国家漏洞库CNNVD:关于Oracle多个安全漏洞的通报

近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞91个,影响到Oracle产品的其他厂商漏洞225个。Oracle Mysql、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products等多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、漏洞介绍

2024年10月15日,Oracle发布了2024年10月份安全更新,共316个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products、Oracle PeopleSoft Enterprise HCM Global Payroll、Oracle Hyperion等。CNNVD对其危害等级进行了评价,其中超危漏洞23个,高危漏洞133个,中危漏洞131个,低危漏洞29个。

Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpuoct2024.html

二、漏洞详情

此次更新共316个漏洞的补丁程序,包括85个新增漏洞的补丁程序、6个更新漏洞的补丁程序和225个影响Oracle产品的其他厂商漏洞的补丁程序。

此次更新共包括85个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞32个,中危漏洞36个,低危漏洞15个。

序号 漏洞名称 CNNVD编号 CVE编号 危害等级 官方链接
1 Oracle Hospitality Applications 安全漏洞 CNNVD-202410-1411 CVE-2024-21172 超危 https://www.oracle.com/security-alerts/cpuoct2024.html
2 Oracle Fusion Middleware 安全漏洞 CNNVD-202410-1425 CVE-2024-21216 超危 https://www.oracle.com/security-alerts/cpuoct2024.html
3 Oracle Virtualization 安全漏洞 CNNVD-202410-1370 CVE-2024-21259 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
4 Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 CNNVD-202410-1374 CVE-2024-21214 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
5 Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 CNNVD-202410-1376 CVE-2024-21255 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
6 Oracle PeopleSoft Enterprise HCM Global Payroll 安全漏洞 CNNVD-202410-1378 CVE-2024-21283 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
7 Oracle MySQL 安全漏洞 CNNVD-202410-1406 CVE-2024-21272 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
8 Oracle BI Publisher 安全漏洞 CNNVD-202410-1413 CVE-2024-21195 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
9 Oracle Analytics 安全漏洞 CNNVD-202410-1414 CVE-2024-21254 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
10 Oracle Fusion Middleware 安全漏洞 CNNVD-202410-1417 CVE-2024-21234 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
11 Oracle Fusion Middleware 安全漏洞 CNNVD-202410-1418 CVE-2024-21215 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
12 Oracle Fusion Middleware 安全漏洞 CNNVD-202410-1420 CVE-2024-21260 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
13 Oracle Fusion Middleware 安全漏洞 CNNVD-202410-1421 CVE-2024-21274 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
14 Oracle Fusion Middleware 安全漏洞 CNNVD-202410-1422 CVE-2024-21246 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
15 Oracle Fusion Middleware 安全漏洞 CNNVD-202410-1423 CVE-2024-21190 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
16 Oracle Fusion Middleware 安全漏洞 CNNVD-202410-1424 CVE-2024-21191 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
17 Oracle Financial Services Applications 安全漏洞 CNNVD-202410-1427 CVE-2024-21284 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
18 Oracle Financial Services Applications 安全漏洞 CNNVD-202410-1428 CVE-2024-21285 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
19 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1431 CVE-2024-21276 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
20 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1432 CVE-2024-21279 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
21 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1433 CVE-2024-21265 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
22 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1434 CVE-2024-21252 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
23 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1435 CVE-2024-21280 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
24 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1436 CVE-2024-21275 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
25 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1437 CVE-2024-21277 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
26 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1438 CVE-2024-21269 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
27 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1439 CVE-2024-21250 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
28 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1440 CVE-2024-21271 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
29 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1441 CVE-2024-21282 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
30 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1442 CVE-2024-21267 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
31 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1443 CVE-2024-21278 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
32 Oracle Applications Manager 安全漏洞 CNNVD-202410-1444 CVE-2024-21268 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
33 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1445 CVE-2024-21270 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
34 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1446 CVE-2024-21266 高危 https://www.oracle.com/security-alerts/cpuoct2024.html
35 Oracle Virtualization 安全漏洞 CNNVD-202410-1367 CVE-2024-21248 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
36 Oracle Virtualization 安全漏洞 CNNVD-202410-1368 CVE-2024-21273 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
37 Oracle Virtualization 安全漏洞 CNNVD-202410-1369 CVE-2024-21263 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
