国家漏洞库CNNVD：关于Oracle多个安全漏洞的通报

责编：gltian ｜2024-07-19 14:33:50

近日，Oracle官方发布了多个安全漏洞的公告，其中Oracle产品本身漏洞65个，影响到Oracle产品的其他厂商漏洞170个。包括Oracle Fusion Middleware 安全漏洞(CNNVD-202407-1769、CVE-2024-21181)、Oracle Virtualization 安全漏洞(CNNVD-202407-1644、CVE-2024-21141)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据、提升权限等。Oracle多个产品和系统受漏洞影响。目前，Oracle官方已经发布了漏洞修复补丁，建议用户及时确认是否受到漏洞影响，尽快采取修补措施。

一、漏洞介绍

2024年7月16日，Oracle发布了2024年7月份安全更新，共235个漏洞的补丁程序，CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Analytics、Oracle PeopleSoft Products、Oracle Virtualization、Oracle E-Business Suite、Oracle Java SE等。CNNVD对其危害等级进行了评价，其中超危漏洞24个，高危漏洞78个，中危漏洞120个，低危漏洞13个。

Oracle多个产品和系统版本受漏洞影响，具体影响范围可访问Oracle官方网站查询：

https://www.oracle.com/security-alerts/cpujul2024.html

二、漏洞详情

此次更新共235个漏洞的补丁程序，包括63个新增漏洞的补丁程序、2个更新漏洞的补丁程序和170个影响Oracle产品的其他厂商漏洞的补丁程序。

此次更新共包括63个新增漏洞的补丁程序，其中超危漏洞1个，高危漏洞12个，中危漏洞43个，低危漏洞7个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle Fusion Middleware 安全漏洞	CNNVD-202407-1769	CVE-2024-21181	超危	https://www.oracle.com/security-alerts/cpujul2024.html
2	Oracle Virtualization 安全漏洞	CNNVD-202407-1644	CVE-2024-21141	高危	https://www.oracle.com/security-alerts/cpujul2024.html
3	Oracle Retail Applications 安全漏洞	CNNVD-202407-1660	CVE-2024-21136	高危	https://www.oracle.com/security-alerts/cpujul2024.html
4	Oracle Java SE 安全漏洞	CNNVD-202407-1739	CVE-2024-21147	高危	https://www.oracle.com/security-alerts/cpujul2024.html
5	Oracle Fusion Middleware 安全漏洞	CNNVD-202407-1761	CVE-2024-21183	高危	https://www.oracle.com/security-alerts/cpujul2024.html
6	Oracle Fusion Middleware 安全漏洞	CNNVD-202407-1763	CVE-2024-21175	高危	https://www.oracle.com/security-alerts/cpujul2024.html
7	Oracle Fusion Middleware 安全漏洞	CNNVD-202407-1766	CVE-2024-21182	高危	https://www.oracle.com/security-alerts/cpujul2024.html
8	Oracle Database Server 安全漏洞	CNNVD-202407-1768	CVE-2024-21184	高危	https://www.oracle.com/security-alerts/cpujul2024.html
9	Oracle E-Business Suite 安全漏洞	CNNVD-202407-1772	CVE-2024-21167	高危	https://www.oracle.com/security-alerts/cpujul2024.html
10	Oracle E-Business Suite 安全漏洞	CNNVD-202407-1777	CVE-2024-21146	高危	https://www.oracle.com/security-alerts/cpujul2024.html
11	Oracle E-Business Suite 安全漏洞	CNNVD-202407-1778	CVE-2024-21153	高危	https://www.oracle.com/security-alerts/cpujul2024.html
12	Oracle E-Business Suite 安全漏洞	CNNVD-202407-1779	CVE-2024-21152	高危	https://www.oracle.com/security-alerts/cpujul2024.html
13	Oracle E-Business Suite 安全漏洞	CNNVD-202407-1780	CVE-2024-21149	高危	https://www.oracle.com/security-alerts/cpujul2024.html
14	Oracle Virtualization 安全漏洞	CNNVD-202407-1641	CVE-2024-21161	中危	https://www.oracle.com/security-alerts/cpujul2024.html
15	Oracle ZFS Storage Appliance 安全漏洞	CNNVD-202407-1647	CVE-2024-21155	中危	https://www.oracle.com/security-alerts/cpujul2024.html
