近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞65个,影响到Oracle产品的其他厂商漏洞170个。包括Oracle Fusion Middleware 安全漏洞(CNNVD-202407-1769、CVE-2024-21181)、Oracle Virtualization 安全漏洞(CNNVD-202407-1644、CVE-2024-21141)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据、提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2024年7月16日,Oracle发布了2024年7月份安全更新,共235个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Analytics、Oracle PeopleSoft Products、Oracle Virtualization、Oracle E-Business Suite、Oracle Java SE等。CNNVD对其危害等级进行了评价,其中超危漏洞24个,高危漏洞78个,中危漏洞120个,低危漏洞13个。
Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpujul2024.html
二、漏洞详情
此次更新共235个漏洞的补丁程序,包括63个新增漏洞的补丁程序、2个更新漏洞的补丁程序和170个影响Oracle产品的其他厂商漏洞的补丁程序。
此次更新共包括63个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞12个,中危漏洞43个,低危漏洞7个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202407-1769 | CVE-2024-21181 | 超危 | https://www.oracle.com/security-alerts/cpujul2024.html |
2 | Oracle Virtualization 安全漏洞 | CNNVD-202407-1644 | CVE-2024-21141 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
3 | Oracle Retail Applications 安全漏洞 | CNNVD-202407-1660 | CVE-2024-21136 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
4 | Oracle Java SE 安全漏洞 | CNNVD-202407-1739 | CVE-2024-21147 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
5 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202407-1761 | CVE-2024-21183 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
6 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202407-1763 | CVE-2024-21175 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
7 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202407-1766 | CVE-2024-21182 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
8 | Oracle Database Server 安全漏洞 | CNNVD-202407-1768 | CVE-2024-21184 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
9 | Oracle E-Business Suite 安全漏洞 | CNNVD-202407-1772 | CVE-2024-21167 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
10 | Oracle E-Business Suite 安全漏洞 | CNNVD-202407-1777 | CVE-2024-21146 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
11 | Oracle E-Business Suite 安全漏洞 | CNNVD-202407-1778 | CVE-2024-21153 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
12 | Oracle E-Business Suite 安全漏洞 | CNNVD-202407-1779 | CVE-2024-21152 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
13 | Oracle E-Business Suite 安全漏洞 | CNNVD-202407-1780 | CVE-2024-21149 | 高危 | https://www.oracle.com/security-alerts/cpujul2024.html |
14 | Oracle Virtualization 安全漏洞 | CNNVD-202407-1641 | CVE-2024-21161 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
15 | Oracle ZFS Storage Appliance 安全漏洞 | CNNVD-202407-1647 | CVE-2024-21155 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
16 | Oracle PeopleSoft Products 安全漏洞 | CNNVD-202407-1663 | CVE-2024-21154 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
17 | Oracle PeopleSoft Products 安全漏洞 | CNNVD-202407-1664 | CVE-2024-21122 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
18 | Oracle PeopleSoft Products 安全漏洞 | CNNVD-202407-1665 | CVE-2024-21180 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
19 | Oracle PeopleSoft Products 安全漏洞 | CNNVD-202407-1668 | CVE-2024-21178 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
20 | Oracle PeopleSoft Products 安全漏洞 | CNNVD-202407-1670 | CVE-2024-21158 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
21 | Oracle MySQL 安全漏洞 | CNNVD-202407-1672 | CVE-2024-21134 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
22 | Oracle MySQL 安全漏洞 | CNNVD-202407-1674 | CVE-2024-21142 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
23 | Oracle MySQL 安全漏洞 | CNNVD-202407-1677 | CVE-2024-21165 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
24 | Oracle MySQL 安全漏洞 | CNNVD-202407-1678 | CVE-2024-21162 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
25 | Oracle MySQL 安全漏洞 | CNNVD-202407-1679 | CVE-2024-21137 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
