近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞143个,影响到Oracle产品的其他厂商漏洞193个。包括Oracle BI Publisher 安全漏洞(CNNVD-202404-2284、CVE-2024-21082)、Oracle Food and Beverage Applications 安全漏洞(CNNVD-202404-2316、CVE-2024-21014)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据、提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2024年4月16日,Oracle发布了2024年4月份安全更新,共336个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle PeopleSoft Enterprise PeopleTools、Oracle Java SE 的 Oracle GraalVM、Oracle Database Server、Oracle MySQL、Oracle Fusion Middleware等。CNNVD对其危害等级进行了评价,其中超危漏洞31个,高危漏洞122个,中危漏洞158个,低危漏洞25个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpuapr2024.html
二、漏洞详情
此次更新共包括133个新增漏洞的补丁程序,其中超危漏洞5个,高危漏洞26个,中危漏洞86个,低危漏洞16个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Oracle BI Publisher 安全漏洞 |
CNNVD-202404-2284 |
CVE-2024-21082 |
超危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
2 |
Oracle Food and Beverage Applications 安全漏洞 |
CNNVD-202404-2316 |
CVE-2024-21014 |
超危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
3 |
Oracle Food and Beverage Applications 安全漏洞 |
CNNVD-202404-2317 |
CVE-2024-20997 |
超危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
4 |
Oracle Food and Beverage Applications 安全漏洞 |
CNNVD-202404-2318 |
CVE-2024-21010 |
超危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
5 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2363 |
CVE-2024-21071 |
超危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
6 |
Oracle Virtualization 安全漏洞 |
CNNVD-202404-2199 |
CVE-2024-21110 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
7 |
Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞 |
CNNVD-202404-2200 |
CVE-2024-21116 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
8 |
Oracle Virtualization 安全漏洞 |
CNNVD-202404-2201 |
CVE-2024-21111 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
9 |
Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞 |
CNNVD-202404-2202 |
CVE-2024-21103 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
10 |
Oracle Virtualization 安全漏洞 |
CNNVD-202404-2203 |
CVE-2024-21113 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
11 |
Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞 |
CNNVD-202404-2204 |
CVE-2024-21114 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
12 |
Oracle Virtualization 安全漏洞 |
CNNVD-202404-2205 |
CVE-2024-21112 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
13 |
Oracle Virtualization 安全漏洞 |
CNNVD-202404-2208 |
CVE-2024-21115 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
14 |
Oracle Solaris 安全漏洞 |
CNNVD-202404-2209 |
CVE-2024-20999 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
15 |
Oracle Solaris 安全漏洞 |
CNNVD-202404-2210 |
CVE-2024-21059 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
16 |
Oracle Supply Chain Products Suite 安全漏洞 |
CNNVD-202404-2212 |
CVE-2024-21092 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
17 |
Oracle MySQL 的 MySQL Connectors 安全漏洞 |
CNNVD-202404-2243 |
CVE-2024-21090 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
18 |
Oracle BI Publisher 安全漏洞 |
CNNVD-202404-2277 |
CVE-2024-21083 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
19 |
Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞 |
CNNVD-202404-2304 |
CVE-2024-21007 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
20 |
Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞 |
CNNVD-202404-2306 |
CVE-2024-21006 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
21 |
Oracle Food and Beverage Applications 安全漏洞 |
CNNVD-202404-2315 |
CVE-2024-20989 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
22 |
Oracle Enterprise Manager Base Platform 安全漏洞 |
CNNVD-202404-2319 |
CVE-2024-21067 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
23 |
Oracle Construction and Engineering Suite 安全漏洞 |
CNNVD-202404-2327 |
CVE-2024-21095 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
24 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2337 |
CVE-2024-21088 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
25 |
Oracle E-Business Suite 的 Oracle Marketing 安全漏洞 |
CNNVD-202404-2346 |
CVE-2024-21079 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
26 |
Oracle E-Business Suite 的 Oracle Trade Management 安全漏洞 |
CNNVD-202404-2351 |
CVE-2024-21077 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
27 |
Oracle E-Business Suite 的 Oracle Trade Management 安全漏洞 |
CNNVD-202404-2354 |
CVE-2024-21075 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
28 |
Oracle E-Business Suite 的 Oracle Marketing 安全漏洞 |
CNNVD-202404-2355 |
CVE-2024-21078 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
29 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2356 |
CVE-2024-21076 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
30 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2357 |
CVE-2024-21074 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
31 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2360 |
CVE-2024-21073 |
高危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
32 |
Oracle Virtualization 安全漏洞 |
CNNVD-202404-2195 |
CVE-2024-21109 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
33 |
Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞 |
CNNVD-202404-2196 |
CVE-2024-21121 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
34 |
Oracle Virtualization 安全漏洞 |
CNNVD-202404-2197 |
CVE-2024-21106 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
35 |
Oracle Virtualization 安全漏洞 |
CNNVD-202404-2198 |
CVE-2024-21107 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
36 |
Oracle ZFS Storage Appliance 安全漏洞 |
CNNVD-202404-2207 |
CVE-2024-21104 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
