国家漏洞库CNNVD:关于Oracle多个安全漏洞的通报

近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞65个,影响到Oracle产品的其他厂商漏洞170个。包括Oracle Fusion Middleware 安全漏洞(CNNVD-202407-1769、CVE-2024-21181)、Oracle Virtualization 安全漏洞(CNNVD-202407-1644、CVE-2024-21141)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据、提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、漏洞介绍

2024年7月16日,Oracle发布了2024年7月份安全更新,共235个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Analytics、Oracle PeopleSoft Products、Oracle Virtualization、Oracle E-Business Suite、Oracle Java SE等。CNNVD对其危害等级进行了评价,其中超危漏洞24个,高危漏洞78个,中危漏洞120个,低危漏洞13个。

Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpujul2024.html

二、漏洞详情

此次更新共235个漏洞的补丁程序,包括63个新增漏洞的补丁程序、2个更新漏洞的补丁程序和170个影响Oracle产品的其他厂商漏洞的补丁程序。

此次更新共包括63个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞12个,中危漏洞43个,低危漏洞7个。

序号 漏洞名称 CNNVD编号 CVE编号 危害等级 官方链接
1 Oracle Fusion Middleware 安全漏洞 CNNVD-202407-1769 CVE-2024-21181 超危 https://www.oracle.com/security-alerts/cpujul2024.html
2 Oracle Virtualization 安全漏洞 CNNVD-202407-1644 CVE-2024-21141 高危 https://www.oracle.com/security-alerts/cpujul2024.html
3 Oracle Retail Applications 安全漏洞 CNNVD-202407-1660 CVE-2024-21136 高危 https://www.oracle.com/security-alerts/cpujul2024.html
4 Oracle Java SE 安全漏洞 CNNVD-202407-1739 CVE-2024-21147 高危 https://www.oracle.com/security-alerts/cpujul2024.html
5 Oracle Fusion Middleware 安全漏洞 CNNVD-202407-1761 CVE-2024-21183 高危 https://www.oracle.com/security-alerts/cpujul2024.html
6 Oracle Fusion Middleware 安全漏洞 CNNVD-202407-1763 CVE-2024-21175 高危 https://www.oracle.com/security-alerts/cpujul2024.html
7 Oracle Fusion Middleware 安全漏洞 CNNVD-202407-1766 CVE-2024-21182 高危 https://www.oracle.com/security-alerts/cpujul2024.html
8 Oracle Database Server 安全漏洞 CNNVD-202407-1768 CVE-2024-21184 高危 https://www.oracle.com/security-alerts/cpujul2024.html
9 Oracle E-Business Suite 安全漏洞 CNNVD-202407-1772 CVE-2024-21167 高危 https://www.oracle.com/security-alerts/cpujul2024.html
10 Oracle E-Business Suite 安全漏洞 CNNVD-202407-1777 CVE-2024-21146 高危 https://www.oracle.com/security-alerts/cpujul2024.html
11 Oracle E-Business Suite 安全漏洞 CNNVD-202407-1778 CVE-2024-21153 高危 https://www.oracle.com/security-alerts/cpujul2024.html
12 Oracle E-Business Suite 安全漏洞 CNNVD-202407-1779 CVE-2024-21152 高危 https://www.oracle.com/security-alerts/cpujul2024.html
13 Oracle E-Business Suite 安全漏洞 CNNVD-202407-1780 CVE-2024-21149 高危 https://www.oracle.com/security-alerts/cpujul2024.html
14 Oracle Virtualization 安全漏洞 CNNVD-202407-1641 CVE-2024-21161 中危 https://www.oracle.com/security-alerts/cpujul2024.html
15 Oracle ZFS Storage Appliance 安全漏洞 CNNVD-202407-1647 CVE-2024-21155 中危 https://www.oracle.com/security-alerts/cpujul2024.html
16 Oracle PeopleSoft Products 安全漏洞 CNNVD-202407-1663 CVE-2024-21154 中危 https://www.oracle.com/security-alerts/cpujul2024.html
