近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞91个,影响到Oracle产品的其他厂商漏洞225个。Oracle Mysql、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products等多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2024年10月15日,Oracle发布了2024年10月份安全更新,共316个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products、Oracle PeopleSoft Enterprise HCM Global Payroll、Oracle Hyperion等。CNNVD对其危害等级进行了评价,其中超危漏洞23个,高危漏洞133个,中危漏洞131个,低危漏洞29个。
Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpuoct2024.html
二、漏洞详情
此次更新共316个漏洞的补丁程序,包括85个新增漏洞的补丁程序、6个更新漏洞的补丁程序和225个影响Oracle产品的其他厂商漏洞的补丁程序。
此次更新共包括85个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞32个,中危漏洞36个,低危漏洞15个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Hospitality Applications 安全漏洞 | CNNVD-202410-1411 | CVE-2024-21172 | 超危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
2 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1425 | CVE-2024-21216 | 超危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
3 | Oracle Virtualization 安全漏洞 | CNNVD-202410-1370 | CVE-2024-21259 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
4 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202410-1374 | CVE-2024-21214 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
5 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202410-1376 | CVE-2024-21255 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
6 | Oracle PeopleSoft Enterprise HCM Global Payroll 安全漏洞 | CNNVD-202410-1378 | CVE-2024-21283 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
7 | Oracle MySQL 安全漏洞 | CNNVD-202410-1406 | CVE-2024-21272 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
8 | Oracle BI Publisher 安全漏洞 | CNNVD-202410-1413 | CVE-2024-21195 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
9 | Oracle Analytics 安全漏洞 | CNNVD-202410-1414 | CVE-2024-21254 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
10 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1417 | CVE-2024-21234 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
11 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1418 | CVE-2024-21215 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
12 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1420 | CVE-2024-21260 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
13 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1421 | CVE-2024-21274 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
14 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1422 | CVE-2024-21246 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
15 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1423 | CVE-2024-21190 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
16 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1424 | CVE-2024-21191 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
17 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202410-1427 | CVE-2024-21284 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
18 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202410-1428 | CVE-2024-21285 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
19 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1431 | CVE-2024-21276 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
20 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1432 | CVE-2024-21279 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
21 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1433 | CVE-2024-21265 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
22 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1434 | CVE-2024-21252 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
23 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1435 | CVE-2024-21280 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
24 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1436 | CVE-2024-21275 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
25 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1437 | CVE-2024-21277 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
26 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1438 | CVE-2024-21269 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
27 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1439 | CVE-2024-21250 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
28 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1440 | CVE-2024-21271 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
29 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1441 | CVE-2024-21282 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
30 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1442 | CVE-2024-21267 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
31 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1443 | CVE-2024-21278 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
32 | Oracle Applications Manager 安全漏洞 | CNNVD-202410-1444 | CVE-2024-21268 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
33 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1445 | CVE-2024-21270 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
34 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1446 | CVE-2024-21266 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