16	Oracle PeopleSoft Products 安全漏洞	CNNVD-202407-1663	CVE-2024-21154	中危	https://www.oracle.com/security-alerts/cpujul2024.html
17	Oracle PeopleSoft Products 安全漏洞	CNNVD-202407-1664	CVE-2024-21122	中危	https://www.oracle.com/security-alerts/cpujul2024.html
18	Oracle PeopleSoft Products 安全漏洞	CNNVD-202407-1665	CVE-2024-21180	中危	https://www.oracle.com/security-alerts/cpujul2024.html
19	Oracle PeopleSoft Products 安全漏洞	CNNVD-202407-1668	CVE-2024-21178	中危	https://www.oracle.com/security-alerts/cpujul2024.html
20	Oracle PeopleSoft Products 安全漏洞	CNNVD-202407-1670	CVE-2024-21158	中危	https://www.oracle.com/security-alerts/cpujul2024.html
21	Oracle MySQL 安全漏洞	CNNVD-202407-1672	CVE-2024-21134	中危	https://www.oracle.com/security-alerts/cpujul2024.html
22	Oracle MySQL 安全漏洞	CNNVD-202407-1674	CVE-2024-21142	中危	https://www.oracle.com/security-alerts/cpujul2024.html
23	Oracle MySQL 安全漏洞	CNNVD-202407-1677	CVE-2024-21165	中危	https://www.oracle.com/security-alerts/cpujul2024.html
24	Oracle MySQL 安全漏洞	CNNVD-202407-1678	CVE-2024-21162	中危	https://www.oracle.com/security-alerts/cpujul2024.html
25	Oracle MySQL 安全漏洞	CNNVD-202407-1679	CVE-2024-21137	中危	https://www.oracle.com/security-alerts/cpujul2024.html
26	Oracle MySQL 安全漏洞	CNNVD-202407-1682	CVE-2024-21135	中危	https://www.oracle.com/security-alerts/cpujul2024.html
27	Oracle MySQL 安全漏洞	CNNVD-202407-1685	CVE-2024-21130	中危	https://www.oracle.com/security-alerts/cpujul2024.html
28	Oracle MySQL 安全漏洞	CNNVD-202407-1687	CVE-2024-21129	中危	https://www.oracle.com/security-alerts/cpujul2024.html
29	Oracle MySQL 安全漏洞	CNNVD-202407-1688	CVE-2024-21127	中危	https://www.oracle.com/security-alerts/cpujul2024.html
30	Oracle MySQL 安全漏洞	CNNVD-202407-1692	CVE-2024-21179	中危	https://www.oracle.com/security-alerts/cpujul2024.html
31	Oracle MySQL 安全漏洞	CNNVD-202407-1694	CVE-2024-21185	中危	https://www.oracle.com/security-alerts/cpujul2024.html
32	Oracle MySQL 安全漏洞	CNNVD-202407-1695	CVE-2024-21173	中危	https://www.oracle.com/security-alerts/cpujul2024.html
33	Oracle MySQL 安全漏洞	CNNVD-202407-1697	CVE-2024-21160	中危	https://www.oracle.com/security-alerts/cpujul2024.html
34	Oracle MySQL 安全漏洞	CNNVD-202407-1698	CVE-2024-21159	中危	https://www.oracle.com/security-alerts/cpujul2024.html
35	Oracle MySQL 安全漏洞	CNNVD-202407-1701	CVE-2024-20996	中危	https://www.oracle.com/security-alerts/cpujul2024.html
36	Oracle MySQL 安全漏洞	CNNVD-202407-1703	CVE-2024-21157	中危	https://www.oracle.com/security-alerts/cpujul2024.html
37	Oracle MySQL 安全漏洞	CNNVD-202407-1705	CVE-2024-21125	中危	https://www.oracle.com/security-alerts/cpujul2024.html
38	Oracle MySQL 安全漏洞	CNNVD-202407-1708	CVE-2024-21176	中危	https://www.oracle.com/security-alerts/cpujul2024.html
39	Oracle MySQL 安全漏洞	CNNVD-202407-1710	CVE-2024-21166	中危	https://www.oracle.com/security-alerts/cpujul2024.html
40	Oracle MySQL 安全漏洞	CNNVD-202407-1713	CVE-2024-21170	中危	https://www.oracle.com/security-alerts/cpujul2024.html