17 Oracle PeopleSoft Products 安全漏洞 CNNVD-202407-1664 CVE-2024-21122 中危 https://www.oracle.com/security-alerts/cpujul2024.html
18 Oracle PeopleSoft Products 安全漏洞 CNNVD-202407-1665 CVE-2024-21180 中危 https://www.oracle.com/security-alerts/cpujul2024.html
19 Oracle PeopleSoft Products 安全漏洞 CNNVD-202407-1668 CVE-2024-21178 中危 https://www.oracle.com/security-alerts/cpujul2024.html
20 Oracle PeopleSoft Products 安全漏洞 CNNVD-202407-1670 CVE-2024-21158 中危 https://www.oracle.com/security-alerts/cpujul2024.html
21 Oracle MySQL 安全漏洞 CNNVD-202407-1672 CVE-2024-21134 中危 https://www.oracle.com/security-alerts/cpujul2024.html
22 Oracle MySQL 安全漏洞 CNNVD-202407-1674 CVE-2024-21142 中危 https://www.oracle.com/security-alerts/cpujul2024.html
23 Oracle MySQL 安全漏洞 CNNVD-202407-1677 CVE-2024-21165 中危 https://www.oracle.com/security-alerts/cpujul2024.html
24 Oracle MySQL 安全漏洞 CNNVD-202407-1678 CVE-2024-21162 中危 https://www.oracle.com/security-alerts/cpujul2024.html
25 Oracle MySQL 安全漏洞 CNNVD-202407-1679 CVE-2024-21137 中危 https://www.oracle.com/security-alerts/cpujul2024.html
26 Oracle MySQL 安全漏洞 CNNVD-202407-1682 CVE-2024-21135 中危 https://www.oracle.com/security-alerts/cpujul2024.html
27 Oracle MySQL 安全漏洞 CNNVD-202407-1685 CVE-2024-21130 中危 https://www.oracle.com/security-alerts/cpujul2024.html
28 Oracle MySQL 安全漏洞 CNNVD-202407-1687 CVE-2024-21129 中危 https://www.oracle.com/security-alerts/cpujul2024.html
29 Oracle MySQL 安全漏洞 CNNVD-202407-1688 CVE-2024-21127 中危 https://www.oracle.com/security-alerts/cpujul2024.html
30 Oracle MySQL 安全漏洞 CNNVD-202407-1692 CVE-2024-21179 中危 https://www.oracle.com/security-alerts/cpujul2024.html
31 Oracle MySQL 安全漏洞 CNNVD-202407-1694 CVE-2024-21185 中危 https://www.oracle.com/security-alerts/cpujul2024.html
32 Oracle MySQL 安全漏洞 CNNVD-202407-1695 CVE-2024-21173 中危 https://www.oracle.com/security-alerts/cpujul2024.html
33 Oracle MySQL 安全漏洞 CNNVD-202407-1697 CVE-2024-21160 中危 https://www.oracle.com/security-alerts/cpujul2024.html
34 Oracle MySQL 安全漏洞 CNNVD-202407-1698 CVE-2024-21159 中危 https://www.oracle.com/security-alerts/cpujul2024.html
35 Oracle MySQL 安全漏洞 CNNVD-202407-1701 CVE-2024-20996 中危 https://www.oracle.com/security-alerts/cpujul2024.html
36 Oracle MySQL 安全漏洞 CNNVD-202407-1703 CVE-2024-21157 中危 https://www.oracle.com/security-alerts/cpujul2024.html
37 Oracle MySQL 安全漏洞 CNNVD-202407-1705 CVE-2024-21125 中危 https://www.oracle.com/security-alerts/cpujul2024.html
38 Oracle MySQL 安全漏洞 CNNVD-202407-1708 CVE-2024-21176 中危 https://www.oracle.com/security-alerts/cpujul2024.html
39 Oracle MySQL 安全漏洞 CNNVD-202407-1710 CVE-2024-21166 中危 https://www.oracle.com/security-alerts/cpujul2024.html
40 Oracle MySQL 安全漏洞 CNNVD-202407-1713 CVE-2024-21170 中危 https://www.oracle.com/security-alerts/cpujul2024.html