35 | Oracle Virtualization 安全漏洞 | CNNVD-202410-1367 | CVE-2024-21248 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
36 | Oracle Virtualization 安全漏洞 | CNNVD-202410-1368 | CVE-2024-21273 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
37 | Oracle Virtualization 安全漏洞 | CNNVD-202410-1369 | CVE-2024-21263 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
38 | Oracle PeopleSoft 安全漏洞 | CNNVD-202410-1371 | CVE-2024-21249 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
39 | Oracle PeopleSoft Products 安全漏洞 | CNNVD-202410-1372 | CVE-2024-21286 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
40 | Oracle PeopleSoft Enterprise CC Common Application Objects 安全漏洞 | CNNVD-202410-1373 | CVE-2024-21264 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
41 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202410-1375 | CVE-2024-21202 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
42 | Oracle MySQL 安全漏洞 | CNNVD-202410-1382 | CVE-2024-21200 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
43 | Oracle MySQL 安全漏洞 | CNNVD-202410-1385 | CVE-2024-21212 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
44 | Oracle MySQL 安全漏洞 | CNNVD-202410-1386 | CVE-2024-21204 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
45 | Oracle MySQL 安全漏洞 | CNNVD-202410-1387 | CVE-2024-21193 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
46 | Oracle MySQL 安全漏洞 | CNNVD-202410-1389 | CVE-2024-21213 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
47 | Oracle MySQL 安全漏洞 | CNNVD-202410-1390 | CVE-2024-21201 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
48 | Oracle MySQL 安全漏洞 | CNNVD-202410-1391 | CVE-2024-21241 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
49 | Oracle MySQL 安全漏洞 | CNNVD-202410-1392 | CVE-2024-21219 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
50 | Oracle MySQL 安全漏洞 | CNNVD-202410-1393 | CVE-2024-21198 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
51 | Oracle MySQL 安全漏洞 | CNNVD-202410-1394 | CVE-2024-21239 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
52 | Oracle MySQL 安全漏洞 | CNNVD-202410-1395 | CVE-2024-21197 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
53 | Oracle MySQL 安全漏洞 | CNNVD-202410-1396 | CVE-2024-21236 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
54 | Oracle MySQL 安全漏洞 | CNNVD-202410-1397 | CVE-2024-21199 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
55 | Oracle MySQL 安全漏洞 | CNNVD-202410-1398 | CVE-2024-21207 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
56 | Oracle MySQL 安全漏洞 | CNNVD-202410-1399 | CVE-2024-21203 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
57 | Oracle MySQL 安全漏洞 | CNNVD-202410-1400 | CVE-2024-21194 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
58 | Oracle MySQL 安全漏洞 | CNNVD-202410-1401 | CVE-2024-21218 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
59 | Oracle MySQL 安全漏洞 | CNNVD-202410-1402 | CVE-2024-21238 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
60 | Oracle MySQL 安全漏洞 | CNNVD-202410-1403 | CVE-2024-21196 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
61 | Oracle MySQL 安全漏洞 | CNNVD-202410-1404 | CVE-2024-21230 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
62 | Oracle MySQL 安全漏洞 | CNNVD-202410-1405 | CVE-2024-21262 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
63 | Oracle Java SE 安全漏洞 | CNNVD-202410-1412 | CVE-2024-21235 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
64 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1415 | CVE-2024-21192 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
65 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1416 | CVE-2024-21205 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
66 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202410-1426 | CVE-2024-21281 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
67 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1429 | CVE-2024-21206 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
68 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1430 | CVE-2024-21258 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
69 | Oracle Database Server 安全漏洞 | CNNVD-202410-1515 | CVE-2024-21233 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
70 | Oracle Application Express 安全漏洞 | CNNVD-202410-1517 | CVE-2024-21261 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
71 | Oracle Virtualization 安全漏洞 | CNNVD-202410-1366 | CVE-2024-21253 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
72 | Oracle MySQL 安全漏洞 | CNNVD-202410-1377 | CVE-2024-21209 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
73 | Oracle MySQL 安全漏洞 | CNNVD-202410-1379 | CVE-2024-21243 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
74 | Oracle MySQL 安全漏洞 | CNNVD-202410-1380 | CVE-2024-21232 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
75 | Oracle MySQL 安全漏洞 | CNNVD-202410-1381 | CVE-2024-21237 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
76 | Oracle MySQL 安全漏洞 | CNNVD-202410-1383 | CVE-2024-21247 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
