 |
近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞91个,影响到Oracle产品的其他厂商漏洞225个。Oracle Mysql、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products等多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2024年10月15日,Oracle发布了2024年10月份安全更新,共316个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products、Oracle PeopleSoft Enterprise HCM Global Payroll、Oracle Hyperion等。CNNVD对其危害等级进行了评价,其中超危漏洞23个,高危漏洞133个,中危漏洞131个,低危漏洞29个。
Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpuoct2024.html
二、漏洞详情
此次更新共316个漏洞的补丁程序,包括85个新增漏洞的补丁程序、6个更新漏洞的补丁程序和225个影响Oracle产品的其他厂商漏洞的补丁程序。
此次更新共包括85个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞32个,中危漏洞36个,低危漏洞15个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Oracle Hospitality Applications 安全漏洞 |
CNNVD-202410-1411 |
CVE-2024-21172 |
超危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
2 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202410-1425 |
CVE-2024-21216 |
超危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
3 |
Oracle Virtualization 安全漏洞 |
CNNVD-202410-1370 |
CVE-2024-21259 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
4 |
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 |
CNNVD-202410-1374 |
CVE-2024-21214 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
5 |
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 |
CNNVD-202410-1376 |
CVE-2024-21255 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
6 |
Oracle PeopleSoft Enterprise HCM Global Payroll 安全漏洞 |
CNNVD-202410-1378 |
CVE-2024-21283 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
7 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1406 |
CVE-2024-21272 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
8 |
Oracle BI Publisher 安全漏洞 |
CNNVD-202410-1413 |
CVE-2024-21195 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
9 |
Oracle Analytics 安全漏洞 |
CNNVD-202410-1414 |
CVE-2024-21254 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
10 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202410-1417 |
CVE-2024-21234 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
11 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202410-1418 |
CVE-2024-21215 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
12 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202410-1420 |
CVE-2024-21260 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
13 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202410-1421 |
CVE-2024-21274 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
14 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202410-1422 |
CVE-2024-21246 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
15 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202410-1423 |
CVE-2024-21190 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
16 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202410-1424 |
CVE-2024-21191 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
17 |
Oracle Financial Services Applications 安全漏洞 |
CNNVD-202410-1427 |
CVE-2024-21284 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
18 |
Oracle Financial Services Applications 安全漏洞 |
CNNVD-202410-1428 |
CVE-2024-21285 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
19 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1431 |
CVE-2024-21276 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
20 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1432 |
CVE-2024-21279 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
21 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1433 |
CVE-2024-21265 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
22 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1434 |
CVE-2024-21252 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
23 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1435 |
CVE-2024-21280 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
24 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1436 |
CVE-2024-21275 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
25 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1437 |
CVE-2024-21277 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
26 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1438 |
CVE-2024-21269 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
27 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1439 |
CVE-2024-21250 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
28 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1440 |
CVE-2024-21271 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
29 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1441 |
CVE-2024-21282 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
30 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1442 |
CVE-2024-21267 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
31 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1443 |
CVE-2024-21278 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
32 |
Oracle Applications Manager 安全漏洞 |
CNNVD-202410-1444 |
CVE-2024-21268 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
33 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1445 |
CVE-2024-21270 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
34 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1446 |
CVE-2024-21266 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