38 Oracle PeopleSoft 安全漏洞 CNNVD-202410-1371 CVE-2024-21249 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
39 Oracle PeopleSoft Products 安全漏洞 CNNVD-202410-1372 CVE-2024-21286 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
40 Oracle PeopleSoft Enterprise CC Common Application Objects 安全漏洞 CNNVD-202410-1373 CVE-2024-21264 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
41 Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 CNNVD-202410-1375 CVE-2024-21202 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
42 Oracle MySQL 安全漏洞 CNNVD-202410-1382 CVE-2024-21200 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
43 Oracle MySQL 安全漏洞 CNNVD-202410-1385 CVE-2024-21212 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
44 Oracle MySQL 安全漏洞 CNNVD-202410-1386 CVE-2024-21204 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
45 Oracle MySQL 安全漏洞 CNNVD-202410-1387 CVE-2024-21193 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
46 Oracle MySQL 安全漏洞 CNNVD-202410-1389 CVE-2024-21213 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
47 Oracle MySQL 安全漏洞 CNNVD-202410-1390 CVE-2024-21201 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
48 Oracle MySQL 安全漏洞 CNNVD-202410-1391 CVE-2024-21241 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
49 Oracle MySQL 安全漏洞 CNNVD-202410-1392 CVE-2024-21219 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
50 Oracle MySQL 安全漏洞 CNNVD-202410-1393 CVE-2024-21198 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
51 Oracle MySQL 安全漏洞 CNNVD-202410-1394 CVE-2024-21239 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
52 Oracle MySQL 安全漏洞 CNNVD-202410-1395 CVE-2024-21197 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
53 Oracle MySQL 安全漏洞 CNNVD-202410-1396 CVE-2024-21236 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
54 Oracle MySQL 安全漏洞 CNNVD-202410-1397 CVE-2024-21199 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
55 Oracle MySQL 安全漏洞 CNNVD-202410-1398 CVE-2024-21207 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
56 Oracle MySQL 安全漏洞 CNNVD-202410-1399 CVE-2024-21203 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
57 Oracle MySQL 安全漏洞 CNNVD-202410-1400 CVE-2024-21194 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
58 Oracle MySQL 安全漏洞 CNNVD-202410-1401 CVE-2024-21218 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
59 Oracle MySQL 安全漏洞 CNNVD-202410-1402 CVE-2024-21238 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
60 Oracle MySQL 安全漏洞 CNNVD-202410-1403 CVE-2024-21196 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
61 Oracle MySQL 安全漏洞 CNNVD-202410-1404 CVE-2024-21230 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
62 Oracle MySQL 安全漏洞 CNNVD-202410-1405 CVE-2024-21262 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
63 Oracle Java SE 安全漏洞 CNNVD-202410-1412 CVE-2024-21235 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
64 Oracle Fusion Middleware 安全漏洞 CNNVD-202410-1415 CVE-2024-21192 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
65 Oracle Fusion Middleware 安全漏洞 CNNVD-202410-1416 CVE-2024-21205 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
66 Oracle Financial Services Applications 安全漏洞 CNNVD-202410-1426 CVE-2024-21281 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
67 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1429 CVE-2024-21206 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
68 Oracle E-Business Suite 安全漏洞 CNNVD-202410-1430 CVE-2024-21258 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
69 Oracle Database Server 安全漏洞 CNNVD-202410-1515 CVE-2024-21233 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
70 Oracle Application Express 安全漏洞 CNNVD-202410-1517 CVE-2024-21261 中危 https://www.oracle.com/security-alerts/cpuoct2024.html
71 Oracle Virtualization 安全漏洞 CNNVD-202410-1366 CVE-2024-21253 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
72 Oracle MySQL 安全漏洞 CNNVD-202410-1377 CVE-2024-21209 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
73 Oracle MySQL 安全漏洞 CNNVD-202410-1379 CVE-2024-21243 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
74 Oracle MySQL 安全漏洞 CNNVD-202410-1380 CVE-2024-21232 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
75 Oracle MySQL 安全漏洞 CNNVD-202410-1381 CVE-2024-21237 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
76 Oracle MySQL 安全漏洞 CNNVD-202410-1383 CVE-2024-21247 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
77 Oracle MySQL 安全漏洞 CNNVD-202410-1384 CVE-2024-21231 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
78 Oracle MySQL 安全漏洞 CNNVD-202410-1388 CVE-2024-21244 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
79 Oracle Java SE 安全漏洞 CNNVD-202410-1407 CVE-2024-21217 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
80 Oracle Java SE 安全漏洞 CNNVD-202410-1408 CVE-2024-21211 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
81 Oracle Java SE 安全漏洞 CNNVD-202410-1409 CVE-2024-21210 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
82 Oracle Hyperion 安全漏洞 CNNVD-202410-1410 CVE-2024-21257 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
83 Oracle Java SE 安全漏洞 CNNVD-202410-1419 CVE-2024-21208 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
84 Oracle Database Server 安全漏洞 CNNVD-202410-1516 CVE-2024-21242 低危 https://www.oracle.com/security-alerts/cpuoct2024.html
85 Oracle Database Server 安全漏洞 CNNVD-202410-1518 CVE-2024-21251 低危 https://www.oracle.com/security-alerts/cpuoct2024.html