41	Oracle MySQL 安全漏洞	CNNVD-202407-1714	CVE-2024-21171	中危	https://www.oracle.com/security-alerts/cpujul2024.html
42	Oracle MySQL 安全漏洞	CNNVD-202407-1717	CVE-2024-21163	中危	https://www.oracle.com/security-alerts/cpujul2024.html
43	Oracle MySQL 安全漏洞	CNNVD-202407-1718	CVE-2024-21177	中危	https://www.oracle.com/security-alerts/cpujul2024.html
44	Oracle JD Edwards Products 安全漏洞	CNNVD-202407-1724	CVE-2024-21168	中危	https://www.oracle.com/security-alerts/cpujul2024.html
45	Oracle JD Edwards Products 安全漏洞	CNNVD-202407-1726	CVE-2024-21150	中危	https://www.oracle.com/security-alerts/cpujul2024.html
46	Oracle Java SE 安全漏洞	CNNVD-202407-1735	CVE-2024-21140	中危	https://www.oracle.com/security-alerts/cpujul2024.html
47	Oracle Java SE 安全漏洞	CNNVD-202407-1737	CVE-2024-21145	中危	https://www.oracle.com/security-alerts/cpujul2024.html
48	Oracle Analytics 安全漏洞	CNNVD-202407-1747	CVE-2024-21139	中危	https://www.oracle.com/security-alerts/cpujul2024.html
49	Oracle Fusion Middleware 安全漏洞	CNNVD-202407-1758	CVE-2024-21133	中危	https://www.oracle.com/security-alerts/cpujul2024.html
50	Oracle Financial Services Applications 安全漏洞	CNNVD-202407-1764	CVE-2024-21188	中危	https://www.oracle.com/security-alerts/cpujul2024.html
51	Oracle E-Business Suite 安全漏洞	CNNVD-202407-1770	CVE-2024-21169	中危	https://www.oracle.com/security-alerts/cpujul2024.html
52	Oracle E-Business Suite 安全漏洞	CNNVD-202407-1773	CVE-2024-21143	中危	https://www.oracle.com/security-alerts/cpujul2024.html
53	Oracle E-Business Suite 安全漏洞	CNNVD-202407-1774	CVE-2024-21128	中危	https://www.oracle.com/security-alerts/cpujul2024.html
54	Oracle E-Business Suite 安全漏洞	CNNVD-202407-1775	CVE-2024-21132	中危	https://www.oracle.com/security-alerts/cpujul2024.html
55	Oracle E-Business Suite 安全漏洞	CNNVD-202407-1776	CVE-2024-21148	中危	https://www.oracle.com/security-alerts/cpujul2024.html
56	Oracle Database Server 安全漏洞	CNNVD-202407-1781	CVE-2024-21126	中危	https://www.oracle.com/security-alerts/cpujul2024.html
57	Oracle Virtualization 安全漏洞	CNNVD-202407-1639	CVE-2024-21164	低危	https://www.oracle.com/security-alerts/cpujul2024.html
58	Oracle Solaris 安全漏洞	CNNVD-202407-1645	CVE-2024-21151	低危	https://www.oracle.com/security-alerts/cpujul2024.html
59	Oracle Java SE 安全漏洞	CNNVD-202407-1729	CVE-2024-21138	低危	https://www.oracle.com/security-alerts/cpujul2024.html
60	Oracle Java SE 安全漏洞	CNNVD-202407-1732	CVE-2024-21144	低危	https://www.oracle.com/security-alerts/cpujul2024.html
61	Oracle Java SE 安全漏洞	CNNVD-202407-1734	CVE-2024-21131	低危	https://www.oracle.com/security-alerts/cpujul2024.html
62	Oracle Database Server 安全漏洞	CNNVD-202407-1771	CVE-2024-21174	低危	https://www.oracle.com/security-alerts/cpujul2024.html
63	Oracle Database Server 安全漏洞	CNNVD-202407-1794	CVE-2024-21123	低危	https://www.oracle.com/security-alerts/cpujul2024.html

