国家漏洞库CNNVD:关于Oracle多个安全漏洞的通报
责编:gltian |2024-10-18 15:31:42近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞91个,影响到Oracle产品的其他厂商漏洞225个。Oracle Mysql、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products等多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2024年10月15日,Oracle发布了2024年10月份安全更新,共316个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products、Oracle PeopleSoft Enterprise HCM Global Payroll、Oracle Hyperion等。CNNVD对其危害等级进行了评价,其中超危漏洞23个,高危漏洞133个,中危漏洞131个,低危漏洞29个。
Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpuoct2024.html
二、漏洞详情
此次更新共316个漏洞的补丁程序,包括85个新增漏洞的补丁程序、6个更新漏洞的补丁程序和225个影响Oracle产品的其他厂商漏洞的补丁程序。
此次更新共包括85个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞32个,中危漏洞36个,低危漏洞15个。
| 序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
| 1 | Oracle Hospitality Applications 安全漏洞 | CNNVD-202410-1411 | CVE-2024-21172 | 超危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 2 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1425 | CVE-2024-21216 | 超危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 3 | Oracle Virtualization 安全漏洞 | CNNVD-202410-1370 | CVE-2024-21259 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 4 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202410-1374 | CVE-2024-21214 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 5 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202410-1376 | CVE-2024-21255 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 6 | Oracle PeopleSoft Enterprise HCM Global Payroll 安全漏洞 | CNNVD-202410-1378 | CVE-2024-21283 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 7 | Oracle MySQL 安全漏洞 | CNNVD-202410-1406 | CVE-2024-21272 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 8 | Oracle BI Publisher 安全漏洞 | CNNVD-202410-1413 | CVE-2024-21195 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 9 | Oracle Analytics 安全漏洞 | CNNVD-202410-1414 | CVE-2024-21254 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 10 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1417 | CVE-2024-21234 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 11 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1418 | CVE-2024-21215 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 12 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1420 | CVE-2024-21260 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 13 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1421 | CVE-2024-21274 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 14 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1422 | CVE-2024-21246 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 15 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1423 | CVE-2024-21190 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 16 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1424 | CVE-2024-21191 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 17 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202410-1427 | CVE-2024-21284 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 18 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202410-1428 | CVE-2024-21285 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 19 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1431 | CVE-2024-21276 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 20 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1432 | CVE-2024-21279 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 21 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1433 | CVE-2024-21265 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 22 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1434 | CVE-2024-21252 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 23 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1435 | CVE-2024-21280 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 24 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1436 | CVE-2024-21275 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 25 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1437 | CVE-2024-21277 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 26 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1438 | CVE-2024-21269 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 27 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1439 | CVE-2024-21250 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 28 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1440 | CVE-2024-21271 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 29 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1441 | CVE-2024-21282 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 30 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1442 | CVE-2024-21267 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 31 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1443 | CVE-2024-21278 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 32 | Oracle Applications Manager 安全漏洞 | CNNVD-202410-1444 | CVE-2024-21268 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 33 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1445 | CVE-2024-21270 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 34 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1446 | CVE-2024-21266 | 高危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 