26 | Oracle MySQL 安全漏洞 | CNNVD-202407-1682 | CVE-2024-21135 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
27 | Oracle MySQL 安全漏洞 | CNNVD-202407-1685 | CVE-2024-21130 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
28 | Oracle MySQL 安全漏洞 | CNNVD-202407-1687 | CVE-2024-21129 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
29 | Oracle MySQL 安全漏洞 | CNNVD-202407-1688 | CVE-2024-21127 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
30 | Oracle MySQL 安全漏洞 | CNNVD-202407-1692 | CVE-2024-21179 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
31 | Oracle MySQL 安全漏洞 | CNNVD-202407-1694 | CVE-2024-21185 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
32 | Oracle MySQL 安全漏洞 | CNNVD-202407-1695 | CVE-2024-21173 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
33 | Oracle MySQL 安全漏洞 | CNNVD-202407-1697 | CVE-2024-21160 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
34 | Oracle MySQL 安全漏洞 | CNNVD-202407-1698 | CVE-2024-21159 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
35 | Oracle MySQL 安全漏洞 | CNNVD-202407-1701 | CVE-2024-20996 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
36 | Oracle MySQL 安全漏洞 | CNNVD-202407-1703 | CVE-2024-21157 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
37 | Oracle MySQL 安全漏洞 | CNNVD-202407-1705 | CVE-2024-21125 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
38 | Oracle MySQL 安全漏洞 | CNNVD-202407-1708 | CVE-2024-21176 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
39 | Oracle MySQL 安全漏洞 | CNNVD-202407-1710 | CVE-2024-21166 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
40 | Oracle MySQL 安全漏洞 | CNNVD-202407-1713 | CVE-2024-21170 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
41 | Oracle MySQL 安全漏洞 | CNNVD-202407-1714 | CVE-2024-21171 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
42 | Oracle MySQL 安全漏洞 | CNNVD-202407-1717 | CVE-2024-21163 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
43 | Oracle MySQL 安全漏洞 | CNNVD-202407-1718 | CVE-2024-21177 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
44 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202407-1724 | CVE-2024-21168 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
45 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202407-1726 | CVE-2024-21150 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
46 | Oracle Java SE 安全漏洞 | CNNVD-202407-1735 | CVE-2024-21140 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
47 | Oracle Java SE 安全漏洞 | CNNVD-202407-1737 | CVE-2024-21145 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
48 | Oracle Analytics 安全漏洞 | CNNVD-202407-1747 | CVE-2024-21139 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
49 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202407-1758 | CVE-2024-21133 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
50 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202407-1764 | CVE-2024-21188 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
51 | Oracle E-Business Suite 安全漏洞 | CNNVD-202407-1770 | CVE-2024-21169 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
52 | Oracle E-Business Suite 安全漏洞 | CNNVD-202407-1773 | CVE-2024-21143 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
53 | Oracle E-Business Suite 安全漏洞 | CNNVD-202407-1774 | CVE-2024-21128 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
54 | Oracle E-Business Suite 安全漏洞 | CNNVD-202407-1775 | CVE-2024-21132 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
55 | Oracle E-Business Suite 安全漏洞 | CNNVD-202407-1776 | CVE-2024-21148 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
56 | Oracle Database Server 安全漏洞 | CNNVD-202407-1781 | CVE-2024-21126 | 中危 | https://www.oracle.com/security-alerts/cpujul2024.html |
57 | Oracle Virtualization 安全漏洞 | CNNVD-202407-1639 | CVE-2024-21164 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
58 | Oracle Solaris 安全漏洞 | CNNVD-202407-1645 | CVE-2024-21151 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
