CNNVD通报Oracle多个安全漏洞情况
2024-1-22 18:33:31 Author: www.aqniu.com(查看原文) 阅读量:8 收藏

近日,CNNVD正式通报了Oracle官方发布的多个安全漏洞情况,其中Oracle产品本身漏洞89个,影响到Oracle产品的其他厂商漏洞169个。包括Oracle Financial Services Applications 安全漏洞(CNNVD-202401-1551、CVE-2023-21901)、Oracle Enterprise Manager Base Platform 安全漏洞(CNNVD-202401-1567、CVE-2024-20916)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍2024年1月17日,Oracle发布了2024年1月份安全更新,共258个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle ZFS Storage Appliance、Oracle Business Intelligence Enterprise Edition、Oracle Java SE和Oracle GraalVM、Oracle Audit Vault and Database Firewall等。CNNVD对其危害等级进行了评价,其中超危漏洞30个,高危漏洞94个,中危漏洞116个,低危漏洞18个。

Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpujan2024.html

序号漏洞名称CNNVD编号CVE编号危害等级官方链接
1Oracle部分产品 安全漏洞CNNVD-202401-1537CVE-2024-20952高危https://www.oracle.com/security-alerts/cpujan2024.html
2Oracle部分产品 安全漏洞CNNVD-202401-1546CVE-2024-20932高危https://www.oracle.com/security-alerts/cpujan2024.html
3Oracle Audit Vault and Database Firewall 安全漏洞CNNVD-202401-1549CVE-2024-20924高危https://www.oracle.com/security-alerts/cpujan2024.html
4Oracle Financial Services Applications 安全漏洞CNNVD-202401-1551CVE-2023-21901高危https://www.oracle.com/security-alerts/cpujan2024.html
5Oracle部分产品 安全漏洞CNNVD-202401-1563CVE-2024-20918高危https://www.oracle.com/security-alerts/cpujan2024.html
6Oracle Enterprise Manager Base Platform 安全漏洞CNNVD-202401-1567CVE-2024-20916高危https://www.oracle.com/security-alerts/cpujan2024.html
7Oracle Supply Chain Products Suite 安全漏洞CNNVD-202401-1659CVE-2024-20956高危https://www.oracle.com/security-alerts/cpujan2024.html
8Oracle Supply Chain Products Suite 安全漏洞CNNVD-202401-1660CVE-2024-20953高危https://www.oracle.com/security-alerts/cpujan2024.html
9Oracle WebLogic Server 安全漏洞CNNVD-202401-1680CVE-2024-20931高危https://www.oracle.com/security-alerts/cpujan2024.html
10Oracle Fusion Middleware 安全漏洞CNNVD-202401-1681CVE-2024-20927高危https://www.oracle.com/security-alerts/cpujan2024.html
11Oracle Enterprise Manager Base Platform 安全漏洞CNNVD-202401-1682CVE-2024-20917高危https://www.oracle.com/security-alerts/cpujan2024.html
12Oracle Audit Vault and Database Firewall 安全漏洞CNNVD-202401-1696CVE-2024-20909高危https://www.oracle.com/security-alerts/cpujan2024.html
13Oracle BI Publisher 安全漏洞CNNVD-202401-1517CVE-2024-20987中危https://www.oracle.com/security-alerts/cpujan2024.html
14Oracle MySQL 安全漏洞CNNVD-202401-1518CVE-2024-20985中危https://www.oracle.com/security-alerts/cpujan2024.html
15Oracle MySQL 安全漏洞CNNVD-202401-1520CVE-2024-20983中危https://www.oracle.com/security-alerts/cpujan2024.html
16Oracle MySQL 安全漏洞CNNVD-202401-1521CVE-2024-20981中危https://www.oracle.com/security-alerts/cpujan2024.html
17Oracle BI Publisher 安全漏洞CNNVD-202401-1522CVE-2024-20979中危https://www.oracle.com/security-alerts/cpujan2024.html
18Oracle MySQL 安全漏洞CNNVD-202401-1523CVE-2024-20975中危https://www.oracle.com/security-alerts/cpujan2024.html
19Oracle MySQL 安全漏洞CNNVD-202401-1524CVE-2024-20977中危https://www.oracle.com/security-alerts/cpujan2024.html
20Oracle MySQL 安全漏洞CNNVD-202401-1525CVE-2024-20973中危https://www.oracle.com/security-alerts/cpujan2024.html
21Oracle MySQL 安全漏洞CNNVD-202401-1526CVE-2024-20967中危https://www.oracle.com/security-alerts/cpujan2024.html
22Oracle MySQL 安全漏洞CNNVD-202401-1527CVE-2024-20969中危https://www.oracle.com/security-alerts/cpujan2024.html
23Oracle MySQL 安全漏洞CNNVD-202401-1528CVE-2024-20971中危https://www.oracle.com/security-alerts/cpujan2024.html
24Oracle MySQL 安全漏洞CNNVD-202401-1529CVE-2024-20965中危https://www.oracle.com/security-alerts/cpujan2024.html
25Oracle MySQL 安全漏洞CNNVD-202401-1530CVE-2024-20963中危https://www.oracle.com/security-alerts/cpujan2024.html
26Oracle MySQL 安全漏洞CNNVD-202401-1531CVE-2024-20961中危https://www.oracle.com/security-alerts/cpujan2024.html
27Oracle ZFS Storage Appliance 安全漏洞CNNVD-202401-1532CVE-2024-20959中危https://www.oracle.com/security-alerts/cpujan2024.html