35 | Oracle Virtualization 安全漏洞 | CNNVD-202410-1367 | CVE-2024-21248 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 36 | Oracle Virtualization 安全漏洞 | CNNVD-202410-1368 | CVE-2024-21273 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 37 | Oracle Virtualization 安全漏洞 | CNNVD-202410-1369 | CVE-2024-21263 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 38 | Oracle PeopleSoft 安全漏洞 | CNNVD-202410-1371 | CVE-2024-21249 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 39 | Oracle PeopleSoft Products 安全漏洞 | CNNVD-202410-1372 | CVE-2024-21286 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 40 | Oracle PeopleSoft Enterprise CC Common Application Objects 安全漏洞 | CNNVD-202410-1373 | CVE-2024-21264 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 41 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202410-1375 | CVE-2024-21202 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 42 | Oracle MySQL 安全漏洞 | CNNVD-202410-1382 | CVE-2024-21200 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 43 | Oracle MySQL 安全漏洞 | CNNVD-202410-1385 | CVE-2024-21212 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 44 | Oracle MySQL 安全漏洞 | CNNVD-202410-1386 | CVE-2024-21204 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 45 | Oracle MySQL 安全漏洞 | CNNVD-202410-1387 | CVE-2024-21193 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 46 | Oracle MySQL 安全漏洞 | CNNVD-202410-1389 | CVE-2024-21213 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 47 | Oracle MySQL 安全漏洞 | CNNVD-202410-1390 | CVE-2024-21201 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 48 | Oracle MySQL 安全漏洞 | CNNVD-202410-1391 | CVE-2024-21241 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 49 | Oracle MySQL 安全漏洞 | CNNVD-202410-1392 | CVE-2024-21219 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 50 | Oracle MySQL 安全漏洞 | CNNVD-202410-1393 | CVE-2024-21198 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 51 | Oracle MySQL 安全漏洞 | CNNVD-202410-1394 | CVE-2024-21239 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 52 | Oracle MySQL 安全漏洞 | CNNVD-202410-1395 | CVE-2024-21197 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 53 | Oracle MySQL 安全漏洞 | CNNVD-202410-1396 | CVE-2024-21236 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 54 | Oracle MySQL 安全漏洞 | CNNVD-202410-1397 | CVE-2024-21199 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 55 | Oracle MySQL 安全漏洞 | CNNVD-202410-1398 | CVE-2024-21207 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 56 | Oracle MySQL 安全漏洞 | CNNVD-202410-1399 | CVE-2024-21203 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 57 | Oracle MySQL 安全漏洞 | CNNVD-202410-1400 | CVE-2024-21194 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 58 | Oracle MySQL 安全漏洞 | CNNVD-202410-1401 | CVE-2024-21218 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 59 | Oracle MySQL 安全漏洞 | CNNVD-202410-1402 | CVE-2024-21238 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 60 | Oracle MySQL 安全漏洞 | CNNVD-202410-1403 | CVE-2024-21196 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 61 | Oracle MySQL 安全漏洞 | CNNVD-202410-1404 | CVE-2024-21230 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 62 | Oracle MySQL 安全漏洞 | CNNVD-202410-1405 | CVE-2024-21262 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 63 | Oracle Java SE 安全漏洞 | CNNVD-202410-1412 | CVE-2024-21235 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 64 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1415 | CVE-2024-21192 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 65 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202410-1416 | CVE-2024-21205 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 66 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202410-1426 | CVE-2024-21281 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 67 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1429 | CVE-2024-21206 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 68 | Oracle E-Business Suite 安全漏洞 | CNNVD-202410-1430 | CVE-2024-21258 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 69 | Oracle Database Server 安全漏洞 | CNNVD-202410-1515 | CVE-2024-21233 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 70 | Oracle Application Express 安全漏洞 | CNNVD-202410-1517 | CVE-2024-21261 | 中危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 71 | Oracle Virtualization 安全漏洞 | CNNVD-202410-1366 | CVE-2024-21253 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 72 | Oracle MySQL 安全漏洞 | CNNVD-202410-1377 | CVE-2024-21209 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 73 | Oracle MySQL 安全漏洞 | CNNVD-202410-1379 | CVE-2024-21243 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 74 | Oracle MySQL 安全漏洞 | CNNVD-202410-1380 | CVE-2024-21232 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 75 | Oracle MySQL 安全漏洞 | CNNVD-202410-1381 | CVE-2024-21237 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 76 | Oracle MySQL 安全漏洞 | CNNVD-202410-1383 | CVE-2024-21247 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 77 | Oracle MySQL 安全漏洞 | CNNVD-202410-1384 | CVE-2024-21231 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 78 | Oracle MySQL 安全漏洞 | CNNVD-202410-1388 | CVE-2024-21244 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 79 | Oracle Java SE 安全漏洞 | CNNVD-202410-1407 | CVE-2024-21217 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 80 | Oracle Java SE 安全漏洞 | CNNVD-202410-1408 | CVE-2024-21211 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 81 | Oracle Java SE 安全漏洞 | CNNVD-202410-1409 | CVE-2024-21210 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 82 | Oracle Hyperion 安全漏洞 | CNNVD-202410-1410 | CVE-2024-21257 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 83 | Oracle Java SE 安全漏洞 | CNNVD-202410-1419 | CVE-2024-21208 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 84 | Oracle Database Server 安全漏洞 | CNNVD-202410-1516 | CVE-2024-21242 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