此次更新共包括6个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞2个,低危漏洞3个。

序号 漏洞名称 CNNVD编号 CVE编号 危害等级 官方链接
1 Oracle Java SE 安全漏洞 CNNVD-202407-1739 CVE-2024-21147 高危 https://www.oracle.com/security-alerts/cpujul2024.html
2 Oracle Java SE 安全漏洞 CNNVD-202407-1735 CVE-2024-21140 中危 https://www.oracle.com/security-alerts/cpujul2024.html
3 Oracle Java SE 安全漏洞 CNNVD-202407-1737 CVE-2024-21145 中危 https://www.oracle.com/security-alerts/cpujul2024.html
4 Oracle Java SE 安全漏洞 CNNVD-202407-1734 CVE-2024-21131 低危 https://www.oracle.com/security-alerts/cpujul2024.html
5 Oracle Java SE 安全漏洞 CNNVD-202407-1729 CVE-2024-21138 低危 https://www.oracle.com/security-alerts/cpujul2024.html
6 Oracle Java SE 安全漏洞 CNNVD-202407-1732 CVE-2024-21144 低危 https://www.oracle.com/security-alerts/cpujul2024.html

此次更新共包括225个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞21个,高危漏洞100个,中危漏洞93个,低危漏洞11个。

序号 漏洞名称 CNNVD编号 CVE编号 危害等级 厂商 官方链接
1 Apache Chainsaw 代码问题漏洞 CNNVD-202106-1293 CVE-2020-9493 超危 Apache基金会 https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E
2 OpenSSL 操作系统命令注入漏洞 CNNVD-202205-1962 CVE-2022-1292 超危 Openssl团队 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
3 SnakeYAML 代码问题漏洞 CNNVD-202212-1820 CVE-2022-1471 超危 个人开发者 https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
4 OpenSSL 操作系统命令注入漏洞 CNNVD-202206-2112 CVE-2022-2068 超危 OpenSSL https://www.openssl.org/source/
5 Apache Log4j SQL注入漏洞 CNNVD-202201-1421 CVE-2022-23305 超危 Apache基金会 https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y
6 Dell BSAFE 安全漏洞 CNNVD-202402-197 CVE-2022-34381 超危 Dell https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability
7 Apache HTTP Server 环境问题漏洞 CNNVD-202301-1299 CVE-2022-36760 超危 Apache基金会 https://httpd.apache.org/security/vulnerabilities_24.html
8 XKCP 输入验证错误漏洞 CNNVD-202210-1541 CVE-2022-37454 超危 XKCP https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
9 Apache Derby 注入漏洞 CNNVD-202311-1655 CVE-2022-46337 超危 Apache基金会 https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
10 Certifi 数据伪造问题漏洞 CNNVD-202307-2046 CVE-2023-37920 超危 Certifi https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
11 OpenSSH 代码问题漏洞 CNNVD-202307-1721 CVE-2023-38408 超危 OpenBSD https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
12 curl 缓冲区错误漏洞 CNNVD-202310-917 CVE-2023-38545 超危 curl https://github.com/curl/curl/commit/fb4415d8aee6c1
13 Apache ZooKeeper 安全漏洞 CNNVD-202310-856 CVE-2023-44981 超危 Apache基金会 https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b
14 zlib 输入验证错误漏洞 CNNVD-202310-1086 CVE-2023-45853 超危 个人开发者 https://github.com/madler/zlib/pull/843
15 Pillow 安全漏洞 CNNVD-202401-1886 CVE-2023-50447 超危 个人开发者 https://github.com/python-pillow/Pillow/releases/tag/10.2
16 OpenSSH 安全漏洞 CNNVD-202312-1665 CVE-2023-51385 超危 OpenBSD https://www.openssh.com/txt/release-9.6
17 PHP 安全漏洞 CNNVD-202404-3501 CVE-2024-1874 超危 PHP https://www.php.net/downloads.php
18 RequireJS 安全漏洞 CNNVD-202407-034 CVE-2024-38999 超危 RequireJS https://github.com/requirejs/r.js
19 Jenkins 安全漏洞 CNNVD-202408-533 CVE-2024-43044 超危 Jenkins https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430
20 libexpat 安全漏洞 CNNVD-202408-2839 CVE-2024-45490 超危 libexpat https://github.com/libexpat/libexpat
21 PHP 操作系统命令注入漏洞 CNNVD-202406-852 CVE-2024-4577 超危 PHP https://www.php.net/downloads
22 jackson-mapper-asl 代码问题漏洞 CNNVD-201911-1110 CVE-2019-10172 高危 个人开发者 https://mvnrepository.com/artifact/org.codehaus.jackson
23 OpenSSH 操作系统命令注入漏洞 CNNVD-202007-1519 CVE-2020-15778 高危 OpenBSD https://www.openssh.com/
24 Npm underscore 代码注入漏洞 CNNVD-202103-1621 CVE-2021-23358 高危 Npm https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504
25 Netty 资源管理错误漏洞 CNNVD-202110-1442 CVE-2021-37136 高危 Netty社区 https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
26 Netty 资源管理错误漏洞 CNNVD-202110-1441 CVE-2021-37137 高危 Netty社区 https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
27 Apache Log4j 代码问题漏洞 CNNVD-202201-1420 CVE-2022-23302 高危 Apache基金会 https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w
28 Apache Log4j 代码问题漏洞 CNNVD-202201-1425 CVE-2022-23307 高危 Apache基金会 https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
29 grub2 安全漏洞 CNNVD-202211-2822 CVE-2022-2601 高危 GNU社区 https://access.redhat.com/security/cve/cve-2022-2601
30 Moment.js 资源管理错误漏洞 CNNVD-202207-502 CVE-2022-31129 高危 个人开发者 https://github.com/moment/moment/pull/6015#issuecomment-1152961973
31 Apache Xalan 输入验证错误漏洞 CNNVD-202207-1617 CVE-2022-34169 高危 Apache基金会 https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