28Oracle E-Business Suite 安全漏洞CNNVD-202401-1535CVE-2024-20950中危https://www.oracle.com/security-alerts/cpujan2024.html
29Oracle E-Business Suite 安全漏洞CNNVD-202401-1536CVE-2024-20948中危https://www.oracle.com/security-alerts/cpujan2024.html
30Oracle Solaris 安全漏洞CNNVD-202401-1538CVE-2024-20946中危https://www.oracle.com/security-alerts/cpujan2024.html
31Oracle E-Business Suite 安全漏洞CNNVD-202401-1539CVE-2024-20944中危https://www.oracle.com/security-alerts/cpujan2024.html
32Oracle Supply Chain Products Suite 安全漏洞CNNVD-202401-1540CVE-2024-20942中危https://www.oracle.com/security-alerts/cpujan2024.html
33Oracle E-Business Suite 安全漏洞CNNVD-202401-1541CVE-2024-20940中危https://www.oracle.com/security-alerts/cpujan2024.html
34Oracle E-Business Suite 安全漏洞CNNVD-202401-1542CVE-2024-20938中危https://www.oracle.com/security-alerts/cpujan2024.html
35Oracle Installed Base 安全漏洞CNNVD-202401-1543CVE-2024-20934中危https://www.oracle.com/security-alerts/cpujan2024.html
36Oracle One-to-One Fulfillment 安全漏洞CNNVD-202401-1544CVE-2024-20936中危https://www.oracle.com/security-alerts/cpujan2024.html
37Oracle Outside In Technology 安全漏洞CNNVD-202401-1545CVE-2024-20930中危https://www.oracle.com/security-alerts/cpujan2024.html
38Oracle Fusion Middleware 安全漏洞CNNVD-202401-1547CVE-2024-20928中危https://www.oracle.com/security-alerts/cpujan2024.html
39Oracle Java SE和Oracle GraalVM 安全漏洞CNNVD-202401-1548CVE-2024-20926中危https://www.oracle.com/security-alerts/cpujan2024.html
40Oracle Integrated Lights Out Manager 安全漏洞CNNVD-202401-1564CVE-2024-20906中危https://www.oracle.com/security-alerts/cpujan2024.html
41Oracle Business Intelligence Enterprise Edition 安全漏洞CNNVD-202401-1566CVE-2024-20904中危https://www.oracle.com/security-alerts/cpujan2024.html
42Oracle Fusion Middleware 安全漏洞CNNVD-202401-1568CVE-2024-20908中危https://www.oracle.com/security-alerts/cpujan2024.html
43Oracle Java SE 安全漏洞CNNVD-202401-1582CVE-2024-20919中危https://www.oracle.com/security-alerts/cpujan2024verbose.html
44Oracle Java SE 安全漏洞CNNVD-202401-1583CVE-2024-20921中危https://www.oracle.com/security-alerts/cpujan2024verbose.html
45Oracle Java SE 安全漏洞CNNVD-202401-1584CVE-2024-20945中危https://www.oracle.com/security-alerts/cpujan2024verbose.html
46Oracle ZFS Storage Appliance 安全漏洞CNNVD-202401-1658CVE-2023-21833中危https://www.oracle.com/security-alerts/cpujan2024.html
47Oracle MySQL 安全漏洞CNNVD-202401-1661CVE-2024-20984中危https://www.oracle.com/security-alerts/cpujan2024.html
48Oracle MySQL 安全漏洞CNNVD-202401-1662CVE-2024-20982中危https://www.oracle.com/security-alerts/cpujan2024.html
49Oracle MySQL 安全漏洞CNNVD-202401-1663CVE-2024-20968中危https://www.oracle.com/security-alerts/cpujan2024.html
50Oracle MySQL 安全漏洞CNNVD-202401-1664CVE-2024-20978中危https://www.oracle.com/security-alerts/cpujan2024.html
51Oracle MySQL 安全漏洞CNNVD-202401-1665CVE-2024-20976中危https://www.oracle.com/security-alerts/cpujan2024.html
52Oracle MySQL 安全漏洞CNNVD-202401-1666CVE-2024-20974中危https://www.oracle.com/security-alerts/cpujan2024.html
53Oracle MySQL 安全漏洞CNNVD-202401-1667CVE-2024-20972中危https://www.oracle.com/security-alerts/cpujan2024.html
54Oracle MySQL 安全漏洞CNNVD-202401-1668CVE-2024-20970中危https://www.oracle.com/security-alerts/cpujan2024.html
55Oracle MySQL 安全漏洞CNNVD-202401-1669CVE-2024-20966中危https://www.oracle.com/security-alerts/cpujan2024.html
56Oracle MySQL 安全漏洞CNNVD-202401-1670CVE-2024-20960中危https://www.oracle.com/security-alerts/cpujan2024.html
57Oracle MySQL 安全漏洞CNNVD-202401-1671CVE-2024-20962中危https://www.oracle.com/security-alerts/cpujan2024.html
58Oracle MySQL 安全漏洞CNNVD-202401-1672CVE-2024-20964中危https://www.oracle.com/security-alerts/cpujan2024.html
59Oracle JD Edwards Products 安全漏洞CNNVD-202401-1676CVE-2024-20937中危https://www.oracle.com/security-alerts/cpujan2024.html
60Oracle Business Intelligence Enterprise Edition 安全漏洞CNNVD-202401-1677CVE-2024-20913中危https://www.oracle.com/security-alerts/cpujan2024.html
61Oracle BI Publisher 安全漏洞CNNVD-202401-1678CVE-2024-20980中危https://www.oracle.com/security-alerts/cpujan2024.html