77 | Oracle MySQL 安全漏洞 | CNNVD-202410-1384 | CVE-2024-21231 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
78 | Oracle MySQL 安全漏洞 | CNNVD-202410-1388 | CVE-2024-21244 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
79 | Oracle Java SE 安全漏洞 | CNNVD-202410-1407 | CVE-2024-21217 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
80 | Oracle Java SE 安全漏洞 | CNNVD-202410-1408 | CVE-2024-21211 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
81 | Oracle Java SE 安全漏洞 | CNNVD-202410-1409 | CVE-2024-21210 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
82 | Oracle Hyperion 安全漏洞 | CNNVD-202410-1410 | CVE-2024-21257 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
83 | Oracle Java SE 安全漏洞 | CNNVD-202410-1419 | CVE-2024-21208 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
84 | Oracle Database Server 安全漏洞 | CNNVD-202410-1516 | CVE-2024-21242 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
85 | Oracle Database Server 安全漏洞 | CNNVD-202410-1518 | CVE-2024-21251 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
此次更新共包括6个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞2个,低危漏洞3个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Java SE 安全漏洞 | CNNVD-202407-1739 | CVE-2024-21147 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
2 | Oracle Java SE 安全漏洞 | CNNVD-202407-1735 | CVE-2024-21140 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
3 | Oracle Java SE 安全漏洞 | CNNVD-202407-1737 | CVE-2024-21145 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
4 | Oracle Java SE 安全漏洞 | CNNVD-202407-1734 | CVE-2024-21131 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
5 | Oracle Java SE 安全漏洞 | CNNVD-202407-1729 | CVE-2024-21138 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
6 | Oracle Java SE 安全漏洞 | CNNVD-202407-1732 | CVE-2024-21144 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
此次更新共包括225个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞21个,高危漏洞100个,中危漏洞93个,低危漏洞11个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Apache Chainsaw 代码问题漏洞 | CNNVD-202106-1293 | CVE-2020-9493 | 超危 | Apache基金会 | https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E |
2 | OpenSSL 操作系统命令注入漏洞 | CNNVD-202205-1962 | CVE-2022-1292 | 超危 | Openssl团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 |
3 | SnakeYAML 代码问题漏洞 | CNNVD-202212-1820 | CVE-2022-1471 | 超危 | 个人开发者 | https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 |
4 | OpenSSL 操作系统命令注入漏洞 | CNNVD-202206-2112 | CVE-2022-2068 | 超危 | OpenSSL | https://www.openssl.org/source/ |
5 | Apache Log4j SQL注入漏洞 | CNNVD-202201-1421 | CVE-2022-23305 | 超危 | Apache基金会 | https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y |
6 | Dell BSAFE 安全漏洞 | CNNVD-202402-197 | CVE-2022-34381 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability |
7 | Apache HTTP Server 环境问题漏洞 | CNNVD-202301-1299 | CVE-2022-36760 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
8 | XKCP 输入验证错误漏洞 | CNNVD-202210-1541 | CVE-2022-37454 | 超危 | XKCP | https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a |
9 | Apache Derby 注入漏洞 | CNNVD-202311-1655 | CVE-2022-46337 | 超危 | Apache基金会 | https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 |
10 | Certifi 数据伪造问题漏洞 | CNNVD-202307-2046 | CVE-2023-37920 | 超危 | Certifi | https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
11 | OpenSSH 代码问题漏洞 | CNNVD-202307-1721 | CVE-2023-38408 | 超危 | OpenBSD | https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8 |
12 | curl 缓冲区错误漏洞 | CNNVD-202310-917 | CVE-2023-38545 | 超危 | curl | https://github.com/curl/curl/commit/fb4415d8aee6c1 |
13 | Apache ZooKeeper 安全漏洞 | CNNVD-202310-856 | CVE-2023-44981 | 超危 | Apache基金会 | https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b |
14 | zlib 输入验证错误漏洞 | CNNVD-202310-1086 | CVE-2023-45853 | 超危 | 个人开发者 | https://github.com/madler/zlib/pull/843 |
15 | Pillow 安全漏洞 | CNNVD-202401-1886 | CVE-2023-50447 | 超危 | 个人开发者 | https://github.com/python-pillow/Pillow/releases/tag/10.2 |
16 | OpenSSH 安全漏洞 | CNNVD-202312-1665 | CVE-2023-51385 | 超危 | OpenBSD | https://www.openssh.com/txt/release-9.6 |
17 | PHP 安全漏洞 | CNNVD-202404-3501 | CVE-2024-1874 | 超危 | PHP | https://www.php.net/downloads.php |
18 | RequireJS 安全漏洞 | CNNVD-202407-034 | CVE-2024-38999 | 超危 | RequireJS | https://github.com/requirejs/r.js |
19 | Jenkins 安全漏洞 | CNNVD-202408-533 | CVE-2024-43044 | 超危 | Jenkins | https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430 |
20 | libexpat 安全漏洞 | CNNVD-202408-2839 | CVE-2024-45490 | 超危 | libexpat | https://github.com/libexpat/libexpat |
21 | PHP 操作系统命令注入漏洞 | CNNVD-202406-852 | CVE-2024-4577 | 超危 | PHP | https://www.php.net/downloads |
22 | jackson-mapper-asl 代码问题漏洞 | CNNVD-201911-1110 | CVE-2019-10172 | 高危 | 个人开发者 | https://mvnrepository.com/artifact/org.codehaus.jackson |
23 | OpenSSH 操作系统命令注入漏洞 | CNNVD-202007-1519 | CVE-2020-15778 | 高危 | OpenBSD | https://www.openssh.com/ |
24 | Npm underscore 代码注入漏洞 | CNNVD-202103-1621 | CVE-2021-23358 | 高危 | Npm | https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504 |
25 | Netty 资源管理错误漏洞 | CNNVD-202110-1442 | CVE-2021-37136 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv |
26 | Netty 资源管理错误漏洞 | CNNVD-202110-1441 | CVE-2021-37137 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 |
27 | Apache Log4j 代码问题漏洞 | CNNVD-202201-1420 | CVE-2022-23302 | 高危 | Apache基金会 | https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w |
28 | Apache Log4j 代码问题漏洞 | CNNVD-202201-1425 | CVE-2022-23307 | 高危 | Apache基金会 | https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh |
29 | grub2 安全漏洞 | CNNVD-202211-2822 | CVE-2022-2601 | 高危 | GNU社区 | https://access.redhat.com/security/cve/cve-2022-2601 |
30 | Moment.js 资源管理错误漏洞 | CNNVD-202207-502 | CVE-2022-31129 | 高危 | 个人开发者 | https://github.com/moment/moment/pull/6015#issuecomment-1152961973 |
31 | Apache Xalan 输入验证错误漏洞 | CNNVD-202207-1617 | CVE-2022-34169 | 高危 | Apache基金会 | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
32 | Intel(R) oneAPI DPC++/C++ Compiler 代码问题漏洞 | CNNVD-202301-904 | CVE-2022-38136 | 高危 | Intel | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html |
33 | OpenSSL 安全漏洞 | CNNVD-202212-2982 | CVE-2022-3996 | 高危 | OpenSSL | https://github.com/openssl/openssl/ |
34 | Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞 | CNNVD-202301-905 | CVE-2022-40196 | 高危 | Intel | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html |
35 | Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞 | CNNVD-202301-906 | CVE-2022-41342 | 高危 | Intel | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html |
36 | Python 安全漏洞 | CNNVD-202210-2513 | CVE-2022-42919 | 高危 | Python基金会 | https://github.com/python/cpython/issues/97514 |
37 | OpenSSL 资源管理错误漏洞 | CNNVD-202302-510 | CVE-2022-4450 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
38 | Python 资源管理错误漏洞 | CNNVD-202211-2414 | CVE-2022-45061 | 高危 | Python基金会 | https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html |
39 | OpenSSL 资源管理错误漏洞 | CNNVD-202302-521 | CVE-2023-0215 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5845-1 |
40 | OpenSSL 代码问题漏洞 | CNNVD-202302-512 | CVE-2023-0216 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5844-1 |
41 | OpenSSL 代码问题漏洞 | CNNVD-202302-516 | CVE-2023-0217 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5844-1 |
42 | OpenSSL 安全漏洞 | CNNVD-202302-524 | CVE-2023-0286 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5845-1 |
43 | OpenSSL 代码问题漏洞 | CNNVD-202302-518 | CVE-2023-0401 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5844-1 |
44 | Apache Hadoop 代码问题漏洞 | CNNVD-202311-1444 | CVE-2023-26031 | 高危 | Apache基金会 | https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r |
45 | Apache Log4j 代码问题漏洞 | CNNVD-202303-736 | CVE-2023-26464 | 高危 | Apache基金会 | https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t |
46 | Intel oneAPI Toolkits 代码问题漏洞 | CNNVD-202308-1031 | CVE-2023-28823 | 高危 | Intel | http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
47 | OpenLDAP 代码问题漏洞 | CNNVD-202305-2588 | CVE-2023-2953 | 高危 | OpenLDAP | https://www.openldap.org/software/download/ |
48 | Google Guava 安全漏洞 | CNNVD-202306-1141 | CVE-2023-2976 | 高危 | https://github.com/google/guava | |
49 | snappy-java 输入验证错误漏洞 | CNNVD-202306-1200 | CVE-2023-34453 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf |
50 | snappy-java 输入验证错误漏洞 | CNNVD-202306-1198 | CVE-2023-34454 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r |
51 | Snappy 输入验证错误漏洞 | CNNVD-202306-1248 | CVE-2023-34455 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh |
52 | Okio 安全漏洞 | CNNVD-202307-1161 | CVE-2023-3635 | 高危 | square | https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b |
53 | Apache Avro 代码问题漏洞 | CNNVD-202309-2636 | CVE-2023-39410 | 高危 | Apache基金会 | https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds |
54 | Eclipse Parsson 安全漏洞 | CNNVD-202311-268 | CVE-2023-4043 | 高危 | Eclipse基金会 | https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31 |
55 | Apple iOS 和 iPadOS 安全漏洞 | CNNVD-202403-3045 | CVE-2023-42950 | 高危 | Apple | https://support.apple.com/en-us/HT214035 |
56 | Snappy 安全漏洞 | CNNVD-202309-2204 | CVE-2023-43642 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv |
57 | Apache HTTP/2 资源管理错误漏洞 | CNNVD-202310-667 | CVE-2023-44487 | 高危 | Apache基金会 | https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
58 | Google Go 安全漏洞 | CNNVD-202404-632 | CVE-2023-45288 | 高危 | https://pkg.go.dev/vuln/GO-2024-2687 | |
59 | Pallets Werkzeug 缓冲区错误漏洞 | CNNVD-202310-2005 | CVE-2023-46136 | 高危 | Pallets | https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw |
60 | Eclipse JGit 安全漏洞 | CNNVD-202309-850 | CVE-2023-4759 | 高危 | Eclipse基金会 | https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11 |
61 | OpenSSL 安全漏洞 | CNNVD-202309-665 | CVE-2023-4807 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230908.txt |
62 | Google Chrome 缓冲区错误漏洞 | CNNVD-202309-784 | CVE-2023-4863 | 高危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html | |
63 | JSON-Java 安全漏洞 | CNNVD-202310-951 | CVE-2023-5072 | 高危 | 个人开发者 | https://github.com/stleary/JSON-java/ |
64 | jose4j 安全漏洞 | CNNVD-202402-2688 | CVE-2023-51775 | 高危 | Bitbucket | https://bitbucket.org/b_c/jose4j/downloads/ |
65 | libexpat 安全漏洞 | CNNVD-202402-245 | CVE-2023-52425 | 高危 | 个人开发者 | https://github.com/libexpat/libexpat/pull/789 |