37 |
Oracle Supply Chain Products Suite 安全漏洞 |
CNNVD-202404-2211 |
CVE-2024-21091 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
38 |
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 |
CNNVD-202404-2213 |
CVE-2024-21097 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
39 |
Oracle PeopleSoft 安全漏洞 |
CNNVD-202404-2214 |
CVE-2024-21070 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
40 |
Oracle PeopleSoft Products 安全漏洞 |
CNNVD-202404-2215 |
CVE-2024-21063 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
41 |
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 |
CNNVD-202404-2216 |
CVE-2024-21065 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
42 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2219 |
CVE-2024-21013 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
43 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2220 |
CVE-2024-21008 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
44 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2221 |
CVE-2024-21096 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
45 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2222 |
CVE-2024-21057 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
46 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2223 |
CVE-2024-21062 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
47 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2224 |
CVE-2024-21055 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
48 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2225 |
CVE-2024-21054 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
49 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2226 |
CVE-2024-21009 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
50 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2227 |
CVE-2024-20993 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
51 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2228 |
CVE-2024-20998 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
52 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2229 |
CVE-2024-21087 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
53 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2230 |
CVE-2024-21060 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
54 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2231 |
CVE-2024-21056 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
55 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2232 |
CVE-2024-21053 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
56 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2233 |
CVE-2024-21052 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
57 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2234 |
CVE-2024-21051 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
58 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2235 |
CVE-2024-21050 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
59 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2236 |
CVE-2024-21049 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
60 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2237 |
CVE-2024-21069 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
61 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2238 |
CVE-2024-21061 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
62 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2239 |
CVE-2024-21047 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
63 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2240 |
CVE-2024-21102 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
64 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2241 |
CVE-2024-20994 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
65 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2242 |
CVE-2024-21015 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
66 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202404-2268 |
CVE-2024-21099 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
67 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202404-2271 |
CVE-2024-21001 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
68 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202404-2273 |
CVE-2024-21064 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
69 |
Oracle BI Publisher 安全漏洞 |
CNNVD-202404-2275 |
CVE-2024-21084 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
70 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202404-2287 |
CVE-2024-20992 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
71 |
Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞 |
CNNVD-202404-2290 |
CVE-2024-21118 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
72 |
Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞 |
CNNVD-202404-2292 |
CVE-2024-21120 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
73 |
Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞 |
CNNVD-202404-2294 |
CVE-2024-21117 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
74 |
Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞 |
CNNVD-202404-2297 |
CVE-2024-21119 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
75 |
Oracle Fusion Middleware 的 Oracle HTTP Server 安全漏洞 |
CNNVD-202404-2298 |
CVE-2024-20991 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
76 |
Oracle E-Business Suite 的 Oracle Web Applications Desktop Integrator 安全漏洞 |
CNNVD-202404-2320 |
CVE-2024-21048 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
77 |
Oracle Commerce 的 Oracle Commerce Platform 安全漏洞 |
CNNVD-202404-2321 |
CVE-2024-21100 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
78 |
Oracle E-Business Suite 的 Oracle CRM Technical Foundation 安全漏洞 |