62Oracle Fusion Middleware 安全漏洞CNNVD-202401-1679CVE-2024-20986中危https://www.oracle.com/security-alerts/cpujan2024.html
63Oracle E-Business Suite 安全漏洞CNNVD-202401-1683CVE-2024-20939中危https://www.oracle.com/security-alerts/cpujan2024.html
64Oracle E-Business Suite 安全漏洞CNNVD-202401-1684CVE-2024-20915中危https://www.oracle.com/security-alerts/cpujan2024.html
65Oracle E-Business Suite 安全漏洞CNNVD-202401-1685CVE-2024-20943中危https://www.oracle.com/security-alerts/cpujan2024.html
66Oracle E-Business Suite 安全漏洞CNNVD-202401-1686CVE-2024-20958中危https://www.oracle.com/security-alerts/cpujan2024.html
67Oracle E-Business Suite 安全漏洞CNNVD-202401-1687CVE-2024-20907中危https://www.oracle.com/security-alerts/cpujan2024.html
68Oracle E-Business Suite 安全漏洞CNNVD-202401-1688CVE-2024-20947中危https://www.oracle.com/security-alerts/cpujan2024.html
69Oracle E-Business Suite 安全漏洞CNNVD-202401-1689CVE-2024-20941中危https://www.oracle.com/security-alerts/cpujan2024.html
70Oracle E-Business Suite 安全漏洞CNNVD-202401-1690CVE-2024-20935中危https://www.oracle.com/security-alerts/cpujan2024.html
71Oracle E-Business Suite 安全漏洞CNNVD-202401-1691CVE-2024-20933中危https://www.oracle.com/security-alerts/cpujan2024.html
72Oracle E-Business Suite 安全漏洞CNNVD-202401-1692CVE-2024-20951中危https://www.oracle.com/security-alerts/cpujan2024.html
73Oracle E-Business Suite 安全漏洞CNNVD-202401-1693CVE-2024-20949中危https://www.oracle.com/security-alerts/cpujan2024.html
74Oracle E-Business Suite 安全漏洞CNNVD-202401-1694CVE-2024-20929中危https://www.oracle.com/security-alerts/cpujan2024.html
75Oracle Database Server 安全漏洞CNNVD-202401-1697CVE-2024-20903中危https://www.oracle.com/security-alerts/cpujan2024.html
76Oracle JD Edwards Products 安全漏洞CNNVD-202401-1533CVE-2024-20957低危https://www.oracle.com/security-alerts/cpujan2024.html
77Oracle部分产品 安全漏洞CNNVD-202401-1534CVE-2024-20955低危https://www.oracle.com/security-alerts/cpujan2024.html
78Oracle部分产品 安全漏洞CNNVD-202401-1556CVE-2024-20922低危https://www.oracle.com/security-alerts/cpujan2024.html
79Oracle Solaris 安全漏洞CNNVD-202401-1557CVE-2024-20920低危https://www.oracle.com/security-alerts/cpujan2024.html
80Oracle ZFS Storage Appliance 安全漏洞CNNVD-202401-1569CVE-2024-20914低危https://www.oracle.com/security-alerts/cpujan2024.html
81Oracle Audit Vault and Database Firewall 安全漏洞CNNVD-202401-1571CVE-2024-20912低危https://www.oracle.com/security-alerts/cpujan2024.html
82Oracle Audit Vault and Database Firewall 安全漏洞CNNVD-202401-1575CVE-2024-20910低危https://www.oracle.com/security-alerts/cpujan2024.html
83Oracle Java SE和Oracle GraalVM 安全漏洞CNNVD-202401-1673CVE-2024-20925低危https://www.oracle.com/security-alerts/cpujan2024.html
84Oracle JD Edwards Products 安全漏洞CNNVD-202401-1674CVE-2024-20905低危https://www.oracle.com/security-alerts/cpujan2024.html
85Oracle部分产品 安全漏洞CNNVD-202401-1675CVE-2024-20923低危https://www.oracle.com/security-alerts/cpujan2024.html
86Oracle Audit Vault and Database Firewall 安全漏洞CNNVD-202401-1695CVE-2024-20911低危https://www.oracle.com/security-alerts/cpujan2024.html
序号漏洞名称CNNVD编号CVE编号危害等级厂商官方链接
1Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞CNNVD-202207-838CVE-2020-29508超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
2Dell BSAFE 安全特征问题漏洞CNNVD-202207-834CVE-2020-35163超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
3Dell BSAFE 安全漏洞CNNVD-202207-832CVE-2020-35166超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
4Dell BSAFE 安全漏洞CNNVD-202207-831CVE-2020-35167超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
5Dell BSAFE 安全漏洞CNNVD-202207-828CVE-2020-35168超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
6H2database代码问题漏洞CNNVD-202201-572CVE-2021-42392超危个人开发者https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
7Sanitize 输入验证错误漏洞CNNVD-202110-1259CVE-2021-42575超危个人开发者https://owasp.org/www-project-java-html-sanitizer/
8Mozilla Network Security Services 缓冲区错误漏洞CNNVD-202112-002CVE-2021-43527超危Mozilla基金会https://packetstormsecurity.com/files/165110/NSS-Signature-Validation-Memory-Corruption.html
