏洞

CNNVD-202308-1538

CVE-2023-39743

中危

个人开发者

https://github.com/pete4abw/lrzip-next/issues/132

151

Apache Commons Compress 资源管理错误漏洞

CNNVD-202309-1000

CVE-2023-42503

中危

Apache基金会

https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c

152

Apple iOS 和 iPadOS 安全漏洞

CNNVD-202402-1738

CVE-2023-42843

中危

Apple

https://support.apple.com/en-us/HT213981

153

Apple iOS 和 iPadOS 安全漏洞

CNNVD-202403-3044

CVE-2023-42956

中危

Apple

https://support.apple.com/en-us/HT214035

154

Apache Santuario 日志信息泄露漏洞

CNNVD-202310-1720

CVE-2023-44483

中危

Apache基金会

https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55

155

OpenSSH 安全漏洞

CNNVD-202312-1668

CVE-2023-48795

中危

OpenBSD

https://www.openssh.com/openbsd.html

156

Python cryptography 代码问题漏洞

CNNVD-202311-2230

CVE-2023-49083

中危

Python基金会

https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97

157

OpenSSH 安全漏洞

CNNVD-202312-1662

CVE-2023-51384

中危

OpenBSD

https://www.openssh.com/txt/release-9.6

158

libexpat 安全漏洞

CNNVD-202402-243

CVE-2023-52426

中危

个人开发者

https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404

159

OpenSSL 代码问题漏洞

CNNVD-202311-423

CVE-2023-5678

中危

OpenSSL

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017

160

OpenSSL 安全漏洞

CNNVD-202401-736

CVE-2023-6129

中危

OpenSSL

https://www.openssl.org/news/secadv/20240109.txt

161

OpenSSL 安全漏洞

CNNVD-202401-1378

CVE-2023-6237

中危

OpenSSL

https://git.openssl.org/?p=openssl.git;a=commit;h=18c02492138d1eb8b6548cb26e7b625fb2414a2a