59 | Oracle Java SE 安全漏洞 | CNNVD-202407-1729 | CVE-2024-21138 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
60 | Oracle Java SE 安全漏洞 | CNNVD-202407-1732 | CVE-2024-21144 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
61 | Oracle Java SE 安全漏洞 | CNNVD-202407-1734 | CVE-2024-21131 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
62 | Oracle Database Server 安全漏洞 | CNNVD-202407-1771 | CVE-2024-21174 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
63 | Oracle Database Server 安全漏洞 | CNNVD-202407-1794 | CVE-2024-21123 | 低危 | https://www.oracle.com/security-alerts/cpujul2024.html |
此次更新共包括2个更新漏洞的补丁程序,其中中危漏洞1个,低危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Java SE 安全漏洞 | CNNVD-202310-1388 | CVE-2023-22081 | 中危 | https://www.oracle.com/security-alerts/cpuoct2023.html |
2 | Oracle Java SE 安全漏洞 | CNNVD-202404-2253 | CVE-2024-21098 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
此次更新共包括170个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞23个,高危漏洞66个,中危漏洞76个,低危漏洞5个。
序号 | 漏洞
名称 |
CNNV
D编号 |
CVE编号 | 危害等级 | 厂商 | 官方
链接 |
1 | Terracotta Quartz Scheduler 代码问题漏洞 | CNNVD-201907-1383 | CVE-2019-13990 | 超危 | softwareag | http://www.quartz-scheduler.org/ |
2 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-201910-227 | CVE-2019-17267 | 超危 | fasterxml | https://github.com/FasterXML/jackson-databind/issues/2460 |
3 | Apache Xmlbeans 输入验证错误漏洞 | CNNVD-202101-1146 | CVE-2021-23926 | 超危 | Apache基金会 | https://issues.apache.org/jira/browse/XMLBEANS-517 |
4 | Stanford CoreNlp 注入漏洞 | CNNVD-202202-1877 | CVE-2021-44550 | 超危 | Stanford Nlp Group | https://github.com/stanfordnlp/CoreNLP/issues/1222 |
5 | corenlp 代码问题漏洞 | CNNVD-202201-1390 | CVE-2022-0239 | 超危 | Stanford Nlp Group团队 | https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3 |
6 | OpenSSL 操作系统命令注入漏洞 | CNNVD-202205-1962 | CVE-2022-1292 | 超危 | Openssl团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 |
7 | joblib 安全漏洞 | CNNVD-202209-2716 | CVE-2022-21797 | 超危 | joblib | https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 |
8 | Spring Framework 代码注入漏洞 | CNNVD-202203-2514 | CVE-2022-22965 | 超危 | Spring团队 | https://tanzu.vmware.com/security/cve-2022-22965 |
9 | Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞 | CNNVD-202302-1411 | CVE-2022-25987 | 超危 | Intel | http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html |
10 | Dell BSAFE 安全漏洞 | CNNVD-202402-197 | CVE-2022-34381 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability |
11 | Scala 代码问题漏洞 | CNNVD-202209-2463 | CVE-2022-36944 | 超危 | Scala | https://www.scala-lang.org/download/ |
12 | zlib 缓冲区错误漏洞 | CNNVD-202208-2276 | CVE-2022-37434 | 超危 | 个人开发者 | https://github.com/madler/zlib/ |
13 | Apache SOAP 访问控制错误漏洞 | CNNVD-202211-2683 | CVE-2022-45378 | 超危 | Apache | https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31 |
14 | Apache Derby 注入漏洞 | CNNVD-202311-1655 | CVE-2022-46337 | 超危 | Apache基金会 | https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 |
15 | BusyBox 缓冲区错误漏洞 | CNNVD-202208-4625 | CVE-2022-48174 | 超危 | 个人开发者 | https://bugs.busybox.net/show_bug.cgi?id=15216 |
16 | VMware Spring Security 安全漏洞 | CNNVD-202307-1680 | CVE-2023-34034 | 超危 | VMware | https://spring.io/security/cve-2023-34034 |
17 | Certifi 数据伪造问题漏洞 | CNNVD-202307-2046 | CVE-2023-37920 | 超危 | Certifi | https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
18 | Node.js 路径遍历漏洞 | CNNVD-202310-1126 | CVE-2023-39332 | 超危 | Nodejs | https://nodejs.org/en/blog/vulnerability/october-2023-security-releases |
19 | Apache Axis 输入验证错误漏洞 | CNNVD-202309-348 | CVE-2023-40743 | 超危 | Apache基金会 | https://lists.apache.org/thread/gs0qgk2mgss7zfhzdd6ftfjvm4kp7v82 |
20 | zlib 输入验证错误漏洞 | CNNVD-202310-1086 | CVE-2023-45853 | 超危 | 个人开发者 | https://github.com/madler/zlib/pull/843 |
21 | Apache Arrow 代码问题漏洞 | CNNVD-202311-735 | CVE-2023-47248 | 超危 | Apache基金会 | https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n |