66 | Connect2id Nimbus JOSE+JWT 安全漏洞 | CNNVD-202402-845 | CVE-2023-52428 | 高危 | Connect2id | https://connect2id.com/products/nimbus-jose-jwt |
67 | OpenSSL 安全漏洞 | CNNVD-202310-1871 | CVE-2023-5363 | 高危 | OpenSSL团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d |
68 | Red Hat XNIO 资源管理错误漏洞 | CNNVD-202403-455 | CVE-2023-5685 | 高危 | Red Hat | https://github.com/xnio/xnio/tags |
69 | Python 安全漏洞 | CNNVD-202403-1882 | CVE-2023-6597 | 高危 | Python | https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b |
70 | X.org Server 安全漏洞 | CNNVD-202401-1731 | CVE-2023-6816 | 高危 | X.org | https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11 |
71 | X.org Server 安全漏洞 | CNNVD-202401-1736 | CVE-2024-0229 | 高危 | X.org | https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11 |
72 | X.org Server 安全漏洞 | CNNVD-202401-1733 | CVE-2024-21885 | 高危 | X.org | https://www.x.org/wiki/XServer/ |
73 | X.org Server 安全漏洞 | CNNVD-202401-1732 | CVE-2024-21886 | 高危 | X.org | https://www.x.org/wiki/XServer/ |
74 | Node.js 安全漏洞 | CNNVD-202407-536 | CVE-2024-22020 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
75 | Eclipse Jetty 安全漏洞 | CNNVD-202402-2103 | CVE-2024-22201 | 高危 | Eclipse | https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 |
76 | VMware Spring Security 安全漏洞 | CNNVD-202403-1650 | CVE-2024-22257 | 高危 | VMware | https://spring.io/security/cve-2024-22257 |
77 | Spring Framework 安全漏洞 | CNNVD-202404-2193 | CVE-2024-22262 | 高危 | Spring | https://spring.io/security/cve-2024-22262 |
78 | Apache Tomcat 安全漏洞 | CNNVD-202403-1180 | CVE-2024-23672 | 高危 | Apache | https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f |
79 | Apache Xerces-C 资源管理错误漏洞 | CNNVD-202402-1469 | CVE-2024-23807 | 高危 | Apache | https://github.com/apache/xerces-c/pull/54 |
80 | Curl 安全漏洞 | CNNVD-202403-2674 | CVE-2024-2398 | 高危 | Curl | https://curl.se/docs/CVE-2024-2398.html |
81 | Apache Tomcat 输入验证错误漏洞 | CNNVD-202403-1179 | CVE-2024-24549 | 高危 | Apache | https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg |
82 | F5 Nginx 安全漏洞 | CNNVD-202402-1248 | CVE-2024-24989 | 高危 | F5 | https://my.f5.com/manage/s/article/K000138444 |
83 | F5 Nginx 安全漏洞 | CNNVD-202402-1247 | CVE-2024-24990 | 高危 | F5 | https://my.f5.com/manage/s/article/K000138445 |
84 | libxml2 安全漏洞 | CNNVD-202402-242 | CVE-2024-25062 | 高危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/tags |
85 | OpenSSL 安全漏洞 | CNNVD-202404-941 | CVE-2024-2511 | 高危 | OpenSSL | https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce |
86 | libheif 安全漏洞 | CNNVD-202403-378 | CVE-2024-25269 | 高危 | 个人开发者 | https://github.com/strukturag/libheif/pull/1074 |
87 | python-cryptography 安全漏洞 | CNNVD-202402-1783 | CVE-2024-26130 | 高危 | Cryptographic | https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 |
88 | Node.js 安全漏洞 | CNNVD-202404-991 | CVE-2024-27983 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/april-2024-security-releases |
89 | Apache Commons Configuration 缓冲区错误漏洞 | CNNVD-202403-2143 | CVE-2024-29131 | 高危 | Apache | https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37 |
90 | Apache Commons Configuration 缓冲区错误漏洞 | CNNVD-202403-2142 | CVE-2024-29133 | 高危 | Apache | https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2 |
91 | Bouncy Castle 安全漏洞 | CNNVD-202405-2601 | CVE-2024-29857 | 高危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
92 | aiohttp 安全漏洞 | CNNVD-202405-305 | CVE-2024-30251 | 高危 | aio-libs | https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 |
93 | X.org Server 安全漏洞 | CNNVD-202404-510 | CVE-2024-31080 | 高危 | X.org | https://www.x.org/wiki/Development/Documentation/SubmittingPatches/ |
94 | X.org Server 资源管理错误漏洞 | CNNVD-202404-682 | CVE-2024-31083 | 高危 | X.org | https://www.x.org/wiki/Development/Documentation/SubmittingPatches/ |
95 | Apache CXF 安全漏洞 | CNNVD-202407-1957 | CVE-2024-32007 | 高危 | Apache | https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633 |
96 | Apache ActiveMQ 安全漏洞 | CNNVD-202405-256 | CVE-2024-32114 | 高危 | Apache | https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt |
97 | glibc 安全漏洞 | CNNVD-202405-1511 | CVE-2024-33599 | 高危 | GNU | https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005 |
98 | glibc 安全漏洞 | CNNVD-202404-3209 | CVE-2024-33602 | 高危 | GNU | https://sourceware.org/bugzilla/show_bug.cgi?id=31680 |
99 | Apache Tomcat 安全漏洞 | CNNVD-202407-326 | CVE-2024-34750 | 高危 | Apache | https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l |
100 | Node.js 安全漏洞 | CNNVD-202409-508 | CVE-2024-36138 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
101 | MIT Kerberos 安全漏洞 | CNNVD-202406-3113 | CVE-2024-37370 | 高危 | MIT | https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef |
102 | Apache HTTP Server 安全漏洞 | CNNVD-202407-094 | CVE-2024-38474 | 高危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
103 | Apache HTTP Server 安全漏洞 | CNNVD-202407-093 | CVE-2024-38475 | 高危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
104 | Apache HTTP Server 代码问题漏洞 | CNNVD-202407-091 | CVE-2024-38477 | 高危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