| 85 | Oracle Database Server 安全漏洞 | CNNVD-202410-1518 | CVE-2024-21251 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
此次更新共包括6个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞2个,低危漏洞3个。
| 序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
| 1 | Oracle Java SE 安全漏洞 | CNNVD-202407-1739 | CVE-2024-21147 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
| 2 | Oracle Java SE 安全漏洞 | CNNVD-202407-1735 | CVE-2024-21140 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
| 3 | Oracle Java SE 安全漏洞 | CNNVD-202407-1737 | CVE-2024-21145 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
| 4 | Oracle Java SE 安全漏洞 | CNNVD-202407-1734 | CVE-2024-21131 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
| 5 | Oracle Java SE 安全漏洞 | CNNVD-202407-1729 | CVE-2024-21138 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
| 6 | Oracle Java SE 安全漏洞 | CNNVD-202407-1732 | CVE-2024-21144 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
此次更新共包括225个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞21个,高危漏洞100个,中危漏洞93个,低危漏洞11个。
| 序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
| 1 | Apache Chainsaw 代码问题漏洞 | CNNVD-202106-1293 | CVE-2020-9493 | 超危 | Apache基金会 | https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E |
| 2 | OpenSSL 操作系统命令注入漏洞 | CNNVD-202205-1962 | CVE-2022-1292 | 超危 | Openssl团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 |
| 3 | SnakeYAML 代码问题漏洞 | CNNVD-202212-1820 | CVE-2022-1471 | 超危 | 个人开发者 | https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 |
| 4 | OpenSSL 操作系统命令注入漏洞 | CNNVD-202206-2112 | CVE-2022-2068 | 超危 | OpenSSL | https://www.openssl.org/source/ |
| 5 | Apache Log4j SQL注入漏洞 | CNNVD-202201-1421 | CVE-2022-23305 | 超危 | Apache基金会 | https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y |
| 6 | Dell BSAFE 安全漏洞 | CNNVD-202402-197 | CVE-2022-34381 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability |
| 7 | Apache HTTP Server 环境问题漏洞 | CNNVD-202301-1299 | CVE-2022-36760 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
| 8 | XKCP 输入验证错误漏洞 | CNNVD-202210-1541 | CVE-2022-37454 | 超危 | XKCP | https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a |
| 9 | Apache Derby 注入漏洞 | CNNVD-202311-1655 | CVE-2022-46337 | 超危 | Apache基金会 | https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 |
| 10 | Certifi 数据伪造问题漏洞 | CNNVD-202307-2046 | CVE-2023-37920 | 超危 | Certifi | https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| 11 | OpenSSH 代码问题漏洞 | CNNVD-202307-1721 | CVE-2023-38408 | 超危 | OpenBSD | https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8 |
| 12 | curl 缓冲区错误漏洞 | CNNVD-202310-917 | CVE-2023-38545 | 超危 | curl | https://github.com/curl/curl/commit/fb4415d8aee6c1 |
| 13 | Apache ZooKeeper 安全漏洞 | CNNVD-202310-856 | CVE-2023-44981 | 超危 | Apache基金会 | https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b |
| 14 | zlib 输入验证错误漏洞 | CNNVD-202310-1086 | CVE-2023-45853 | 超危 | 个人开发者 | https://github.com/madler/zlib/pull/843 |
| 15 | Pillow 安全漏洞 | CNNVD-202401-1886 | CVE-2023-50447 | 超危 | 个人开发者 | https://github.com/python-pillow/Pillow/releases/tag/10.2 |
| 16 | OpenSSH 安全漏洞 | CNNVD-202312-1665 | CVE-2023-51385 | 超危 | OpenBSD | https://www.openssh.com/txt/release-9.6 |
| 17 | PHP 安全漏洞 | CNNVD-202404-3501 | CVE-2024-1874 | 超危 | PHP | https://www.php.net/downloads.php |
| 18 | RequireJS 安全漏洞 | CNNVD-202407-034 | CVE-2024-38999 | 超危 | RequireJS | https://github.com/requirejs/r.js |
| 19 | Jenkins 安全漏洞 | CNNVD-202408-533 | CVE-2024-43044 | 超危 | Jenkins | https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430 |
| 20 | libexpat 安全漏洞 | CNNVD-202408-2839 | CVE-2024-45490 | 超危 | libexpat | https://github.com/libexpat/libexpat |
| 21 | PHP 操作系统命令注入漏洞 | CNNVD-202406-852 | CVE-2024-4577 | 超危 | PHP | https://www.php.net/downloads |
| 22 | jackson-mapper-asl 代码问题漏洞 | CNNVD-201911-1110 | CVE-2019-10172 | 高危 | 个人开发者 | https://mvnrepository.com/artifact/org.codehaus.jackson |
| 23 | OpenSSH 操作系统命令注入漏洞 | CNNVD-202007-1519 | CVE-2020-15778 | 高危 | OpenBSD | https://www.openssh.com/ |
| 24 | Npm underscore 代码注入漏洞 | CNNVD-202103-1621 | CVE-2021-23358 | 高危 | Npm | https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504 |
| 25 | Netty 资源管理错误漏洞 | CNNVD-202110-1442 | CVE-2021-37136 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv |
| 26 | Netty 资源管理错误漏洞 | CNNVD-202110-1441 | CVE-2021-37137 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 |
| 27 | Apache Log4j 代码问题漏洞 | CNNVD-202201-1420 | CVE-2022-23302 | 高危 | Apache基金会 | https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w |