22 | Pillow 安全漏洞 | CNNVD-202401-1886 | CVE-2023-50447 | 超危 | 个人开发者 | https://github.com/python-pillow/Pillow/releases/tag/10.2 |
23 | Jenkins 安全漏洞 | CNNVD-202401-2204 | CVE-2024-23897 | 超危 | Jenkins | https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 |
24 | Apache Commons Beanutils 代码问题漏洞 | CNNVD-201908-1140 | CVE-2019-10086 | 高危 | debian | https://issues.apache.org/jira/browse/BEANUTILS-520 |
25 | Apache Batik 代码问题漏洞 | CNNVD-202102-1586 | CVE-2020-11987 | 高危 | Apache基金会 | https://xmlgraphics.apache.org/security.html |
26 | Microsoft .NET Core 安全漏洞 | CNNVD-202102-681 | CVE-2021-24112 | 高危 | Microsoft | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112 |
27 | Apache Commons Compress 安全漏洞 | CNNVD-202107-899 | CVE-2021-36090 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E |
28 | Apache Xalan 输入验证错误漏洞 | CNNVD-202207-1617 | CVE-2022-34169 | 高危 | Apache基金会 | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
29 | OpenSSL 安全漏洞 | CNNVD-202210-2604 | CVE-2022-3786 | 高危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20221101.txt |
30 | Apache XML Graphics Batik代码问题漏洞 | CNNVD-202209-2287 | CVE-2022-40146 | 高危 | Apache基金会 | https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx |
31 | Jettison 缓冲区错误漏洞 | CNNVD-202209-1235 | CVE-2022-40149 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/issues/45 |
32 | Jettison 资源管理错误漏洞 | CNNVD-202209-1233 | CVE-2022-40150 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/issues/45 |
33 | XStream 缓冲区错误漏洞 | CNNVD-202209-1230 | CVE-2022-40152 | 高危 | XStream | https://github.com/x-stream/xstream/issues/304 |
34 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202210-1712 | CVE-2022-41704 | 高危 | Apache基金会 | https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf |
35 | Netty 安全漏洞 | CNNVD-202212-2914 | CVE-2022-41881 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v |
36 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202210-007 | CVE-2022-42003 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 |
37 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202210-1707 | CVE-2022-42890 | 高危 | Apache基金会 | https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly |
38 | Jettison 缓冲区错误漏洞 | CNNVD-202212-3132 | CVE-2022-45685 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3 |
39 | Jettison 缓冲区错误漏洞 | CNNVD-202212-3128 | CVE-2022-45693 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3 |
40 | netplex json-smart 安全漏洞 | CNNVD-202303-1658 | CVE-2023-1370 | 高危 | netplex | https://netplex.github.io/json-smart/ |
41 | Jettison 安全漏洞 | CNNVD-202303-1656 | CVE-2023-1436 | 高危 | Jettison | https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ |
42 | Apache Commons FileUpload 安全漏洞 | CNNVD-202302-1610 | CVE-2023-24998 | 高危 | Apache基金会 | https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy |
43 | Apache Hadoop 代码问题漏洞 | CNNVD-202311-1444 | CVE-2023-26031 | 高危 | Apache基金会 | https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r |
44 | Google Guava 安全漏洞 | CNNVD-202306-1141 | CVE-2023-2976 | 高危 | https://github.com/google/guava | |
45 | Spring Framework 代码问题漏洞 | CNNVD-202308-1998 | CVE-2023-34040 | 高危 | Spring | https://spring.io/security/cve-2023-34040 |
46 | Eclipse Jetty 资源管理错误漏洞 | CNNVD-202310-691 | CVE-2023-36478 | 高危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r |
47 | HCL BigFix Platform 输入验证错误漏洞 | CNNVD-202310-848 | CVE-2023-37536 | 高危 | HCL Technologies | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 |
48 | Node.js 数据伪造问题漏洞 | CNNVD-202310-1128 | CVE-2023-38552 | 高危 | Nodejs | https://nodejs.org/en/blog/vulnerability/october-2023-security-releases |
49 | Node.js 路径遍历漏洞 | CNNVD-202310-1127 | CVE-2023-39331 | 高危 | Nodejs | https://nodejs.org/en/blog/vulnerability/october-2023-security-releases |
50 | Eclipse Parsson 安全漏洞 | CNNVD-202311-268 | CVE-2023-4043 | 高危 | Eclipse基金会 | https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31 |
51 | Python 代码问题漏洞 | CNNVD-202308-1930 | CVE-2023-41105 | 高危 | Python基金会 | https://github.com/python/cpython/pull/107982 |