35 |
Oracle Virtualization 安全漏洞 |
CNNVD-202410-1367 |
CVE-2024-21248 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
36 |
Oracle Virtualization 安全漏洞 |
CNNVD-202410-1368 |
CVE-2024-21273 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
37 |
Oracle Virtualization 安全漏洞 |
CNNVD-202410-1369 |
CVE-2024-21263 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
38 |
Oracle PeopleSoft 安全漏洞 |
CNNVD-202410-1371 |
CVE-2024-21249 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
39 |
Oracle PeopleSoft Products 安全漏洞 |
CNNVD-202410-1372 |
CVE-2024-21286 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
40 |
Oracle PeopleSoft Enterprise CC Common Application Objects 安全漏洞 |
CNNVD-202410-1373 |
CVE-2024-21264 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
41 |
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 |
CNNVD-202410-1375 |
CVE-2024-21202 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
42 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1382 |
CVE-2024-21200 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
43 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1385 |
CVE-2024-21212 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
44 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1386 |
CVE-2024-21204 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
45 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1387 |
CVE-2024-21193 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
46 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1389 |
CVE-2024-21213 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
47 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1390 |
CVE-2024-21201 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
48 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1391 |
CVE-2024-21241 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
49 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1392 |
CVE-2024-21219 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
50 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1393 |
CVE-2024-21198 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
51 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1394 |
CVE-2024-21239 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
52 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1395 |
CVE-2024-21197 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
53 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1396 |
CVE-2024-21236 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
54 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1397 |
CVE-2024-21199 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
55 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1398 |
CVE-2024-21207 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
56 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1399 |
CVE-2024-21203 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
57 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1400 |
CVE-2024-21194 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
58 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1401 |
CVE-2024-21218 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
59 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1402 |
CVE-2024-21238 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
60 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1403 |
CVE-2024-21196 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
61 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1404 |
CVE-2024-21230 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
62 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1405 |
CVE-2024-21262 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
63 |
Oracle Java SE 安全漏洞 |
CNNVD-202410-1412 |
CVE-2024-21235 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
64 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202410-1415 |
CVE-2024-21192 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
65 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202410-1416 |
CVE-2024-21205 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
66 |
Oracle Financial Services Applications 安全漏洞 |
CNNVD-202410-1426 |
CVE-2024-21281 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
67 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1429 |
CVE-2024-21206 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
68 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202410-1430 |
CVE-2024-21258 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
69 |
Oracle Database Server 安全漏洞 |
CNNVD-202410-1515 |
CVE-2024-21233 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
70 |
Oracle Application Express 安全漏洞 |
CNNVD-202410-1517 |
CVE-2024-21261 |
中危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
71 |
Oracle Virtualization 安全漏洞 |
CNNVD-202410-1366 |
CVE-2024-21253 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
72 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1377 |
CVE-2024-21209 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
73 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1379 |
CVE-2024-21243 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
74 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1380 |
CVE-2024-21232 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