105 | VMware Spring Framework 安全漏洞 | CNNVD-202409-1142 | CVE-2024-38816 | 高危 | VMware | https://spring.io/security/cve-2024-38816 |
106 | Certifi 安全漏洞 | CNNVD-202407-421 | CVE-2024-39689 | 高危 | Certifi | https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc |
107 | Apache HTTP Server 安全漏洞 | CNNVD-202407-339 | CVE-2024-39884 | 高危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
108 | Apache CXF 安全漏洞 | CNNVD-202407-1956 | CVE-2024-41172 | 高危 | Apache | https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 |
109 | ImageMagick 安全漏洞 | CNNVD-202407-2766 | CVE-2024-41817 | 高危 | ImageMagick | https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.1-36 |
110 | libexpat 输入验证错误漏洞 | CNNVD-202408-2842 | CVE-2024-45491 | 高危 | libexpat | https://github.com/libexpat/libexpat |
111 | libexpat 输入验证错误漏洞 | CNNVD-202408-2841 | CVE-2024-45492 | 高危 | libexpat | https://github.com/libexpat/libexpat |
112 | DOMPurify 安全漏洞 | CNNVD-202409-1375 | CVE-2024-45801 | 高危 | 个人开发者 | https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674 |
113 | PHP 安全漏洞 | CNNVD-202406-829 | CVE-2024-5458 | 高危 | PHP | https://www.php.net/downloads |
114 | PHP 安全漏洞 | CNNVD-202406-828 | CVE-2024-5585 | 高危 | PHP | https://www.php.net/downloads |
115 | Red Hat Undertow 安全漏洞 | CNNVD-202407-518 | CVE-2024-5971 | 高危 | Red Hat | https://access.redhat.com/security/cve/CVE-2024-5971 |
116 | Red Hat Undertow 资源管理错误漏洞 | CNNVD-202406-2368 | CVE-2024-6162 | 高危 | Red Hat | https://bugzilla.redhat.com/show_bug.cgi?id=2293069 |
117 | setuptools 代码注入漏洞 | CNNVD-202407-1480 | CVE-2024-6345 | 高危 | PyPI | https://github.com/pypa/setuptools/releases/tag/v70.3 |
118 | OpenSSH 竞争条件问题漏洞 | CNNVD-202407-017 | CVE-2024-6387 | 高危 | OpenBSD | https://www.openssh.com/txt/release-9.8 |
119 | Protocol Buffers 安全漏洞 | CNNVD-202409-1841 | CVE-2024-7254 | 高危 | Protocol Buffers | http://protobuf.dev/ |
120 | curl 安全漏洞 | CNNVD-202407-3105 | CVE-2024-7264 | 高危 | cURL | https://curl.se/docs/CVE-2024-7264.html |
121 | Red Hat Undertow 竞争条件问题漏洞 | CNNVD-202408-2070 | CVE-2024-7885 | 高危 | Red Hat | https://undertow.io/ |
122 | jQuery 跨站脚本漏洞 | CNNVD-202004-2429 | CVE-2020-11022 | 中危 | 个人开发者 | https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ |
123 | jQuery 跨站脚本漏洞 | CNNVD-202004-2420 | CVE-2020-11023 | 中危 | 个人开发者 | https://jquery.com/upgrade-guide/3.5/ |
124 | Apache HttpClient 安全漏洞 | CNNVD-202010-372 | CVE-2020-13956 | 中危 | Apache基金会 | https://www.apache.org/ |
125 | OpenSSH 信息泄露漏洞 | CNNVD-202006-1822 | CVE-2020-14145 | 中危 | Openbsd计划组 | https://www.openssh.com/ |
126 | Apache Groovy 安全漏洞 | CNNVD-202012-422 | CVE-2020-17521 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel |
127 | Jakarta Expression Language 输入验证错误漏洞 | CNNVD-202105-1760 | CVE-2021-28170 | 中危 | Jakarta | https://jakarta.ee/specifications/expression-language/3. |
128 | Sprymedia Datatables 跨站脚本漏洞 | CNNVD-202303-377 | CVE-2021-36713 | 中危 | Sprymedia | https://github.com/DataTables/DataTables/releases/tag/1.10.21 |
129 | jQuery 跨站脚本漏洞 | CNNVD-202110-1843 | CVE-2021-41182 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
130 | jQuery 跨站脚本漏洞 | CNNVD-202110-1839 | CVE-2021-41183 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
131 | Openjs Jquery Ui 跨站脚本漏洞 | CNNVD-202110-1845 | CVE-2021-41184 | 中危 | Openjs基金会 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
132 | Xerces 安全漏洞 | CNNVD-202201-2238 | CVE-2022-23437 | 中危 | Apache基金会 | https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl |
133 | jQuery 跨站脚本漏洞 | CNNVD-202207-2121 | CVE-2022-31160 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
134 | jsoup 跨站脚本漏洞 | CNNVD-202208-4329 | CVE-2022-36033 | 中危 | 个人开发者 | https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
135 | OpenSSL 缓冲区错误漏洞 | CNNVD-202302-506 | CVE-2022-4203 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
136 | OpenSSL 安全漏洞 | CNNVD-202302-514 | CVE-2022-4304 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
137 | Spring Framework 安全漏洞 | CNNVD-202304-1094 | CVE-2023-20863 | 中危 | Spring | https://spring.io/security/cve-2023-20863 |
138 | NTP 缓冲区错误漏洞 | CNNVD-202304-899 | CVE-2023-26551 | 中危 | nwtime | https://www.ntppool.org/zh/ |
139 | NTP 缓冲区错误漏洞 | CNNVD-202304-898 | CVE-2023-26552 | 中危 | nwtime | https://www.ntppool.org/zh/ |
140 | NTP 缓冲区错误漏洞 | CNNVD-202304-897 | CVE-2023-26553 | 中危 | nwtime | https://www.ntppool.org/zh/ |
141 | NTP 缓冲区错误漏洞 | CNNVD-202304-892 | CVE-2023-26554 | 中危 | nwtime | https://www.ntppool.org/zh/ |
142 | NTP 缓冲区错误漏洞 | CNNVD-202304-891 | CVE-2023-26555 | 中危 | nwtime | https://www.ntppool.org/zh/ |
143 | Intel oneAPI Toolkits 安全漏洞 | CNNVD-202308-1047 | CVE-2023-27391 | 中危 | Intel | http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
144 | CKEditor 跨站脚本漏洞 | CNNVD-202303-1790 | CVE-2023-28439 | 中危 | CKEditor | https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g |
145 | libxml2 代码问题漏洞 | CNNVD-202304-908 | CVE-2023-28484 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f |
146 | libxml2 资源管理错误漏洞 | CNNVD-202304-907 | CVE-2023-29469 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 |