9GNU Libtasn1 缓冲区错误漏洞CNNVD-202210-1689CVE-2021-46848超危GNU基金会https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5
10SnakeYAML 代码问题漏洞CNNVD-202212-1820CVE-2022-1471超危个人开发者https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
11H2Console 参数注入漏洞CNNVD-202201-1749CVE-2022-23221超危个人开发者https://github.com/h2database/h2database/releases/tag/version-2.1.210
12OpenLDAP SQL注入漏洞CNNVD-202205-2146CVE-2022-29155超危Openldap基金会https://bugs.openldap.org/show_bug.cgi?id=9815
13VMware Spring Security 安全漏洞CNNVD-202210-2599CVE-2022-31692超危VMwarehttps://tanzu.vmware.com/security/cve-2022-31692
14Scala 代码问题漏洞CNNVD-202209-2463CVE-2022-36944超危Scalahttps://www.scala-lang.org/download/
15zlib 缓冲区错误漏洞CNNVD-202208-2276CVE-2022-37434超危个人开发者https://github.com/madler/zlib/
16Apache Commons Text 代码注入漏洞CNNVD-202210-790CVE-2022-42889超危Apache基金会https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
17Apache Commons BCEL 缓冲区错误漏洞CNNVD-202211-2199CVE-2022-42920超危Apache基金会https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
18Apache Derby 注入漏洞CNNVD-202311-1655CVE-2022-46337超危Apache基金会https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
19BusyBox 缓冲区错误漏洞CNNVD-202208-4625CVE-2022-48174超危个人开发者https://bugs.busybox.net/show_bug.cgi?id=15216
20Node.js 安全漏洞CNNVD-202308-1703CVE-2023-32002超危个人开发者https://nodejs.org/en
21SQLite 代码注入漏洞CNNVD-202305-2084CVE-2023-32697超危SQLitehttps://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
22VMware Spring Security 安全漏洞CNNVD-202307-1680CVE-2023-34034超危VMwarehttps://spring.io/security/cve-2023-34034
23PHP 缓冲区错误漏洞CNNVD-202308-1102CVE-2023-3824超危PHPhttps://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
24curl 缓冲区错误漏洞CNNVD-202310-917CVE-2023-38545超危curlhttps://github.com/curl/curl/commit/fb4415d8aee6c1
25Google Go 代码注入漏洞CNNVD-202309-669CVE-2023-39320超危Googlehttps://github.com/golang/go/issues/62198
26Apache ZooKeeper 安全漏洞CNNVD-202310-856CVE-2023-44981超危Apache基金会https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b
27Apache ActiveMQ 代码问题漏洞CNNVD-202310-2332CVE-2023-46604超危Apache基金会https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
28Apache Arrow 代码问题漏洞CNNVD-202311-735CVE-2023-47248超危Apache基金会https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
29HtmlUnit 安全漏洞CNNVD-202312-267CVE-2023-49093超危HtmlUnithttps://www.htmlunit.org/changes-report.html#a3.9
30Apache Struts 安全漏洞CNNVD-202312-546CVE-2023-50164超危Apache基金会https://struts.apache.org/download.cgi#struts-ga
31Apache Commons Beanutils 代码问题漏洞CNNVD-201908-1140CVE-2019-10086高危debianhttps://issues.apache.org/jira/browse/BEANUTILS-520
32Dell BSAFE 安全漏洞CNNVD-202207-833CVE-2020-35164高危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
33VMware Spring Cloud Config 路径遍历漏洞CNNVD-202006-075CVE-2020-5410高危Vmwarehttps://tanzu.vmware.com/security/cve-2020-5410
34CodeMirror 资源管理错误漏洞CNNVD-202010-1679CVE-2020-7760高危Codemirrorhttps://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
35Google Android 信任管理问题漏洞CNNVD-202102-128CVE-2021-0341高危Googlehttps://source.android.com/security/bulletin/2021-02-01
36JDOM 代码问题漏洞CNNVD-202106-1323CVE-2021-33813高危个人开发者https://github.com/hunterhacker/jdom。
37Apache Commons Compress 安全漏洞CNNVD-202107-896CVE-2021-35515高危Apache基金会https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E
38Apache Commons Compress 安全漏洞CNNVD-202107-897CVE-2021-35516高危Apache基金会https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E
39Apache Commons Compress 安全漏洞CNNVD-202107-898CVE-2021-35517高危Apache基金会https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E
40Apache Commons Compress 安全漏洞CNNVD-202107-899CVE-2021-36090高危Apache基金会https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
41Apache Log4j 代码问题漏洞CNNVD-202112-1011CVE-2021-4104高危Apache基金会https://logging.apache.org/log4j/2.x/security.html
42npm jquery-validation 安全漏洞CNNVD-202206-318CVE-2021-43306高危个人开发者https://www.npmjs.com/package/jquery-validation