32 Intel(R) oneAPI DPC++/C++ Compiler 代码问题漏洞 CNNVD-202301-904 CVE-2022-38136 高危 Intel https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
33 OpenSSL 安全漏洞 CNNVD-202212-2982 CVE-2022-3996 高危 OpenSSL https://github.com/openssl/openssl/
34 Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞 CNNVD-202301-905 CVE-2022-40196 高危 Intel https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
35 Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞 CNNVD-202301-906 CVE-2022-41342 高危 Intel https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
36 Python 安全漏洞 CNNVD-202210-2513 CVE-2022-42919 高危 Python基金会 https://github.com/python/cpython/issues/97514
37 OpenSSL 资源管理错误漏洞 CNNVD-202302-510 CVE-2022-4450 高危 OpenSSL https://www.openssl.org/news/secadv/20230207.txt
38 Python 资源管理错误漏洞 CNNVD-202211-2414 CVE-2022-45061 高危 Python基金会 https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html
39 OpenSSL 资源管理错误漏洞 CNNVD-202302-521 CVE-2023-0215 高危 OpenSSL https://ubuntu.com/security/notices/USN-5845-1
40 OpenSSL 代码问题漏洞 CNNVD-202302-512 CVE-2023-0216 高危 OpenSSL https://ubuntu.com/security/notices/USN-5844-1
41 OpenSSL 代码问题漏洞 CNNVD-202302-516 CVE-2023-0217 高危 OpenSSL https://ubuntu.com/security/notices/USN-5844-1
42 OpenSSL 安全漏洞 CNNVD-202302-524 CVE-2023-0286 高危 OpenSSL https://ubuntu.com/security/notices/USN-5845-1
43 OpenSSL 代码问题漏洞 CNNVD-202302-518 CVE-2023-0401 高危 OpenSSL https://ubuntu.com/security/notices/USN-5844-1
44 Apache Hadoop 代码问题漏洞 CNNVD-202311-1444 CVE-2023-26031 高危 Apache基金会 https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r
45 Apache Log4j 代码问题漏洞 CNNVD-202303-736 CVE-2023-26464 高危 Apache基金会 https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t
46 Intel oneAPI Toolkits 代码问题漏洞 CNNVD-202308-1031 CVE-2023-28823 高危 Intel http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
47 OpenLDAP 代码问题漏洞 CNNVD-202305-2588 CVE-2023-2953 高危 OpenLDAP https://www.openldap.org/software/download/
48 Google Guava 安全漏洞 CNNVD-202306-1141 CVE-2023-2976 高危 Google https://github.com/google/guava
49 snappy-java 输入验证错误漏洞 CNNVD-202306-1200 CVE-2023-34453 高危 个人开发者 https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
50 snappy-java 输入验证错误漏洞 CNNVD-202306-1198 CVE-2023-34454 高危 个人开发者 https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r
51 Snappy 输入验证错误漏洞 CNNVD-202306-1248 CVE-2023-34455 高危 个人开发者 https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh
52 Okio 安全漏洞 CNNVD-202307-1161 CVE-2023-3635 高危 square https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
53 Apache Avro 代码问题漏洞 CNNVD-202309-2636 CVE-2023-39410 高危 Apache基金会 https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
54 Eclipse Parsson 安全漏洞 CNNVD-202311-268 CVE-2023-4043 高危 Eclipse基金会 https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
55 Apple iOS 和 iPadOS 安全漏洞 CNNVD-202403-3045 CVE-2023-42950 高危 Apple https://support.apple.com/en-us/HT214035
56 Snappy 安全漏洞 CNNVD-202309-2204 CVE-2023-43642 高危 个人开发者 https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
57 Apache HTTP/2 资源管理错误漏洞 CNNVD-202310-667 CVE-2023-44487 高危 Apache基金会 https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
58 Google Go 安全漏洞 CNNVD-202404-632 CVE-2023-45288 高危 Google https://pkg.go.dev/vuln/GO-2024-2687
59 Pallets Werkzeug 缓冲区错误漏洞 CNNVD-202310-2005 CVE-2023-46136 高危 Pallets https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
60 Eclipse JGit 安全漏洞 CNNVD-202309-850 CVE-2023-4759 高危 Eclipse基金会 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11
61 OpenSSL 安全漏洞 CNNVD-202309-665 CVE-2023-4807 高危 OpenSSL https://www.openssl.org/news/secadv/20230908.txt
62 Google Chrome 缓冲区错误漏洞 CNNVD-202309-784 CVE-2023-4863 高危 Google https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
63 JSON-Java 安全漏洞 CNNVD-202310-951 CVE-2023-5072 高危 个人开发者 https://github.com/stleary/JSON-java/
64 jose4j 安全漏洞 CNNVD-202402-2688 CVE-2023-51775 高危 Bitbucket https://bitbucket.org/b_c/jose4j/downloads/
65 libexpat 安全漏洞 CNNVD-202402-245 CVE-2023-52425 高危 个人开发者 https://github.com/libexpat/libexpat/pull/789
66 Connect2id Nimbus JOSE+JWT 安全漏洞 CNNVD-202402-845 CVE-2023-52428 高危 Connect2id https://connect2id.com/products/nimbus-jose-jwt
67 OpenSSL 安全漏洞 CNNVD-202310-1871 CVE-2023-5363 高危 OpenSSL团队 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
68 Red Hat XNIO 资源管理错误漏洞 CNNVD-202403-455 CVE-2023-5685 高危 Red Hat https://github.com/xnio/xnio/tags
69 Python 安全漏洞 CNNVD-202403-1882 CVE-2023-6597 高危 Python https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
70 X.org Server 安全漏洞 CNNVD-202401-1731 CVE-2023-6816 高危 X.org https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11