41 Oracle MySQL 安全漏洞 CNNVD-202407-1714 CVE-2024-21171 中危 https://www.oracle.com/security-alerts/cpujul2024.html
42 Oracle MySQL 安全漏洞 CNNVD-202407-1717 CVE-2024-21163 中危 https://www.oracle.com/security-alerts/cpujul2024.html
43 Oracle MySQL 安全漏洞 CNNVD-202407-1718 CVE-2024-21177 中危 https://www.oracle.com/security-alerts/cpujul2024.html
44 Oracle JD Edwards Products 安全漏洞 CNNVD-202407-1724 CVE-2024-21168 中危 https://www.oracle.com/security-alerts/cpujul2024.html
45 Oracle JD Edwards Products 安全漏洞 CNNVD-202407-1726 CVE-2024-21150 中危 https://www.oracle.com/security-alerts/cpujul2024.html
46 Oracle Java SE 安全漏洞 CNNVD-202407-1735 CVE-2024-21140 中危 https://www.oracle.com/security-alerts/cpujul2024.html
47 Oracle Java SE 安全漏洞 CNNVD-202407-1737 CVE-2024-21145 中危 https://www.oracle.com/security-alerts/cpujul2024.html
48 Oracle Analytics 安全漏洞 CNNVD-202407-1747 CVE-2024-21139 中危 https://www.oracle.com/security-alerts/cpujul2024.html
49 Oracle Fusion Middleware 安全漏洞 CNNVD-202407-1758 CVE-2024-21133 中危 https://www.oracle.com/security-alerts/cpujul2024.html
50 Oracle Financial Services Applications 安全漏洞 CNNVD-202407-1764 CVE-2024-21188 中危 https://www.oracle.com/security-alerts/cpujul2024.html
51 Oracle E-Business Suite 安全漏洞 CNNVD-202407-1770 CVE-2024-21169 中危 https://www.oracle.com/security-alerts/cpujul2024.html
52 Oracle E-Business Suite 安全漏洞 CNNVD-202407-1773 CVE-2024-21143 中危 https://www.oracle.com/security-alerts/cpujul2024.html
53 Oracle E-Business Suite 安全漏洞 CNNVD-202407-1774 CVE-2024-21128 中危 https://www.oracle.com/security-alerts/cpujul2024.html
54 Oracle E-Business Suite 安全漏洞 CNNVD-202407-1775 CVE-2024-21132 中危 https://www.oracle.com/security-alerts/cpujul2024.html
55 Oracle E-Business Suite 安全漏洞 CNNVD-202407-1776 CVE-2024-21148 中危 https://www.oracle.com/security-alerts/cpujul2024.html
56 Oracle Database Server 安全漏洞 CNNVD-202407-1781 CVE-2024-21126 中危 https://www.oracle.com/security-alerts/cpujul2024.html
57 Oracle Virtualization 安全漏洞 CNNVD-202407-1639 CVE-2024-21164 低危 https://www.oracle.com/security-alerts/cpujul2024.html
58 Oracle Solaris 安全漏洞 CNNVD-202407-1645 CVE-2024-21151 低危 https://www.oracle.com/security-alerts/cpujul2024.html
59 Oracle Java SE 安全漏洞 CNNVD-202407-1729 CVE-2024-21138 低危 https://www.oracle.com/security-alerts/cpujul2024.html
60 Oracle Java SE 安全漏洞 CNNVD-202407-1732 CVE-2024-21144 低危 https://www.oracle.com/security-alerts/cpujul2024.html
61 Oracle Java SE 安全漏洞 CNNVD-202407-1734 CVE-2024-21131 低危 https://www.oracle.com/security-alerts/cpujul2024.html
62 Oracle Database Server 安全漏洞 CNNVD-202407-1771 CVE-2024-21174 低危 https://www.oracle.com/security-alerts/cpujul2024.html
63 Oracle Database Server 安全漏洞 CNNVD-202407-1794 CVE-2024-21123 低危 https://www.oracle.com/security-alerts/cpujul2024.html