43Spring Cloud 安全漏洞CNNVD-202206-2126CVE-2022-22979高危Springhttps://tanzu.vmware.com/security/cve-2022-22979
44nekohtml资源管理错误漏洞CNNVD-202204-2918CVE-2022-24839高危个人开发者https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d
45gson 代码问题漏洞CNNVD-202205-1791CVE-2022-25647高危个人开发者https://github.com/google/gson/pull/1991/files
46jquery-validation 安全漏洞CNNVD-202207-1332CVE-2022-31147高危个人开发者https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3
47VMware Spring Security 安全漏洞CNNVD-202210-2598CVE-2022-31690高危VMwarehttps://tanzu.vmware.com/security/cve-2022-31690
48Apache Xalan 输入验证错误漏洞CNNVD-202207-1617CVE-2022-34169高危Apache基金会https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
49NSS 安全漏洞CNNVD-202210-947CVE-2022-3479高危Mozilla基金会https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
50Google protobuf 安全漏洞CNNVD-202212-2865CVE-2022-3510高危Googlehttps://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
51OpenSSL 缓冲区错误漏洞CNNVD-202210-2605CVE-2022-3602高危OpenSSL团队https://www.openssl.org/news/secadv/20221101.txt
52OpenSSL 安全漏洞CNNVD-202210-2604CVE-2022-3786高危OpenSSL团队https://www.openssl.org/news/secadv/20221101.txt
53XStream 缓冲区错误漏洞CNNVD-202209-1230CVE-2022-40152高危XStreamhttps://github.com/x-stream/xstream/issues/304
54PCRE2 输入验证错误漏洞CNNVD-202307-1523CVE-2022-41409高危PCRE2Projecthttps://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35
55Apache XML Graphics Batik 代码问题漏洞CNNVD-202210-1712CVE-2022-41704高危Apache基金会https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
56FasterXML jackson-databind 代码问题漏洞CNNVD-202210-007CVE-2022-42003高危FasterXMLhttps://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
57FasterXML jackson-databind 代码问题漏洞CNNVD-202210-006CVE-2022-42004高危FasterXMLhttps://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
58Apache XML Graphics Batik 代码问题漏洞CNNVD-202210-1707CVE-2022-42890高危Apache基金会https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
59OpenSSL 资源管理错误漏洞CNNVD-202302-510CVE-2022-4450高危OpenSSLhttps://www.openssl.org/news/secadv/20230207.txt
60Apache XML Graphics Batik 代码问题漏洞CNNVD-202308-1802CVE-2022-44729高危Apache基金会https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
61H2database 安全漏洞CNNVD-202211-3421CVE-2022-45868高危个人开发者https://github.com/h2database/h2database/
62Apache Ivy 代码问题漏洞CNNVD-202308-1684CVE-2022-46751高危Apache基金会https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8
63SQLite 安全漏洞CNNVD-202212-2843CVE-2022-46908高危个人开发者https://sqlite.org/src/info/cefc032473ac5ad2
64OpenSSL 信任管理问题漏洞CNNVD-202303-1681CVE-2023-0464高危OpenSSLhttps://www.openssl.org/news/secadv/20230322.txt
65Red Hat JBoss Enterprise Application Platform 安全漏洞CNNVD-202303-798CVE-2023-1108高危Red Hathttps://github.com/ICEPAY/REST-API-NET/commit/61f6b8758e5c971abff5f901cfa9f231052b775f
66netplex json-smart 安全漏洞CNNVD-202303-1658CVE-2023-1370高危netplexhttps://netplex.github.io/json-smart/
67Jettison 安全漏洞CNNVD-202303-1656CVE-2023-1436高危Jettisonhttps://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
68Spring Framework 资源管理错误漏洞CNNVD-202305-2284CVE-2023-20883高危Springhttps://spring.io/security/cve-2023-20883
69Apache Commons FileUpload 安全漏洞CNNVD-202302-1610CVE-2023-24998高危Apache基金会https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
70Apache Kafka 代码问题漏洞CNNVD-202302-515CVE-2023-25194高危Apache基金会https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
71OpenCV 代码问题漏洞CNNVD-202305-852CVE-2023-2617高危OpenCVhttps://github.com/opencv/opencv_contrib/pull/3480
72OpenCV 安全漏洞CNNVD-202305-851CVE-2023-2618高危OpenCVhttps://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6
73Intel oneAPI Toolkits 代码问题漏洞CNNVD-202308-1031CVE-2023-28823高危Intelhttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
74Google Guava 安全漏洞CNNVD-202306-1141CVE-2023-2976高危Googlehttps://github.com/google/guava
75Flask 安全漏洞CNNVD-202305-091CVE-2023-30861高危Palletshttps://github.com/pallets/flask/releases/tag/2.3.2