此次更新共包括2个更新漏洞的补丁程序，其中中危漏洞1个，低危漏洞1个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle Java SE 安全漏洞	CNNVD-202310-1388	CVE-2023-22081	中危	https://www.oracle.com/security-alerts/cpuoct2023.html
2	Oracle Java SE 安全漏洞	CNNVD-202404-2253	CVE-2024-21098	低危	https://www.oracle.com/security-alerts/cpuapr2024.html

此次更新共包括170个影响Oracle产品的其他厂商漏洞的补丁程序，其中超危漏洞23个，高危漏洞66个，中危漏洞76个，低危漏洞5个。

序号	漏洞名称	CNNV D编号	CVE编号	危害等级	厂商	官方链接
1	Terracotta Quartz Scheduler 代码问题漏洞	CNNVD-201907-1383	CVE-2019-13990	超危	softwareag	http://www.quartz-scheduler.org/
2	FasterXML jackson-databind 代码问题漏洞	CNNVD-201910-227	CVE-2019-17267	超危	fasterxml	https://github.com/FasterXML/jackson-databind/issues/2460
3	Apache Xmlbeans 输入验证错误漏洞	CNNVD-202101-1146	CVE-2021-23926	超危	Apache基金会	https://issues.apache.org/jira/browse/XMLBEANS-517
4	Stanford CoreNlp 注入漏洞	CNNVD-202202-1877	CVE-2021-44550	超危	Stanford Nlp Group	https://github.com/stanfordnlp/CoreNLP/issues/1222
5	corenlp 代码问题漏洞	CNNVD-202201-1390	CVE-2022-0239	超危	Stanford Nlp Group团队	https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3
6	OpenSSL 操作系统命令注入漏洞	CNNVD-202205-1962	CVE-2022-1292	超危	Openssl团队	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
7	joblib 安全漏洞	CNNVD-202209-2716	CVE-2022-21797	超危	joblib	https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059
8	Spring Framework 代码注入漏洞	CNNVD-202203-2514	CVE-2022-22965	超危	Spring团队	https://tanzu.vmware.com/security/cve-2022-22965
9	Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞	CNNVD-202302-1411	CVE-2022-25987	超危	Intel	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
10	Dell BSAFE 安全漏洞	CNNVD-202402-197	CVE-2022-34381	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability
11	Scala 代码问题漏洞	CNNVD-202209-2463	CVE-2022-36944	超危	Scala	https://www.scala-lang.org/download/
12	zlib 缓冲区错误漏洞	CNNVD-202208-2276	CVE-2022-37434	超危	个人开发者	https://github.com/madler/zlib/
13	Apache SOAP 访问控制错误漏洞	CNNVD-202211-2683	CVE-2022-45378	超危	Apache	https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31
14	Apache Derby 注入漏洞	CNNVD-202311-1655	CVE-2022-46337	超危	Apache基金会	https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
15	BusyBox 缓冲区错误漏洞	CNNVD-202208-4625	CVE-2022-48174	超危	个人开发者	https://bugs.busybox.net/show_bug.cgi?id=15216
16	VMware Spring Security 安全漏洞	CNNVD-202307-1680	CVE-2023-34034	超危	VMware	https://spring.io/security/cve-2023-34034
17	Certifi 数据伪造问题漏洞	CNNVD-202307-2046	CVE-2023-37920	超危	Certifi	https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
18	Node.js 路径遍历漏洞	CNNVD-202310-1126	CVE-2023-39332	超危	Nodejs	https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
19	Apache Axis 输入验证错误漏洞	CNNVD-202309-348	CVE-2023-40743	超危	Apache基金会	https://lists.apache.org/thread/gs0qgk2mgss7zfhzdd6ftfjvm4kp7v82
20	zlib 输入验证错误漏洞	CNNVD-202310-1086	CVE-2023-45853	超危	个人开发者	https://github.com/madler/zlib/pull/843
21	Apache Arrow 代码问题漏洞	CNNVD-202311-735	CVE-2023-47248	超危	Apache基金会	https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
22	Pillow 安全漏洞	CNNVD-202401-1886	CVE-2023-50447	超危	个人开发者	https://github.com/python-pillow/Pillow/releases/tag/10.2
23	Jenkins 安全漏洞	CNNVD-202401-2204	CVE-2024-23897	超危	Jenkins	https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
24	Apache Commons Beanutils 代码问题漏洞	CNNVD-201908-1140	CVE-2019-10086	高危	debian	https://issues.apache.org/jira/browse/BEANUTILS-520
25	Apache Batik 代码问题漏洞	CNNVD-202102-1586	CVE-2020-11987	高危	Apache基金会	https://xmlgraphics.apache.org/security.html
26	Microsoft .NET Core 安全漏洞	CNNVD-202102-681	CVE-2021-24112	高危	Microsoft	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112
27	Apache Commons Compress 安全漏洞	CNNVD-202107-899	CVE-2021-36090	高危	Apache基金会	https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
28	Apache Xalan 输入验证错误漏洞	CNNVD-202207-1617	CVE-2022-34169	高危	Apache基金会	https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
29	OpenSSL 安全漏洞	CNNVD-202210-2604	CVE-2022-3786	高危	OpenSSL团队	https://www.openssl.org/news/secadv/20221101.txt
30	Apache XML Graphics Batik代码问题漏洞	CNNVD-202209-2287	CVE-2022-40146	高危	Apache基金会	https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx
31	Jettison 缓冲区错误漏洞	CNNVD-202209-1235	CVE-2022-40149	高危	个人开发者	https://github.com/jettison-json/jettison/issues/45