52 | Apache HTTP/2 资源管理错误漏洞 | CNNVD-202310-667 | CVE-2023-44487 | 高危 | Apache基金会 | https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
53 | Apache Tomcat 环境问题漏洞 | CNNVD-202311-2168 | CVE-2023-46589 | 高危 | Apache基金会 | https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr |
54 | Eclipse JGit 安全漏洞 | CNNVD-202309-850 | CVE-2023-4759 | 高危 | Eclipse基金会 | https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11 |
55 | aiohttp 安全漏洞 | CNNVD-202311-1314 | CVE-2023-47627 | 高危 | 个人开发者 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg |
56 | JSON-Java 安全漏洞 | CNNVD-202310-951 | CVE-2023-5072 | 高危 | 个人开发者 | https://github.com/stleary/JSON-java/ |
57 | jose4j 安全漏洞 | CNNVD-202402-2688 | CVE-2023-51775 | 高危 | Bitbucket | https://bitbucket.org/b_c/jose4j/downloads/ |
58 | libexpat 安全漏洞 | CNNVD-202402-245 | CVE-2023-52425 | 高危 | 个人开发者 | https://github.com/libexpat/libexpat/pull/789 |
59 | Connect2id Nimbus JOSE+JWT 安全漏洞 | CNNVD-202402-845 | CVE-2023-52428 | 高危 | Connect2id | https://connect2id.com/products/nimbus-jose-jwt |
60 | OpenSSL 安全漏洞 | CNNVD-202310-1871 | CVE-2023-5363 | 高危 | OpenSSL团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d |
61 | Red Hat XNIO 资源管理错误漏洞 | CNNVD-202403-455 | CVE-2023-5685 | 高危 | Red Hat | https://github.com/xnio/xnio/tags |
62 | Red Hat Ansible 安全漏洞 | CNNVD-202311-262 | CVE-2023-5764 | 高危 | Red Hat | https://access.redhat.com/security/cve/cve-2023-5764 |
63 | Python 安全漏洞 | CNNVD-202403-1882 | CVE-2023-6597 | 高危 | Python | https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b |
64 | cpython 安全漏洞 | CNNVD-202406-1925 | CVE-2024-0397 | 高危 | Python | https://github.com/gentoo/cpython/commit/a6a90cac7e1af91b032dcf0df13437857bc6c112 |
65 | Node.js 安全漏洞 | CNNVD-202402-1466 | CVE-2024-21892 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892—high |
66 | Node.js 安全漏洞 | CNNVD-202402-1467 | CVE-2024-22019 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019—high |
67 | Eclipse Jetty 安全漏洞 | CNNVD-202402-2103 | CVE-2024-22201 | 高危 | Eclipse | https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 |
68 | Spring Framework 安全漏洞 | CNNVD-202402-1929 | CVE-2024-22243 | 高危 | Spring | https://spring.io/projects/spring-framework#support |
69 | VMware Spring Security 安全漏洞 | CNNVD-202403-1650 | CVE-2024-22257 | 高危 | VMware | https://spring.io/security/cve-2024-22257 |
70 | Spring Framework 安全漏洞 | CNNVD-202403-1543 | CVE-2024-22259 | 高危 | Spring | https://spring.io/security/cve-2024-22259 |
71 | Spring Framework 安全漏洞 | CNNVD-202404-2193 | CVE-2024-22262 | 高危 | Spring | https://spring.io/security/cve-2024-22262 |
72 | Apache Tomcat 安全漏洞 | CNNVD-202403-1180 | CVE-2024-23672 | 高危 | Apache | https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f |
73 | Apache Xerces-C 资源管理错误漏洞 | CNNVD-202402-1469 | CVE-2024-23807 | 高危 | Apache | https://github.com/apache/xerces-c/pull/54 |
74 | Jenkins 安全漏洞 | CNNVD-202401-2202 | CVE-2024-23898 | 高危 | Jenkins | https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315 |
75 | Apache Tomcat 输入验证错误漏洞 | CNNVD-202403-1179 | CVE-2024-24549 | 高危 | Apache | https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg |
76 | libxml2 安全漏洞 | CNNVD-202402-242 | CVE-2024-25062 | 高危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/tags |
77 | OpenSSL 安全漏洞 | CNNVD-202404-941 | CVE-2024-2511 | 高危 | OpenSSL | https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce |
78 | python-cryptography 安全漏洞 | CNNVD-202402-1783 | CVE-2024-26130 | 高危 | Cryptographic | https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 |
79 | Apache httpd 资源管理错误漏洞 | CNNVD-202404-635 | CVE-2024-27316 | 高危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
80 | Node.js 安全漏洞 | CNNVD-202404-991 | CVE-2024-27983 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/april-2024-security-releases |
81 | libexpat 安全漏洞 | CNNVD-202403-795 | CVE-2024-28757 | 高危 | libexpat | https://github.com/libexpat/libexpat/pull/842 |