71 X.org Server 安全漏洞 CNNVD-202401-1736 CVE-2024-0229 高危 X.org https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11
72 X.org Server 安全漏洞 CNNVD-202401-1733 CVE-2024-21885 高危 X.org https://www.x.org/wiki/XServer/
73 X.org Server 安全漏洞 CNNVD-202401-1732 CVE-2024-21886 高危 X.org https://www.x.org/wiki/XServer/
74 Node.js 安全漏洞 CNNVD-202407-536 CVE-2024-22020 高危 Node.js https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
75 Eclipse Jetty 安全漏洞 CNNVD-202402-2103 CVE-2024-22201 高危 Eclipse https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
76 VMware Spring Security 安全漏洞 CNNVD-202403-1650 CVE-2024-22257 高危 VMware https://spring.io/security/cve-2024-22257
77 Spring Framework 安全漏洞 CNNVD-202404-2193 CVE-2024-22262 高危 Spring https://spring.io/security/cve-2024-22262
78 Apache Tomcat 安全漏洞 CNNVD-202403-1180 CVE-2024-23672 高危 Apache https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
79 Apache Xerces-C 资源管理错误漏洞 CNNVD-202402-1469 CVE-2024-23807 高危 Apache https://github.com/apache/xerces-c/pull/54
80 Curl 安全漏洞 CNNVD-202403-2674 CVE-2024-2398 高危 Curl https://curl.se/docs/CVE-2024-2398.html
81 Apache Tomcat 输入验证错误漏洞 CNNVD-202403-1179 CVE-2024-24549 高危 Apache https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
82 F5 Nginx 安全漏洞 CNNVD-202402-1248 CVE-2024-24989 高危 F5 https://my.f5.com/manage/s/article/K000138444
83 F5 Nginx 安全漏洞 CNNVD-202402-1247 CVE-2024-24990 高危 F5 https://my.f5.com/manage/s/article/K000138445
84 libxml2 安全漏洞 CNNVD-202402-242 CVE-2024-25062 高危 个人开发者 https://gitlab.gnome.org/GNOME/libxml2/-/tags
85 OpenSSL 安全漏洞 CNNVD-202404-941 CVE-2024-2511 高危 OpenSSL https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
86 libheif 安全漏洞 CNNVD-202403-378 CVE-2024-25269 高危 个人开发者 https://github.com/strukturag/libheif/pull/1074
87 python-cryptography 安全漏洞 CNNVD-202402-1783 CVE-2024-26130 高危 Cryptographic https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
88 Node.js 安全漏洞 CNNVD-202404-991 CVE-2024-27983 高危 Node.js https://nodejs.org/en/blog/vulnerability/april-2024-security-releases
89 Apache Commons Configuration 缓冲区错误漏洞 CNNVD-202403-2143 CVE-2024-29131 高危 Apache https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
90 Apache Commons Configuration 缓冲区错误漏洞 CNNVD-202403-2142 CVE-2024-29133 高危 Apache https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2
91 Bouncy Castle 安全漏洞 CNNVD-202405-2601 CVE-2024-29857 高危 Bouncy Castle https://www.bouncycastle.org/latest_releases.html
92 aiohttp 安全漏洞 CNNVD-202405-305 CVE-2024-30251 高危 aio-libs https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5
93 X.org Server 安全漏洞 CNNVD-202404-510 CVE-2024-31080 高危 X.org https://www.x.org/wiki/Development/Documentation/SubmittingPatches/
94 X.org Server 资源管理错误漏洞 CNNVD-202404-682 CVE-2024-31083 高危 X.org https://www.x.org/wiki/Development/Documentation/SubmittingPatches/
95 Apache CXF 安全漏洞 CNNVD-202407-1957 CVE-2024-32007 高危 Apache https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633
96 Apache ActiveMQ 安全漏洞 CNNVD-202405-256 CVE-2024-32114 高危 Apache https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt
97 glibc 安全漏洞 CNNVD-202405-1511 CVE-2024-33599 高危 GNU https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005
98 glibc 安全漏洞 CNNVD-202404-3209 CVE-2024-33602 高危 GNU https://sourceware.org/bugzilla/show_bug.cgi?id=31680
99 Apache Tomcat 安全漏洞 CNNVD-202407-326 CVE-2024-34750 高危 Apache https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
100 Node.js 安全漏洞 CNNVD-202409-508 CVE-2024-36138 高危 Node.js https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
101 MIT Kerberos 安全漏洞 CNNVD-202406-3113 CVE-2024-37370 高危 MIT https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
102 Apache HTTP Server 安全漏洞 CNNVD-202407-094 CVE-2024-38474 高危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
103 Apache HTTP Server 安全漏洞 CNNVD-202407-093 CVE-2024-38475 高危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
104 Apache HTTP Server 代码问题漏洞 CNNVD-202407-091 CVE-2024-38477 高危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
105 VMware Spring Framework 安全漏洞 CNNVD-202409-1142 CVE-2024-38816 高危 VMware https://spring.io/security/cve-2024-38816
106 Certifi 安全漏洞 CNNVD-202407-421 CVE-2024-39689 高危 Certifi https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
107 Apache HTTP Server 安全漏洞 CNNVD-202407-339 CVE-2024-39884 高危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
108 Apache CXF 安全漏洞 CNNVD-202407-1956 CVE-2024-41172 高危 Apache https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6