32	Jettison 资源管理错误漏洞	CNNVD-202209-1233	CVE-2022-40150	高危	个人开发者	https://github.com/jettison-json/jettison/issues/45
33	XStream 缓冲区错误漏洞	CNNVD-202209-1230	CVE-2022-40152	高危	XStream	https://github.com/x-stream/xstream/issues/304
34	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202210-1712	CVE-2022-41704	高危	Apache基金会	https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
35	Netty 安全漏洞	CNNVD-202212-2914	CVE-2022-41881	高危	Netty社区	https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
36	FasterXML jackson-databind 代码问题漏洞	CNNVD-202210-007	CVE-2022-42003	高危	FasterXML	https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
37	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202210-1707	CVE-2022-42890	高危	Apache基金会	https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
38	Jettison 缓冲区错误漏洞	CNNVD-202212-3132	CVE-2022-45685	高危	个人开发者	https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
39	Jettison 缓冲区错误漏洞	CNNVD-202212-3128	CVE-2022-45693	高危	个人开发者	https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
40	netplex json-smart 安全漏洞	CNNVD-202303-1658	CVE-2023-1370	高危	netplex	https://netplex.github.io/json-smart/
41	Jettison 安全漏洞	CNNVD-202303-1656	CVE-2023-1436	高危	Jettison	https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
42	Apache Commons FileUpload 安全漏洞	CNNVD-202302-1610	CVE-2023-24998	高危	Apache基金会	https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
43	Apache Hadoop 代码问题漏洞	CNNVD-202311-1444	CVE-2023-26031	高危	Apache基金会	https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r
44	Google Guava 安全漏洞	CNNVD-202306-1141	CVE-2023-2976	高危	Google	https://github.com/google/guava
45	Spring Framework 代码问题漏洞	CNNVD-202308-1998	CVE-2023-34040	高危	Spring	https://spring.io/security/cve-2023-34040
46	Eclipse Jetty 资源管理错误漏洞	CNNVD-202310-691	CVE-2023-36478	高危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
47	HCL BigFix Platform 输入验证错误漏洞	CNNVD-202310-848	CVE-2023-37536	高危	HCL Technologies	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
48	Node.js 数据伪造问题漏洞	CNNVD-202310-1128	CVE-2023-38552	高危	Nodejs	https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
49	Node.js 路径遍历漏洞	CNNVD-202310-1127	CVE-2023-39331	高危	Nodejs	https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
50	Eclipse Parsson 安全漏洞	CNNVD-202311-268	CVE-2023-4043	高危	Eclipse基金会	https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
51	Python 代码问题漏洞	CNNVD-202308-1930	CVE-2023-41105	高危	Python基金会	https://github.com/python/cpython/pull/107982
52	Apache HTTP/2 资源管理错误漏洞	CNNVD-202310-667	CVE-2023-44487	高危	Apache基金会	https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
53	Apache Tomcat 环境问题漏洞	CNNVD-202311-2168	CVE-2023-46589	高危	Apache基金会	https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
54	Eclipse JGit 安全漏洞	CNNVD-202309-850	CVE-2023-4759	高危	Eclipse基金会	https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11
55	aiohttp 安全漏洞	CNNVD-202311-1314	CVE-2023-47627	高危	个人开发者	https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
56	JSON-Java 安全漏洞	CNNVD-202310-951	CVE-2023-5072	高危	个人开发者	https://github.com/stleary/JSON-java/
57	jose4j 安全漏洞	CNNVD-202402-2688	CVE-2023-51775	高危	Bitbucket	https://bitbucket.org/b_c/jose4j/downloads/
58	libexpat 安全漏洞	CNNVD-202402-245	CVE-2023-52425	高危	个人开发者	https://github.com/libexpat/libexpat/pull/789
59	Connect2id Nimbus JOSE+JWT 安全漏洞	CNNVD-202402-845	CVE-2023-52428	高危	Connect2id	https://connect2id.com/products/nimbus-jose-jwt
60	OpenSSL 安全漏洞	CNNVD-202310-1871	CVE-2023-5363	高危	OpenSSL团队	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
61	Red Hat XNIO 资源管理错误漏洞	CNNVD-202403-455	CVE-2023-5685	高危	Red Hat	https://github.com/xnio/xnio/tags
62	Red Hat Ansible 安全漏洞	CNNVD-202311-262	CVE-2023-5764	高危	Red Hat	https://access.redhat.com/security/cve/cve-2023-5764
63	Python 安全漏洞	CNNVD-202403-1882	CVE-2023-6597	高危	Python	https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
64	cpython 安全漏洞	CNNVD-202406-1925	CVE-2024-0397	高危	Python	https://github.com/gentoo/cpython/commit/a6a90cac7e1af91b032dcf0df13437857bc6c112
65	Node.js 安全漏洞	CNNVD-202402-1466	CVE-2024-21892	高危	Node.js	https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892—high
66	Node.js 安全漏洞	CNNVD-202402-1467	CVE-2024-22019	高危	Node.js	https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019—high