76Apache HTTP Server 缓冲区错误漏洞CNNVD-202310-1640CVE-2023-31122高危Apache基金会https://httpd.apache.org/security/vulnerabilities_24.html
77Comprehensive Perl Archive Network 信任管理问题漏洞CNNVD-202304-2326CVE-2023-31484高危CPANhttps://github.com/andk/cpanpm/releases/tag/2.35
78HTTP::Tiny 信任管理问题漏洞CNNVD-202304-2318CVE-2023-31486高危Perldochttps://perldoc.perl.org/HTTP::Tiny
79jose4j 安全特征问题漏洞CNNVD-202310-2110CVE-2023-31582高危个人开发者https://bitbucket.org/b_c/jose4j/commits/1929fe3
80Node.js 安全漏洞CNNVD-202308-1336CVE-2023-32006高危Nodejshttps://nodejs.org/en/blog/vulnerability/august-2023-security-releases
81Node.js 安全漏洞CNNVD-202308-1984CVE-2023-32559高危个人开发者https://nodejs.org/en/blog/vulnerability/august-2023-security-releases
82Spring Framework 安全漏洞CNNVD-202311-2123CVE-2023-34053高危Spring团队https://github.com/spring-projects/spring-framework/releases/tag/v6.0.
83snappy-java 输入验证错误漏洞CNNVD-202306-1200CVE-2023-34453高危个人开发者https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
84snappy-java 输入验证错误漏洞CNNVD-202306-1198CVE-2023-34454高危个人开发者https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r
85Snappy 输入验证错误漏洞CNNVD-202306-1248CVE-2023-34455高危个人开发者https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh
86htmlcleaner 缓冲区错误漏洞CNNVD-202306-1106CVE-2023-34624高危个人开发者https://github.com/amplafi/htmlcleaner/issues/13
87Apache Tomcat 安全漏洞CNNVD-202306-1525CVE-2023-34981高危Apache基金会https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
88Jenkins 跨站请求伪造漏洞CNNVD-202306-1089CVE-2023-35141高危Jenkinshttps://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135
89Okio 安全漏洞CNNVD-202307-1161CVE-2023-3635高危squarehttps://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
90Eclipse Jetty 资源管理错误漏洞CNNVD-202310-691CVE-2023-36478高危Eclipse基金会https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
91Python 安全漏洞CNNVD-202306-1804CVE-2023-36632高危Python基金会https://docs.python.org/3/library/email.html
92HCL BigFix Platform 输入验证错误漏洞CNNVD-202310-848CVE-2023-37536高危HCL Technologieshttps://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
93curl 安全漏洞CNNVD-202309-1067CVE-2023-38039高危curlhttps://github.com/curl/curl
94PHP 代码问题漏洞CNNVD-202308-1104CVE-2023-3823高危PHPhttps://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr
95python-cryptography 信任管理问题漏洞CNNVD-202307-1332CVE-2023-38325高危Cryptographic团队https://github.com/pyca/cryptography/issues/9207
96Google Golang 安全漏洞CNNVD-202309-663CVE-2023-39321高危Googlehttps://github.com/golang/go/issues/62266
97Google Go 安全漏洞CNNVD-202309-662CVE-2023-39322高危Googlehttps://github.com/golang/go/issues/62266
98Apache Avro 代码问题漏洞CNNVD-202309-2636CVE-2023-39410高危Apache基金会https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
99MIT Kerberos 资源管理错误漏洞CNNVD-202308-1454CVE-2023-39975高危MIThttps://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840
100Eclipse Parsson 安全漏洞CNNVD-202311-268CVE-2023-4043高危Eclipse基金会https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
101Python 代码问题漏洞CNNVD-202308-1930CVE-2023-41105高危Python基金会https://github.com/python/cpython/pull/107982
102Jenkins 安全漏洞CNNVD-202309-1972CVE-2023-43496高危Jenkinshttps://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072
103Jenkins 代码问题漏洞CNNVD-202309-1971CVE-2023-43497高危Jenkinshttps://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
104Jenkins 安全漏洞CNNVD-202309-1970CVE-2023-43498高危Jenkinshttps://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
105Apache HTTP Server 资源管理错误漏洞CNNVD-202310-1641CVE-2023-43622高危Apache基金会https://httpd.apache.org/security/vulnerabilities_24.html
106Snappy 安全漏洞CNNVD-202309-2204CVE-2023-43642高危个人开发者https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
107Apache HTTP/2 资源管理错误漏洞CNNVD-202310-667CVE-2023-44487高危Apache基金会https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
108Apache Tomcat 环境问题漏洞CNNVD-202311-2168CVE-2023-46589高危Apache基金会https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
109glibc 缓冲区错误漏洞CNNVD-202310-197CVE-2023-4911高危GNU社区https://www.gnu.org/software/libc/