109 ImageMagick 安全漏洞 CNNVD-202407-2766 CVE-2024-41817 高危 ImageMagick https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.1-36
110 libexpat 输入验证错误漏洞 CNNVD-202408-2842 CVE-2024-45491 高危 libexpat https://github.com/libexpat/libexpat
111 libexpat 输入验证错误漏洞 CNNVD-202408-2841 CVE-2024-45492 高危 libexpat https://github.com/libexpat/libexpat
112 DOMPurify 安全漏洞 CNNVD-202409-1375 CVE-2024-45801 高危 个人开发者 https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674
113 PHP 安全漏洞 CNNVD-202406-829 CVE-2024-5458 高危 PHP https://www.php.net/downloads
114 PHP 安全漏洞 CNNVD-202406-828 CVE-2024-5585 高危 PHP https://www.php.net/downloads
115 Red Hat Undertow 安全漏洞 CNNVD-202407-518 CVE-2024-5971 高危 Red Hat https://access.redhat.com/security/cve/CVE-2024-5971
116 Red Hat Undertow 资源管理错误漏洞 CNNVD-202406-2368 CVE-2024-6162 高危 Red Hat https://bugzilla.redhat.com/show_bug.cgi?id=2293069
117 setuptools 代码注入漏洞 CNNVD-202407-1480 CVE-2024-6345 高危 PyPI https://github.com/pypa/setuptools/releases/tag/v70.3
118 OpenSSH 竞争条件问题漏洞 CNNVD-202407-017 CVE-2024-6387 高危 OpenBSD https://www.openssh.com/txt/release-9.8
119 Protocol Buffers 安全漏洞 CNNVD-202409-1841 CVE-2024-7254 高危 Protocol Buffers http://protobuf.dev/
120 curl 安全漏洞 CNNVD-202407-3105 CVE-2024-7264 高危 cURL https://curl.se/docs/CVE-2024-7264.html
121 Red Hat Undertow 竞争条件问题漏洞 CNNVD-202408-2070 CVE-2024-7885 高危 Red Hat https://undertow.io/
122 jQuery 跨站脚本漏洞 CNNVD-202004-2429 CVE-2020-11022 中危 个人开发者 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
123 jQuery 跨站脚本漏洞 CNNVD-202004-2420 CVE-2020-11023 中危 个人开发者 https://jquery.com/upgrade-guide/3.5/
124 Apache HttpClient 安全漏洞 CNNVD-202010-372 CVE-2020-13956 中危 Apache基金会 https://www.apache.org/
125 OpenSSH 信息泄露漏洞 CNNVD-202006-1822 CVE-2020-14145 中危 Openbsd计划组 https://www.openssh.com/
126 Apache Groovy 安全漏洞 CNNVD-202012-422 CVE-2020-17521 中危 Apache基金会 https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
127 Jakarta Expression Language 输入验证错误漏洞 CNNVD-202105-1760 CVE-2021-28170 中危 Jakarta https://jakarta.ee/specifications/expression-language/3.
128 Sprymedia Datatables 跨站脚本漏洞 CNNVD-202303-377 CVE-2021-36713 中危 Sprymedia https://github.com/DataTables/DataTables/releases/tag/1.10.21
129 jQuery 跨站脚本漏洞 CNNVD-202110-1843 CVE-2021-41182 中危 个人开发者 https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
130 jQuery 跨站脚本漏洞 CNNVD-202110-1839 CVE-2021-41183 中危 个人开发者 https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
131 Openjs Jquery Ui 跨站脚本漏洞 CNNVD-202110-1845 CVE-2021-41184 中危 Openjs基金会 https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
132 Xerces 安全漏洞 CNNVD-202201-2238 CVE-2022-23437 中危 Apache基金会 https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl
133 jQuery 跨站脚本漏洞 CNNVD-202207-2121 CVE-2022-31160 中危 个人开发者 https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
134 jsoup 跨站脚本漏洞 CNNVD-202208-4329 CVE-2022-36033 中危 个人开发者 https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
135 OpenSSL 缓冲区错误漏洞 CNNVD-202302-506 CVE-2022-4203 中危 OpenSSL https://www.openssl.org/news/secadv/20230207.txt
136 OpenSSL 安全漏洞 CNNVD-202302-514 CVE-2022-4304 中危 OpenSSL https://www.openssl.org/news/secadv/20230207.txt
137 Spring Framework 安全漏洞 CNNVD-202304-1094 CVE-2023-20863 中危 Spring https://spring.io/security/cve-2023-20863
138 NTP 缓冲区错误漏洞 CNNVD-202304-899 CVE-2023-26551 中危 nwtime https://www.ntppool.org/zh/
139 NTP 缓冲区错误漏洞 CNNVD-202304-898 CVE-2023-26552 中危 nwtime https://www.ntppool.org/zh/
140 NTP 缓冲区错误漏洞 CNNVD-202304-897 CVE-2023-26553 中危 nwtime https://www.ntppool.org/zh/
141 NTP 缓冲区错误漏洞 CNNVD-202304-892 CVE-2023-26554 中危 nwtime https://www.ntppool.org/zh/
142 NTP 缓冲区错误漏洞 CNNVD-202304-891 CVE-2023-26555 中危 nwtime https://www.ntppool.org/zh/
143 Intel oneAPI Toolkits 安全漏洞 CNNVD-202308-1047 CVE-2023-27391 中危 Intel http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
144 CKEditor 跨站脚本漏洞 CNNVD-202303-1790 CVE-2023-28439 中危 CKEditor https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
145 libxml2 代码问题漏洞 CNNVD-202304-908 CVE-2023-28484 中危 个人开发者 https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
146 libxml2 资源管理错误漏洞 CNNVD-202304-907 CVE-2023-29469 中危 个人开发者 https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
147 Bouncy Castle 信任管理问题漏洞 CNNVD-202307-168 CVE-2023-33201 中危 Bouncy Castle https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
148 VMware Spring Boot 安全漏洞 CNNVD-202311-2124 CVE-2023-34055 中危 VMware https://github.com/spring-projects/spring-boot/releases/tag/v3.0.
149 FasterXML jackson-databind 代码问题漏洞 CNNVD-202306-1121 CVE-2023-35116 中危 FasterXML https://github.com/FasterXML/jackson-databind/issues/3972