| 28 | Apache Log4j 代码问题漏洞 | CNNVD-202201-1425 | CVE-2022-23307 | 高危 | Apache基金会 | https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh |
| 29 | grub2 安全漏洞 | CNNVD-202211-2822 | CVE-2022-2601 | 高危 | GNU社区 | https://access.redhat.com/security/cve/cve-2022-2601 |
| 30 | Moment.js 资源管理错误漏洞 | CNNVD-202207-502 | CVE-2022-31129 | 高危 | 个人开发者 | https://github.com/moment/moment/pull/6015#issuecomment-1152961973 |
| 31 | Apache Xalan 输入验证错误漏洞 | CNNVD-202207-1617 | CVE-2022-34169 | 高危 | Apache基金会 | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
| 32 | Intel(R) oneAPI DPC++/C++ Compiler 代码问题漏洞 | CNNVD-202301-904 | CVE-2022-38136 | 高危 | Intel | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html |
| 33 | OpenSSL 安全漏洞 | CNNVD-202212-2982 | CVE-2022-3996 | 高危 | OpenSSL | https://github.com/openssl/openssl/ |
| 34 | Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞 | CNNVD-202301-905 | CVE-2022-40196 | 高危 | Intel | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html |
| 35 | Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞 | CNNVD-202301-906 | CVE-2022-41342 | 高危 | Intel | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html |
| 36 | Python 安全漏洞 | CNNVD-202210-2513 | CVE-2022-42919 | 高危 | Python基金会 | https://github.com/python/cpython/issues/97514 |
| 37 | OpenSSL 资源管理错误漏洞 | CNNVD-202302-510 | CVE-2022-4450 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
| 38 | Python 资源管理错误漏洞 | CNNVD-202211-2414 | CVE-2022-45061 | 高危 | Python基金会 | https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html |
| 39 | OpenSSL 资源管理错误漏洞 | CNNVD-202302-521 | CVE-2023-0215 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5845-1 |
| 40 | OpenSSL 代码问题漏洞 | CNNVD-202302-512 | CVE-2023-0216 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5844-1 |
| 41 | OpenSSL 代码问题漏洞 | CNNVD-202302-516 | CVE-2023-0217 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5844-1 |
| 42 | OpenSSL 安全漏洞 | CNNVD-202302-524 | CVE-2023-0286 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5845-1 |
| 43 | OpenSSL 代码问题漏洞 | CNNVD-202302-518 | CVE-2023-0401 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5844-1 |
| 44 | Apache Hadoop 代码问题漏洞 | CNNVD-202311-1444 | CVE-2023-26031 | 高危 | Apache基金会 | https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r |
| 45 | Apache Log4j 代码问题漏洞 | CNNVD-202303-736 | CVE-2023-26464 | 高危 | Apache基金会 | https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t |
| 46 | Intel oneAPI Toolkits 代码问题漏洞 | CNNVD-202308-1031 | CVE-2023-28823 | 高危 | Intel | http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
| 47 | OpenLDAP 代码问题漏洞 | CNNVD-202305-2588 | CVE-2023-2953 | 高危 | OpenLDAP | https://www.openldap.org/software/download/ |
| 48 | Google Guava 安全漏洞 | CNNVD-202306-1141 | CVE-2023-2976 | 高危 | https://github.com/google/guava | |
| 49 | snappy-java 输入验证错误漏洞 | CNNVD-202306-1200 | CVE-2023-34453 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf |
| 50 | snappy-java 输入验证错误漏洞 | CNNVD-202306-1198 | CVE-2023-34454 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r |
| 51 | Snappy 输入验证错误漏洞 | CNNVD-202306-1248 | CVE-2023-34455 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh |
| 52 | Okio 安全漏洞 | CNNVD-202307-1161 | CVE-2023-3635 | 高危 | square | https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b |
| 53 | Apache Avro 代码问题漏洞 | CNNVD-202309-2636 | CVE-2023-39410 | 高危 | Apache基金会 | https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds |
| 54 | Eclipse Parsson 安全漏洞 | CNNVD-202311-268 | CVE-2023-4043 | 高危 | Eclipse基金会 | https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31 |
| 55 | Apple iOS 和 iPadOS 安全漏洞 | CNNVD-202403-3045 | CVE-2023-42950 | 高危 | Apple | https://support.apple.com/en-us/HT214035 |
| 56 | Snappy 安全漏洞 | CNNVD-202309-2204 | CVE-2023-43642 | 高危 | 个人开发者 | https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv |
| 57 | Apache HTTP/2 资源管理错误漏洞 | CNNVD-202310-667 | CVE-2023-44487 | 高危 | Apache基金会 | https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
| 58 | Google Go 安全漏洞 | CNNVD-202404-632 | CVE-2023-45288 | 高危 | https://pkg.go.dev/vuln/GO-2024-2687 | |
| 59 | Pallets Werkzeug 缓冲区错误漏洞 | CNNVD-202310-2005 | CVE-2023-46136 | 高危 | Pallets | https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw |
| 60 | Eclipse JGit 安全漏洞 | CNNVD-202309-850 | CVE-2023-4759 | 高危 | Eclipse基金会 | https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11 |
| 61 | OpenSSL 安全漏洞 | CNNVD-202309-665 | CVE-2023-4807 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230908.txt |
| 62 | Google Chrome 缓冲区错误漏洞 | CNNVD-202309-784 | CVE-2023-4863 | 高危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html | |
| 63 | JSON-Java 安全漏洞 | CNNVD-202310-951 | CVE-2023-5072 | 高危 | 个人开发者 | https://github.com/stleary/JSON-java/ |
| 64 | jose4j 安全漏洞 | CNNVD-202402-2688 | CVE-2023-51775 | 高危 | Bitbucket | https://bitbucket.org/b_c/jose4j/downloads/ |
| 65 | libexpat 安全漏洞 | CNNVD-202402-245 | CVE-2023-52425 | 高危 | 个人开发者 | https://github.com/libexpat/libexpat/pull/789 |
| 66 | Connect2id Nimbus JOSE+JWT 安全漏洞 | CNNVD-202402-845 | CVE-2023-52428 | 高危 | Connect2id | https://connect2id.com/products/nimbus-jose-jwt |