147 | Bouncy Castle 信任管理问题漏洞 | CNNVD-202307-168 | CVE-2023-33201 | 中危 | Bouncy Castle | https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc |
148 | VMware Spring Boot 安全漏洞 | CNNVD-202311-2124 | CVE-2023-34055 | 中危 | VMware | https://github.com/spring-projects/spring-boot/releases/tag/v3.0. |
149 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202306-1121 | CVE-2023-35116 | 中危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3972 |
150 | lrzip 安全漏洞 | CNNVD-202308-1538 | CVE-2023-39743 | 中危 | 个人开发者 | https://github.com/pete4abw/lrzip-next/issues/132 |
151 | Apache Commons Compress 资源管理错误漏洞 | CNNVD-202309-1000 | CVE-2023-42503 | 中危 | Apache基金会 | https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c |
152 | Apple iOS 和 iPadOS 安全漏洞 | CNNVD-202402-1738 | CVE-2023-42843 | 中危 | Apple | https://support.apple.com/en-us/HT213981 |
153 | Apple iOS 和 iPadOS 安全漏洞 | CNNVD-202403-3044 | CVE-2023-42956 | 中危 | Apple | https://support.apple.com/en-us/HT214035 |
154 | Apache Santuario 日志信息泄露漏洞 | CNNVD-202310-1720 | CVE-2023-44483 | 中危 | Apache基金会 | https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 |
155 | OpenSSH 安全漏洞 | CNNVD-202312-1668 | CVE-2023-48795 | 中危 | OpenBSD | https://www.openssh.com/openbsd.html |
156 | Python cryptography 代码问题漏洞 | CNNVD-202311-2230 | CVE-2023-49083 | 中危 | Python基金会 | https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 |
157 | OpenSSH 安全漏洞 | CNNVD-202312-1662 | CVE-2023-51384 | 中危 | OpenBSD | https://www.openssh.com/txt/release-9.6 |
158 | libexpat 安全漏洞 | CNNVD-202402-243 | CVE-2023-52426 | 中危 | 个人开发者 | https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404 |
159 | OpenSSL 代码问题漏洞 | CNNVD-202311-423 | CVE-2023-5678 | 中危 | OpenSSL | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 |
160 | OpenSSL 安全漏洞 | CNNVD-202401-736 | CVE-2023-6129 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20240109.txt |
161 | OpenSSL 安全漏洞 | CNNVD-202401-1378 | CVE-2023-6237 | 中危 | OpenSSL | https://git.openssl.org/?p=openssl.git;a=commit;h=18c02492138d1eb8b6548cb26e7b625fb2414a2a |
162 | SQLite 安全漏洞 | CNNVD-202312-2480 | CVE-2023-7104 | 中危 | SQLite | https://sqlite.org/releaselog/3_44_2.html |
163 | SQLite 安全漏洞 | CNNVD-202401-1406 | CVE-2024-0232 | 中危 | 个人开发者 | https://sqlite.org/forum/forumpost/4aa381993a |
164 | Python 安全漏洞 | CNNVD-202403-1880 | CVE-2024-0450 | 中危 | Python | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
165 | Apple Safari 安全漏洞 | CNNVD-202403-713 | CVE-2024-23254 | 中危 | Apple | https://support.apple.com/en-us/HT214089 |
166 | Apple Safari 安全漏洞 | CNNVD-202403-708 | CVE-2024-23263 | 中危 | Apple | https://support.apple.com/en-us/HT214089 |
167 | Apple Safari 安全漏洞 | CNNVD-202403-705 | CVE-2024-23280 | 中危 | Apple | https://support.apple.com/en-us/HT214089 |
168 | Apple Safari 安全漏洞 | CNNVD-202403-699 | CVE-2024-23284 | 中危 | Apple | https://support.apple.com/en-us/HT214089 |
169 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202402-204 | CVE-2024-23635 | 中危 | OWASP | https://github.com/nahsra/antisamy/releases/tag/v1.7.5 |
170 | Apache Zookeeper 信息泄露漏洞 | CNNVD-202403-1401 | CVE-2024-23944 | 中危 | Apache | https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k |
171 | PHP 安全漏洞 | CNNVD-202406-854 | CVE-2024-2408 | 中危 | PHP | https://www.php.net/ |
172 | dnsjava 安全漏洞 | CNNVD-202407-2260 | CVE-2024-25638 | 中危 | dnsjava | https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw |
173 | Apache Commons Compress 安全漏洞 | CNNVD-202402-1528 | CVE-2024-25710 | 中危 | Apache | https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf |
174 | Apache Commons Compress 安全漏洞 | CNNVD-202402-1527 | CVE-2024-26308 | 中危 | Apache | https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg |
175 | aiohttp 跨站脚本漏洞 | CNNVD-202404-2760 | CVE-2024-27306 | 中危 | aiohttp | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g |
176 | Apple iOS 和 iPadOS 安全漏洞 | CNNVD-202405-1869 | CVE-2024-27834 | 中危 | Apple | https://support.apple.com/en-us/HT214101 |
177 | Nghttp2 安全漏洞 | CNNVD-202404-586 | CVE-2024-28182 | 中危 | Nghttp2 | https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q |
178 | Apache CXF 代码问题漏洞 | CNNVD-202403-1399 | CVE-2024-28752 | 中危 | Apache | https://cxf.apache.org/ |
179 | Follow Redirects 信息泄露漏洞 | CNNVD-202403-1332 | CVE-2024-28849 | 中危 | 个人开发者 | https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp |
180 | Intel IPP 安全漏洞 | CNNVD-202408-1264 | CVE-2024-28887 | 中危 | Intel | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html |
181 | Netty 安全漏洞 | CNNVD-202403-2434 | CVE-2024-29025 | 中危 | Netty | https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c |
182 | GNU C Library 安全漏洞 | CNNVD-202404-2641 | CVE-2024-2961 | 中危 | GNU | https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004 |
183 | Apache CXF 代码问题漏洞 | CNNVD-202407-1958 | CVE-2024-29736 | 中危 | Apache | https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2 |
184 | F5 Nginx 安全漏洞 | CNNVD-202405-4793 | CVE-2024-31079 | 中危 | F5 | https://my.f5.com/manage/s/article/K000139611 |
185 | Jasper 安全漏洞 | CNNVD-202404-2850 | CVE-2024-31744 | 中危 | Jasper | https://github.com/jasper-software/jasper/releases/tag/version-4.2.3 |