150 lrzip 安全漏洞 CNNVD-202308-1538 CVE-2023-39743 中危 个人开发者 https://github.com/pete4abw/lrzip-next/issues/132
151 Apache Commons Compress 资源管理错误漏洞 CNNVD-202309-1000 CVE-2023-42503 中危 Apache基金会 https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
152 Apple iOS 和 iPadOS 安全漏洞 CNNVD-202402-1738 CVE-2023-42843 中危 Apple https://support.apple.com/en-us/HT213981
153 Apple iOS 和 iPadOS 安全漏洞 CNNVD-202403-3044 CVE-2023-42956 中危 Apple https://support.apple.com/en-us/HT214035
154 Apache Santuario 日志信息泄露漏洞 CNNVD-202310-1720 CVE-2023-44483 中危 Apache基金会 https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
155 OpenSSH 安全漏洞 CNNVD-202312-1668 CVE-2023-48795 中危 OpenBSD https://www.openssh.com/openbsd.html
156 Python cryptography 代码问题漏洞 CNNVD-202311-2230 CVE-2023-49083 中危 Python基金会 https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
157 OpenSSH 安全漏洞 CNNVD-202312-1662 CVE-2023-51384 中危 OpenBSD https://www.openssh.com/txt/release-9.6
158 libexpat 安全漏洞 CNNVD-202402-243 CVE-2023-52426 中危 个人开发者 https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
159 OpenSSL 代码问题漏洞 CNNVD-202311-423 CVE-2023-5678 中危 OpenSSL https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
160 OpenSSL 安全漏洞 CNNVD-202401-736 CVE-2023-6129 中危 OpenSSL https://www.openssl.org/news/secadv/20240109.txt
161 OpenSSL 安全漏洞 CNNVD-202401-1378 CVE-2023-6237 中危 OpenSSL https://git.openssl.org/?p=openssl.git;a=commit;h=18c02492138d1eb8b6548cb26e7b625fb2414a2a
162 SQLite 安全漏洞 CNNVD-202312-2480 CVE-2023-7104 中危 SQLite https://sqlite.org/releaselog/3_44_2.html
163 SQLite 安全漏洞 CNNVD-202401-1406 CVE-2024-0232 中危 个人开发者 https://sqlite.org/forum/forumpost/4aa381993a
164 Python 安全漏洞 CNNVD-202403-1880 CVE-2024-0450 中危 Python https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85
165 Apple Safari 安全漏洞 CNNVD-202403-713 CVE-2024-23254 中危 Apple https://support.apple.com/en-us/HT214089
166 Apple Safari 安全漏洞 CNNVD-202403-708 CVE-2024-23263 中危 Apple https://support.apple.com/en-us/HT214089
167 Apple Safari 安全漏洞 CNNVD-202403-705 CVE-2024-23280 中危 Apple https://support.apple.com/en-us/HT214089
168 Apple Safari 安全漏洞 CNNVD-202403-699 CVE-2024-23284 中危 Apple https://support.apple.com/en-us/HT214089
169 OWASP AntiSamy 跨站脚本漏洞 CNNVD-202402-204 CVE-2024-23635 中危 OWASP https://github.com/nahsra/antisamy/releases/tag/v1.7.5
170 Apache Zookeeper 信息泄露漏洞 CNNVD-202403-1401 CVE-2024-23944 中危 Apache https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k
171 PHP 安全漏洞 CNNVD-202406-854 CVE-2024-2408 中危 PHP https://www.php.net/
172 dnsjava 安全漏洞 CNNVD-202407-2260 CVE-2024-25638 中危 dnsjava https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw
173 Apache Commons Compress 安全漏洞 CNNVD-202402-1528 CVE-2024-25710 中危 Apache https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
174 Apache Commons Compress 安全漏洞 CNNVD-202402-1527 CVE-2024-26308 中危 Apache https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
175 aiohttp 跨站脚本漏洞 CNNVD-202404-2760 CVE-2024-27306 中危 aiohttp https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
176 Apple iOS 和 iPadOS 安全漏洞 CNNVD-202405-1869 CVE-2024-27834 中危 Apple https://support.apple.com/en-us/HT214101
177 Nghttp2 安全漏洞 CNNVD-202404-586 CVE-2024-28182 中危 Nghttp2 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
178 Apache CXF 代码问题漏洞 CNNVD-202403-1399 CVE-2024-28752 中危 Apache https://cxf.apache.org/
179 Follow Redirects 信息泄露漏洞 CNNVD-202403-1332 CVE-2024-28849 中危 个人开发者 https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
180 Intel IPP 安全漏洞 CNNVD-202408-1264 CVE-2024-28887 中危 Intel https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html
181 Netty 安全漏洞 CNNVD-202403-2434 CVE-2024-29025 中危 Netty https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
182 GNU C Library 安全漏洞 CNNVD-202404-2641 CVE-2024-2961 中危 GNU https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
183 Apache CXF 代码问题漏洞 CNNVD-202407-1958 CVE-2024-29736 中危 Apache https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2
184 F5 Nginx 安全漏洞 CNNVD-202405-4793 CVE-2024-31079 中危 F5 https://my.f5.com/manage/s/article/K000139611
185 Jasper 安全漏洞 CNNVD-202404-2850 CVE-2024-31744 中危 Jasper https://github.com/jasper-software/jasper/releases/tag/version-4.2.3
186 F5 Nginx 安全漏洞 CNNVD-202405-4792 CVE-2024-32760 中危 F5 https://my.f5.com/manage/s/article/K000139609
187 glibc 安全漏洞 CNNVD-202404-3208 CVE-2024-33600 中危 GNU https://sourceware.org/bugzilla/show_bug.cgi?id=31678
188 glibc 安全漏洞 CNNVD-202404-3210 CVE-2024-33601 中危 GNU https://sourceware.org/bugzilla/show_bug.cgi?id=31679
189 RARLAB WinRAR 安全漏洞 CNNVD-202404-3492 CVE-2024-33899 中危 RARLAB https://www.rarlab.com/rarnew.htm