67	Eclipse Jetty 安全漏洞	CNNVD-202402-2103	CVE-2024-22201	高危	Eclipse	https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
68	Spring Framework 安全漏洞	CNNVD-202402-1929	CVE-2024-22243	高危	Spring	https://spring.io/projects/spring-framework#support
69	VMware Spring Security 安全漏洞	CNNVD-202403-1650	CVE-2024-22257	高危	VMware	https://spring.io/security/cve-2024-22257
70	Spring Framework 安全漏洞	CNNVD-202403-1543	CVE-2024-22259	高危	Spring	https://spring.io/security/cve-2024-22259
71	Spring Framework 安全漏洞	CNNVD-202404-2193	CVE-2024-22262	高危	Spring	https://spring.io/security/cve-2024-22262
72	Apache Tomcat 安全漏洞	CNNVD-202403-1180	CVE-2024-23672	高危	Apache	https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
73	Apache Xerces-C 资源管理错误漏洞	CNNVD-202402-1469	CVE-2024-23807	高危	Apache	https://github.com/apache/xerces-c/pull/54
74	Jenkins 安全漏洞	CNNVD-202401-2202	CVE-2024-23898	高危	Jenkins	https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315
75	Apache Tomcat 输入验证错误漏洞	CNNVD-202403-1179	CVE-2024-24549	高危	Apache	https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
76	libxml2 安全漏洞	CNNVD-202402-242	CVE-2024-25062	高危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/-/tags
77	OpenSSL 安全漏洞	CNNVD-202404-941	CVE-2024-2511	高危	OpenSSL	https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
78	python-cryptography 安全漏洞	CNNVD-202402-1783	CVE-2024-26130	高危	Cryptographic	https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
79	Apache httpd 资源管理错误漏洞	CNNVD-202404-635	CVE-2024-27316	高危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
80	Node.js 安全漏洞	CNNVD-202404-991	CVE-2024-27983	高危	Node.js	https://nodejs.org/en/blog/vulnerability/april-2024-security-releases
81	libexpat 安全漏洞	CNNVD-202403-795	CVE-2024-28757	高危	libexpat	https://github.com/libexpat/libexpat/pull/842
82	Apache Commons Configuration 缓冲区错误漏洞	CNNVD-202403-2143	CVE-2024-29131	高危	Apache	https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
83	Apache Commons Configuration 缓冲区错误漏洞	CNNVD-202403-2142	CVE-2024-29133	高危	Apache	https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2
84	Bouncy Castle 安全漏洞	CNNVD-202405-2601	CVE-2024-29857	高危	Bouncy Castle	https://www.bouncycastle.org/latest_releases.html
85	Apache ActiveMQ 安全漏洞	CNNVD-202405-256	CVE-2024-32114	高危	Apache	https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt
86	Pallets Werkzeug 安全漏洞	CNNVD-202405-1428	CVE-2024-34069	高危	Pallets	https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
87	libxml2 安全漏洞	CNNVD-202405-2380	CVE-2024-34459	高危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8
88	OpenSSL 安全漏洞	CNNVD-202405-4739	CVE-2024-4741	高危	OpenSSL	https://github.com/openssl/openssl
89	Red Hat Undertow 资源管理错误漏洞	CNNVD-202406-2368	CVE-2024-6162	高危	Red Hat	https://bugzilla.redhat.com/show_bug.cgi?id=2293069
90	Apache HttpClient 安全漏洞	CNNVD-202010-372	CVE-2020-13956	中危	Apache基金会	https://www.apache.org/
91	Apache Ant 信息泄露漏洞	CNNVD-202005-777	CVE-2020-1945	中危	Apache基金会	https://ant.apache.org/security.html
92	netplex json-smart-v 代码问题漏洞	CNNVD-202102-1490	CVE-2021-27568	中危	个人开发者	https://github.com/netplex/json-smart-v2
93	Apache Commons IO 路径遍历漏洞	CNNVD-202104-702	CVE-2021-29425	中危	Apache基金会	https://issues.apache.org/jira/browse/IO-556
94	Highcharts JS 跨站脚本漏洞	CNNVD-202105-177	CVE-2021-29489	中危	个人开发者	https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95
95	Apache Ant 安全漏洞	CNNVD-202107-983	CVE-2021-36373	中危	Apache基金会	https://ant.apache.org/
96	Apache Ant 安全漏洞	CNNVD-202107-984	CVE-2021-36374	中危	Apache基金会	https://ant.apache.org/
97	Apache Commons Net 输入验证错误漏洞	CNNVD-202212-2188	CVE-2021-37533	中危	Apache基金会	https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
98	jQuery 跨站脚本漏洞	CNNVD-202110-1843	CVE-2021-41182	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
99	jQuery 跨站脚本漏洞	CNNVD-202110-1839	CVE-2021-41183	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
100	Openjs Jquery Ui 跨站脚本漏洞	CNNVD-202110-1845	CVE-2021-41184	中危	Openjs基金会	https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
101	Vmware Spring Framework 安全漏洞	CNNVD-202203-2333	CVE-2022-22950	中危	VMware	https://tanzu.vmware.com/security/cve-2022-22950
102	Vmware Spring Framework 安全特征问题漏洞	CNNVD-202204-3302	CVE-2022-22968	中危	VMware	https://tanzu.vmware.com/security/cve-2022-22968