75 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1381 |
CVE-2024-21237 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
76 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1383 |
CVE-2024-21247 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
77 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1384 |
CVE-2024-21231 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
78 |
Oracle MySQL 安全漏洞 |
CNNVD-202410-1388 |
CVE-2024-21244 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
79 |
Oracle Java SE 安全漏洞 |
CNNVD-202410-1407 |
CVE-2024-21217 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
80 |
Oracle Java SE 安全漏洞 |
CNNVD-202410-1408 |
CVE-2024-21211 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
81 |
Oracle Java SE 安全漏洞 |
CNNVD-202410-1409 |
CVE-2024-21210 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
82 |
Oracle Hyperion 安全漏洞 |
CNNVD-202410-1410 |
CVE-2024-21257 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
83 |
Oracle Java SE 安全漏洞 |
CNNVD-202410-1419 |
CVE-2024-21208 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
84 |
Oracle Database Server 安全漏洞 |
CNNVD-202410-1516 |
CVE-2024-21242 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
|
85 |
Oracle Database Server 安全漏洞 |
CNNVD-202410-1518 |
CVE-2024-21251 |
低危 |
https://www.oracle.com/security-alerts/cpuoct2024.html |
此次更新共包括6个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞2个,低危漏洞3个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Oracle Java SE 安全漏洞 |
CNNVD-202407-1739 |
CVE-2024-21147 |
高危 |
https://www.oracle.com/security-alerts/cpujul2024.html |
|
2 |
Oracle Java SE 安全漏洞 |
CNNVD-202407-1735 |
CVE-2024-21140 |
中危 |
https://www.oracle.com/security-alerts/cpujul2024.html |
|
3 |
Oracle Java SE 安全漏洞 |
CNNVD-202407-1737 |
CVE-2024-21145 |
中危 |
https://www.oracle.com/security-alerts/cpujul2024.html |
|
4 |
Oracle Java SE 安全漏洞 |
CNNVD-202407-1734 |
CVE-2024-21131 |
低危 |
https://www.oracle.com/security-alerts/cpujul2024.html |
|
5 |
Oracle Java SE 安全漏洞 |
CNNVD-202407-1729 |
CVE-2024-21138 |
低危 |
https://www.oracle.com/security-alerts/cpujul2024.html |
|
6 |
Oracle Java SE 安全漏洞 |
CNNVD-202407-1732 |
CVE-2024-21144 |
低危 |
https://www.oracle.com/security-alerts/cpujul2024.html |
此次更新共包括225个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞21个,高危漏洞100个,中危漏洞93个,低危漏洞11个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
|
1 |
Apache Chainsaw 代码问题漏洞 |
CNNVD-202106-1293 |
CVE-2020-9493 |
超危 |
Apache基金会 |
https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E |
|
2 |
OpenSSL 操作系统命令注入漏洞 |
CNNVD-202205-1962 |
CVE-2022-1292 |
超危 |
Openssl团队 |
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 |
|
3 |
SnakeYAML 代码问题漏洞 |
CNNVD-202212-1820 |
CVE-2022-1471 |
超危 |
个人开发者 |
https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 |
|
4 |
OpenSSL 操作系统命令注入漏洞 |
CNNVD-202206-2112 |
CVE-2022-2068 |
超危 |
OpenSSL |
https://www.openssl.org/source/ |
|
5 |
Apache Log4j SQL注入漏洞 |
CNNVD-202201-1421 |
CVE-2022-23305 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y |
|
6 |
Dell BSAFE 安全漏洞 |
CNNVD-202402-197 |
CVE-2022-34381 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability |
|
7 |
Apache HTTP Server 环境问题漏洞 |
CNNVD-202301-1299 |
CVE-2022-36760 |
超危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
8 |
XKCP 输入验证错误漏洞 |
CNNVD-202210-1541 |
CVE-2022-37454 |
超危 |
XKCP |
https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a |
|
9 |
Apache Derby 注入漏洞 |
CNNVD-202311-1655 |
CVE-2022-46337 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 |
|
10 |
Certifi 数据伪造问题漏洞 |
CNNVD-202307-2046 |
CVE-2023-37920 |
超危 |
Certifi |
https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
|
11 |
OpenSSH 代码问题漏洞 |
CNNVD-202307-1721 |
CVE-2023-38408 |
超危 |
OpenBSD |
https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8 |
|
12 |
curl 缓冲区错误漏洞 |
CNNVD-202310-917 |
CVE-2023-38545 |
超危 |
curl |
https://github.com/curl/curl/commit/fb4415d8aee6c1 |
|
13 |
Apache ZooKeeper 安全漏洞 |
CNNVD-202310-856 |
CVE-2023-44981 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b |
|
14 |
zlib 输入验证错误漏洞 |
CNNVD-202310-1086 |
CVE-2023-45853 |
超危 |
个人开发者 |
https://github.com/madler/zlib/pull/843 |
|
15 |
Pillow 安全漏洞 |
CNNVD-202401-1886 |
CVE-2023-50447 |
超危 |
个人开发者 |
https://github.com/python-pillow/Pillow/releases/tag/10.2 |
|
16 |
OpenSSH 安全漏洞 |
CNNVD-202312-1665 |
CVE-2023-51385 |
超危 |
OpenBSD |
https://www.openssh.com/txt/release-9.6 |
|
17 |
PHP 安全漏洞 |
CNNVD-202404-3501 |
CVE-2024-1874 |
超危 |
PHP |
https://www.php.net/downloads.php |
|
18 |
RequireJS 安全漏洞 |
CNNVD-202407-034 |
CVE-2024-38999 |
超危 |
RequireJS |
https://github.com/requirejs/r.js |
|
19 |
Jenkins 安全漏洞 |
CNNVD-202408-533 |
CVE-2024-43044 |
超危 |
Jenkins |
https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430 |
|
20 |
libexpat 安全漏洞 |
CNNVD-202408-2839 |
CVE-2024-45490 |
超危 |
libexpat |
https://github.com/libexpat/libexpat |
|
21 |
PHP 操作系统命令注入漏洞 |
CNNVD-202406-852 |
CVE-2024-4577 |
超危 |
PHP |
https://www.php.net/downloads |
|
22 |
jackson-mapper-asl 代码问题漏洞 |
CNNVD-201911-1110 |
CVE-2019-10172 |
高危 |
个人开发者 |
https://mvnrepository.com/artifact/org.codehaus.jackson |
|
23 |
OpenSSH 操作系统命令注入漏洞 |
CNNVD-202007-1519 |
CVE-2020-15778 |
高危 |
OpenBSD |
https://www.openssh.com/ |
|
24 |
Npm underscore 代码注入漏洞 |