82 | Apache Commons Configuration 缓冲区错误漏洞 | CNNVD-202403-2143 | CVE-2024-29131 | 高危 | Apache | https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37 |
83 | Apache Commons Configuration 缓冲区错误漏洞 | CNNVD-202403-2142 | CVE-2024-29133 | 高危 | Apache | https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2 |
84 | Bouncy Castle 安全漏洞 | CNNVD-202405-2601 | CVE-2024-29857 | 高危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
85 | Apache ActiveMQ 安全漏洞 | CNNVD-202405-256 | CVE-2024-32114 | 高危 | Apache | https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt |
86 | Pallets Werkzeug 安全漏洞 | CNNVD-202405-1428 | CVE-2024-34069 | 高危 | Pallets | https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985 |
87 | libxml2 安全漏洞 | CNNVD-202405-2380 | CVE-2024-34459 | 高危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8 |
88 | OpenSSL 安全漏洞 | CNNVD-202405-4739 | CVE-2024-4741 | 高危 | OpenSSL | https://github.com/openssl/openssl |
89 | Red Hat Undertow 资源管理错误漏洞 | CNNVD-202406-2368 | CVE-2024-6162 | 高危 | Red Hat | https://bugzilla.redhat.com/show_bug.cgi?id=2293069 |
90 | Apache HttpClient 安全漏洞 | CNNVD-202010-372 | CVE-2020-13956 | 中危 | Apache基金会 | https://www.apache.org/ |
91 | Apache Ant 信息泄露漏洞 | CNNVD-202005-777 | CVE-2020-1945 | 中危 | Apache基金会 | https://ant.apache.org/security.html |
92 | netplex json-smart-v 代码问题漏洞 | CNNVD-202102-1490 | CVE-2021-27568 | 中危 | 个人开发者 | https://github.com/netplex/json-smart-v2 |
93 | Apache Commons IO 路径遍历漏洞 | CNNVD-202104-702 | CVE-2021-29425 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/IO-556 |
94 | Highcharts JS 跨站脚本漏洞 | CNNVD-202105-177 | CVE-2021-29489 | 中危 | 个人开发者 | https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95 |
95 | Apache Ant 安全漏洞 | CNNVD-202107-983 | CVE-2021-36373 | 中危 | Apache基金会 | https://ant.apache.org/ |
96 | Apache Ant 安全漏洞 | CNNVD-202107-984 | CVE-2021-36374 | 中危 | Apache基金会 | https://ant.apache.org/ |
97 | Apache Commons Net 输入验证错误漏洞 | CNNVD-202212-2188 | CVE-2021-37533 | 中危 | Apache基金会 | https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 |
98 | jQuery 跨站脚本漏洞 | CNNVD-202110-1843 | CVE-2021-41182 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
99 | jQuery 跨站脚本漏洞 | CNNVD-202110-1839 | CVE-2021-41183 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
100 | Openjs Jquery Ui 跨站脚本漏洞 | CNNVD-202110-1845 | CVE-2021-41184 | 中危 | Openjs基金会 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
101 | Vmware Spring Framework 安全漏洞 | CNNVD-202203-2333 | CVE-2022-22950 | 中危 | VMware | https://tanzu.vmware.com/security/cve-2022-22950 |
102 | Vmware Spring Framework 安全特征问题漏洞 | CNNVD-202204-3302 | CVE-2022-22968 | 中危 | VMware | https://tanzu.vmware.com/security/cve-2022-22968 |
103 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-2988 | CVE-2022-22970 | 中危 | Spring团队 | https://spring.io/projects/spring-framework |
104 | jQuery 跨站脚本漏洞 | CNNVD-202207-2121 | CVE-2022-31160 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
105 | jsoup 跨站脚本漏洞 | CNNVD-202208-4329 | CVE-2022-36033 | 中危 | 个人开发者 | https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
106 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202209-2289 | CVE-2022-38398 | 中危 | Apache基金会 | https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx |
107 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202209-2288 | CVE-2022-38648 | 中危 | Apache基金会 | https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b |
108 | Netty 安全漏洞 | CNNVD-202212-3060 | CVE-2022-41915 | 中危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp |
109 | Spring Framework 安全漏洞 | CNNVD-202303-1917 | CVE-2023-20861 | 中危 | Spring | https://spring.io/security/cve-2023-20861 |
110 | Google Pixel 安全漏洞 | CNNVD-202303-1998 | CVE-2023-21036 | 中危 | https://source.android.com/security/bulletin/pixel/2023-03-01 | |
111 | Ruby 安全漏洞 | CNNVD-202303-2412 | CVE-2023-28755 | 中危 | 个人开发者 | https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ |
112 | Ruby 安全漏洞 | CNNVD-202303-2720 | CVE-2023-28756 | 中危 | 个人开发者 | https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ |
113 | Flexera InstallShield 安全漏洞 | CNNVD-202401-2402 | CVE-2023-29081 | 中危 | Flexera | https://community.flexera.com/t5/Product-Downloads/ct-p/Downloads |
114 | OpenSSL 授权问题漏洞 | CNNVD-202307-1295 | CVE-2023-2975 | 中危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20230714.txt |
115 | Bouncy Castle 信任管理问题漏洞 | CNNVD-202307-168 | CVE-2023-33201 | 中危 | Bouncy Castle | https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc |
116 | Bouncy Castle 资源管理错误漏洞 | CNNVD-202311-1981 | CVE-2023-33202 | 中危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
117 | VMware Spring Boot 安全漏洞 | CNNVD-202311-2124 | CVE-2023-34055 | 中危 | VMware | https://github.com/spring-projects/spring-boot/releases/tag/v3.0. |
118 | OpenSSL 安全漏洞 | CNNVD-202307-1681 | CVE-2023-3446 | 中危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20230719.txt |
119 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202306-1121 | CVE-2023-35116 | 中危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3972 |
120 | Apache MINA 路径遍历漏洞 | CNNVD-202307-582 | CVE-2023-35887 | 中危 | Apache基金会 | https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2 |
121 | Eclipse Jetty 安全漏洞 | CNNVD-202309-1093 | CVE-2023-36479 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j |
122 | OpenSSL 安全漏洞 | CNNVD-202307-2314 | CVE-2023-3817 | 中危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20230731.txt |
123 | Apache HTTP Server 安全漏洞 | CNNVD-202404-641 | CVE-2023-38709 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
124 | Eclipse Jetty 安全漏洞 | CNNVD-202309-1102 | CVE-2023-40167 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 |
125 | Eclipse Jetty 安全漏洞 | CNNVD-202309-1113 | CVE-2023-41900 | 中危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 |
126 | Apache Commons Compress 资源管理错误漏洞 | CNNVD-202309-1000 | CVE-2023-42503 | 中危 | Apache基金会 | https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c |
127 | Apache Santuario 日志信息泄露漏洞 | CNNVD-202310-1720 | CVE-2023-44483 | 中危 | Apache基金会 | https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 |
128 | curl 安全漏洞 | CNNVD-202312-490 | CVE-2023-46218 | 中危 | curl | https://curl.se/docs/CVE-2023-46218.html |
129 | curl 安全漏洞 | CNNVD-202312-499 | CVE-2023-46219 | 中危 | curl | https://curl.se/docs/CVE-2023-46219.html |
130 | Apache Shiro 输入验证错误漏洞 | CNNVD-202312-1453 | CVE-2023-46750 | 中危 | Apache基金会 | https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9 |
131 | OpenSSH 安全漏洞 | CNNVD-202312-1668 | CVE-2023-48795 | 中危 | OpenBSD | https://www.openssh.com/openbsd.html |
132 | aiohttp 安全漏洞 | CNNVD-202311-2265 | CVE-2023-49081 | 中危 | 个人开发者 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2 |
133 | aiohttp 注入漏洞 | CNNVD-202311-2232 | CVE-2023-49082 | 中危 | 个人开发者 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx |
134 | Python cryptography 代码问题漏洞 | CNNVD-202311-2230 | CVE-2023-49083 | 中危 | Python基金会 | https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 |
135 | Jayway JsonPath 安全漏洞 | CNNVD-202312-2349 | CVE-2023-51074 | 中危 | json-path | https://github.com/json-path/JsonPath/issues/973 |
136 | libexpat 安全漏洞 | CNNVD-202402-243 | CVE-2023-52426 | 中危 | 个人开发者 | https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404 |
137 | OpenSSL 代码问题漏洞 | CNNVD-202311-423 | CVE-2023-5678 | 中危 | OpenSSL | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 |
138 | GnuTLS 安全漏洞 | CNNVD-202311-1944 | CVE-2023-5981 | 中危 | 个人开发者 | https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d |
139 | OpenSSL 安全漏洞 | CNNVD-202401-736 | CVE-2023-6129 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20240109.txt |
140 | SQLite 安全漏洞 | CNNVD-202401-1406 | CVE-2024-0232 | 中危 | 个人开发者 | https://sqlite.org/forum/forumpost/4aa381993a |
141 | Python 安全漏洞 | CNNVD-202403-1880 | CVE-2024-0450 | 中危 | Python | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