103	Spring Framework 输入验证错误漏洞	CNNVD-202205-2988	CVE-2022-22970	中危	Spring团队	https://spring.io/projects/spring-framework
104	jQuery 跨站脚本漏洞	CNNVD-202207-2121	CVE-2022-31160	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
105	jsoup 跨站脚本漏洞	CNNVD-202208-4329	CVE-2022-36033	中危	个人开发者	https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
106	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202209-2289	CVE-2022-38398	中危	Apache基金会	https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx
107	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202209-2288	CVE-2022-38648	中危	Apache基金会	https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
108	Netty 安全漏洞	CNNVD-202212-3060	CVE-2022-41915	中危	Netty社区	https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
109	Spring Framework 安全漏洞	CNNVD-202303-1917	CVE-2023-20861	中危	Spring	https://spring.io/security/cve-2023-20861
110	Google Pixel 安全漏洞	CNNVD-202303-1998	CVE-2023-21036	中危	Google	https://source.android.com/security/bulletin/pixel/2023-03-01
111	Ruby 安全漏洞	CNNVD-202303-2412	CVE-2023-28755	中危	个人开发者	https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
112	Ruby 安全漏洞	CNNVD-202303-2720	CVE-2023-28756	中危	个人开发者	https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
113	Flexera InstallShield 安全漏洞	CNNVD-202401-2402	CVE-2023-29081	中危	Flexera	https://community.flexera.com/t5/Product-Downloads/ct-p/Downloads
114	OpenSSL 授权问题漏洞	CNNVD-202307-1295	CVE-2023-2975	中危	OpenSSL团队	https://www.openssl.org/news/secadv/20230714.txt
115	Bouncy Castle 信任管理问题漏洞	CNNVD-202307-168	CVE-2023-33201	中危	Bouncy Castle	https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
116	Bouncy Castle 资源管理错误漏洞	CNNVD-202311-1981	CVE-2023-33202	中危	Bouncy Castle	https://www.bouncycastle.org/latest_releases.html
117	VMware Spring Boot 安全漏洞	CNNVD-202311-2124	CVE-2023-34055	中危	VMware	https://github.com/spring-projects/spring-boot/releases/tag/v3.0.
118	OpenSSL 安全漏洞	CNNVD-202307-1681	CVE-2023-3446	中危	OpenSSL团队	https://www.openssl.org/news/secadv/20230719.txt
119	FasterXML jackson-databind 代码问题漏洞	CNNVD-202306-1121	CVE-2023-35116	中危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/3972
120	Apache MINA 路径遍历漏洞	CNNVD-202307-582	CVE-2023-35887	中危	Apache基金会	https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
121	Eclipse Jetty 安全漏洞	CNNVD-202309-1093	CVE-2023-36479	中危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
122	OpenSSL 安全漏洞	CNNVD-202307-2314	CVE-2023-3817	中危	OpenSSL团队	https://www.openssl.org/news/secadv/20230731.txt
123	Apache HTTP Server 安全漏洞	CNNVD-202404-641	CVE-2023-38709	中危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
124	Eclipse Jetty 安全漏洞	CNNVD-202309-1102	CVE-2023-40167	中危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
125	Eclipse Jetty 安全漏洞	CNNVD-202309-1113	CVE-2023-41900	中危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
126	Apache Commons Compress 资源管理错误漏洞	CNNVD-202309-1000	CVE-2023-42503	中危	Apache基金会	https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
127	Apache Santuario 日志信息泄露漏洞	CNNVD-202310-1720	CVE-2023-44483	中危	Apache基金会	https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
128	curl 安全漏洞	CNNVD-202312-490	CVE-2023-46218	中危	curl	https://curl.se/docs/CVE-2023-46218.html
129	curl 安全漏洞	CNNVD-202312-499	CVE-2023-46219	中危	curl	https://curl.se/docs/CVE-2023-46219.html
130	Apache Shiro 输入验证错误漏洞	CNNVD-202312-1453	CVE-2023-46750	中危	Apache基金会	https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
131	OpenSSH 安全漏洞	CNNVD-202312-1668	CVE-2023-48795	中危	OpenBSD	https://www.openssh.com/openbsd.html
132	aiohttp 安全漏洞	CNNVD-202311-2265	CVE-2023-49081	中危	个人开发者	https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
133	aiohttp 注入漏洞	CNNVD-202311-2232	CVE-2023-49082	中危	个人开发者	https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx
134	Python cryptography 代码问题漏洞	CNNVD-202311-2230	CVE-2023-49083	中危	Python基金会	https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
135	Jayway JsonPath 安全漏洞	CNNVD-202312-2349	CVE-2023-51074	中危	json-path	https://github.com/json-path/JsonPath/issues/973
136	libexpat 安全漏洞	CNNVD-202402-243	CVE-2023-52426	中危	个人开发者	https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
137	OpenSSL 代码问题漏洞	CNNVD-202311-423	CVE-2023-5678	中危	OpenSSL	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