CNNVD-202404-2322 |
CVE-2024-21086 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
79 |
Oracle E-Business Suite 的 Oracle Partner Management 安全漏洞 |
CNNVD-202404-2323 |
CVE-2024-21081 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
80 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2324 |
CVE-2024-20990 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
81 |
Oracle E-Business Suite 的 Oracle Installed Base 安全漏洞 |
CNNVD-202404-2325 |
CVE-2024-21072 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
82 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2326 |
CVE-2024-21046 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
83 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2328 |
CVE-2024-21045 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
84 |
Oracle Database Server 安全漏洞 |
CNNVD-202404-2329 |
CVE-2024-21093 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
85 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2330 |
CVE-2024-21044 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
86 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2331 |
CVE-2024-21043 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
87 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2332 |
CVE-2024-21042 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
88 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2333 |
CVE-2024-21041 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
89 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2334 |
CVE-2024-21040 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
90 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2335 |
CVE-2024-21089 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
91 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2336 |
CVE-2024-21039 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
92 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2338 |
CVE-2024-21038 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
93 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2339 |
CVE-2024-21037 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
94 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2340 |
CVE-2024-21036 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
95 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2341 |
CVE-2024-21035 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
96 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2342 |
CVE-2024-21034 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
97 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2343 |
CVE-2024-21033 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
98 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2344 |
CVE-2024-21032 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
99 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2345 |
CVE-2024-21031 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
100 |
Oracle E-Business Suite 的 Oracle Applications Framework 安全漏洞 |
CNNVD-202404-2347 |
CVE-2024-21080 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
101 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2348 |
CVE-2024-21030 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
102 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2349 |
CVE-2024-21029 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
103 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2350 |
CVE-2024-21028 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
104 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2352 |
CVE-2024-21027 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
105 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2353 |
CVE-2024-21026 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
106 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2358 |
CVE-2024-21025 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
107 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2359 |
CVE-2024-21024 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
108 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2361 |
CVE-2024-21023 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
109 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2362 |
CVE-2024-21021 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
110 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2364 |
CVE-2024-21020 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
111 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2365 |
CVE-2024-21022 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
112 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2366 |
CVE-2024-21018 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
113 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2367 |
CVE-2024-21017 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
114 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2368 |
CVE-2024-21019 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
115 |
Oracle Database Server 安全漏洞 |
CNNVD-202404-2369 |
CVE-2024-21066 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
116 |
Oracle Database Server 安全漏洞 |
CNNVD-202404-2370 |
CVE-2024-21058 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
117 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202404-2371 |
CVE-2024-21016 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
118 |
Oracle Virtualization 安全漏洞 |
CNNVD-202404-2194 |
CVE-2024-21108 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
119 |
Oracle Solaris 安全漏洞 |
CNNVD-202404-2206 |
CVE-2024-21105 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
120 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2217 |