CNNVD-202103-1621 |
CVE-2021-23358 |
高危 |
Npm |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504 |
|
25 |
Netty 资源管理错误漏洞 |
CNNVD-202110-1442 |
CVE-2021-37136 |
高危 |
Netty社区 |
https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv |
|
26 |
Netty 资源管理错误漏洞 |
CNNVD-202110-1441 |
CVE-2021-37137 |
高危 |
Netty社区 |
https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 |
|
27 |
Apache Log4j 代码问题漏洞 |
CNNVD-202201-1420 |
CVE-2022-23302 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w |
|
28 |
Apache Log4j 代码问题漏洞 |
CNNVD-202201-1425 |
CVE-2022-23307 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh |
|
29 |
grub2 安全漏洞 |
CNNVD-202211-2822 |
CVE-2022-2601 |
高危 |
GNU社区 |
https://access.redhat.com/security/cve/cve-2022-2601 |
|
30 |
Moment.js 资源管理错误漏洞 |
CNNVD-202207-502 |
CVE-2022-31129 |
高危 |
个人开发者 |
https://github.com/moment/moment/pull/6015#issuecomment-1152961973 |
|
31 |
Apache Xalan 输入验证错误漏洞 |
CNNVD-202207-1617 |
CVE-2022-34169 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
|
32 |
Intel(R) oneAPI DPC++/C++ Compiler 代码问题漏洞 |
CNNVD-202301-904 |
CVE-2022-38136 |
高危 |
Intel |
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html |
|
33 |
OpenSSL 安全漏洞 |
CNNVD-202212-2982 |
CVE-2022-3996 |
高危 |
OpenSSL |
https://github.com/openssl/openssl/ |
|
34 |
Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞 |
CNNVD-202301-905 |
CVE-2022-40196 |
高危 |
Intel |
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html |
|
35 |
Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞 |
CNNVD-202301-906 |
CVE-2022-41342 |
高危 |
Intel |
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html |
|
36 |
Python 安全漏洞 |
CNNVD-202210-2513 |
CVE-2022-42919 |
高危 |
Python基金会 |
https://github.com/python/cpython/issues/97514 |
|
37 |
OpenSSL 资源管理错误漏洞 |
CNNVD-202302-510 |
CVE-2022-4450 |
高危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230207.txt |
|
38 |
Python 资源管理错误漏洞 |
CNNVD-202211-2414 |
CVE-2022-45061 |
高危 |
Python基金会 |
https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html |
|
39 |
OpenSSL 资源管理错误漏洞 |
CNNVD-202302-521 |
CVE-2023-0215 |
高危 |
OpenSSL |
https://ubuntu.com/security/notices/USN-5845-1 |
|
40 |
OpenSSL 代码问题漏洞 |
CNNVD-202302-512 |
CVE-2023-0216 |
高危 |
OpenSSL |
https://ubuntu.com/security/notices/USN-5844-1 |
|
41 |
OpenSSL 代码问题漏洞 |
CNNVD-202302-516 |
CVE-2023-0217 |
高危 |
OpenSSL |
https://ubuntu.com/security/notices/USN-5844-1 |
|
42 |
OpenSSL 安全漏洞 |
CNNVD-202302-524 |
CVE-2023-0286 |
高危 |
OpenSSL |
https://ubuntu.com/security/notices/USN-5845-1 |
|
43 |
OpenSSL 代码问题漏洞 |
CNNVD-202302-518 |
CVE-2023-0401 |
高危 |
OpenSSL |
https://ubuntu.com/security/notices/USN-5844-1 |
|
44 |
Apache Hadoop 代码问题漏洞 |
CNNVD-202311-1444 |
CVE-2023-26031 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r |
|
45 |
Apache Log4j 代码问题漏洞 |
CNNVD-202303-736 |
CVE-2023-26464 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t |
|
46 |
Intel oneAPI Toolkits 代码问题漏洞 |
CNNVD-202308-1031 |
CVE-2023-28823 |
高危 |
Intel |
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
|
47 |
OpenLDAP 代码问题漏洞 |
CNNVD-202305-2588 |
CVE-2023-2953 |
高危 |
OpenLDAP |
https://www.openldap.org/software/download/ |
|
48 |
Google Guava 安全漏洞 |
CNNVD-202306-1141 |
CVE-2023-2976 |
高危 |
|
https://github.com/google/guava |
|
49 |
snappy-java 输入验证错误漏洞 |
CNNVD-202306-1200 |
CVE-2023-34453 |
高危 |
个人开发者 |
https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf |
|
50 |
snappy-java 输入验证错误漏洞 |
CNNVD-202306-1198 |
CVE-2023-34454 |
高危 |
个人开发者 |
https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r |
|
51 |
Snappy 输入验证错误漏洞 |
CNNVD-202306-1248 |
CVE-2023-34455 |
高危 |
个人开发者 |
https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh |
|
52 |
Okio 安全漏洞 |
CNNVD-202307-1161 |
CVE-2023-3635 |
高危 |
square |
https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b |
|
53 |
Apache Avro 代码问题漏洞 |
CNNVD-202309-2636 |
CVE-2023-39410 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds |
|
54 |
Eclipse Parsson 安全漏洞 |
CNNVD-202311-268 |
CVE-2023-4043 |
高危 |
Eclipse基金会 |
https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31 |
|
55 |
Apple iOS 和 iPadOS 安全漏洞 |
CNNVD-202403-3045 |
CVE-2023-42950 |
高危 |
Apple |
https://support.apple.com/en-us/HT214035 |
|
56 |
Snappy 安全漏洞 |
CNNVD-202309-2204 |
CVE-2023-43642 |
高危 |
个人开发者 |
https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv |
|
57 |
Apache HTTP/2 资源管理错误漏洞 |
CNNVD-202310-667 |
CVE-2023-44487 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
|
58 |
Google Go 安全漏洞 |
CNNVD-202404-632 |
CVE-2023-45288 |
高危 |
|
https://pkg.go.dev/vuln/GO-2024-2687 |
|
59 |
Pallets Werkzeug 缓冲区错误漏洞 |
CNNVD-202310-2005 |
CVE-2023-46136 |
高危 |
Pallets |
https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw |
|
60 |
Eclipse JGit 安全漏洞 |
CNNVD-202309-850 |
CVE-2023-4759 |
高危 |
Eclipse基金会 |
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11 |
|
61 |
OpenSSL 安全漏洞 |
CNNVD-202309-665 |
CVE-2023-4807 |
高危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230908.txt |
|
62 |
Google Chrome 缓冲区错误漏洞 |
CNNVD-202309-784 |
CVE-2023-4863 |
高危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html |
|
63 |
JSON-Java 安全漏洞 |
CNNVD-202310-951 |
CVE-2023-5072 |
高危 |
个人开发者 |
https://github.com/stleary/JSON-java/ |
|
64 |
jose4j 安全漏洞 |
CNNVD-202402-2688 |
CVE-2023-51775 |
高危 |
Bitbucket |