此次更新共包括2个更新漏洞的补丁程序,其中中危漏洞1个,低危漏洞1个。

序号 漏洞名称 CNNVD编号 CVE编号 危害等级 官方链接
1 Oracle Java SE 安全漏洞 CNNVD-202310-1388 CVE-2023-22081 中危 https://www.oracle.com/security-alerts/cpuoct2023.html
2 Oracle Java SE 安全漏洞 CNNVD-202404-2253 CVE-2024-21098 低危 https://www.oracle.com/security-alerts/cpuapr2024.html

此次更新共包括170个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞23个,高危漏洞66个,中危漏洞76个,低危漏洞5个。

序号 漏洞

名称

CNNV

D编号

CVE编号 危害等级 厂商 官方

链接

1 Terracotta Quartz Scheduler 代码问题漏洞 CNNVD-201907-1383 CVE-2019-13990 超危 softwareag http://www.quartz-scheduler.org/
2 FasterXML jackson-databind 代码问题漏洞 CNNVD-201910-227 CVE-2019-17267 超危 fasterxml https://github.com/FasterXML/jackson-databind/issues/2460
3 Apache Xmlbeans 输入验证错误漏洞 CNNVD-202101-1146 CVE-2021-23926 超危 Apache基金会 https://issues.apache.org/jira/browse/XMLBEANS-517
4 Stanford CoreNlp 注入漏洞 CNNVD-202202-1877 CVE-2021-44550 超危 Stanford Nlp Group https://github.com/stanfordnlp/CoreNLP/issues/1222
5 corenlp 代码问题漏洞 CNNVD-202201-1390 CVE-2022-0239 超危 Stanford Nlp Group团队 https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3
6 OpenSSL 操作系统命令注入漏洞 CNNVD-202205-1962 CVE-2022-1292 超危 Openssl团队 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
7 joblib 安全漏洞 CNNVD-202209-2716 CVE-2022-21797 超危 joblib https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059
8 Spring Framework 代码注入漏洞 CNNVD-202203-2514 CVE-2022-22965 超危 Spring团队 https://tanzu.vmware.com/security/cve-2022-22965
9 Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞 CNNVD-202302-1411 CVE-2022-25987 超危 Intel http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
10 Dell BSAFE 安全漏洞 CNNVD-202402-197 CVE-2022-34381 超危 Dell https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability
11 Scala 代码问题漏洞 CNNVD-202209-2463 CVE-2022-36944 超危 Scala https://www.scala-lang.org/download/
12 zlib 缓冲区错误漏洞 CNNVD-202208-2276 CVE-2022-37434 超危 个人开发者 https://github.com/madler/zlib/
13 Apache SOAP 访问控制错误漏洞 CNNVD-202211-2683 CVE-2022-45378 超危 Apache https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31
14 Apache Derby 注入漏洞 CNNVD-202311-1655 CVE-2022-46337 超危 Apache基金会 https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
15 BusyBox 缓冲区错误漏洞 CNNVD-202208-4625 CVE-2022-48174 超危 个人开发者 https://bugs.busybox.net/show_bug.cgi?id=15216
16 VMware Spring Security 安全漏洞 CNNVD-202307-1680 CVE-2023-34034 超危 VMware https://spring.io/security/cve-2023-34034
17 Certifi 数据伪造问题漏洞 CNNVD-202307-2046 CVE-2023-37920 超危 Certifi https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
18 Node.js 路径遍历漏洞 CNNVD-202310-1126 CVE-2023-39332 超危 Nodejs https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
19 Apache Axis 输入验证错误漏洞 CNNVD-202309-348 CVE-2023-40743 超危 Apache基金会 https://lists.apache.org/thread/gs0qgk2mgss7zfhzdd6ftfjvm4kp7v82
20 zlib 输入验证错误漏洞 CNNVD-202310-1086 CVE-2023-45853 超危 个人开发者 https://github.com/madler/zlib/pull/843
21 Apache Arrow 代码问题漏洞 CNNVD-202311-735 CVE-2023-47248 超危 Apache基金会 https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
22 Pillow 安全漏洞 CNNVD-202401-1886 CVE-2023-50447 超危 个人开发者 https://github.com/python-pillow/Pillow/releases/tag/10.2
23 Jenkins 安全漏洞 CNNVD-202401-2204 CVE-2024-23897 超危 Jenkins https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
24 Apache Commons Beanutils 代码问题漏洞 CNNVD-201908-1140 CVE-2019-10086 高危 debian https://issues.apache.org/jira/browse/BEANUTILS-520
25 Apache Batik 代码问题漏洞 CNNVD-202102-1586 CVE-2020-11987 高危 Apache基金会 https://xmlgraphics.apache.org/security.html
26 Microsoft .NET Core 安全漏洞 CNNVD-202102-681 CVE-2021-24112 高危 Microsoft https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112
27 Apache Commons Compress 安全漏洞 CNNVD-202107-899 CVE-2021-36090 高危 Apache基金会 https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
28 Apache Xalan 输入验证错误漏洞 CNNVD-202207-1617 CVE-2022-34169 高危 Apache基金会 https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
29 OpenSSL 安全漏洞 CNNVD-202210-2604 CVE-2022-3786 高危 OpenSSL团队 https://www.openssl.org/news/secadv/20221101.txt
30 Apache XML Graphics Batik代码问题漏洞 CNNVD-202209-2287 CVE-2022-40146 高危 Apache基金会 https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx
31 Jettison 缓冲区错误漏洞 CNNVD-202209-1235 CVE-2022-40149 高危 个人开发者 https://github.com/jettison-json/jettison/issues/45