CVE-2024-21101 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
121 |
Oracle MySQL 安全漏洞 |
CNNVD-202404-2218 |
CVE-2024-21000 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
122 |
Oracle Java SE 安全漏洞 |
CNNVD-202404-2244 |
CVE-2024-21004 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
123 |
Oracle Java SE 安全漏洞 |
CNNVD-202404-2245 |
CVE-2024-21002 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
124 |
Oracle Java SE 和 Oracle GraalVM 安全漏洞 |
CNNVD-202404-2246 |
CVE-2024-21005 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
125 |
Oracle Java SE 安全漏洞 |
CNNVD-202404-2247 |
CVE-2024-21003 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
126 |
Oracle Java SE 和Oracle GraalVM 安全漏洞 |
CNNVD-202404-2248 |
CVE-2024-21012 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
127 |
Oracle Java SE 安全漏洞 |
CNNVD-202404-2249 |
CVE-2024-21094 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
128 |
Oracle Java SE 安全漏洞 |
CNNVD-202404-2250 |
CVE-2024-21068 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
129 |
Oracle Java SE 安全漏洞 |
CNNVD-202404-2251 |
CVE-2024-21011 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
130 |
Oracle Java SE 安全漏洞 |
CNNVD-202404-2252 |
CVE-2024-21085 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
131 |
Oracle Java SE 安全漏洞 |
CNNVD-202404-2253 |
CVE-2024-21098 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
132 |
Oracle Java SE 的 Oracle GraalVM 安全漏洞 |
CNNVD-202404-2256 |
CVE-2024-20954 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
|
133 |
Oracle Database Server 安全漏洞 |
CNNVD-202404-2372 |
CVE-2024-20995 |
低危 |
https://www.oracle.com/security-alerts/cpuapr2024.html |
此次更新共包括10个更新漏洞的补丁程序,其中高危漏洞3个,中危漏洞4个,低危漏洞3个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Oracle部分产品 安全漏洞 |
CNNVD-202401-1563 |
CVE-2024-20918 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
2 |
Oracle部分产品 安全漏洞 |
CNNVD-202401-1546 |
CVE-2024-20932 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
3 |
Oracle部分产品 安全漏洞 |
CNNVD-202401-1537 |
CVE-2024-20952 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
4 |
Oracle Java SE 安全漏洞 |
CNNVD-202401-1582 |
CVE-2024-20919 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
5 |
Oracle Java SE 安全漏洞 |
CNNVD-202401-1583 |
CVE-2024-20921 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024verbose.html |
|
6 |
Oracle Java SE和Oracle GraalVM 安全漏洞 |
CNNVD-202401-1548 |
CVE-2024-20926 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
7 |
Oracle Java SE 安全漏洞 |
CNNVD-202401-1584 |
CVE-2024-20945 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
8 |
Oracle部分产品 安全漏洞 |
CNNVD-202401-1556 |
CVE-2024-20922 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
9 |
Oracle部分产品安全漏洞 |
CNNVD-202401-1675 |
CVE-2024-20923 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
10 |
Oracle Java SE和Oracle GraalVM 安全漏洞 |
CNNVD-202401-1673 |
CVE-2024-20925 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
此次更新共包括193个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞26个,高危漏洞93个,中危漏洞68个,低危漏洞6个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
|
1 |
Terracotta Quartz Scheduler 代码问题漏洞 |
CNNVD-201907-1383 |
CVE-2019-13990 |
超危 |
softwareag |
http://www.quartz-scheduler.org/ |
|
2 |
Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 |
CNNVD-202207-838 |
CVE-2020-29508 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
3 |
Dell BSAFE 安全特征问题漏洞 |
CNNVD-202207-834 |
CVE-2020-35163 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
4 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-832 |
CVE-2020-35166 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
5 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-831 |
CVE-2020-35167 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
6 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-828 |
CVE-2020-35168 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
7 |
handlebars 安全漏洞 |
CNNVD-202104-686 |
CVE-2021-23369 |
超危 |
个人开发者 |
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 |
|
8 |
handlebars 安全漏洞 |
CNNVD-202105-130 |
CVE-2021-23383 |
超危 |
个人开发者 |
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 |
|
9 |
Apache DB DdlUtils 代码问题漏洞 |
CNNVD-202109-1960 |
CVE-2021-41616 |
超危 |
Apache基金会 |
https://lists.apache.org/thread.html/r3d7a8303a820144f5e2d1fd0b067e18d419421b58346b53b58d3fa72%40%3Cannounce.apache.org%3E |
|
10 |
iText 命令注入漏洞 |
CNNVD-202112-1333 |
CVE-2021-43113 |
超危 |
个人开发者 |
https://github.com/itext/itext7/releases/tag/7.1.17 |
|
11 |
SnakeYAML 代码问题漏洞 |
CNNVD-202212-1820 |
CVE-2022-1471 |
超危 |
个人开发者 |
https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 |
|
12 |
Dell BSAFE 安全漏洞 |
CNNVD-202402-197 |
CVE-2022-34381 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability |
|
13 |
HSQLDB 安全漏洞 |
CNNVD-202210-196 |
CVE-2022-41853 |
超危 |
The HSQL Development Group |
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7 |
|
14 |
Apache Commons Text 代码注入漏洞 |
CNNVD-202210-790 |
CVE-2022-42889 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om |
|
15 |
Apache Commons BCEL 缓冲区错误漏洞 |
CNNVD-202211-2199 |
CVE-2022-42920 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4 |
|
16 |
Apache SOAP 访问控制错误漏洞 |
CNNVD-202211-2683 |
CVE-2022-45378 |
超危 |
Apache |
https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31 |
|
17 |
Apache Derby 注入漏洞 |
CNNVD-202311-1655 |
CVE-2022-46337 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 |
|
18 |
Apache CXF 代码问题漏洞 |
CNNVD-202212-3143 |
CVE-2022-46364 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c |
|
19 |
VMware Spring Security 安全漏洞 |
CNNVD-202307-1680 |
CVE-2023-34034 |
超危 |
VMware |
https://spring.io/security/cve-2023-34034 |
|
20 |
curl 缓冲区错误漏洞 |
CNNVD-202310-917 |