110JSON-Java 安全漏洞CNNVD-202310-951CVE-2023-5072高危个人开发者https://github.com/stleary/JSON-java/
111OpenSSL 安全漏洞CNNVD-202310-1871CVE-2023-5363高危OpenSSL团队https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
112Junit 信息泄露漏洞CNNVD-202010-445CVE-2020-15250中危个人开发者https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md
113DOMPurify 跨站脚本漏洞CNNVD-202010-199CVE-2020-26870中危个人开发者https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
114Vmware Spring Framework 安全漏洞CNNVD-202009-1050CVE-2020-5421中危Vmwarehttps://tanzu.vmware.com/security/cve-2020-5421
115Apache Commons IO 路径遍历漏洞CNNVD-202104-702CVE-2021-29425中危Apache基金会https://issues.apache.org/jira/browse/IO-556
116Apache Commons Net 输入验证错误漏洞CNNVD-202212-2188CVE-2021-37533中危Apache基金会https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
117jQuery 跨站脚本漏洞CNNVD-202110-1843CVE-2021-41182中危个人开发者https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
118jQuery 跨站脚本漏洞CNNVD-202110-1839CVE-2021-41183中危个人开发者https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
119Openjs Jquery Ui 跨站脚本漏洞CNNVD-202110-1845CVE-2021-41184中危Openjs基金会https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
120Vmware Spring Framework 安全漏洞CNNVD-202203-2333CVE-2022-22950中危VMwarehttps://tanzu.vmware.com/security/cve-2022-22950
121Pivotal Spring Security OAuth 资源管理错误漏洞CNNVD-202204-3951CVE-2022-22969中危Pivotalhttps://tanzu.vmware.com/security/cve-2022-22969
122Apache Portable Runtime 输入验证错误漏洞CNNVD-202301-2414CVE-2022-25147中危Apache基金会https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
123jQuery 跨站脚本漏洞CNNVD-202207-2121CVE-2022-31160中危个人开发者https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
124jsoup 跨站脚本漏洞CNNVD-202208-4329CVE-2022-36033中危个人开发者https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
125Matthäus G. Chajdas pygments 代码问题漏洞CNNVD-202307-1683CVE-2022-40896中危Matthäus G. Chajdashttps://pypi.org/project/Pygments/
126OpenSSL 安全漏洞CNNVD-202302-514CVE-2022-4304中危OpenSSLhttps://www.openssl.org/news/secadv/20230207.txt
127Apache XML Graphics Batik 代码问题漏洞CNNVD-202308-1801CVE-2022-44730中危Apache基金会https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0
128OpenSSL 信任管理问题漏洞CNNVD-202303-2432CVE-2023-0465中危OpenSSLhttps://www.openssl.org/news/secadv/20230328.txt
129OpenSSL 信任管理问题漏洞CNNVD-202303-2431CVE-2023-0466中危OpenSSLhttps://www.openssl.org/news/secadv/20230328.txt
130Spring Framework 安全漏洞CNNVD-202304-1094CVE-2023-20863中危Springhttps://spring.io/security/cve-2023-20863
131libssh 授权问题漏洞CNNVD-202305-2087CVE-2023-2283中危libsshhttps://www.debian.org/security/2023/
132cryptography 代码问题漏洞CNNVD-202302-523CVE-2023-23931中危Cryptographichttps://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
133OpenSSL 安全漏洞CNNVD-202305-2503CVE-2023-2650中危OpenSSLhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
134Intel oneAPI Toolkits 安全漏洞CNNVD-202308-1047CVE-2023-27391中危Intelhttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
135CKEditor 跨站脚本漏洞CNNVD-202303-1790CVE-2023-28439中危CKEditorhttps://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
136libxml2 代码问题漏洞CNNVD-202304-908CVE-2023-28484中危个人开发者https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
137Ruby 安全漏洞CNNVD-202303-2412CVE-2023-28755中危个人开发者https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
138Ruby 安全漏洞CNNVD-202303-2720CVE-2023-28756中危个人开发者https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
139libxml2 资源管理错误漏洞CNNVD-202304-907CVE-2023-29469中危个人开发者https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
140OpenSSL 授权问题漏洞CNNVD-202307-1295CVE-2023-2975中危OpenSSL团队https://www.openssl.org/news/secadv/20230714.txt
141Bouncy Castle 信任管理问题漏洞CNNVD-202307-168CVE-2023-33201中危Bouncy Castlehttps://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
142Spring Security 安全漏洞CNNVD-202307-1539CVE-2023-34035中危Springhttps://spring.io/security/cve-2023-34035
143VMware Spring Boot 安全漏洞CNNVD-202311-2124CVE-2023-34055中危VMwarehttps://github.com/spring-projects/spring-boot/releases/tag/v3.0.