https://bitbucket.org/b_c/jose4j/downloads/ |
|
65 |
libexpat 安全漏洞 |
CNNVD-202402-245 |
CVE-2023-52425 |
高危 |
个人开发者 |
https://github.com/libexpat/libexpat/pull/789 |
|
66 |
Connect2id Nimbus JOSE+JWT 安全漏洞 |
CNNVD-202402-845 |
CVE-2023-52428 |
高危 |
Connect2id |
https://connect2id.com/products/nimbus-jose-jwt |
|
67 |
OpenSSL 安全漏洞 |
CNNVD-202310-1871 |
CVE-2023-5363 |
高危 |
OpenSSL团队 |
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d |
|
68 |
Red Hat XNIO 资源管理错误漏洞 |
CNNVD-202403-455 |
CVE-2023-5685 |
高危 |
Red Hat |
https://github.com/xnio/xnio/tags |
|
69 |
Python 安全漏洞 |
CNNVD-202403-1882 |
CVE-2023-6597 |
高危 |
Python |
https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b |
|
70 |
X.org Server 安全漏洞 |
CNNVD-202401-1731 |
CVE-2023-6816 |
高危 |
X.org |
https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11 |
|
71 |
X.org Server 安全漏洞 |
CNNVD-202401-1736 |
CVE-2024-0229 |
高危 |
X.org |
https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11 |
|
72 |
X.org Server 安全漏洞 |
CNNVD-202401-1733 |
CVE-2024-21885 |
高危 |
X.org |
https://www.x.org/wiki/XServer/ |
|
73 |
X.org Server 安全漏洞 |
CNNVD-202401-1732 |
CVE-2024-21886 |
高危 |
X.org |
https://www.x.org/wiki/XServer/ |
|
74 |
Node.js 安全漏洞 |
CNNVD-202407-536 |
CVE-2024-22020 |
高危 |
Node.js |
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
|
75 |
Eclipse Jetty 安全漏洞 |
CNNVD-202402-2103 |
CVE-2024-22201 |
高危 |
Eclipse |
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 |
|
76 |
VMware Spring Security 安全漏洞 |
CNNVD-202403-1650 |
CVE-2024-22257 |
高危 |
VMware |
https://spring.io/security/cve-2024-22257 |
|
77 |
Spring Framework 安全漏洞 |
CNNVD-202404-2193 |
CVE-2024-22262 |
高危 |
Spring |
https://spring.io/security/cve-2024-22262 |
|
78 |
Apache Tomcat 安全漏洞 |
CNNVD-202403-1180 |
CVE-2024-23672 |
高危 |
Apache |
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f |
|
79 |
Apache Xerces-C 资源管理错误漏洞 |
CNNVD-202402-1469 |
CVE-2024-23807 |
高危 |
Apache |
https://github.com/apache/xerces-c/pull/54 |
|
80 |
Curl 安全漏洞 |
CNNVD-202403-2674 |
CVE-2024-2398 |
高危 |
Curl |
https://curl.se/docs/CVE-2024-2398.html |
|
81 |
Apache Tomcat 输入验证错误漏洞 |
CNNVD-202403-1179 |
CVE-2024-24549 |
高危 |
Apache |
https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg |
|
82 |
F5 Nginx 安全漏洞 |
CNNVD-202402-1248 |
CVE-2024-24989 |
高危 |
F5 |
https://my.f5.com/manage/s/article/K000138444 |
|
83 |
F5 Nginx 安全漏洞 |
CNNVD-202402-1247 |
CVE-2024-24990 |
高危 |
F5 |
https://my.f5.com/manage/s/article/K000138445 |
|
84 |
libxml2 安全漏洞 |
CNNVD-202402-242 |
CVE-2024-25062 |
高危 |
个人开发者 |
https://gitlab.gnome.org/GNOME/libxml2/-/tags |
|
85 |
OpenSSL 安全漏洞 |
CNNVD-202404-941 |
CVE-2024-2511 |
高危 |
OpenSSL |
https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce |
|
86 |
libheif 安全漏洞 |
CNNVD-202403-378 |
CVE-2024-25269 |
高危 |
个人开发者 |
https://github.com/strukturag/libheif/pull/1074 |
|
87 |
python-cryptography 安全漏洞 |
CNNVD-202402-1783 |
CVE-2024-26130 |
高危 |
Cryptographic |
https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 |
|
88 |
Node.js 安全漏洞 |
CNNVD-202404-991 |
CVE-2024-27983 |
高危 |
Node.js |
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases |
|
89 |
Apache Commons Configuration 缓冲区错误漏洞 |
CNNVD-202403-2143 |
CVE-2024-29131 |
高危 |
Apache |
https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37 |
|
90 |
Apache Commons Configuration 缓冲区错误漏洞 |
CNNVD-202403-2142 |
CVE-2024-29133 |
高危 |
Apache |
https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2 |
|
91 |
Bouncy Castle 安全漏洞 |
CNNVD-202405-2601 |
CVE-2024-29857 |
高危 |
Bouncy Castle |
https://www.bouncycastle.org/latest_releases.html |
|
92 |
aiohttp 安全漏洞 |
CNNVD-202405-305 |
CVE-2024-30251 |
高危 |
aio-libs |
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 |
|
93 |
X.org Server 安全漏洞 |
CNNVD-202404-510 |
CVE-2024-31080 |
高危 |
X.org |
https://www.x.org/wiki/Development/Documentation/SubmittingPatches/ |
|
94 |
X.org Server 资源管理错误漏洞 |
CNNVD-202404-682 |
CVE-2024-31083 |
高危 |
X.org |
https://www.x.org/wiki/Development/Documentation/SubmittingPatches/ |
|
95 |
Apache CXF 安全漏洞 |
CNNVD-202407-1957 |
CVE-2024-32007 |
高危 |
Apache |
https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633 |
|
96 |
Apache ActiveMQ 安全漏洞 |
CNNVD-202405-256 |
CVE-2024-32114 |
高危 |
Apache |
https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt |
|
97 |
glibc 安全漏洞 |
CNNVD-202405-1511 |
CVE-2024-33599 |
高危 |
GNU |
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005 |
|
98 |
glibc 安全漏洞 |
CNNVD-202404-3209 |
CVE-2024-33602 |
高危 |
GNU |
https://sourceware.org/bugzilla/show_bug.cgi?id=31680 |
|
99 |
Apache Tomcat 安全漏洞 |
CNNVD-202407-326 |
CVE-2024-34750 |
高危 |
Apache |
https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l |
|
100 |
Node.js 安全漏洞 |
CNNVD-202409-508 |
CVE-2024-36138 |
高危 |
Node.js |
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
|
101 |
MIT Kerberos 安全漏洞 |
CNNVD-202406-3113 |
CVE-2024-37370 |
高危 |
MIT |
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef |
|
102 |
Apache HTTP Server 安全漏洞 |
CNNVD-202407-094 |
CVE-2024-38474 |
高危 |
Apache |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
103 |
Apache HTTP Server 安全漏洞 |
CNNVD-202407-093 |
CVE-2024-38475 |
高危 |
Apache |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
104 |
Apache HTTP Server 代码问题漏洞 |
CNNVD-202407-091 |