CVE-2023-38545 |
超危 |
curl |
https://github.com/curl/curl/commit/fb4415d8aee6c1 |
|
21 |
Apple Safari 代码问题漏洞 |
CNNVD-202309-2063 |
CVE-2023-41993 |
超危 |
Apple |
https://support.apple.com/en-us/HT213930 |
|
22 |
npm IP Package 代码问题漏洞 |
CNNVD-202402-689 |
CVE-2023-42282 |
超危 |
npm |
https://www.npmjs.com/package/ip |
|
23 |
Apache ZooKeeper 安全漏洞 |
CNNVD-202310-856 |
CVE-2023-44981 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b |
|
24 |
Apache ActiveMQ 代码问题漏洞 |
CNNVD-202310-2332 |
CVE-2023-46604 |
超危 |
Apache基金会 |
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt |
|
25 |
Perl 安全漏洞 |
CNNVD-202312-067 |
CVE-2023-47100 |
超危 |
Perl |
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 |
|
26 |
PostgreSQL JDBC Driver 安全漏洞 |
CNNVD-202402-1534 |
CVE-2024-1597 |
超危 |
PostgreSQL |
https://github.com/pgjdbc/pgjdbc/releases/tag/REL42.7.2 |
|
27 |
Apache MINA 安全漏洞 |
CNNVD-201910-048 |
CVE-2019-0231 |
高危 |
Apache基金会 |
http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019 |
|
28 |
jackson-mapper-asl 代码问题漏洞 |
CNNVD-201911-1110 |
CVE-2019-10172 |
高危 |
个人开发者 |
https://mvnrepository.com/artifact/org.codehaus.jackson |
|
29 |
Red Hat Hibernate ORM SQL注入漏洞 |
CNNVD-202011-1706 |
CVE-2020-25638 |
高危 |
Red Hat |
https://hibernate.org/ |
|
30 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-833 |
CVE-2020-35164 |
高危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
31 |
Python 输入验证错误漏洞 |
CNNVD-202208-3716 |
CVE-2021-28861 |
高危 |
Python |
https://bugs.python.org/issue43223 |
|
32 |
Perl 代码问题漏洞 |
CNNVD-202108-807 |
CVE-2021-36770 |
高危 |
Perl |
https://access.redhat.com/security/cve/cve-2021-36770 |
|
33 |
Certifi 数据伪造问题漏洞 |
CNNVD-202212-2660 |
CVE-2022-23491 |
高危 |
Certifi |
https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 |
|
34 |
nekohtml资源管理错误漏洞 |
CNNVD-202204-2918 |
CVE-2022-24839 |
高危 |
个人开发者 |
https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d |
|
35 |
Google protobuf 安全漏洞 |
CNNVD-202210-769 |
CVE-2022-3171 |
高危 |
|
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 |
|
36 |
Apache Xalan 输入验证错误漏洞 |
CNNVD-202207-1617 |
CVE-2022-34169 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
|
37 |
XStream 缓冲区错误漏洞 |
CNNVD-202209-1230 |
CVE-2022-40152 |
高危 |
XStream |
https://github.com/x-stream/xstream/issues/304 |
|
38 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202210-1712 |
CVE-2022-41704 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf |
|
39 |
FasterXML jackson-databind 代码问题漏洞 |
CNNVD-202210-007 |
CVE-2022-42003 |
高危 |
FasterXML |
https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 |
|
40 |
FasterXML jackson-databind 代码问题漏洞 |
CNNVD-202210-006 |
CVE-2022-42004 |
高危 |
FasterXML |
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 |
|
41 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202210-1707 |
CVE-2022-42890 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly |
|
42 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202308-1802 |
CVE-2022-44729 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2 |
|
43 |
Hutool 缓冲区错误漏洞 |
CNNVD-202212-3131 |
CVE-2022-45688 |
高危 |
Dromara社区 |
https://github.com/dromara/hutool/issues/2748 |
|
44 |
Apache Ivy 代码问题漏洞 |
CNNVD-202308-1684 |
CVE-2022-46751 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8 |
|
45 |
UnRAR 后置链接漏洞 |
CNNVD-202308-425 |
CVE-2022-48579 |
高危 |
个人开发者 |
https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee |
|
46 |
OpenSSL 信任管理问题漏洞 |
CNNVD-202303-1681 |
CVE-2023-0464 |
高危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230322.txt |
|
47 |
Red Hat JBoss Enterprise Application Platform 安全漏洞 |
CNNVD-202303-798 |
CVE-2023-1108 |
高危 |
Red Hat |
https://github.com/ICEPAY/REST-API-NET/commit/61f6b8758e5c971abff5f901cfa9f231052b775f |
|
48 |
netplex json-smart 安全漏洞 |
CNNVD-202303-1658 |
CVE-2023-1370 |
高危 |
netplex |
https://netplex.github.io/json-smart/ |
|
49 |
Jettison 安全漏洞 |
CNNVD-202303-1656 |
CVE-2023-1436 |
高危 |
Jettison |
https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ |
|
50 |
Spring Framework 安全漏洞 |
CNNVD-202303-2401 |
CVE-2023-20860 |
高危 |
Spring |
https://spring.io/security/cve-2023-20860 |
|
51 |
ModSecurity 安全漏洞 |
CNNVD-202301-1585 |
CVE-2023-24021 |
高危 |
个人开发者 |
https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334 |
|
52 |
Apache Commons FileUpload 安全漏洞 |
CNNVD-202302-1610 |
CVE-2023-24998 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy |
|
53 |
OpenCV 代码问题漏洞 |
CNNVD-202305-852 |
CVE-2023-2617 |
高危 |
OpenCV |
https://github.com/opencv/opencv_contrib/pull/3480 |
|
54 |
OpenCV 安全漏洞 |
CNNVD-202305-851 |
CVE-2023-2618 |
高危 |
OpenCV |
https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
|
55 |
Intel oneAPI Toolkits 代码问题漏洞 |
CNNVD-202308-1031 |
CVE-2023-28823 |
高危 |
Intel |
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
|
56 |
glib2 资源管理错误漏洞 |
CNNVD-202306-1169 |
CVE-2023-29499 |
高危 |
GNOME |
https://gitlab.gnome.org/GNOME/glib/ |
|
57 |
Google Guava 安全漏洞 |
CNNVD-202306-1141 |
CVE-2023-2976 |
高危 |
|
https://github.com/google/guava |
|
58 |
Apache HTTP Server 缓冲区错误漏洞 |
CNNVD-202310-1640 |
CVE-2023-31122 |
高危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
59 |
Red Hat Undertow 安全漏洞 |
CNNVD-202308-506 |
CVE-2023-3223 |
高危 |
Red Hat |
https://undertow.io/ |
|
60 |
glib2 资源管理错误漏洞 |
CNNVD-202306-1170 |
CVE-2023-32636 |
高危 |
GNOME |
https://gitlab.gnome.org/GNOME/glib/ |
|
61 |
glib2 缓冲区错误漏洞 |
CNNVD-202306-1172 |
CVE-2023-32643 |
高危 |
GNOME |
https://gitlab.gnome.org/GNOME/glib/ |
|
62 |
Spring Framework 安全漏洞 |
CNNVD-202311-2123 |
CVE-2023-34053 |
高危 |
Spring团队 |
https://github.com/spring-projects/spring-framework/releases/tag/v6.0. |
|
63 |
Apache Tomcat 安全漏洞 |