| 67 | OpenSSL 安全漏洞 | CNNVD-202310-1871 | CVE-2023-5363 | 高危 | OpenSSL团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d |
| 68 | Red Hat XNIO 资源管理错误漏洞 | CNNVD-202403-455 | CVE-2023-5685 | 高危 | Red Hat | https://github.com/xnio/xnio/tags |
| 69 | Python 安全漏洞 | CNNVD-202403-1882 | CVE-2023-6597 | 高危 | Python | https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b |
| 70 | X.org Server 安全漏洞 | CNNVD-202401-1731 | CVE-2023-6816 | 高危 | X.org | https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11 |
| 71 | X.org Server 安全漏洞 | CNNVD-202401-1736 | CVE-2024-0229 | 高危 | X.org | https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11 |
| 72 | X.org Server 安全漏洞 | CNNVD-202401-1733 | CVE-2024-21885 | 高危 | X.org | https://www.x.org/wiki/XServer/ |
| 73 | X.org Server 安全漏洞 | CNNVD-202401-1732 | CVE-2024-21886 | 高危 | X.org | https://www.x.org/wiki/XServer/ |
| 74 | Node.js 安全漏洞 | CNNVD-202407-536 | CVE-2024-22020 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
| 75 | Eclipse Jetty 安全漏洞 | CNNVD-202402-2103 | CVE-2024-22201 | 高危 | Eclipse | https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 |
| 76 | VMware Spring Security 安全漏洞 | CNNVD-202403-1650 | CVE-2024-22257 | 高危 | VMware | https://spring.io/security/cve-2024-22257 |
| 77 | Spring Framework 安全漏洞 | CNNVD-202404-2193 | CVE-2024-22262 | 高危 | Spring | https://spring.io/security/cve-2024-22262 |
| 78 | Apache Tomcat 安全漏洞 | CNNVD-202403-1180 | CVE-2024-23672 | 高危 | Apache | https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f |
| 79 | Apache Xerces-C 资源管理错误漏洞 | CNNVD-202402-1469 | CVE-2024-23807 | 高危 | Apache | https://github.com/apache/xerces-c/pull/54 |
| 80 | Curl 安全漏洞 | CNNVD-202403-2674 | CVE-2024-2398 | 高危 | Curl | https://curl.se/docs/CVE-2024-2398.html |
| 81 | Apache Tomcat 输入验证错误漏洞 | CNNVD-202403-1179 | CVE-2024-24549 | 高危 | Apache | https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg |
| 82 | F5 Nginx 安全漏洞 | CNNVD-202402-1248 | CVE-2024-24989 | 高危 | F5 | https://my.f5.com/manage/s/article/K000138444 |
| 83 | F5 Nginx 安全漏洞 | CNNVD-202402-1247 | CVE-2024-24990 | 高危 | F5 | https://my.f5.com/manage/s/article/K000138445 |
| 84 | libxml2 安全漏洞 | CNNVD-202402-242 | CVE-2024-25062 | 高危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/tags |
| 85 | OpenSSL 安全漏洞 | CNNVD-202404-941 | CVE-2024-2511 | 高危 | OpenSSL | https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce |
| 86 | libheif 安全漏洞 | CNNVD-202403-378 | CVE-2024-25269 | 高危 | 个人开发者 | https://github.com/strukturag/libheif/pull/1074 |
| 87 | python-cryptography 安全漏洞 | CNNVD-202402-1783 | CVE-2024-26130 | 高危 | Cryptographic | https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 |
| 88 | Node.js 安全漏洞 | CNNVD-202404-991 | CVE-2024-27983 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/april-2024-security-releases |
| 89 | Apache Commons Configuration 缓冲区错误漏洞 | CNNVD-202403-2143 | CVE-2024-29131 | 高危 | Apache | https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37 |
| 90 | Apache Commons Configuration 缓冲区错误漏洞 | CNNVD-202403-2142 | CVE-2024-29133 | 高危 | Apache | https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2 |
| 91 | Bouncy Castle 安全漏洞 | CNNVD-202405-2601 | CVE-2024-29857 | 高危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
| 92 | aiohttp 安全漏洞 | CNNVD-202405-305 | CVE-2024-30251 | 高危 | aio-libs | https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 |
| 93 | X.org Server 安全漏洞 | CNNVD-202404-510 | CVE-2024-31080 | 高危 | X.org | https://www.x.org/wiki/Development/Documentation/SubmittingPatches/ |
| 94 | X.org Server 资源管理错误漏洞 | CNNVD-202404-682 | CVE-2024-31083 | 高危 | X.org | https://www.x.org/wiki/Development/Documentation/SubmittingPatches/ |
| 95 | Apache CXF 安全漏洞 | CNNVD-202407-1957 | CVE-2024-32007 | 高危 | Apache | https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633 |
| 96 | Apache ActiveMQ 安全漏洞 | CNNVD-202405-256 | CVE-2024-32114 | 高危 | Apache | https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt |
| 97 | glibc 安全漏洞 | CNNVD-202405-1511 | CVE-2024-33599 | 高危 | GNU | https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005 |
| 98 | glibc 安全漏洞 | CNNVD-202404-3209 | CVE-2024-33602 | 高危 | GNU | https://sourceware.org/bugzilla/show_bug.cgi?id=31680 |
| 99 | Apache Tomcat 安全漏洞 | CNNVD-202407-326 | CVE-2024-34750 | 高危 | Apache | https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l |
| 100 | Node.js 安全漏洞 | CNNVD-202409-508 | CVE-2024-36138 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
| 101 | MIT Kerberos 安全漏洞 | CNNVD-202406-3113 | CVE-2024-37370 | 高危 | MIT | https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef |
| 102 | Apache HTTP Server 安全漏洞 | CNNVD-202407-094 | CVE-2024-38474 | 高危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
| 103 | Apache HTTP Server 安全漏洞 | CNNVD-202407-093 | CVE-2024-38475 | 高危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
| 104 | Apache HTTP Server 代码问题漏洞 | CNNVD-202407-091 | CVE-2024-38477 | 高危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
| 105 | VMware Spring Framework 安全漏洞 | CNNVD-202409-1142 | CVE-2024-38816 | 高危 | VMware | https://spring.io/security/cve-2024-38816 |
| 106 | Certifi 安全漏洞 | CNNVD-202407-421 | CVE-2024-39689 | 高危 | Certifi | https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc |
| 107 | Apache HTTP Server 安全漏洞 | CNNVD-202407-339 | CVE-2024-39884 | 高危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
| 108 | Apache CXF 安全漏洞 | CNNVD-202407-1956 | CVE-2024-41172 | 高危 | Apache | https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 |
| 109 | ImageMagick 安全漏洞 | CNNVD-202407-2766 | CVE-2024-41817 | 高危 | ImageMagick | https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.1-36 |
| 110 | libexpat 输入验证错误漏洞 | CNNVD-202408-2842 | CVE-2024-45491 | 高危 | libexpat | https://github.com/libexpat/libexpat |
| 111 | libexpat 输入验证错误漏洞 | CNNVD-202408-2841 | CVE-2024-45492 | 高危 | libexpat | https://github.com/libexpat/libexpat |
| 112 | DOMPurify 安全漏洞 | CNNVD-202409-1375 | CVE-2024-45801 | 高危 | 个人开发者 | https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674 |
| 113 | PHP 安全漏洞 | CNNVD-202406-829 | CVE-2024-5458 | 高危 | PHP | https://www.php.net/downloads |
| 114 | PHP 安全漏洞 | CNNVD-202406-828 | CVE-2024-5585 | 高危 | PHP | https://www.php.net/downloads |
| 115 | Red Hat Undertow 安全漏洞 | CNNVD-202407-518 | CVE-2024-5971 | 高危 | Red Hat | https://access.redhat.com/security/cve/CVE-2024-5971 |
| 116 | Red Hat Undertow 资源管理错误漏洞 | CNNVD-202406-2368 | CVE-2024-6162 | 高危 | Red Hat | https://bugzilla.redhat.com/show_bug.cgi?id=2293069 |
| 117 | setuptools 代码注入漏洞 | CNNVD-202407-1480 | CVE-2024-6345 | 高危 | PyPI | https://github.com/pypa/setuptools/releases/tag/v70.3 |
| 118 | OpenSSH 竞争条件问题漏洞 | CNNVD-202407-017 | CVE-2024-6387 | 高危 | OpenBSD | https://www.openssh.com/txt/release-9.8 |
| 119 | Protocol Buffers 安全漏洞 | CNNVD-202409-1841 | CVE-2024-7254 | 高危 | Protocol Buffers | http://protobuf.dev/ |
| 120 | curl 安全漏洞 | CNNVD-202407-3105 | CVE-2024-7264 | 高危 | cURL | https://curl.se/docs/CVE-2024-7264.html |
| 121 | Red Hat Undertow 竞争条件问题漏洞 | CNNVD-202408-2070 | CVE-2024-7885 | 高危 | Red Hat | https://undertow.io/ |
| 122 | jQuery 跨站脚本漏洞 | CNNVD-202004-2429 | CVE-2020-11022 | 中危 | 个人开发者 | https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ |
| 123 | jQuery 跨站脚本漏洞 | CNNVD-202004-2420 | CVE-2020-11023 | 中危 | 个人开发者 | https://jquery.com/upgrade-guide/3.5/ |
| 124 | Apache HttpClient 安全漏洞 | CNNVD-202010-372 | CVE-2020-13956 | 中危 | Apache基金会 | https://www.apache.org/ |
| 125 | OpenSSH 信息泄露漏洞 | CNNVD-202006-1822 | CVE-2020-14145 | 中危 | Openbsd计划组 | https://www.openssh.com/ |
| 126 | Apache Groovy 安全漏洞 | CNNVD-202012-422 | CVE-2020-17521 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel |
| 127 | Jakarta Expression Language 输入验证错误漏洞 | CNNVD-202105-1760 | CVE-2021-28170 | 中危 | Jakarta | https://jakarta.ee/specifications/expression-language/3. |
| 128 | Sprymedia Datatables 跨站脚本漏洞 | CNNVD-202303-377 | CVE-2021-36713 | 中危 | Sprymedia | https://github.com/DataTables/DataTables/releases/tag/1.10.21 |
| 129 | jQuery 跨站脚本漏洞 | CNNVD-202110-1843 | CVE-2021-41182 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
| 130 | jQuery 跨站脚本漏洞 | CNNVD-202110-1839 | CVE-2021-41183 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
| 131 | Openjs Jquery Ui 跨站脚本漏洞 | CNNVD-202110-1845 | CVE-2021-41184 | 中危 | Openjs基金会 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
| 132 | Xerces 安全漏洞 | CNNVD-202201-2238 | CVE-2022-23437 | 中危 | Apache基金会 | https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl |
| 133 | jQuery 跨站脚本漏洞 | CNNVD-202207-2121 | CVE-2022-31160 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
| 134 | jsoup 跨站脚本漏洞 | CNNVD-202208-4329 | CVE-2022-36033 | 中危 | 个人开发者 | https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
| 135 | OpenSSL 缓冲区错误漏洞 | CNNVD-202302-506 | CVE-2022-4203 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
| 136 | OpenSSL 安全漏洞 | CNNVD-202302-514 | CVE-2022-4304 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
| 137 | Spring Framework 安全漏洞 | CNNVD-202304-1094 | CVE-2023-20863 | 中危 | Spring | https://spring.io/security/cve-2023-20863 |
| 138 | NTP 缓冲区错误漏洞 | CNNVD-202304-899 | CVE-2023-26551 | 中危 | nwtime | https://www.ntppool.org/zh/ |
| 139 | NTP 缓冲区错误漏洞 | CNNVD-202304-898 | CVE-2023-26552 | 中危 | nwtime | https://www.ntppool.org/zh/ |
| 140 | NTP 缓冲区错误漏洞 | CNNVD-202304-897 | CVE-2023-26553 | 中危 | nwtime | https://www.ntppool.org/zh/ |
| 141 | NTP 缓冲区错误漏洞 | CNNVD-202304-892 | CVE-2023-26554 | 中危 | nwtime | https://www.ntppool.org/zh/ |
| 142 | NTP 缓冲区错误漏洞 | CNNVD-202304-891 | CVE-2023-26555 | 中危 | nwtime | https://www.ntppool.org/zh/ |
| 143 | Intel oneAPI Toolkits 安全漏洞 | CNNVD-202308-1047 | CVE-2023-27391 | 中危 | Intel | http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
| 144 | CKEditor 跨站脚本漏洞 | CNNVD-202303-1790 | CVE-2023-28439 | 中危 | CKEditor | https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g |
| 145 | libxml2 代码问题漏洞 | CNNVD-202304-908 | CVE-2023-28484 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f |
| 146 | libxml2 资源管理错误漏洞 | CNNVD-202304-907 | CVE-2023-29469 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 |
| 147 | Bouncy Castle 信任管理问题漏洞 | CNNVD-202307-168 | CVE-2023-33201 | 中危 | Bouncy Castle | https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc |
| 148 | VMware Spring Boot 安全漏洞 | CNNVD-202311-2124 | CVE-2023-34055 | 中危 | VMware | https://github.com/spring-projects/spring-boot/releases/tag/v3.0. |
| 149 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202306-1121 | CVE-2023-35116 | 中危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3972 |