CVE-2024-38477 |
高危 |
Apache |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
105 |
VMware Spring Framework 安全漏洞 |
CNNVD-202409-1142 |
CVE-2024-38816 |
高危 |
VMware |
https://spring.io/security/cve-2024-38816 |
|
106 |
Certifi 安全漏洞 |
CNNVD-202407-421 |
CVE-2024-39689 |
高危 |
Certifi |
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc |
|
107 |
Apache HTTP Server 安全漏洞 |
CNNVD-202407-339 |
CVE-2024-39884 |
高危 |
Apache |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
108 |
Apache CXF 安全漏洞 |
CNNVD-202407-1956 |
CVE-2024-41172 |
高危 |
Apache |
https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 |
|
109 |
ImageMagick 安全漏洞 |
CNNVD-202407-2766 |
CVE-2024-41817 |
高危 |
ImageMagick |
https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.1-36 |
|
110 |
libexpat 输入验证错误漏洞 |
CNNVD-202408-2842 |
CVE-2024-45491 |
高危 |
libexpat |
https://github.com/libexpat/libexpat |
|
111 |
libexpat 输入验证错误漏洞 |
CNNVD-202408-2841 |
CVE-2024-45492 |
高危 |
libexpat |
https://github.com/libexpat/libexpat |
|
112 |
DOMPurify 安全漏洞 |
CNNVD-202409-1375 |
CVE-2024-45801 |
高危 |
个人开发者 |
https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674 |
|
113 |
PHP 安全漏洞 |
CNNVD-202406-829 |
CVE-2024-5458 |
高危 |
PHP |
https://www.php.net/downloads |
|
114 |
PHP 安全漏洞 |
CNNVD-202406-828 |
CVE-2024-5585 |
高危 |
PHP |
https://www.php.net/downloads |
|
115 |
Red Hat Undertow 安全漏洞 |
CNNVD-202407-518 |
CVE-2024-5971 |
高危 |
Red Hat |
https://access.redhat.com/security/cve/CVE-2024-5971 |
|
116 |
Red Hat Undertow 资源管理错误漏洞 |
CNNVD-202406-2368 |
CVE-2024-6162 |
高危 |
Red Hat |
https://bugzilla.redhat.com/show_bug.cgi?id=2293069 |
|
117 |
setuptools 代码注入漏洞 |
CNNVD-202407-1480 |
CVE-2024-6345 |
高危 |
PyPI |
https://github.com/pypa/setuptools/releases/tag/v70.3 |
|
118 |
OpenSSH 竞争条件问题漏洞 |
CNNVD-202407-017 |
CVE-2024-6387 |
高危 |
OpenBSD |
https://www.openssh.com/txt/release-9.8 |
|
119 |
Protocol Buffers 安全漏洞 |
CNNVD-202409-1841 |
CVE-2024-7254 |
高危 |
Protocol Buffers |
http://protobuf.dev/ |
|
120 |
curl 安全漏洞 |
CNNVD-202407-3105 |
CVE-2024-7264 |
高危 |
cURL |
https://curl.se/docs/CVE-2024-7264.html |
|
121 |
Red Hat Undertow 竞争条件问题漏洞 |
CNNVD-202408-2070 |
CVE-2024-7885 |
高危 |
Red Hat |
https://undertow.io/ |
|
122 |
jQuery 跨站脚本漏洞 |
CNNVD-202004-2429 |
CVE-2020-11022 |
中危 |
个人开发者 |
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ |
|
123 |
jQuery 跨站脚本漏洞 |
CNNVD-202004-2420 |
CVE-2020-11023 |
中危 |
个人开发者 |
https://jquery.com/upgrade-guide/3.5/ |
|
124 |
Apache HttpClient 安全漏洞 |
CNNVD-202010-372 |
CVE-2020-13956 |
中危 |
Apache基金会 |
https://www.apache.org/ |
|
125 |
OpenSSH 信息泄露漏洞 |
CNNVD-202006-1822 |
CVE-2020-14145 |
中危 |
Openbsd计划组 |
https://www.openssh.com/ |
|
126 |
Apache Groovy 安全漏洞 |
CNNVD-202012-422 |
CVE-2020-17521 |
中危 |
Apache基金会 |
https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel |
|
127 |
Jakarta Expression Language 输入验证错误漏洞 |
CNNVD-202105-1760 |
CVE-2021-28170 |
中危 |
Jakarta |
https://jakarta.ee/specifications/expression-language/3. |
|
128 |
Sprymedia Datatables 跨站脚本漏洞 |
CNNVD-202303-377 |
CVE-2021-36713 |
中危 |
Sprymedia |
https://github.com/DataTables/DataTables/releases/tag/1.10.21 |
|
129 |
jQuery 跨站脚本漏洞 |
CNNVD-202110-1843 |
CVE-2021-41182 |
中危 |
个人开发者 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
|
130 |
jQuery 跨站脚本漏洞 |
CNNVD-202110-1839 |
CVE-2021-41183 |
中危 |
个人开发者 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
|
131 |
Openjs Jquery Ui 跨站脚本漏洞 |
CNNVD-202110-1845 |
CVE-2021-41184 |
中危 |
Openjs基金会 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
|
132 |
Xerces 安全漏洞 |
CNNVD-202201-2238 |
CVE-2022-23437 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl |
|
133 |
jQuery 跨站脚本漏洞 |
CNNVD-202207-2121 |
CVE-2022-31160 |
中危 |
个人开发者 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
|
134 |
jsoup 跨站脚本漏洞 |
CNNVD-202208-4329 |
CVE-2022-36033 |
中危 |
个人开发者 |
https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
|
135 |
OpenSSL 缓冲区错误漏洞 |
CNNVD-202302-506 |
CVE-2022-4203 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230207.txt |
|
136 |
OpenSSL 安全漏洞 |
CNNVD-202302-514 |
CVE-2022-4304 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230207.txt |
|
137 |
Spring Framework 安全漏洞 |
CNNVD-202304-1094 |
CVE-2023-20863 |
中危 |
Spring |
https://spring.io/security/cve-2023-20863 |
|
138 |
NTP 缓冲区错误漏洞 |
CNNVD-202304-899 |
CVE-2023-26551 |
中危 |
nwtime |
https://www.ntppool.org/zh/ |
|
139 |
NTP 缓冲区错误漏洞 |
CNNVD-202304-898 |
CVE-2023-26552 |
中危 |
nwtime |
https://www.ntppool.org/zh/ |
|
140 |
NTP 缓冲区错误漏洞 |
CNNVD-202304-897 |
CVE-2023-26553 |
中危 |
nwtime |
https://www.ntppool.org/zh/ |
|
141 |
NTP 缓冲区错误漏洞 |
CNNVD-202304-892 |
CVE-2023-26554 |
中危 |
nwtime |
https://www.ntppool.org/zh/ |
|
142 |
NTP 缓冲区错误漏洞 |
CNNVD-202304-891 |
CVE-2023-26555 |
中危 |
nwtime |
https://www.ntppool.org/zh/ |
|
143 |
Intel oneAPI Toolkits 安全漏洞 |
CNNVD-202308-1047 |
CVE-2023-27391 |
中危 |
Intel |
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
|
144 |
CKEditor 跨站脚本漏洞 |
CNNVD-202303-1790 |
CVE-2023-28439 |
中危 |
CKEditor |
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g |
|
145 |
libxml2 代码问题漏洞 |
CNNVD-202304-908 |
CVE-2023-28484 |
中危 |
个人开发者 |
https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f |
|
146 |
libxml2 资源管理错误漏洞 |
CNNVD-202304-907 |
CVE-2023-29469 |
中危 |
个人开发者 |