142 | curl 安全漏洞 | CNNVD-202401-2732 | CVE-2024-0853 | 中危 | curl | https://curl.se/docs/CVE-2024-0853.html |
143 | Apache James MIME4J 输入验证错误漏洞 | CNNVD-202402-2305 | CVE-2024-21742 | 中危 | Apache | https://james.apache.org/download.cgi#Apache_Mime4J |
144 | Node.js 安全漏洞 | CNNVD-202403-1801 | CVE-2024-22025 | 中危 | Node.js | https://nodejs.org/en/blog/vulnerability/february-2024-security-releases |
145 | VMware Spring Security 安全漏洞 | CNNVD-202402-1592 | CVE-2024-22234 | 中危 | VMware | https://spring.io/security/cve-2024-22234 |
146 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202402-204 | CVE-2024-23635 | 中危 | OWASP | https://github.com/nahsra/antisamy/releases/tag/v1.7.5 |
147 | Apache Zookeeper 信息泄露漏洞 | CNNVD-202403-1401 | CVE-2024-23944 | 中危 | Apache | https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k |
148 | Apache HTTP Server 安全漏洞 | CNNVD-202404-638 | CVE-2024-24795 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
149 | CKEditor 跨站脚本漏洞 | CNNVD-202402-598 | CVE-2024-24815 | 中危 | CKEditor | https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb |
150 | CKEditor 跨站脚本漏洞 | CNNVD-202402-605 | CVE-2024-24816 | 中危 | CKEditor | https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb |
151 | Apache Commons Compress 安全漏洞 | CNNVD-202402-1528 | CVE-2024-25710 | 中危 | Apache | https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf |
152 | Apache Commons Compress 安全漏洞 | CNNVD-202402-1527 | CVE-2024-26308 | 中危 | Apache | https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg |
153 | Node.js 安全漏洞 | CNNVD-202405-1613 | CVE-2024-27982 | 中危 | Node.js | https://nodejs.org/ |
154 | Nghttp2 安全漏洞 | CNNVD-202404-586 | CVE-2024-28182 | 中危 | Nghttp2 | https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q |
155 | Apache CXF 代码问题漏洞 | CNNVD-202403-1399 | CVE-2024-28752 | 中危 | Apache | https://cxf.apache.org/ |
156 | Follow Redirects 信息泄露漏洞 | CNNVD-202403-1332 | CVE-2024-28849 | 中危 | 个人开发者 | https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp |
157 | Netty 安全漏洞 | CNNVD-202403-2434 | CVE-2024-29025 | 中危 | Netty | https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c |
158 | Express.js 安全漏洞 | CNNVD-202403-2433 | CVE-2024-29041 | 中危 | Express.js | https://github.com/expressjs/express/releases/tag/v5.0.0-beta |
159 | Tiny Technologies TinyMCE 安全漏洞 | CNNVD-202403-2522 | CVE-2024-29203 | 中危 | Tiny Technologies | https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1 |
160 | GNU C Library 安全漏洞 | CNNVD-202404-2641 | CVE-2024-2961 | 中危 | GNU | https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004 |
161 | Tiny Technologies TinyMCE 安全漏洞 | CNNVD-202403-2519 | CVE-2024-29881 | 中危 | Tiny Technologies | https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1 |
162 | Bouncy Castle 安全漏洞 | CNNVD-202405-2620 | CVE-2024-30171 | 中危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
163 | Bouncy Castle 安全漏洞 | CNNVD-202405-2618 | CVE-2024-30172 | 中危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
164 | Pallets Jinja 安全漏洞 | CNNVD-202405-1436 | CVE-2024-34064 | 中危 | Pallets | https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj |
165 | Bouncy Castle 安全漏洞 | CNNVD-202405-1283 | CVE-2024-34447 | 中危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
166 | Apache Tika 安全漏洞 | CNNVD-202206-2671 | CVE-2022-33879 | 低危 | Apache基金会 | https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh |
167 | libssh 安全漏洞 | CNNVD-202312-1736 | CVE-2023-6004 | 低危 | libssh | https://www.libssh.org/files/0.10/ |
168 | libssh 安全漏洞 | CNNVD-202312-1734 | CVE-2023-6918 | 低危 | libssh | https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ |
169 | OpenSSL 安全漏洞 | CNNVD-202401-2353 | CVE-2024-0727 | 低危 | OpenSSL | https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 |
170 | OpenSSL 安全漏洞 | CNNVD-202405-2902 | CVE-2024-4603 | 低危 | OpenSSL | https://www.openssl.org/news/secadv/20240516.txt |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpujul2024.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
来源:CNNVD安全动态