| 150 | lrzip 安全漏洞 | CNNVD-202308-1538 | CVE-2023-39743 | 中危 | 个人开发者 | https://github.com/pete4abw/lrzip-next/issues/132 |
| 151 | Apache Commons Compress 资源管理错误漏洞 | CNNVD-202309-1000 | CVE-2023-42503 | 中危 | Apache基金会 | https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c |
| 152 | Apple iOS 和 iPadOS 安全漏洞 | CNNVD-202402-1738 | CVE-2023-42843 | 中危 | Apple | https://support.apple.com/en-us/HT213981 |
| 153 | Apple iOS 和 iPadOS 安全漏洞 | CNNVD-202403-3044 | CVE-2023-42956 | 中危 | Apple | https://support.apple.com/en-us/HT214035 |
| 154 | Apache Santuario 日志信息泄露漏洞 | CNNVD-202310-1720 | CVE-2023-44483 | 中危 | Apache基金会 | https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 |
| 155 | OpenSSH 安全漏洞 | CNNVD-202312-1668 | CVE-2023-48795 | 中危 | OpenBSD | https://www.openssh.com/openbsd.html |
| 156 | Python cryptography 代码问题漏洞 | CNNVD-202311-2230 | CVE-2023-49083 | 中危 | Python基金会 | https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 |
| 157 | OpenSSH 安全漏洞 | CNNVD-202312-1662 | CVE-2023-51384 | 中危 | OpenBSD | https://www.openssh.com/txt/release-9.6 |
| 158 | libexpat 安全漏洞 | CNNVD-202402-243 | CVE-2023-52426 | 中危 | 个人开发者 | https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404 |
| 159 | OpenSSL 代码问题漏洞 | CNNVD-202311-423 | CVE-2023-5678 | 中危 | OpenSSL | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 |
| 160 | OpenSSL 安全漏洞 | CNNVD-202401-736 | CVE-2023-6129 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20240109.txt |
| 161 | OpenSSL 安全漏洞 | CNNVD-202401-1378 | CVE-2023-6237 | 中危 | OpenSSL | https://git.openssl.org/?p=openssl.git;a=commit;h=18c02492138d1eb8b6548cb26e7b625fb2414a2a |
| 162 | SQLite 安全漏洞 | CNNVD-202312-2480 | CVE-2023-7104 | 中危 | SQLite | https://sqlite.org/releaselog/3_44_2.html |
| 163 | SQLite 安全漏洞 | CNNVD-202401-1406 | CVE-2024-0232 | 中危 | 个人开发者 | https://sqlite.org/forum/forumpost/4aa381993a |
| 164 | Python 安全漏洞 | CNNVD-202403-1880 | CVE-2024-0450 | 中危 | Python | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
| 165 | Apple Safari 安全漏洞 | CNNVD-202403-713 | CVE-2024-23254 | 中危 | Apple | https://support.apple.com/en-us/HT214089 |
| 166 | Apple Safari 安全漏洞 | CNNVD-202403-708 | CVE-2024-23263 | 中危 | Apple | https://support.apple.com/en-us/HT214089 |
| 167 | Apple Safari 安全漏洞 | CNNVD-202403-705 | CVE-2024-23280 | 中危 | Apple | https://support.apple.com/en-us/HT214089 |
| 168 | Apple Safari 安全漏洞 | CNNVD-202403-699 | CVE-2024-23284 | 中危 | Apple | https://support.apple.com/en-us/HT214089 |
| 169 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202402-204 | CVE-2024-23635 | 中危 | OWASP | https://github.com/nahsra/antisamy/releases/tag/v1.7.5 |
| 170 | Apache Zookeeper 信息泄露漏洞 | CNNVD-202403-1401 | CVE-2024-23944 | 中危 | Apache | https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k |
| 171 | PHP 安全漏洞 | CNNVD-202406-854 | CVE-2024-2408 | 中危 | PHP | https://www.php.net/ |
| 172 | dnsjava 安全漏洞 | CNNVD-202407-2260 | CVE-2024-25638 | 中危 | dnsjava | https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw |
| 173 | Apache Commons Compress 安全漏洞 | CNNVD-202402-1528 | CVE-2024-25710 | 中危 | Apache | https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf |
| 174 | Apache Commons Compress 安全漏洞 | CNNVD-202402-1527 | CVE-2024-26308 | 中危 | Apache | https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg |
| 175 | aiohttp 跨站脚本漏洞 | CNNVD-202404-2760 | CVE-2024-27306 | 中危 | aiohttp | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g |
| 176 | Apple iOS 和 iPadOS 安全漏洞 | CNNVD-202405-1869 | CVE-2024-27834 | 中危 | Apple | https://support.apple.com/en-us/HT214101 |
| 177 | Nghttp2 安全漏洞 | CNNVD-202404-586 | CVE-2024-28182 | 中危 | Nghttp2 | https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q |
| 178 | Apache CXF 代码问题漏洞 | CNNVD-202403-1399 | CVE-2024-28752 | 中危 | Apache | https://cxf.apache.org/ |
| 179 | Follow Redirects 信息泄露漏洞 | CNNVD-202403-1332 | CVE-2024-28849 | 中危 | 个人开发者 | https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp |
| 180 | Intel IPP 安全漏洞 | CNNVD-202408-1264 | CVE-2024-28887 | 中危 | Intel | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html |
| 181 | Netty 安全漏洞 | CNNVD-202403-2434 | CVE-2024-29025 | 中危 | Netty | https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c |
| 182 | GNU C Library 安全漏洞 | CNNVD-202404-2641 | CVE-2024-2961 | 中危 | GNU | https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004 |
| 183 | Apache CXF 代码问题漏洞 | CNNVD-202407-1958 | CVE-2024-29736 | 中危 | Apache | https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2 |
| 184 | F5 Nginx 安全漏洞 | CNNVD-202405-4793 | CVE-2024-31079 | 中危 | F5 | https://my.f5.com/manage/s/article/K000139611 |
| 185 | Jasper 安全漏洞 | CNNVD-202404-2850 | CVE-2024-31744 | 中危 | Jasper | https://github.com/jasper-software/jasper/releases/tag/version-4.2.3 |
| 186 | F5 Nginx 安全漏洞 | CNNVD-202405-4792 | CVE-2024-32760 | 中危 | F5 | https://my.f5.com/manage/s/article/K000139609 |
| 187 | glibc 安全漏洞 | CNNVD-202404-3208 | CVE-2024-33600 | 中危 | GNU | https://sourceware.org/bugzilla/show_bug.cgi?id=31678 |
| 188 | glibc 安全漏洞 | CNNVD-202404-3210 | CVE-2024-33601 | 中危 | GNU | https://sourceware.org/bugzilla/show_bug.cgi?id=31679 |