https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 |
|
147 |
Bouncy Castle 信任管理问题漏洞 |
CNNVD-202307-168 |
CVE-2023-33201 |
中危 |
Bouncy Castle |
https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc |
|
148 |
VMware Spring Boot 安全漏洞 |
CNNVD-202311-2124 |
CVE-2023-34055 |
中危 |
VMware |
https://github.com/spring-projects/spring-boot/releases/tag/v3.0. |
|
149 |
FasterXML jackson-databind 代码问题漏洞 |
CNNVD-202306-1121 |
CVE-2023-35116 |
中危 |
FasterXML |
https://github.com/FasterXML/jackson-databind/issues/3972 |
|
150 |
lrzip 安全漏洞 |
CNNVD-202308-1538 |
CVE-2023-39743 |
中危 |
个人开发者 |
https://github.com/pete4abw/lrzip-next/issues/132 |
|
151 |
Apache Commons Compress 资源管理错误漏洞 |
CNNVD-202309-1000 |
CVE-2023-42503 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c |
|
152 |
Apple iOS 和 iPadOS 安全漏洞 |
CNNVD-202402-1738 |
CVE-2023-42843 |
中危 |
Apple |
https://support.apple.com/en-us/HT213981 |
|
153 |
Apple iOS 和 iPadOS 安全漏洞 |
CNNVD-202403-3044 |
CVE-2023-42956 |
中危 |
Apple |
https://support.apple.com/en-us/HT214035 |
|
154 |
Apache Santuario 日志信息泄露漏洞 |
CNNVD-202310-1720 |
CVE-2023-44483 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 |
|
155 |
OpenSSH 安全漏洞 |
CNNVD-202312-1668 |
CVE-2023-48795 |
中危 |
OpenBSD |
https://www.openssh.com/openbsd.html |
|
156 |
Python cryptography 代码问题漏洞 |
CNNVD-202311-2230 |
CVE-2023-49083 |
中危 |
Python基金会 |
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 |
|
157 |
OpenSSH 安全漏洞 |
CNNVD-202312-1662 |
CVE-2023-51384 |
中危 |
OpenBSD |
https://www.openssh.com/txt/release-9.6 |
|
158 |
libexpat 安全漏洞 |
CNNVD-202402-243 |
CVE-2023-52426 |
中危 |
个人开发者 |
https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404 |
|
159 |
OpenSSL 代码问题漏洞 |
CNNVD-202311-423 |
CVE-2023-5678 |
中危 |
OpenSSL |
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 |
|
160 |
OpenSSL 安全漏洞 |
CNNVD-202401-736 |
CVE-2023-6129 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20240109.txt |
|
161 |
OpenSSL 安全漏洞 |
CNNVD-202401-1378 |
CVE-2023-6237 |
中危 |
OpenSSL |
https://git.openssl.org/?p=openssl.git;a=commit;h=18c02492138d1eb8b6548cb26e7b625fb2414a2a |
|
162 |
SQLite 安全漏洞 |
CNNVD-202312-2480 |
CVE-2023-7104 |
中危 |
SQLite |
https://sqlite.org/releaselog/3_44_2.html |
|
163 |
SQLite 安全漏洞 |
CNNVD-202401-1406 |
CVE-2024-0232 |
中危 |
个人开发者 |
https://sqlite.org/forum/forumpost/4aa381993a |
|
164 |
Python 安全漏洞 |
CNNVD-202403-1880 |
CVE-2024-0450 |
中危 |
Python |
https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
|
165 |
Apple Safari 安全漏洞 |
CNNVD-202403-713 |
CVE-2024-23254 |
中危 |
Apple |
https://support.apple.com/en-us/HT214089 |
|
166 |
Apple Safari 安全漏洞 |
CNNVD-202403-708 |
CVE-2024-23263 |
中危 |
Apple |
https://support.apple.com/en-us/HT214089 |
|
167 |
Apple Safari 安全漏洞 |
CNNVD-202403-705 |
CVE-2024-23280 |
中危 |
Apple |
https://support.apple.com/en-us/HT214089 |
|
168 |
Apple Safari 安全漏洞 |
CNNVD-202403-699 |
CVE-2024-23284 |
中危 |
Apple |
https://support.apple.com/en-us/HT214089 |
|
169 |
OWASP AntiSamy 跨站脚本漏洞 |
CNNVD-202402-204 |
CVE-2024-23635 |
中危 |
OWASP |
https://github.com/nahsra/antisamy/releases/tag/v1.7.5 |
|
170 |
Apache Zookeeper 信息泄露漏洞 |
CNNVD-202403-1401 |
CVE-2024-23944 |
中危 |
Apache |
https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k |
|
171 |
PHP 安全漏洞 |
CNNVD-202406-854 |
CVE-2024-2408 |
中危 |
PHP |
https://www.php.net/ |
|
172 |
dnsjava 安全漏洞 |
CNNVD-202407-2260 |
CVE-2024-25638 |
中危 |
dnsjava |
https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw |
|
173 |
Apache Commons Compress 安全漏洞 |
CNNVD-202402-1528 |
CVE-2024-25710 |
中危 |
Apache |
https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf |
|
174 |
Apache Commons Compress 安全漏洞 |
CNNVD-202402-1527 |
CVE-2024-26308 |
中危 |
Apache |
https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg |
|
175 |
aiohttp 跨站脚本漏洞 |
CNNVD-202404-2760 |
CVE-2024-27306 |
中危 |
aiohttp |
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g |
|
176 |
Apple iOS 和 iPadOS 安全漏洞 |
CNNVD-202405-1869 |
CVE-2024-27834 |
中危 |
Apple |
https://support.apple.com/en-us/HT214101 |
|
177 |
Nghttp2 安全漏洞 |
CNNVD-202404-586 |
CVE-2024-28182 |
中危 |
Nghttp2 |
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q |
|
178 |
Apache CXF 代码问题漏洞 |
CNNVD-202403-1399 |
CVE-2024-28752 |
中危 |
Apache |
https://cxf.apache.org/ |
|
179 |
Follow Redirects 信息泄露漏洞 |
CNNVD-202403-1332 |
CVE-2024-28849 |
中危 |
个人开发者 |
https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp |
|
180 |
Intel IPP 安全漏洞 |
CNNVD-202408-1264 |
CVE-2024-28887 |
中危 |
Intel |
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html |
|
181 |
Netty 安全漏洞 |
CNNVD-202403-2434 |
CVE-2024-29025 |
中危 |
Netty |
https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c |
|
182 |
GNU C Library 安全漏洞 |
CNNVD-202404-2641 |
CVE-2024-2961 |
中危 |
GNU |
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004 |
|
183 |
Apache CXF 代码问题漏洞 |
CNNVD-202407-1958 |
CVE-2024-29736 |
中危 |
Apache |
https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2 |
|
184 |
F5 Nginx 安全漏洞 |
CNNVD-202405-4793 |
CVE-2024-31079 |
中危 |
F5 |
https://my.f5.com/manage/s/article/K000139611 |
|
185 |
Jasper 安全漏洞 |
CNNVD-202404-2850 |
CVE-2024-31744 |
中危 |
Jasper |
https://github.com/jasper-software/jasper/releases/tag/version-4.2.3 |
|
186 |
F5 Nginx 安全漏洞 |
CNNVD-202405-4792 |
CVE-2024-32760 |
中危 |
F5 |