CNNVD-202306-1525 |
CVE-2023-34981 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz |
|
64 |
Jenkins 跨站请求伪造漏洞 |
CNNVD-202306-1089 |
CVE-2023-35141 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135 |
|
65 |
Okio 安全漏洞 |
CNNVD-202307-1161 |
CVE-2023-3635 |
高危 |
square |
https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b |
|
66 |
Eclipse Jetty 资源管理错误漏洞 |
CNNVD-202310-691 |
CVE-2023-36478 |
高危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r |
|
67 |
Python 安全漏洞 |
CNNVD-202306-1804 |
CVE-2023-36632 |
高危 |
Python基金会 |
https://docs.python.org/3/library/email.html |
|
68 |
HCL BigFix Platform 输入验证错误漏洞 |
CNNVD-202310-848 |
CVE-2023-37536 |
高危 |
HCL Technologies |
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 |
|
69 |
curl 安全漏洞 |
CNNVD-202309-1067 |
CVE-2023-38039 |
高危 |
curl |
https://github.com/curl/curl |
|
70 |
python-cryptography 信任管理问题漏洞 |
CNNVD-202307-1332 |
CVE-2023-38325 |
高危 |
Cryptographic团队 |
https://github.com/pyca/cryptography/issues/9207 |
|
71 |
MIT Kerberos 资源管理错误漏洞 |
CNNVD-202308-1454 |
CVE-2023-39975 |
高危 |
MIT |
https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840 |
|
72 |
Eclipse Parsson 安全漏洞 |
CNNVD-202311-268 |
CVE-2023-4043 |
高危 |
Eclipse基金会 |
https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31 |
|
73 |
Redis 安全漏洞 |
CNNVD-202401-776 |
CVE-2023-41056 |
高危 |
Redis Labs |
https://github.com/redis/redis/commit/e351099e1119fb89496be578f5232c61ce300224 |
|
74 |
Apple iOS 和 iPadOS 安全漏洞 |
CNNVD-202309-2265 |
CVE-2023-41074 |
高危 |
Apple |
https://support.apple.com/en-us/HT213938 |
|
75 |
Python 代码问题漏洞 |
CNNVD-202308-1930 |
CVE-2023-41105 |
高危 |
Python基金会 |
https://github.com/python/cpython/pull/107982 |
|
76 |
Apple Safari 安全漏洞 |
CNNVD-202311-2397 |
CVE-2023-42917 |
高危 |
Apple |
https://support.apple.com/en-us/HT214033 |
|
77 |
Jenkins 安全漏洞 |
CNNVD-202309-1972 |
CVE-2023-43496 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072 |
|
78 |
Jenkins 代码问题漏洞 |
CNNVD-202309-1971 |
CVE-2023-43497 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 |
|
79 |
Jenkins 安全漏洞 |
CNNVD-202309-1970 |
CVE-2023-43498 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 |
|
80 |
Apache HTTP Server 资源管理错误漏洞 |
CNNVD-202310-1641 |
CVE-2023-43622 |
高危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
81 |
urllib3 信息泄露漏洞 |
CNNVD-202310-281 |
CVE-2023-43804 |
高危 |
个人开发者 |
https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
|
82 |
Pillow 安全漏洞 |
CNNVD-202311-282 |
CVE-2023-44271 |
高危 |
个人开发者 |
https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 |
|
83 |
Apache HTTP/2 资源管理错误漏洞 |
CNNVD-202310-667 |
CVE-2023-44487 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
|
84 |
OpenTelemetry-Go Contrib 安全漏洞 |
CNNVD-202310-955 |
CVE-2023-45142 |
高危 |
OpenTelemetry |
https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh |
|
85 |
Plotly.js 安全漏洞 |
CNNVD-202401-128 |
CVE-2023-46308 |
高危 |
个人开发者 |
https://github.com/plotly/plotly.js/releases/tag/v2.25.2 |
|
86 |
shadow 安全漏洞 |
CNNVD-202310-843 |
CVE-2023-4641 |
高危 |
个人开发者 |
https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904 |
|
87 |
Apache Tomcat 环境问题漏洞 |
CNNVD-202311-2168 |
CVE-2023-46589 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr |
|
88 |
Perl 安全漏洞 |
CNNVD-202311-2025 |
CVE-2023-47038 |
高危 |
PERL社区 |
https://bugzilla.redhat.com/show_bug.cgi?id=2249523 |
|
89 |
Perl 安全漏洞 |
CNNVD-202311-2026 |
CVE-2023-47039 |
高危 |
PERL社区 |
https://www.perl.org/ |
|
90 |
OpenSSL 安全漏洞 |
CNNVD-202309-665 |
CVE-2023-4807 |
高危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230908.txt |
|
91 |
Google Chrome 缓冲区错误漏洞 |
CNNVD-202309-784 |
CVE-2023-4863 |
高危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html |
|
92 |
glibc 缓冲区错误漏洞 |
CNNVD-202310-197 |
CVE-2023-4911 |
高危 |
GNU社区 |
https://www.gnu.org/software/libc/ |
|
93 |
Apache Solr 安全漏洞 |
CNNVD-202402-792 |
CVE-2023-50298 |
高危 |
Apache |
https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions |
|
94 |
Apache Solr 代码问题漏洞 |
CNNVD-202402-791 |
CVE-2023-50386 |
高危 |
Apache |
https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets |
|
95 |
JSON-Java 安全漏洞 |
CNNVD-202310-951 |
CVE-2023-5072 |
高危 |
个人开发者 |
https://github.com/stleary/JSON-java/ |
|
96 |
Jasper 安全漏洞 |
CNNVD-202401-1315 |
CVE-2023-51257 |
高危 |
Jasper |
https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a |
|
97 |
GNU C Library 安全漏洞 |
CNNVD-202309-2162 |
CVE-2023-5156 |
高危 |
GNU社区 |
https://sourceware.org/bugzilla/show_bug.cgi?id=30884 |
|
98 |
jose4j 安全漏洞 |
CNNVD-202402-2688 |
CVE-2023-51775 |
高危 |
Bitbucket |
https://bitbucket.org/b_c/jose4j/downloads/ |
|
99 |
Connect2id Nimbus JOSE+JWT 安全漏洞 |
CNNVD-202402-845 |
CVE-2023-52428 |
高危 |
Connect2id |
https://connect2id.com/products/nimbus-jose-jwt |
|
100 |
OpenSSL 安全漏洞 |
CNNVD-202310-1871 |
CVE-2023-5363 |
高危 |
OpenSSL团队 |
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d |
|
101 |
Red Hat Undertow 安全漏洞 |
CNNVD-202312-977 |
CVE-2023-5379 |
高危 |
Red Hat |
https://bugzilla.redhat.com/show_bug.cgi?id=2242099 |
|
102 |
glibc 缓冲区错误漏洞 |
CNNVD-202401-2632 |
CVE-2023-6246 |
高危 |
个人开发者 |
https://github.com/kraj/glibc/releases/tag/glibc-2.37 |
|
103 |
logback 代码问题漏洞 |
CNNVD-202311-2206 |
CVE-2023-6378 |
高危 |
Quality Open Software |
https://logback.qos.ch/download.html |
|
104 |
Quality Open Software Logback 安全漏洞 |
CNNVD-202312-277 |
CVE-2023-6481 |
高危 |
Quality Open Software |
https://logback.qos.ch/news.html |
|
105 |
glibc 缓冲区错误漏洞 |
CNNVD-202401-2633 |
CVE-2023-6779 |
高危 |
个人开发者 |
https://github.com/kraj/glibc/releases/tag/glibc-2.38 |
|
106 |
Red Hat Undertow 资源管理错误漏洞 |
CNNVD-202402-1551 |
CVE-2024-1635 |
高危 |
Red Hat |
https://undertow.io/ |
|
107 |
runc 安全漏洞 |