186 | F5 Nginx 安全漏洞 | CNNVD-202405-4792 | CVE-2024-32760 | 中危 | F5 | https://my.f5.com/manage/s/article/K000139609 |
187 | glibc 安全漏洞 | CNNVD-202404-3208 | CVE-2024-33600 | 中危 | GNU | https://sourceware.org/bugzilla/show_bug.cgi?id=31678 |
188 | glibc 安全漏洞 | CNNVD-202404-3210 | CVE-2024-33601 | 中危 | GNU | https://sourceware.org/bugzilla/show_bug.cgi?id=31679 |
189 | RARLAB WinRAR 安全漏洞 | CNNVD-202404-3492 | CVE-2024-33899 | 中危 | RARLAB | https://www.rarlab.com/rarnew.htm |
190 | F5 Nginx 安全漏洞 | CNNVD-202405-4791 | CVE-2024-34161 | 中危 | F5 | https://my.f5.com/manage/s/article/K000139627 |
191 | F5 Nginx 安全漏洞 | CNNVD-202405-4790 | CVE-2024-35200 | 中危 | F5 | https://my.f5.com/manage/s/article/K000139612 |
192 | WinRAR 安全漏洞 | CNNVD-202405-3858 | CVE-2024-36052 | 中危 | 个人开发者 | https://www.rarlab.com/rarnew.htm |
193 | Apache HTTP Server 代码问题漏洞 | CNNVD-202407-101 | CVE-2024-36387 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
194 | Red Hat Undertow 安全漏洞 | CNNVD-202407-521 | CVE-2024-3653 | 中危 | Red Hat | https://undertow.io/ |
195 | MIT Kerberos 安全漏洞 | CNNVD-202406-3108 | CVE-2024-37371 | 中危 | MIT | https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef |
196 | urllib3 安全漏洞 | CNNVD-202406-1954 | CVE-2024-37891 | 中危 | urllib3 | https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf |
197 | Tiny Technologies TinyMCE 安全漏洞 | CNNVD-202406-2256 | CVE-2024-38356 | 中危 | Tiny Technologies | https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph |
198 | Tiny Technologies TinyMCE 安全漏洞 | CNNVD-202406-2249 | CVE-2024-38357 | 中危 | Tiny Technologies | https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x |
199 | Apache HTTP Server 安全漏洞 | CNNVD-202407-096 | CVE-2024-38472 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
200 | Apache HTTP Server 安全漏洞 | CNNVD-202407-095 | CVE-2024-38473 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
201 | Apache HTTP Server 安全漏洞 | CNNVD-202407-092 | CVE-2024-38476 | 中危 | Apache | https://lists.apache.org/thread/p2xfjsvpogyrg4hw9cjs2nrnqnl34qf0 |
202 | Spring Framework 安全漏洞 | CNNVD-202408-1848 | CVE-2024-38808 | 中危 | VMware | https://spring.io/security/cve-2024-38808 |
203 | VMware Spring Framework 安全漏洞 | CNNVD-202409-2323 | CVE-2024-38809 | 中危 | VMware | https://spring.io/security/cve-2024-38809 |
204 | RequireJS 安全漏洞 | CNNVD-202407-032 | CVE-2024-38998 | 中危 | RequireJS | https://github.com/requirejs/r.js |
205 | Apache HTTP Server 输入验证错误漏洞 | CNNVD-202407-086 | CVE-2024-39573 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
206 | Apache HTTP Server 安全漏洞 | CNNVD-202407-1912 | CVE-2024-40725 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
207 | Apache HTTP Server 代码问题漏洞 | CNNVD-202407-1910 | CVE-2024-40898 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
208 | Apache MINA SSHD 安全漏洞 | CNNVD-202408-865 | CVE-2024-41909 | 中危 | Apache | https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b |
209 | Jenkins 安全漏洞 | CNNVD-202408-532 | CVE-2024-43045 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349 |
210 | CKEditor4 安全漏洞 | CNNVD-202408-2064 | CVE-2024-43407 | 中危 | CKEditor | https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l |
211 | OpenSSL 安全漏洞 | CNNVD-202405-4739 | CVE-2024-4741 | 中危 | OpenSSL | https://github.com/openssl/openssl |
212 | OpenSSL 安全漏洞 | CNNVD-202409-141 | CVE-2024-6119 | 中危 | OpenSSL | https://openssl-library.org/news/secadv/20240903.txt |
213 | CPython 安全漏洞 | CNNVD-202409-120 | CVE-2024-6232 | 中危 | Python | https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf |
214 | Python 安全漏洞 | CNNVD-202408-1775 | CVE-2024-7592 | 中危 | Python | https://github.com/jeremyhylton/cpython/commit/1587608515127032778669c8232d46ec6d8f593c |
215 | Google Guava 访问控制错误漏洞 | CNNVD-202012-827 | CVE-2020-8908 | 低危 | https://github.com/google/guava/issues/4011 | |
216 | OpenSSH 授权问题漏洞 | CNNVD-202203-1230 | CVE-2021-36368 | 低危 | OpenBSD | https://www.openssh.com/security.html |
217 | Pip 命令注入漏洞 | CNNVD-202310-1912 | CVE-2023-5752 | 低危 | Python Packaging Authority | https://github.com/pypa/pip/releases/tag/23.3.1 |
218 | libssh 安全漏洞 | CNNVD-202312-1736 | CVE-2023-6004 | 低危 | libssh | https://www.libssh.org/files/0.10/ |
219 | libssh 安全漏洞 | CNNVD-202312-1734 | CVE-2023-6918 | 低危 | libssh | https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ |
220 | OpenSSL 安全漏洞 | CNNVD-202401-2353 | CVE-2024-0727 | 低危 | OpenSSL | https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 |
221 | Node.js 安全漏洞 | CNNVD-202407-1007 | CVE-2024-22018 | 低危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
222 | Node.js 安全漏洞 | CNNVD-202409-509 | CVE-2024-36137 | 低危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
223 | CKEditor 安全漏洞 | CNNVD-202408-2102 | CVE-2024-43411 | 低危 | 个人开发者 | https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l |
224 | OpenSSL 安全漏洞 | CNNVD-202405-2902 | CVE-2024-4603 | 低危 | OpenSSL | https://www.openssl.org/news/secadv/20240516.txt |
225 | OpenSSL 安全漏洞 | CNNVD-202406-2936 | CVE-2024-5535 | 低危 | OpenSSL | https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。
Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpuoct2024.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