| 189 | RARLAB WinRAR 安全漏洞 | CNNVD-202404-3492 | CVE-2024-33899 | 中危 | RARLAB | https://www.rarlab.com/rarnew.htm |
| 190 | F5 Nginx 安全漏洞 | CNNVD-202405-4791 | CVE-2024-34161 | 中危 | F5 | https://my.f5.com/manage/s/article/K000139627 |
| 191 | F5 Nginx 安全漏洞 | CNNVD-202405-4790 | CVE-2024-35200 | 中危 | F5 | https://my.f5.com/manage/s/article/K000139612 |
| 192 | WinRAR 安全漏洞 | CNNVD-202405-3858 | CVE-2024-36052 | 中危 | 个人开发者 | https://www.rarlab.com/rarnew.htm |
| 193 | Apache HTTP Server 代码问题漏洞 | CNNVD-202407-101 | CVE-2024-36387 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
| 194 | Red Hat Undertow 安全漏洞 | CNNVD-202407-521 | CVE-2024-3653 | 中危 | Red Hat | https://undertow.io/ |
| 195 | MIT Kerberos 安全漏洞 | CNNVD-202406-3108 | CVE-2024-37371 | 中危 | MIT | https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef |
| 196 | urllib3 安全漏洞 | CNNVD-202406-1954 | CVE-2024-37891 | 中危 | urllib3 | https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf |
| 197 | Tiny Technologies TinyMCE 安全漏洞 | CNNVD-202406-2256 | CVE-2024-38356 | 中危 | Tiny Technologies | https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph |
| 198 | Tiny Technologies TinyMCE 安全漏洞 | CNNVD-202406-2249 | CVE-2024-38357 | 中危 | Tiny Technologies | https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x |
| 199 | Apache HTTP Server 安全漏洞 | CNNVD-202407-096 | CVE-2024-38472 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
| 200 | Apache HTTP Server 安全漏洞 | CNNVD-202407-095 | CVE-2024-38473 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
| 201 | Apache HTTP Server 安全漏洞 | CNNVD-202407-092 | CVE-2024-38476 | 中危 | Apache | https://lists.apache.org/thread/p2xfjsvpogyrg4hw9cjs2nrnqnl34qf0 |
| 202 | Spring Framework 安全漏洞 | CNNVD-202408-1848 | CVE-2024-38808 | 中危 | VMware | https://spring.io/security/cve-2024-38808 |
| 203 | VMware Spring Framework 安全漏洞 | CNNVD-202409-2323 | CVE-2024-38809 | 中危 | VMware | https://spring.io/security/cve-2024-38809 |
| 204 | RequireJS 安全漏洞 | CNNVD-202407-032 | CVE-2024-38998 | 中危 | RequireJS | https://github.com/requirejs/r.js |
| 205 | Apache HTTP Server 输入验证错误漏洞 | CNNVD-202407-086 | CVE-2024-39573 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
| 206 | Apache HTTP Server 安全漏洞 | CNNVD-202407-1912 | CVE-2024-40725 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
| 207 | Apache HTTP Server 代码问题漏洞 | CNNVD-202407-1910 | CVE-2024-40898 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
| 208 | Apache MINA SSHD 安全漏洞 | CNNVD-202408-865 | CVE-2024-41909 | 中危 | Apache | https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b |
| 209 | Jenkins 安全漏洞 | CNNVD-202408-532 | CVE-2024-43045 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349 |
| 210 | CKEditor4 安全漏洞 | CNNVD-202408-2064 | CVE-2024-43407 | 中危 | CKEditor | https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l |
| 211 | OpenSSL 安全漏洞 | CNNVD-202405-4739 | CVE-2024-4741 | 中危 | OpenSSL | https://github.com/openssl/openssl |
| 212 | OpenSSL 安全漏洞 | CNNVD-202409-141 | CVE-2024-6119 | 中危 | OpenSSL | https://openssl-library.org/news/secadv/20240903.txt |
| 213 | CPython 安全漏洞 | CNNVD-202409-120 | CVE-2024-6232 | 中危 | Python | https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf |
| 214 | Python 安全漏洞 | CNNVD-202408-1775 | CVE-2024-7592 | 中危 | Python | https://github.com/jeremyhylton/cpython/commit/1587608515127032778669c8232d46ec6d8f593c |
| 215 | Google Guava 访问控制错误漏洞 | CNNVD-202012-827 | CVE-2020-8908 | 低危 | https://github.com/google/guava/issues/4011 | |
| 216 | OpenSSH 授权问题漏洞 | CNNVD-202203-1230 | CVE-2021-36368 | 低危 | OpenBSD | https://www.openssh.com/security.html |
| 217 | Pip 命令注入漏洞 | CNNVD-202310-1912 | CVE-2023-5752 | 低危 | Python Packaging Authority | https://github.com/pypa/pip/releases/tag/23.3.1 |
| 218 | libssh 安全漏洞 | CNNVD-202312-1736 | CVE-2023-6004 | 低危 | libssh | https://www.libssh.org/files/0.10/ |
| 219 | libssh 安全漏洞 | CNNVD-202312-1734 | CVE-2023-6918 | 低危 | libssh | https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ |
| 220 | OpenSSL 安全漏洞 | CNNVD-202401-2353 | CVE-2024-0727 | 低危 | OpenSSL | https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 |
| 221 | Node.js 安全漏洞 | CNNVD-202407-1007 | CVE-2024-22018 | 低危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
| 222 | Node.js 安全漏洞 | CNNVD-202409-509 | CVE-2024-36137 | 低危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
| 223 | CKEditor 安全漏洞 | CNNVD-202408-2102 | CVE-2024-43411 | 低危 | 个人开发者 | https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l |
| 224 | OpenSSL 安全漏洞 | CNNVD-202405-2902 | CVE-2024-4603 | 低危 | OpenSSL | https://www.openssl.org/news/secadv/20240516.txt |
| 225 | OpenSSL 安全漏洞 | CNNVD-202406-2936 | CVE-2024-5535 | 低危 | OpenSSL | https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。
Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpuoct2024.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,稿件和图片版权均归原作者所有。所涉观点不代表东方安全立场,转载目的在于传递更多信息。如有侵权,请联系rhliu@skdlabs.com,我们将及时按原作者或权利人的意愿予以更正。
- 医疗数据泄露屡现天价赔偿!一大型医院泄露患者隐私赔偿1.28亿元
- CDCE2025数据中心展11月上海开幕在即 六大技术路径引领算电协同,驱动绿色算力变革
- 弈动 Dynamic•数智跃迁 博弈无界|2025TechWorld智慧安全大会在京召开
- 国家安全部:一块涉密硬盘的“失守”
- 工信部:关于防范SEO投毒攻击的风险提示
- MirrorFuzz:利用LLM与共享漏洞实现深度学习框架API模糊测试
- 20款智能终端侵害用户权益被工信部通报,涉儿童电话手表、智能门锁等
- 从瘫痪到恢复:一家老牌医院如何熬过勒索软件攻击后的5个月?
- 当数据归还于人:从MyData到Web3.0的未来图景
- 国家安全部:莫为“商业利益”忘了“国家安全”