138	GnuTLS 安全漏洞	CNNVD-202311-1944	CVE-2023-5981	中危	个人开发者	https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d
139	OpenSSL 安全漏洞	CNNVD-202401-736	CVE-2023-6129	中危	OpenSSL	https://www.openssl.org/news/secadv/20240109.txt
140	SQLite 安全漏洞	CNNVD-202401-1406	CVE-2024-0232	中危	个人开发者	https://sqlite.org/forum/forumpost/4aa381993a
141	Python 安全漏洞	CNNVD-202403-1880	CVE-2024-0450	中危	Python	https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85
142	curl 安全漏洞	CNNVD-202401-2732	CVE-2024-0853	中危	curl	https://curl.se/docs/CVE-2024-0853.html
143	Apache James MIME4J 输入验证错误漏洞	CNNVD-202402-2305	CVE-2024-21742	中危	Apache	https://james.apache.org/download.cgi#Apache_Mime4J
144	Node.js 安全漏洞	CNNVD-202403-1801	CVE-2024-22025	中危	Node.js	https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
145	VMware Spring Security 安全漏洞	CNNVD-202402-1592	CVE-2024-22234	中危	VMware	https://spring.io/security/cve-2024-22234
146	OWASP AntiSamy 跨站脚本漏洞	CNNVD-202402-204	CVE-2024-23635	中危	OWASP	https://github.com/nahsra/antisamy/releases/tag/v1.7.5
147	Apache Zookeeper 信息泄露漏洞	CNNVD-202403-1401	CVE-2024-23944	中危	Apache	https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k
148	Apache HTTP Server 安全漏洞	CNNVD-202404-638	CVE-2024-24795	中危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
149	CKEditor 跨站脚本漏洞	CNNVD-202402-598	CVE-2024-24815	中危	CKEditor	https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
150	CKEditor 跨站脚本漏洞	CNNVD-202402-605	CVE-2024-24816	中危	CKEditor	https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
151	Apache Commons Compress 安全漏洞	CNNVD-202402-1528	CVE-2024-25710	中危	Apache	https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
152	Apache Commons Compress 安全漏洞	CNNVD-202402-1527	CVE-2024-26308	中危	Apache	https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
153	Node.js 安全漏洞	CNNVD-202405-1613	CVE-2024-27982	中危	Node.js	https://nodejs.org/
154	Nghttp2 安全漏洞	CNNVD-202404-586	CVE-2024-28182	中危	Nghttp2	https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
155	Apache CXF 代码问题漏洞	CNNVD-202403-1399	CVE-2024-28752	中危	Apache	https://cxf.apache.org/
156	Follow Redirects 信息泄露漏洞	CNNVD-202403-1332	CVE-2024-28849	中危	个人开发者	https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
157	Netty 安全漏洞	CNNVD-202403-2434	CVE-2024-29025	中危	Netty	https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
158	Express.js 安全漏洞	CNNVD-202403-2433	CVE-2024-29041	中危	Express.js	https://github.com/expressjs/express/releases/tag/v5.0.0-beta
159	Tiny Technologies TinyMCE 安全漏洞	CNNVD-202403-2522	CVE-2024-29203	中危	Tiny Technologies	https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
160	GNU C Library 安全漏洞	CNNVD-202404-2641	CVE-2024-2961	中危	GNU	https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
161	Tiny Technologies TinyMCE 安全漏洞	CNNVD-202403-2519	CVE-2024-29881	中危	Tiny Technologies	https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
162	Bouncy Castle 安全漏洞	CNNVD-202405-2620	CVE-2024-30171	中危	Bouncy Castle	https://www.bouncycastle.org/latest_releases.html
163	Bouncy Castle 安全漏洞	CNNVD-202405-2618	CVE-2024-30172	中危	Bouncy Castle	https://www.bouncycastle.org/latest_releases.html
164	Pallets Jinja 安全漏洞	CNNVD-202405-1436	CVE-2024-34064	中危	Pallets	https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
165	Bouncy Castle 安全漏洞	CNNVD-202405-1283	CVE-2024-34447	中危	Bouncy Castle	https://www.bouncycastle.org/latest_releases.html
166	Apache Tika 安全漏洞	CNNVD-202206-2671	CVE-2022-33879	低危	Apache基金会	https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
167	libssh 安全漏洞	CNNVD-202312-1736	CVE-2023-6004	低危	libssh	https://www.libssh.org/files/0.10/
168	libssh 安全漏洞	CNNVD-202312-1734	CVE-2023-6918	低危	libssh	https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
169	OpenSSL 安全漏洞	CNNVD-202401-2353	CVE-2024-0727	低危	OpenSSL	https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
170	OpenSSL 安全漏洞	CNNVD-202405-2902	CVE-2024-4603	低危	OpenSSL	https://www.openssl.org/news/secadv/20240516.txt

三、修复建议

目前，Oracle官方已经发布补丁修复了上述漏洞，建议用户及时确认漏洞影响，尽快采取修补措施。Oracle官方补丁下载地址：

https://www.oracle.com/security-alerts/cpujul2024.html

CNNVD将继续跟踪上述漏洞的相关情况，及时发布相关信息。如有需要，可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

来源：CNNVD安全动态

上一篇：迪士尼泄露1TB敏感数据，黑客称为艺术复仇

下一篇：美国家具巨头遭勒索攻击：工厂被迫关闭业务受到严重影响