144OpenSSL 安全漏洞CNNVD-202307-1681CVE-2023-3446中危OpenSSL团队https://www.openssl.org/news/secadv/20230719.txt
145Netty 资源管理错误漏洞CNNVD-202306-1639CVE-2023-34462中危Nettyhttps://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
146Apache MINA 路径遍历漏洞CNNVD-202307-582CVE-2023-35887中危Apache基金会https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
147MIT Kerberos 缓冲区错误漏洞CNNVD-202308-488CVE-2023-36054中危MIThttps://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
148Eclipse Jetty 安全漏洞CNNVD-202309-1093CVE-2023-36479中危Eclipse基金会https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
149OpenSSL 安全漏洞CNNVD-202307-2314CVE-2023-3817中危OpenSSL团队https://www.openssl.org/news/secadv/20230731.txt
150Jenkins 跨站脚本漏洞CNNVD-202307-2099CVE-2023-39151中危Jenkinshttps://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188
151Google Golang 跨站脚本漏洞CNNVD-202309-671CVE-2023-39318中危Googlehttps://github.com/golang/go/issues/62196
152Google Golang 跨站脚本漏洞CNNVD-202309-667CVE-2023-39319中危Googlehttps://github.com/golang/go/issues/62197
153Eclipse Jetty 安全漏洞CNNVD-202309-1102CVE-2023-40167中危Eclipse基金会https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
154Eclipse Jetty 安全漏洞CNNVD-202309-1113CVE-2023-41900中危Eclipse基金会https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
155Apache Commons Compress 资源管理错误漏洞CNNVD-202309-1000CVE-2023-42503中危Apache基金会https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
156Apache Tomcat 安全漏洞CNNVD-202310-717CVE-2023-42794中危Apache基金会https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
157Apache Tomcat 安全漏洞CNNVD-202310-716CVE-2023-42795中危Apache基金会https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
158Jenkins 安全漏洞CNNVD-202309-1974CVE-2023-43494中危Jenkinshttps://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261
159Jenkins 跨站脚本漏洞CNNVD-202309-1973CVE-2023-43495中危Jenkinshttps://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245
160OWASP AntiSamy 跨站脚本漏洞CNNVD-202310-525CVE-2023-43643中危OWASP基金会https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2
161Apache Santuario 日志信息泄露漏洞CNNVD-202310-1720CVE-2023-44483中危Apache基金会https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
162Apache Tomcat 输入验证错误漏洞CNNVD-202310-712CVE-2023-45648中危Apache基金会https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
163Apache HTTP Server 资源管理错误漏洞CNNVD-202310-1636CVE-2023-45802中危Apache基金会https://httpd.apache.org/security/vulnerabilities_24.html
164OpenSSH 安全漏洞CNNVD-202312-1668CVE-2023-48795中危OpenBSDhttps://www.openssh.com/openbsd.html
165Apache Tika 安全漏洞CNNVD-202206-2671CVE-2022-33879低危Apache基金会https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
166curl 安全漏洞CNNVD-202310-916CVE-2023-38546低危curlhttps://github.com/curl/curl/releases
167Redis Labs Redis 安全漏洞CNNVD-202309-560CVE-2023-41053低危Redis Labshttps://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6
168undici 信息泄露漏洞CNNVD-202310-953CVE-2023-45143低危nodejshttps://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
169Redis Labs Redis 安全漏洞CNNVD-202310-1522CVE-2023-45145低危Redis Labshttps://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx

文章来源: https://www.aqniu.com/industry/102297.html
如有侵权请联系:admin#unsafe.sh