https://my.f5.com/manage/s/article/K000139609 |
|
187 |
glibc 安全漏洞 |
CNNVD-202404-3208 |
CVE-2024-33600 |
中危 |
GNU |
https://sourceware.org/bugzilla/show_bug.cgi?id=31678 |
|
188 |
glibc 安全漏洞 |
CNNVD-202404-3210 |
CVE-2024-33601 |
中危 |
GNU |
https://sourceware.org/bugzilla/show_bug.cgi?id=31679 |
|
189 |
RARLAB WinRAR 安全漏洞 |
CNNVD-202404-3492 |
CVE-2024-33899 |
中危 |
RARLAB |
https://www.rarlab.com/rarnew.htm |
|
190 |
F5 Nginx 安全漏洞 |
CNNVD-202405-4791 |
CVE-2024-34161 |
中危 |
F5 |
https://my.f5.com/manage/s/article/K000139627 |
|
191 |
F5 Nginx 安全漏洞 |
CNNVD-202405-4790 |
CVE-2024-35200 |
中危 |
F5 |
https://my.f5.com/manage/s/article/K000139612 |
|
192 |
WinRAR 安全漏洞 |
CNNVD-202405-3858 |
CVE-2024-36052 |
中危 |
个人开发者 |
https://www.rarlab.com/rarnew.htm |
|
193 |
Apache HTTP Server 代码问题漏洞 |
CNNVD-202407-101 |
CVE-2024-36387 |
中危 |
Apache |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
194 |
Red Hat Undertow 安全漏洞 |
CNNVD-202407-521 |
CVE-2024-3653 |
中危 |
Red Hat |
https://undertow.io/ |
|
195 |
MIT Kerberos 安全漏洞 |
CNNVD-202406-3108 |
CVE-2024-37371 |
中危 |
MIT |
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef |
|
196 |
urllib3 安全漏洞 |
CNNVD-202406-1954 |
CVE-2024-37891 |
中危 |
urllib3 |
https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf |
|
197 |
Tiny Technologies TinyMCE 安全漏洞 |
CNNVD-202406-2256 |
CVE-2024-38356 |
中危 |
Tiny Technologies |
https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph |
|
198 |
Tiny Technologies TinyMCE 安全漏洞 |
CNNVD-202406-2249 |
CVE-2024-38357 |
中危 |
Tiny Technologies |
https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x |
|
199 |
Apache HTTP Server 安全漏洞 |
CNNVD-202407-096 |
CVE-2024-38472 |
中危 |
Apache |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
200 |
Apache HTTP Server 安全漏洞 |
CNNVD-202407-095 |
CVE-2024-38473 |
中危 |
Apache |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
201 |
Apache HTTP Server 安全漏洞 |
CNNVD-202407-092 |
CVE-2024-38476 |
中危 |
Apache |
https://lists.apache.org/thread/p2xfjsvpogyrg4hw9cjs2nrnqnl34qf0 |
|
202 |
Spring Framework 安全漏洞 |
CNNVD-202408-1848 |
CVE-2024-38808 |
中危 |
VMware |
https://spring.io/security/cve-2024-38808 |
|
203 |
VMware Spring Framework 安全漏洞 |
CNNVD-202409-2323 |
CVE-2024-38809 |
中危 |
VMware |
https://spring.io/security/cve-2024-38809 |
|
204 |
RequireJS 安全漏洞 |
CNNVD-202407-032 |
CVE-2024-38998 |
中危 |
RequireJS |
https://github.com/requirejs/r.js |
|
205 |
Apache HTTP Server 输入验证错误漏洞 |
CNNVD-202407-086 |
CVE-2024-39573 |
中危 |
Apache |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
206 |
Apache HTTP Server 安全漏洞 |
CNNVD-202407-1912 |
CVE-2024-40725 |
中危 |
Apache |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
207 |
Apache HTTP Server 代码问题漏洞 |
CNNVD-202407-1910 |
CVE-2024-40898 |
中危 |
Apache |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
208 |
Apache MINA SSHD 安全漏洞 |
CNNVD-202408-865 |
CVE-2024-41909 |
中危 |
Apache |
https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b |
|
209 |
Jenkins 安全漏洞 |
CNNVD-202408-532 |
CVE-2024-43045 |
中危 |
Jenkins |
https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349 |
|
210 |
CKEditor4 安全漏洞 |
CNNVD-202408-2064 |
CVE-2024-43407 |
中危 |
CKEditor |
https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l |
|
211 |
OpenSSL 安全漏洞 |
CNNVD-202405-4739 |
CVE-2024-4741 |
中危 |
OpenSSL |
https://github.com/openssl/openssl |
|
212 |
OpenSSL 安全漏洞 |
CNNVD-202409-141 |
CVE-2024-6119 |
中危 |
OpenSSL |
https://openssl-library.org/news/secadv/20240903.txt |
|
213 |
CPython 安全漏洞 |
CNNVD-202409-120 |
CVE-2024-6232 |
中危 |
Python |
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf |
|
214 |
Python 安全漏洞 |
CNNVD-202408-1775 |
CVE-2024-7592 |
中危 |
Python |
https://github.com/jeremyhylton/cpython/commit/1587608515127032778669c8232d46ec6d8f593c |
|
215 |
Google Guava 访问控制错误漏洞 |
CNNVD-202012-827 |
CVE-2020-8908 |
低危 |
|
https://github.com/google/guava/issues/4011 |
|
216 |
OpenSSH 授权问题漏洞 |
CNNVD-202203-1230 |
CVE-2021-36368 |
低危 |
OpenBSD |
https://www.openssh.com/security.html |
|
217 |
Pip 命令注入漏洞 |
CNNVD-202310-1912 |
CVE-2023-5752 |
低危 |
Python Packaging Authority |
https://github.com/pypa/pip/releases/tag/23.3.1 |
|
218 |
libssh 安全漏洞 |
CNNVD-202312-1736 |
CVE-2023-6004 |
低危 |
libssh |
https://www.libssh.org/files/0.10/ |
|
219 |
libssh 安全漏洞 |
CNNVD-202312-1734 |
CVE-2023-6918 |
低危 |
libssh |
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ |
|
220 |
OpenSSL 安全漏洞 |
CNNVD-202401-2353 |
CVE-2024-0727 |
低危 |
OpenSSL |
https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 |
|
221 |
Node.js 安全漏洞 |
CNNVD-202407-1007 |
CVE-2024-22018 |
低危 |
Node.js |
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
|
222 |
Node.js 安全漏洞 |
CNNVD-202409-509 |
CVE-2024-36137 |
低危 |
Node.js |
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
|
223 |
CKEditor 安全漏洞 |
CNNVD-202408-2102 |
CVE-2024-43411 |
低危 |
个人开发者 |
https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l |
|
224 |
OpenSSL 安全漏洞 |
CNNVD-202405-2902 |
CVE-2024-4603 |
低危 |
OpenSSL |
https://www.openssl.org/news/secadv/20240516.txt |
|
225 |
OpenSSL 安全漏洞 |
CNNVD-202406-2936 |
CVE-2024-5535 |
低危 |
OpenSSL |
https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。
Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpuoct2024.html
转载请注明:可思数据 » 国家漏洞库CNNVD:关于Oracle多个安全漏洞的通报