32 Jettison 资源管理错误漏洞 CNNVD-202209-1233 CVE-2022-40150 高危 个人开发者 https://github.com/jettison-json/jettison/issues/45
33 XStream 缓冲区错误漏洞 CNNVD-202209-1230 CVE-2022-40152 高危 XStream https://github.com/x-stream/xstream/issues/304
34 Apache XML Graphics Batik 代码问题漏洞 CNNVD-202210-1712 CVE-2022-41704 高危 Apache基金会 https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
35 Netty 安全漏洞 CNNVD-202212-2914 CVE-2022-41881 高危 Netty社区 https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
36 FasterXML jackson-databind 代码问题漏洞 CNNVD-202210-007 CVE-2022-42003 高危 FasterXML https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
37 Apache XML Graphics Batik 代码问题漏洞 CNNVD-202210-1707 CVE-2022-42890 高危 Apache基金会 https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
38 Jettison 缓冲区错误漏洞 CNNVD-202212-3132 CVE-2022-45685 高危 个人开发者 https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
39 Jettison 缓冲区错误漏洞 CNNVD-202212-3128 CVE-2022-45693 高危 个人开发者 https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
40 netplex json-smart 安全漏洞 CNNVD-202303-1658 CVE-2023-1370 高危 netplex https://netplex.github.io/json-smart/
41 Jettison 安全漏洞 CNNVD-202303-1656 CVE-2023-1436 高危 Jettison https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
42 Apache Commons FileUpload 安全漏洞 CNNVD-202302-1610 CVE-2023-24998 高危 Apache基金会 https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
43 Apache Hadoop 代码问题漏洞 CNNVD-202311-1444 CVE-2023-26031 高危 Apache基金会 https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r
44 Google Guava 安全漏洞 CNNVD-202306-1141 CVE-2023-2976 高危 Google https://github.com/google/guava
45 Spring Framework 代码问题漏洞 CNNVD-202308-1998 CVE-2023-34040 高危 Spring https://spring.io/security/cve-2023-34040
46 Eclipse Jetty 资源管理错误漏洞 CNNVD-202310-691 CVE-2023-36478 高危 Eclipse基金会 https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
47 HCL BigFix Platform 输入验证错误漏洞 CNNVD-202310-848 CVE-2023-37536 高危 HCL Technologies https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
48 Node.js 数据伪造问题漏洞 CNNVD-202310-1128 CVE-2023-38552 高危 Nodejs https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
49 Node.js 路径遍历漏洞 CNNVD-202310-1127 CVE-2023-39331 高危 Nodejs https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
50 Eclipse Parsson 安全漏洞 CNNVD-202311-268 CVE-2023-4043 高危 Eclipse基金会 https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
51 Python 代码问题漏洞 CNNVD-202308-1930 CVE-2023-41105 高危 Python基金会 https://github.com/python/cpython/pull/107982
52 Apache HTTP/2 资源管理错误漏洞 CNNVD-202310-667 CVE-2023-44487 高危 Apache基金会 https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
53 Apache Tomcat 环境问题漏洞 CNNVD-202311-2168 CVE-2023-46589 高危 Apache基金会 https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
54 Eclipse JGit 安全漏洞 CNNVD-202309-850 CVE-2023-4759 高危 Eclipse基金会 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11
55 aiohttp 安全漏洞 CNNVD-202311-1314 CVE-2023-47627 高危 个人开发者 https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
56 JSON-Java 安全漏洞 CNNVD-202310-951 CVE-2023-5072 高危 个人开发者 https://github.com/stleary/JSON-java/
57 jose4j 安全漏洞 CNNVD-202402-2688 CVE-2023-51775 高危 Bitbucket https://bitbucket.org/b_c/jose4j/downloads/
58 libexpat 安全漏洞 CNNVD-202402-245 CVE-2023-52425 高危 个人开发者 https://github.com/libexpat/libexpat/pull/789
59 Connect2id Nimbus JOSE+JWT 安全漏洞 CNNVD-202402-845 CVE-2023-52428 高危 Connect2id https://connect2id.com/products/nimbus-jose-jwt
60 OpenSSL 安全漏洞 CNNVD-202310-1871 CVE-2023-5363 高危 OpenSSL团队 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
61 Red Hat XNIO 资源管理错误漏洞 CNNVD-202403-455 CVE-2023-5685 高危 Red Hat https://github.com/xnio/xnio/tags
62 Red Hat Ansible 安全漏洞 CNNVD-202311-262 CVE-2023-5764 高危 Red Hat https://access.redhat.com/security/cve/cve-2023-5764
63 Python 安全漏洞 CNNVD-202403-1882 CVE-2023-6597 高危 Python https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
64 cpython 安全漏洞 CNNVD-202406-1925 CVE-2024-0397 高危 Python https://github.com/gentoo/cpython/commit/a6a90cac7e1af91b032dcf0df13437857bc6c112
65 Node.js 安全漏洞 CNNVD-202402-1466 CVE-2024-21892 高危 Node.js https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892—high
66 Node.js 安全漏洞 CNNVD-202402-1467 CVE-2024-22019 高危 Node.js https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019—high