162

SQLite 安全漏洞

CNNVD-202312-2480

CVE-2023-7104

中危

SQLite

https://sqlite.org/releaselog/3_44_2.html

163

SQLite 安全漏洞

CNNVD-202401-1406

CVE-2024-0232

中危

个人开发者

https://sqlite.org/forum/forumpost/4aa381993a

164

Python 安全漏洞

CNNVD-202403-1880

CVE-2024-0450

中危

Python

https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85

165

Apple Safari 安全漏洞

CNNVD-202403-713

CVE-2024-23254

中危

Apple

https://support.apple.com/en-us/HT214089

166

Apple Safari 安全漏洞

CNNVD-202403-708

CVE-2024-23263

中危

Apple

https://support.apple.com/en-us/HT214089

167

Apple Safari 安全漏洞

CNNVD-202403-705

CVE-2024-23280

中危

Apple

https://support.apple.com/en-us/HT214089

168

Apple Safari 安全漏洞

CNNVD-202403-699

CVE-2024-23284

中危

Apple

https://support.apple.com/en-us/HT214089

169

OWASP AntiSamy 跨站脚本漏洞

CNNVD-202402-204

CVE-2024-23635

中危

OWASP

https://github.com/nahsra/antisamy/releases/tag/v1.7.5

170

Apache Zookeeper 信息泄露漏洞

CNNVD-202403-1401

CVE-2024-23944

中危

Apache

https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k

171

PHP 安全漏洞

CNNVD-202406-854

CVE-2024-2408

中危

PHP

https://www.php.net/

172

dnsjava 安全漏洞

CNNVD-202407-2260

CVE-2024-25638

中危

dnsjava

https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw

173

Apache Commons Compress 安全漏洞

CNNVD-202402-1528

CVE-2024-25710

中危

Apache

https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf

174

Apache Commons Compress 安全漏洞

CNNVD-202402-1527

CVE-2024-26308

中危

Apache

https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg

175

aiohttp 跨站脚本漏洞

CNNVD-202404-2760

CVE-2024-27306

中危

aiohttp

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g

176

Apple iOS 和 iPadOS 安全漏洞

CNNVD-202405-1869

CVE-2024-27834

中危

Apple

https://support.apple.com/en-us/HT214101

177

Nghttp2 安全漏洞

CNNVD-202404-586

CVE-2024-28182

中危

Nghttp2

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q

178

Apache CXF 代码问题漏洞

CNNVD-202403-1399

CVE-2024-28752

中危

Apache

https://cxf.apache.org/

179

Follow Redirects 信息泄露漏洞

CNNVD-202403-1332

CVE-2024-28849

中危

个人开发者

https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp

180

Intel IPP 安全漏洞

CNNVD-202408-1264

CVE-2024-28887

中危

Intel

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html

181

Netty 安全漏洞

CNNVD-202403-2434

CVE-2024-29025

中危

Netty

https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c

182

GNU C Library 安全漏洞

CNNVD-202404-2641

CVE-2024-2961

中危

GNU

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004

183

Apache CXF 代码问题漏洞

CNNVD-202407-1958

CVE-2024-29736

中危

Apache

https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2

184

F5 Nginx 安全漏洞

CNNVD-202405-4793

CVE-2024-31079

中危

F5

https://my.f5.com/manage/s/article/K000139611

185

Jasper 安全漏洞

CNNVD-202404-2850

CVE-2024-31744

中危

Jasper

https://github.com/jasper-software/jasper/releases/tag/version-4.2.3

186

F5 Nginx 安全漏洞

CNNVD-202405-4792

CVE-2024-32760

中危

F5

https://my.f5.com/manage/s/article/K000139609

187

glibc 安全漏洞

CNNVD-202404-3208

CVE-2024-33600

中危

GNU

https://sourceware.org/bugzilla/show_bug.cgi?id=31678

188

glibc 安全漏洞

CNNVD-202404-3210

CVE-2024-33601

中危

GNU

https://sourceware.org/bugzilla/show_bug.cgi?id=31679

189

RARLAB WinRAR 安全漏洞

CNNVD-202404-3492

CVE-2024-33899

中危

RARLAB

https://www.rarlab.com/rarnew.htm

190

F5 Nginx 安全漏洞

CNNVD-202405-4791

CVE-2024-34161

中危

F5

https://my.f5.com/manage/s/article/K000139627

191

F5 Nginx 安全漏洞

CNNVD-202405-4790

CVE-2024-35200

中危

F5

https://my.f5.com/manage/s/article/K000139612

192

WinRAR 安全漏洞

CNNVD-202405-3858

CVE-2024-36052

中危

个人开发者

https://www.rarlab.com/rarnew.htm

193

Apache HTTP Server 代码问题漏洞

CNNVD-202407-101

CVE-2024-36387

中危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

194

Red Hat Undertow 安全漏洞

CNNVD-202407-521

CVE-2024-3653

中危

Red Hat

https://undertow.io/

195

MIT Kerberos 安全漏洞

CNNVD-202406-3108

CVE-2024-37371

中危

MIT

https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef

196

urllib3 安全漏洞

CNNVD-202406-1954

CVE-2024-37891

中危

urllib3

https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf

197

Tiny Technologies TinyMCE 安全漏洞

CNNVD-202406-2256

CVE-2024-38356

中危

Tiny Technologies

https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph

198

Tiny Technologies TinyMCE 安全漏洞

CNNVD-202406-2249

CVE-2024-38357

中危

Tiny Technologies

https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x

199

Apache HTTP Server 安全漏洞

CNNVD-202407-096

CVE-2024-38472

中危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

200

Apache HTTP Server 安全漏洞

CNNVD-202407-095

CVE-2024-38473

中危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

201

Apache HTTP Server 安全漏洞

CNNVD-202407-092

CVE-2024-38476

中危

Apache

https://lists.apache.org/thread/p2xfjsvpogyrg4hw9cjs2nrnqnl34qf0

202

Spring Framework 安全漏洞

CNNVD-202408-1848

CVE-2024-38808

中危

VMware

https://spring.io/security/cve-2024-38808

203

VMware Spring Framework 安全漏洞

CNNVD-202409-2323

CVE-2024-38809

中危

VMware

https://spring.io/security/cve-2024-38809

204

RequireJS 安全漏洞

CNNVD-202407-032

CVE-2024-38998

中危

RequireJS

https://github.com/requirejs/r.js

205

Apache HTTP Server 输入验证错误漏洞

CNNVD-202407-086

CVE-2024-39573

中危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

206

Apache HTTP Server 安全漏洞

CNNVD-202407-1912

CVE-2024-40725

中危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

207

Apache HTTP Server 代码问题漏洞

CNNVD-202407-1910

CVE-2024-40898

中危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

208

Apache MINA SSHD 安全漏洞

CNNVD-202408-865

CVE-2024-41909

中危

Apache

https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b

209

Jenkins 安全漏洞

CNNVD-202408-532

CVE-2024-43045

中危

Jenkins

https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349

210

CKEditor4 安全漏洞

CNNVD-202408-2064

CVE-2024-43407

中危

CKEditor

https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l

211

OpenSSL 安全漏洞

CNNVD-202405-4739

CVE-2024-4741

中危

OpenSSL

https://github.com/openssl/openssl

212

OpenSSL 安全漏洞

CNNVD-202409-141

CVE-2024-6119

中危

OpenSSL

https://openssl-library.org/news/secadv/20240903.txt

213

CPython 安全漏洞

CNNVD-202409-120

CVE-2024-6232

中危

Python

https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf

214

Python 安全漏洞

CNNVD-202408-1775

CVE-2024-7592

中危

Python

https://github.com/jeremyhylton/cpython/commit/1587608515127032778669c8232d46ec6d8f593c

215

Google Guava 访问控制错误漏洞

CNNVD-202012-827

CVE-2020-8908

低危

Google

https://github.com/google/guava/issues/4011

216

OpenSSH 授权问题漏洞

CNNVD-202203-1230

CVE-2021-36368

低危

OpenBSD

https://www.openssh.com/security.html

217

Pip 命令注入漏洞

CNNVD-202310-1912

CVE-2023-5752

低危

Python Packaging Authority

https://github.com/pypa/pip/releases/tag/23.3.1

218

libssh 安全漏洞

CNNVD-202312-1736

CVE-2023-6004

低危

libssh

https://www.libssh.org/files/0.10/

219

libssh 安全漏洞

CNNVD-202312-1734

CVE-2023-6918

低危

libssh

https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/

220

OpenSSL 安全漏洞

CNNVD-202401-2353

CVE-2024-0727

低危

OpenSSL

https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

221

Node.js 安全漏洞

CNNVD-202407-1007

CVE-2024-22018

低危

Node.js

https://nodejs.org/en/blog/vulnerability/july-2024-security-releases

222

Node.js 安全漏洞

CNNVD-202409-509

CVE-2024-36137

低危

Node.js

https://nodejs.org/en/blog/vulnerability/july-2024-security-releases

223

CKEditor 安全漏洞

CNNVD-202408-2102

CVE-2024-43411

低危

个人开发者

https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l

224

OpenSSL 安全漏洞

CNNVD-202405-2902

CVE-2024-4603

低危

OpenSSL

https://www.openssl.org/news/secadv/20240516.txt

225

OpenSSL 安全漏洞

CNNVD-202406-2936

CVE-2024-5535

低危

OpenSSL

https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87

三、修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。

Oracle官方补丁下载地址:

https://www.oracle.com/security-alerts/cpuoct2024.html

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。