CNNVD-202401-2725 |
CVE-2024-21626 |
高危 |
个人开发者 |
https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv |
|
108 |
Amazon Ion 安全漏洞 |
CNNVD-202401-216 |
CVE-2024-21634 |
高危 |
Amazon |
https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6 |
|
109 |
Node.js 安全漏洞 |
CNNVD-202402-1466 |
CVE-2024-21892 |
高危 |
Node.js |
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high |
|
110 |
Node.js 安全漏洞 |
CNNVD-202402-1467 |
CVE-2024-22019 |
高危 |
Node.js |
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high |
|
111 |
Eclipse Jetty 安全漏洞 |
CNNVD-202402-2103 |
CVE-2024-22201 |
高危 |
Eclipse |
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 |
|
112 |
Spring Framework 安全漏洞 |
CNNVD-202401-1957 |
CVE-2024-22233 |
高危 |
Spring |
https://spring.io/security/cve-2024-22233/ |
|
113 |
Spring Framework 安全漏洞 |
CNNVD-202402-1929 |
CVE-2024-22243 |
高危 |
Spring |
https://spring.io/projects/spring-framework#support |
|
114 |
VMware Spring Security 安全漏洞 |
CNNVD-202403-1650 |
CVE-2024-22257 |
高危 |
VMware |
https://spring.io/security/cve-2024-22257 |
|
115 |
Spring Framework 安全漏洞 |
CNNVD-202403-1543 |
CVE-2024-22259 |
高危 |
Spring |
https://spring.io/security/cve-2024-22259 |
|
116 |
Apache Tomcat 安全漏洞 |
CNNVD-202403-1180 |
CVE-2024-23672 |
高危 |
Apache |
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f |
|
117 |
Apache Tomcat 输入验证错误漏洞 |
CNNVD-202403-1179 |
CVE-2024-24549 |
高危 |
Apache |
https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg |
|
118 |
libxml2 安全漏洞 |
CNNVD-202402-242 |
CVE-2024-25062 |
高危 |
个人开发者 |
https://gitlab.gnome.org/GNOME/libxml2/-/tags |
|
119 |
python-cryptography 安全漏洞 |
CNNVD-202402-1783 |
CVE-2024-26130 |
高危 |
Cryptographic |
https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 |
|
120 |
Apache Ant 安全漏洞 |
CNNVD-202107-983 |
CVE-2021-36373 |
中危 |
Apache基金会 |
https://ant.apache.org/ |
|
121 |
Apache Ant 安全漏洞 |
CNNVD-202107-984 |
CVE-2021-36374 |
中危 |
Apache基金会 |
https://ant.apache.org/ |
|
122 |
Apache Commons Net 输入验证错误漏洞 |
CNNVD-202212-2188 |
CVE-2021-37533 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 |
|
123 |
JetBrains Kotlin 安全特征问题漏洞 |
CNNVD-202202-606 |
CVE-2022-24329 |
中危 |
JetBrains |
http://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 |
|
124 |
MetadataExtractor 安全漏洞 |
CNNVD-202202-1859 |
CVE-2022-24613 |
中危 |
个人开发者 |
https://cxsecurity.com/cveshow/CVE-2022-24613/ |
|
125 |
MetadataExtractor 安全漏洞 |
CNNVD-202202-1858 |
CVE-2022-24614 |
中危 |
个人开发者 |
https://cxsecurity.com/cveshow/CVE-2022-24614/ |
|
126 |
Apache Portable Runtime 输入验证错误漏洞 |
CNNVD-202301-2414 |
CVE-2022-25147 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 |
|
127 |
jQuery 跨站脚本漏洞 |
CNNVD-202207-2121 |
CVE-2022-31160 |
中危 |
个人开发者 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
|
128 |
jsoup 跨站脚本漏洞 |
CNNVD-202208-4329 |
CVE-2022-36033 |
中危 |
个人开发者 |
https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
|
129 |
Matthäus G. Chajdas pygments 代码问题漏洞 |
CNNVD-202307-1683 |
CVE-2022-40896 |
中危 |
Matthäus G. Chajdas |
https://pypi.org/project/Pygments/ |
|
130 |
OpenSSL 信任管理问题漏洞 |
CNNVD-202303-2432 |
CVE-2023-0465 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230328.txt |
|
131 |
OpenSSL 信任管理问题漏洞 |
CNNVD-202303-2431 |
CVE-2023-0466 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230328.txt |
|
132 |
Red Hat AMQ 安全漏洞 |
CNNVD-202302-1203 |
CVE-2023-0833 |
中危 |
Red Hat |
https://www.redhat.com/en/resources/amq-streams-datasheet |
|
133 |
OpenSSL 缓冲区错误漏洞 |
CNNVD-202304-1714 |
CVE-2023-1255 |
中危 |
OpenSSL |
https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 |
|
134 |
Spring Framework 安全漏洞 |
CNNVD-202303-1917 |
CVE-2023-20861 |
中危 |
Spring |
https://spring.io/security/cve-2023-20861 |
|
135 |
Spring Framework 安全漏洞 |
CNNVD-202304-1667 |
CVE-2023-20862 |
中危 |
Spring |
https://spring.io/security/cve-2023-20862 |
|
136 |
Spring Framework 安全漏洞 |
CNNVD-202304-1094 |
CVE-2023-20863 |
中危 |
Spring |
https://spring.io/security/cve-2023-20863 |
|
137 |
libssh 授权问题漏洞 |
CNNVD-202305-2087 |
CVE-2023-2283 |
中危 |
libssh |
https://www.debian.org/security/2023/ |
|
138 |
OpenSSL 安全漏洞 |
CNNVD-202305-2503 |
CVE-2023-2650 |
中危 |
OpenSSL |
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a |
|
139 |
Intel oneAPI Toolkits 安全漏洞 |
CNNVD-202308-1047 |
CVE-2023-27391 |
中危 |
Intel |
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
|
140 |
Apache Tomcat 安全漏洞 |
CNNVD-202303-1662 |
CVE-2023-28708 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 |
|
141 |
Flexera InstallShield 安全漏洞 |
CNNVD-202401-2402 |
CVE-2023-29081 |
中危 |
Flexera |
https://community.flexera.com/t5/Product-Downloads/ct-p/Downloads |
|
142 |
OpenSSL 授权问题漏洞 |
CNNVD-202307-1295 |
CVE-2023-2975 |
中危 |
OpenSSL团队 |
https://www.openssl.org/news/secadv/20230714.txt |
|
143 |
glib2 资源管理错误漏洞 |
CNNVD-202306-1171 |
CVE-2023-32611 |
中危 |
GNOME |
https://gitlab.gnome.org/GNOME/glib/ |
|
144 |
glib2 代码问题漏洞 |
CNNVD-202306-1168 |
CVE-2023-32665 |
中危 |
GNOME |
https://gitlab.gnome.org/GNOME/glib/ |
|
145 |
Bouncy Castle 信任管理问题漏洞 |
CNNVD-202307-168 |
CVE-2023-33201 |
中危 |
Bouncy Castle |
https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc |
|
146 |
Bouncy Castle 资源管理错误漏洞 |
CNNVD-202311-1981 |
CVE-2023-33202 |
中危 |
Bouncy Castle |
https://www.bouncycastle.org/latest_releases.html |
|
147 |
Spring Security 安全漏洞 |
CNNVD-202307-1539 |
CVE-2023-34035 |
中危 |
Spring |
https://spring.io/security/cve-2023-34035 |
|
148 |
VMware Spring Boot 安全漏洞 |
CNNVD-202311-2124 |
CVE-2023-34055 |
中危 |
VMware |
https://github.com/spring-projects/spring-boot/releases/tag/v3.0. |
|
149 |
OpenSSL 安全漏洞 |
CNNVD-202307-1681 |
CVE-2023-3446 |
中危 |
OpenSSL团队 |
https://www.openssl.org/news/secadv/20230719.txt |