67 Eclipse Jetty 安全漏洞 CNNVD-202402-2103 CVE-2024-22201 高危 Eclipse https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
68 Spring Framework 安全漏洞 CNNVD-202402-1929 CVE-2024-22243 高危 Spring https://spring.io/projects/spring-framework#support
69 VMware Spring Security 安全漏洞 CNNVD-202403-1650 CVE-2024-22257 高危 VMware https://spring.io/security/cve-2024-22257
70 Spring Framework 安全漏洞 CNNVD-202403-1543 CVE-2024-22259 高危 Spring https://spring.io/security/cve-2024-22259
71 Spring Framework 安全漏洞 CNNVD-202404-2193 CVE-2024-22262 高危 Spring https://spring.io/security/cve-2024-22262
72 Apache Tomcat 安全漏洞 CNNVD-202403-1180 CVE-2024-23672 高危 Apache https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
73 Apache Xerces-C 资源管理错误漏洞 CNNVD-202402-1469 CVE-2024-23807 高危 Apache https://github.com/apache/xerces-c/pull/54
74 Jenkins 安全漏洞 CNNVD-202401-2202 CVE-2024-23898 高危 Jenkins https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315
75 Apache Tomcat 输入验证错误漏洞 CNNVD-202403-1179 CVE-2024-24549 高危 Apache https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
76 libxml2 安全漏洞 CNNVD-202402-242 CVE-2024-25062 高危 个人开发者 https://gitlab.gnome.org/GNOME/libxml2/-/tags
77 OpenSSL 安全漏洞 CNNVD-202404-941 CVE-2024-2511 高危 OpenSSL https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
78 python-cryptography 安全漏洞 CNNVD-202402-1783 CVE-2024-26130 高危 Cryptographic https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
79 Apache httpd 资源管理错误漏洞 CNNVD-202404-635 CVE-2024-27316 高危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
80 Node.js 安全漏洞 CNNVD-202404-991 CVE-2024-27983 高危 Node.js https://nodejs.org/en/blog/vulnerability/april-2024-security-releases
81 libexpat 安全漏洞 CNNVD-202403-795 CVE-2024-28757 高危 libexpat https://github.com/libexpat/libexpat/pull/842
82 Apache Commons Configuration 缓冲区错误漏洞 CNNVD-202403-2143 CVE-2024-29131 高危 Apache https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
83 Apache Commons Configuration 缓冲区错误漏洞 CNNVD-202403-2142 CVE-2024-29133 高危 Apache https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2
84 Bouncy Castle 安全漏洞 CNNVD-202405-2601 CVE-2024-29857 高危 Bouncy Castle https://www.bouncycastle.org/latest_releases.html
85 Apache ActiveMQ 安全漏洞 CNNVD-202405-256 CVE-2024-32114 高危 Apache https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt
86 Pallets Werkzeug 安全漏洞 CNNVD-202405-1428 CVE-2024-34069 高危 Pallets https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
87 libxml2 安全漏洞 CNNVD-202405-2380 CVE-2024-34459 高危 个人开发者 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8
88 OpenSSL 安全漏洞 CNNVD-202405-4739 CVE-2024-4741 高危 OpenSSL https://github.com/openssl/openssl
89 Red Hat Undertow 资源管理错误漏洞 CNNVD-202406-2368 CVE-2024-6162 高危 Red Hat https://bugzilla.redhat.com/show_bug.cgi?id=2293069
90 Apache HttpClient 安全漏洞 CNNVD-202010-372 CVE-2020-13956 中危 Apache基金会 https://www.apache.org/
91 Apache Ant 信息泄露漏洞 CNNVD-202005-777 CVE-2020-1945 中危 Apache基金会 https://ant.apache.org/security.html
92 netplex json-smart-v 代码问题漏洞 CNNVD-202102-1490 CVE-2021-27568 中危 个人开发者 https://github.com/netplex/json-smart-v2
93 Apache Commons IO 路径遍历漏洞 CNNVD-202104-702 CVE-2021-29425 中危 Apache基金会 https://issues.apache.org/jira/browse/IO-556
94 Highcharts JS 跨站脚本漏洞 CNNVD-202105-177 CVE-2021-29489 中危 个人开发者 https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95
95 Apache Ant 安全漏洞 CNNVD-202107-983 CVE-2021-36373 中危 Apache基金会 https://ant.apache.org/
96 Apache Ant 安全漏洞 CNNVD-202107-984 CVE-2021-36374 中危 Apache基金会 https://ant.apache.org/
97 Apache Commons Net 输入验证错误漏洞 CNNVD-202212-2188 CVE-2021-37533 中危 Apache基金会 https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
98 jQuery 跨站脚本漏洞 CNNVD-202110-1843 CVE-2021-41182 中危 个人开发者 https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
99 jQuery 跨站脚本漏洞 CNNVD-202110-1839 CVE-2021-41183 中危 个人开发者 https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
100 Openjs Jquery Ui 跨站脚本漏洞 CNNVD-202110-1845 CVE-2021-41184 中危 Openjs基金会 https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
101 Vmware Spring Framework 安全漏洞 CNNVD-202203-2333 CVE-2022-22950 中危 VMware https://tanzu.vmware.com/security/cve-2022-22950
102 Vmware Spring Framework 安全特征问题漏洞 CNNVD-202204-3302 CVE-2022-22968 中危 VMware https://tanzu.vmware.com/security/cve-2022-22968