190 F5 Nginx 安全漏洞 CNNVD-202405-4791 CVE-2024-34161 中危 F5 https://my.f5.com/manage/s/article/K000139627
191 F5 Nginx 安全漏洞 CNNVD-202405-4790 CVE-2024-35200 中危 F5 https://my.f5.com/manage/s/article/K000139612
192 WinRAR 安全漏洞 CNNVD-202405-3858 CVE-2024-36052 中危 个人开发者 https://www.rarlab.com/rarnew.htm
193 Apache HTTP Server 代码问题漏洞 CNNVD-202407-101 CVE-2024-36387 中危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
194 Red Hat Undertow 安全漏洞 CNNVD-202407-521 CVE-2024-3653 中危 Red Hat https://undertow.io/
195 MIT Kerberos 安全漏洞 CNNVD-202406-3108 CVE-2024-37371 中危 MIT https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
196 urllib3 安全漏洞 CNNVD-202406-1954 CVE-2024-37891 中危 urllib3 https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
197 Tiny Technologies TinyMCE 安全漏洞 CNNVD-202406-2256 CVE-2024-38356 中危 Tiny Technologies https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph
198 Tiny Technologies TinyMCE 安全漏洞 CNNVD-202406-2249 CVE-2024-38357 中危 Tiny Technologies https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x
199 Apache HTTP Server 安全漏洞 CNNVD-202407-096 CVE-2024-38472 中危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
200 Apache HTTP Server 安全漏洞 CNNVD-202407-095 CVE-2024-38473 中危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
201 Apache HTTP Server 安全漏洞 CNNVD-202407-092 CVE-2024-38476 中危 Apache https://lists.apache.org/thread/p2xfjsvpogyrg4hw9cjs2nrnqnl34qf0
202 Spring Framework 安全漏洞 CNNVD-202408-1848 CVE-2024-38808 中危 VMware https://spring.io/security/cve-2024-38808
203 VMware Spring Framework 安全漏洞 CNNVD-202409-2323 CVE-2024-38809 中危 VMware https://spring.io/security/cve-2024-38809
204 RequireJS 安全漏洞 CNNVD-202407-032 CVE-2024-38998 中危 RequireJS https://github.com/requirejs/r.js
205 Apache HTTP Server 输入验证错误漏洞 CNNVD-202407-086 CVE-2024-39573 中危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
206 Apache HTTP Server 安全漏洞 CNNVD-202407-1912 CVE-2024-40725 中危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
207 Apache HTTP Server 代码问题漏洞 CNNVD-202407-1910 CVE-2024-40898 中危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
208 Apache MINA SSHD 安全漏洞 CNNVD-202408-865 CVE-2024-41909 中危 Apache https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b
209 Jenkins 安全漏洞 CNNVD-202408-532 CVE-2024-43045 中危 Jenkins https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349
210 CKEditor4 安全漏洞 CNNVD-202408-2064 CVE-2024-43407 中危 CKEditor https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l
211 OpenSSL 安全漏洞 CNNVD-202405-4739 CVE-2024-4741 中危 OpenSSL https://github.com/openssl/openssl
212 OpenSSL 安全漏洞 CNNVD-202409-141 CVE-2024-6119 中危 OpenSSL https://openssl-library.org/news/secadv/20240903.txt
213 CPython 安全漏洞 CNNVD-202409-120 CVE-2024-6232 中危 Python https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
214 Python 安全漏洞 CNNVD-202408-1775 CVE-2024-7592 中危 Python https://github.com/jeremyhylton/cpython/commit/1587608515127032778669c8232d46ec6d8f593c
215 Google Guava 访问控制错误漏洞 CNNVD-202012-827 CVE-2020-8908 低危 Google https://github.com/google/guava/issues/4011
216 OpenSSH 授权问题漏洞 CNNVD-202203-1230 CVE-2021-36368 低危 OpenBSD https://www.openssh.com/security.html
217 Pip 命令注入漏洞 CNNVD-202310-1912 CVE-2023-5752 低危 Python Packaging Authority https://github.com/pypa/pip/releases/tag/23.3.1
218 libssh 安全漏洞 CNNVD-202312-1736 CVE-2023-6004 低危 libssh https://www.libssh.org/files/0.10/
219 libssh 安全漏洞 CNNVD-202312-1734 CVE-2023-6918 低危 libssh https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
220 OpenSSL 安全漏洞 CNNVD-202401-2353 CVE-2024-0727 低危 OpenSSL https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
221 Node.js 安全漏洞 CNNVD-202407-1007 CVE-2024-22018 低危 Node.js https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
222 Node.js 安全漏洞 CNNVD-202409-509 CVE-2024-36137 低危 Node.js https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
223 CKEditor 安全漏洞 CNNVD-202408-2102 CVE-2024-43411 低危 个人开发者 https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l
224 OpenSSL 安全漏洞 CNNVD-202405-2902 CVE-2024-4603 低危 OpenSSL https://www.openssl.org/news/secadv/20240516.txt
225 OpenSSL 安全漏洞 CNNVD-202406-2936 CVE-2024-5535 低危 OpenSSL https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87

三、修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。

Oracle官方补丁下载地址:

https://www.oracle.com/security-alerts/cpuoct2024.html

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

声明:本文来自CNNVD安全动态,稿件和图片版权均归原作者所有。所涉观点不代表东方安全立场,转载目的在于传递更多信息。如有侵权,请联系rhliu@skdlabs.com,我们将及时按原作者或权利人的意愿予以更正。

上一篇:苹果大幅缩短安全证书有效期引发众怒

下一篇:如何逆向跨越网络安全领域中的鸿沟?