|
150 |
FasterXML jackson-databind 代码问题漏洞 |
CNNVD-202306-1121 |
CVE-2023-35116 |
中危 |
FasterXML |
https://github.com/FasterXML/jackson-databind/issues/3972 |
|
151 |
Apache MINA 路径遍历漏洞 |
CNNVD-202307-582 |
CVE-2023-35887 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2 |
|
152 |
Eclipse Jetty 安全漏洞 |
CNNVD-202309-1093 |
CVE-2023-36479 |
中危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j |
|
153 |
OpenSSL 安全漏洞 |
CNNVD-202307-2314 |
CVE-2023-3817 |
中危 |
OpenSSL团队 |
https://www.openssl.org/news/secadv/20230731.txt |
|
154 |
Jenkins 跨站脚本漏洞 |
CNNVD-202307-2099 |
CVE-2023-39151 |
中危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188 |
|
155 |
procps 缓冲区错误漏洞 |
CNNVD-202308-085 |
CVE-2023-4016 |
中危 |
procps-ng |
https://gitlab.com/procps-ng/procps |
|
156 |
Eclipse Jetty 安全漏洞 |
CNNVD-202309-1102 |
CVE-2023-40167 |
中危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 |
|
157 |
Python 安全漏洞 |
CNNVD-202308-2059 |
CVE-2023-40217 |
中危 |
Python基金会 |
https://www.python.org/dev/security/ |
|
158 |
Apache Tomcat 输入验证错误漏洞 |
CNNVD-202308-2096 |
CVE-2023-41080 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f |
|
159 |
Eclipse Jetty 安全漏洞 |
CNNVD-202309-1113 |
CVE-2023-41900 |
中危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 |
|
160 |
Apache Commons Compress 资源管理错误漏洞 |
CNNVD-202309-1000 |
CVE-2023-42503 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c |
|
161 |
Jenkins 安全漏洞 |
CNNVD-202309-1974 |
CVE-2023-43494 |
中危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261 |
|
162 |
Jenkins 跨站脚本漏洞 |
CNNVD-202309-1973 |
CVE-2023-43495 |
中危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245 |
|
163 |
Apache Santuario 日志信息泄露漏洞 |
CNNVD-202310-1720 |
CVE-2023-44483 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 |
|
164 |
glibc 缓冲区错误漏洞 |
CNNVD-202309-933 |
CVE-2023-4527 |
中危 |
个人开发者 |
https://sourceware.org/bugzilla/show_bug.cgi?id=30842 |
|
165 |
Apache HTTP Server 资源管理错误漏洞 |
CNNVD-202310-1636 |
CVE-2023-45802 |
中危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
166 |
urllib3 信息泄露漏洞 |
CNNVD-202310-1359 |
CVE-2023-45803 |
中危 |
urllib3 |
https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
|
167 |
curl 安全漏洞 |
CNNVD-202312-490 |
CVE-2023-46218 |
中危 |
curl |
https://curl.se/docs/CVE-2023-46218.html |
|
168 |
curl 安全漏洞 |
CNNVD-202312-499 |
CVE-2023-46219 |
中危 |
curl |
https://curl.se/docs/CVE-2023-46219.html |
|
169 |
Node.js 安全漏洞 |
CNNVD-202402-1465 |
CVE-2023-46809 |
中危 |
Node.js |
https://nodejs.org/ |
|
170 |
glibc 资源管理错误漏洞 |
CNNVD-202309-932 |
CVE-2023-4806 |
中危 |
GNU社区 |
https://sourceware.org/bugzilla/show_bug.cgi?id=30843 |
|
171 |
OpenSSH 安全漏洞 |
CNNVD-202312-1668 |
CVE-2023-48795 |
中危 |
OpenBSD |
https://www.openssh.com/openbsd.html |
|
172 |
Python cryptography 代码问题漏洞 |
CNNVD-202311-2230 |
CVE-2023-49083 |
中危 |
Python基金会 |
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 |
|
173 |
python-cryptography 安全漏洞 |
CNNVD-202312-1318 |
CVE-2023-50782 |
中危 |
Cryptographic团队 |
https://cryptography.io/en/latest/ |
|
174 |
Jayway JsonPath 安全漏洞 |
CNNVD-202312-2349 |
CVE-2023-51074 |
中危 |
json-path |
https://github.com/json-path/JsonPath/issues/973 |
|
175 |
ImageMagick 资源管理错误漏洞 |
CNNVD-202310-092 |
CVE-2023-5341 |
中危 |
ImageMagick |
https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1 |
|
176 |
OpenSSL 代码问题漏洞 |
CNNVD-202311-423 |
CVE-2023-5678 |
中危 |
OpenSSL |
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 |
|
177 |
OpenSSL 安全漏洞 |
CNNVD-202401-736 |
CVE-2023-6129 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20240109.txt |
|
178 |
Python 安全漏洞 |
CNNVD-202312-708 |
CVE-2023-6507 |
中危 |
Python基金会 |
https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/ |
|
179 |
glibc 缓冲区错误漏洞 |
CNNVD-202401-2631 |
CVE-2023-6780 |
中危 |
个人开发者 |
https://github.com/kraj/glibc/releases/tag/glibc-2.38 |
|
180 |
curl 安全漏洞 |
CNNVD-202401-2732 |
CVE-2024-0853 |
中危 |
curl |
https://curl.se/docs/CVE-2024-0853.html |
|
181 |
Red Hat Undertow 安全漏洞 |
CNNVD-202402-940 |
CVE-2024-1459 |
中危 |
Red Hat |
https://undertow.io/downloads.html |
|
182 |
Jinja 跨站脚本漏洞 |
CNNVD-202401-963 |
CVE-2024-22195 |
中危 |
个人开发者 |
https://github.com/pallets/jinja/releases/tag/3.1.3 |
|
183 |
OWASP AntiSamy 跨站脚本漏洞 |
CNNVD-202402-204 |
CVE-2024-23635 |
中危 |
OWASP |
https://github.com/nahsra/antisamy/releases/tag/v1.7.5 |
|
184 |
CKEditor 跨站脚本漏洞 |
CNNVD-202402-598 |
CVE-2024-24815 |
中危 |
CKEditor |
https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb |
|
185 |
CKEditor 跨站脚本漏洞 |
CNNVD-202402-605 |
CVE-2024-24816 |
中危 |
CKEditor |
https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb |
|
186 |
Apache Commons Compress 安全漏洞 |
CNNVD-202402-1528 |
CVE-2024-25710 |
中危 |
Apache |
https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf |
|
187 |
Apache Commons Compress 安全漏洞 |
CNNVD-202402-1527 |
CVE-2024-26308 |
中危 |
Apache |
https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg |
|
188 |
Google Guava 访问控制错误漏洞 |
CNNVD-202012-827 |
CVE-2020-8908 |
低危 |
|
https://github.com/google/guava/issues/4011 |
|
189 |
curl 安全漏洞 |
CNNVD-202310-916 |
CVE-2023-38546 |
低危 |
curl |
https://github.com/curl/curl/releases |
|
190 |
Pip 命令注入漏洞 |
CNNVD-202310-1912 |
CVE-2023-5752 |
低危 |
Python Packaging Authority |
https://github.com/pypa/pip/releases/tag/23.3.1 |
|
191 |
libssh 安全漏洞 |
CNNVD-202312-1736 |
CVE-2023-6004 |
低危 |
libssh |
https://www.libssh.org/files/0.10/ |
|
192 |
libssh 安全漏洞 |
CNNVD-202312-1734 |
CVE-2023-6918 |
低危 |
libssh |
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ |
|
193 |
OpenSSL 安全漏洞 |
CNNVD-202401-2353 |
CVE-2024-0727 |
低危 |
OpenSSL |
https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpuapr2024.html