103 Spring Framework 输入验证错误漏洞 CNNVD-202205-2988 CVE-2022-22970 中危 Spring团队 https://spring.io/projects/spring-framework
104 jQuery 跨站脚本漏洞 CNNVD-202207-2121 CVE-2022-31160 中危 个人开发者 https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
105 jsoup 跨站脚本漏洞 CNNVD-202208-4329 CVE-2022-36033 中危 个人开发者 https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
106 Apache XML Graphics Batik 代码问题漏洞 CNNVD-202209-2289 CVE-2022-38398 中危 Apache基金会 https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx
107 Apache XML Graphics Batik 代码问题漏洞 CNNVD-202209-2288 CVE-2022-38648 中危 Apache基金会 https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
108 Netty 安全漏洞 CNNVD-202212-3060 CVE-2022-41915 中危 Netty社区 https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
109 Spring Framework 安全漏洞 CNNVD-202303-1917 CVE-2023-20861 中危 Spring https://spring.io/security/cve-2023-20861
110 Google Pixel 安全漏洞 CNNVD-202303-1998 CVE-2023-21036 中危 Google https://source.android.com/security/bulletin/pixel/2023-03-01
111 Ruby 安全漏洞 CNNVD-202303-2412 CVE-2023-28755 中危 个人开发者 https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
112 Ruby 安全漏洞 CNNVD-202303-2720 CVE-2023-28756 中危 个人开发者 https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
113 Flexera InstallShield 安全漏洞 CNNVD-202401-2402 CVE-2023-29081 中危 Flexera https://community.flexera.com/t5/Product-Downloads/ct-p/Downloads
114 OpenSSL 授权问题漏洞 CNNVD-202307-1295 CVE-2023-2975 中危 OpenSSL团队 https://www.openssl.org/news/secadv/20230714.txt
115 Bouncy Castle 信任管理问题漏洞 CNNVD-202307-168 CVE-2023-33201 中危 Bouncy Castle https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
116 Bouncy Castle 资源管理错误漏洞 CNNVD-202311-1981 CVE-2023-33202 中危 Bouncy Castle https://www.bouncycastle.org/latest_releases.html
117 VMware Spring Boot 安全漏洞 CNNVD-202311-2124 CVE-2023-34055 中危 VMware https://github.com/spring-projects/spring-boot/releases/tag/v3.0.
118 OpenSSL 安全漏洞 CNNVD-202307-1681 CVE-2023-3446 中危 OpenSSL团队 https://www.openssl.org/news/secadv/20230719.txt
119 FasterXML jackson-databind 代码问题漏洞 CNNVD-202306-1121 CVE-2023-35116 中危 FasterXML https://github.com/FasterXML/jackson-databind/issues/3972
120 Apache MINA 路径遍历漏洞 CNNVD-202307-582 CVE-2023-35887 中危 Apache基金会 https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
121 Eclipse Jetty 安全漏洞 CNNVD-202309-1093 CVE-2023-36479 中危 Eclipse基金会 https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
122 OpenSSL 安全漏洞 CNNVD-202307-2314 CVE-2023-3817 中危 OpenSSL团队 https://www.openssl.org/news/secadv/20230731.txt
123 Apache HTTP Server 安全漏洞 CNNVD-202404-641 CVE-2023-38709 中危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
124 Eclipse Jetty 安全漏洞 CNNVD-202309-1102 CVE-2023-40167 中危 Eclipse基金会 https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
125 Eclipse Jetty 安全漏洞 CNNVD-202309-1113 CVE-2023-41900 中危 Eclipse基金会 https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
126 Apache Commons Compress 资源管理错误漏洞 CNNVD-202309-1000 CVE-2023-42503 中危 Apache基金会 https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
127 Apache Santuario 日志信息泄露漏洞 CNNVD-202310-1720 CVE-2023-44483 中危 Apache基金会 https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
128 curl 安全漏洞 CNNVD-202312-490 CVE-2023-46218 中危 curl https://curl.se/docs/CVE-2023-46218.html
129 curl 安全漏洞 CNNVD-202312-499 CVE-2023-46219 中危 curl https://curl.se/docs/CVE-2023-46219.html
130 Apache Shiro 输入验证错误漏洞 CNNVD-202312-1453 CVE-2023-46750 中危 Apache基金会 https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
131 OpenSSH 安全漏洞 CNNVD-202312-1668 CVE-2023-48795 中危 OpenBSD https://www.openssh.com/openbsd.html
132 aiohttp 安全漏洞 CNNVD-202311-2265 CVE-2023-49081 中危 个人开发者 https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
133 aiohttp 注入漏洞 CNNVD-202311-2232 CVE-2023-49082 中危 个人开发者 https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx
134 Python cryptography 代码问题漏洞 CNNVD-202311-2230 CVE-2023-49083 中危 Python基金会 https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
135 Jayway JsonPath 安全漏洞 CNNVD-202312-2349 CVE-2023-51074 中危 json-path https://github.com/json-path/JsonPath/issues/973
136 libexpat 安全漏洞 CNNVD-202402-243 CVE-2023-52426 中危 个人开发者 https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
137 OpenSSL 代码问题漏洞 CNNVD-202311-423 CVE-2023-5678 中危 OpenSSL https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
138 GnuTLS 安全漏洞 CNNVD-202311-1944 CVE-2023-5981 中危 个人开发者 https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d
139 OpenSSL 安全漏洞 CNNVD-202401-736 CVE-2023-6129 中危 OpenSSL https://www.openssl.org/news/secadv/20240109.txt
140 SQLite 安全漏洞 CNNVD-202401-1406 CVE-2024-0232 中危 个人开发者 https://sqlite.org/forum/forumpost/4aa381993a
141 Python 安全漏洞 CNNVD-202403-1880 CVE-2024-0450 中危 Python https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85
142 curl 安全漏洞 CNNVD-202401-2732 CVE-2024-0853 中危 curl https://curl.se/docs/CVE-2024-0853.html
143 Apache James MIME4J 输入验证错误漏洞 CNNVD-202402-2305 CVE-2024-21742 中危 Apache https://james.apache.org/download.cgi#Apache_Mime4J
144 Node.js 安全漏洞 CNNVD-202403-1801 CVE-2024-22025 中危 Node.js https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
145 VMware Spring Security 安全漏洞 CNNVD-202402-1592 CVE-2024-22234 中危 VMware https://spring.io/security/cve-2024-22234
146 OWASP AntiSamy 跨站脚本漏洞 CNNVD-202402-204 CVE-2024-23635 中危 OWASP https://github.com/nahsra/antisamy/releases/tag/v1.7.5
147 Apache Zookeeper 信息泄露漏洞 CNNVD-202403-1401 CVE-2024-23944 中危 Apache https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k
148 Apache HTTP Server 安全漏洞 CNNVD-202404-638 CVE-2024-24795 中危 Apache https://httpd.apache.org/security/vulnerabilities_24.html
149 CKEditor 跨站脚本漏洞 CNNVD-202402-598 CVE-2024-24815 中危 CKEditor https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
150 CKEditor 跨站脚本漏洞 CNNVD-202402-605 CVE-2024-24816 中危 CKEditor https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
151 Apache Commons Compress 安全漏洞 CNNVD-202402-1528 CVE-2024-25710 中危 Apache https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
152 Apache Commons Compress 安全漏洞 CNNVD-202402-1527 CVE-2024-26308 中危 Apache https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
153 Node.js 安全漏洞 CNNVD-202405-1613 CVE-2024-27982 中危 Node.js https://nodejs.org/
154 Nghttp2 安全漏洞 CNNVD-202404-586 CVE-2024-28182 中危 Nghttp2 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
155 Apache CXF 代码问题漏洞 CNNVD-202403-1399 CVE-2024-28752 中危 Apache https://cxf.apache.org/
156 Follow Redirects 信息泄露漏洞 CNNVD-202403-1332 CVE-2024-28849 中危 个人开发者 https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
157 Netty 安全漏洞 CNNVD-202403-2434 CVE-2024-29025 中危 Netty https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
158 Express.js 安全漏洞 CNNVD-202403-2433 CVE-2024-29041 中危 Express.js https://github.com/expressjs/express/releases/tag/v5.0.0-beta
159 Tiny Technologies TinyMCE 安全漏洞 CNNVD-202403-2522 CVE-2024-29203 中危 Tiny Technologies https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
160 GNU C Library 安全漏洞 CNNVD-202404-2641 CVE-2024-2961 中危 GNU https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
161 Tiny Technologies TinyMCE 安全漏洞 CNNVD-202403-2519 CVE-2024-29881 中危 Tiny Technologies https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
162 Bouncy Castle 安全漏洞 CNNVD-202405-2620 CVE-2024-30171 中危 Bouncy Castle https://www.bouncycastle.org/latest_releases.html
163 Bouncy Castle 安全漏洞 CNNVD-202405-2618 CVE-2024-30172 中危 Bouncy Castle https://www.bouncycastle.org/latest_releases.html
164 Pallets Jinja 安全漏洞 CNNVD-202405-1436 CVE-2024-34064 中危 Pallets https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
165 Bouncy Castle 安全漏洞 CNNVD-202405-1283 CVE-2024-34447 中危 Bouncy Castle https://www.bouncycastle.org/latest_releases.html
166 Apache Tika 安全漏洞 CNNVD-202206-2671 CVE-2022-33879 低危 Apache基金会 https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
167 libssh 安全漏洞 CNNVD-202312-1736 CVE-2023-6004 低危 libssh https://www.libssh.org/files/0.10/
168 libssh 安全漏洞 CNNVD-202312-1734 CVE-2023-6918 低危 libssh https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
169 OpenSSL 安全漏洞 CNNVD-202401-2353 CVE-2024-0727 低危 OpenSSL https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
170 OpenSSL 安全漏洞 CNNVD-202405-2902 CVE-2024-4603 低危 OpenSSL https://www.openssl.org/news/secadv/20240516.txt

三、修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:

https://www.oracle.com/security-alerts/cpujul2024.html

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

来源:CNNVD安全动态

上一篇:迪士尼泄露1TB敏感数据,黑客称为艺术复仇

下一篇:美国家具巨头遭勒索攻击:工厂被迫关闭 业务受到严重影响