CNNVD通报Oracle多个安全漏洞
2023-7-21 13:45:2 Author: www.aqniu.com(查看原文) 阅读量:32 收藏

近日,CNNVD通报Oracle多个安全漏洞,其中Oracle产品本身漏洞60个,影响到Oracle产品的其他厂商漏洞247个。包括Oracle Application Express 安全漏洞(CNNVD-202307-1575、CVE-2023-21975)、Oracle Application Express  安全漏洞(CNNVD-202307-1588、CVE-2023-21974)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

2023年7月18日,Oracle发布了2023年7月份安全更新,共307个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Database Server、Oracle Solaris、Oracle Fusion Middleware、Oracle Essbase、Oracle Virtualization等。CNNVD对其危害等级进行了评价,其中超危漏洞52个,高危漏洞129个,中危漏洞111个,低危漏洞15个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

序号漏洞名称CNNVD编号CVE编号危害等级厂商官方链接
1Apache Hive JDBC驱动程序SQL注入漏洞CNNVD-201804-274CVE-2018-1282超危Apache基金会https://lists.apache.org/thread.html/[email protected]%3Cdev.hive.apache.org%3E
2Terracotta Quartz Scheduler 代码问题漏洞CNNVD-201907-1383CVE-2019-13990超危softwareaghttp://www.quartz-scheduler.org/
3Swagger UI 跨站请求伪造漏洞CNNVD-201910-715CVE-2019-17495超危个人开发者https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11
4FasterXML jackson-databind 代码问题漏洞CNNVD-201910-774CVE-2019-17531超危Fasterxmlhttps://github.com/FasterXML/jackson-databind/issues/2498
5Apache Log4j 代码问题漏洞CNNVD-201912-950CVE-2019-17571超危Apache基金会https://www.apache.org/
6Apache ActiveMQ 代码注入漏洞CNNVD-202009-680CVE-2020-11998超危Apache基金会http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
7Apache Commons Configuration 输入验证错误漏洞CNNVD-202003-821CVE-2020-1953超危Apache基金会https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E
8Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞CNNVD-202207-838CVE-2020-29508超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
9Dell BSAFE 安全特征问题漏洞CNNVD-202207-834CVE-2020-35163超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
10Dell BSAFE 安全漏洞CNNVD-202207-832CVE-2020-35166超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
11Dell BSAFE 安全漏洞CNNVD-202207-831CVE-2020-35167超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
12Dell BSAFE 安全漏洞CNNVD-202207-828CVE-2020-35168超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
13Dell BSAFE 输入验证错误漏洞CNNVD-202207-830CVE-2020-35169超危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
14Apache Chainsaw 代码问题漏洞CNNVD-202106-1293CVE-2020-9493超危Apache基金会https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E
15Apache Xmlbeans 输入验证错误漏洞CNNVD-202101-1146CVE-2021-23926超危Apache基金会https://issues.apache.org/jira/browse/XMLBEANS-517
16Microsoft .NET Core 安全漏洞CNNVD-202102-681CVE-2021-24112超危Microsofthttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112
17LZ4 输入验证错误漏洞CNNVD-202104-2105CVE-2021-3520超危个人开发者https://github.com/lz4/lz4/pull/972
18Sanitize 输入验证错误漏洞CNNVD-202110-1259CVE-2021-42575超危个人开发者https://owasp.org/www-project-java-html-sanitizer/
19iText 命令注入漏洞CNNVD-202112-1333CVE-2021-43113超危个人开发者https://github.com/itext/itext7/releases/tag/7.1.17
20Apache Log4j 代码问题漏洞CNNVD-202112-799CVE-2021-44228超危Apache基金会https://logging.apache.org/log4j/2.x/security.html
21Apache Log4j 代码问题漏洞CNNVD-202112-1065CVE-2021-45046超危Apache基金会https://logging.apache.org/log4j/2.x/security.html。
22SnakeYAML 代码问题漏洞CNNVD-202212-1820CVE-2022-1471超危个人开发者https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
23Dexie 安全漏洞CNNVD-202205-1809CVE-2022-21189超危个人开发者https://github.com/dexie/Dexie.js
24Apache Log4j SQL注入漏洞CNNVD-202201-1421CVE-2022-23305超危Apache基金会https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y
25OWASP ESAPI 路径遍历漏洞CNNVD-202204-4378CVE-2022-23457超危个人开发者https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2
26Apache Hadoop 操作系统命令注入漏洞CNNVD-202208-2167CVE-2022-25168超危Apache基金会https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130
27Apache Hadoop 路径遍历漏洞CNNVD-202204-2605CVE-2022-26612超危Apache基金会https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz
28FreeType 缓冲区错误漏洞CNNVD-202204-4272CVE-2022-27404超危个人开发者https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
29Pallets Werkzeug 环境问题漏洞CNNVD-202205-4094CVE-2022-29361超危个人开发者https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85
30VMware Spring Security 安全漏洞CNNVD-202210-2599CVE-2022-31692超危VMwarehttps://tanzu.vmware.com/security/cve-2022-31692
31Apache Commons Configuration 代码注入漏洞CNNVD-202207-428CVE-2022-33980超危Apache基金会https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s
32Apache HTTP Server 环境问题漏洞CNNVD-202301-1299CVE-2022-36760超危Apache基金会https://httpd.apache.org/security/vulnerabilities_24.html
33Scala 代码问题漏洞CNNVD-202209-2463CVE-2022-36944超危Scalahttps://www.scala-lang.org/download/
34zlib 缓冲区错误漏洞CNNVD-202208-2276CVE-2022-37434超危个人开发者https://github.com/madler/zlib/
35XKCP 输入验证错误漏洞CNNVD-202210-1541CVE-2022-37454超危XKCPhttps://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
36Apache Ivy 路径遍历漏洞CNNVD-202211-2196CVE-2022-37865超危Apache基金会https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy
37Apache Calcite 代码问题漏洞CNNVD-202209-697CVE-2022-39135超危Apache基金会https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082
38HSQLDB 安全漏洞CNNVD-202210-196CVE-2022-41853超危The HSQL Development Grouphttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7
39Apache Commons BCEL 缓冲区错误漏洞CNNVD-202211-2199CVE-2022-42920超危Apache基金会https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
40Apache MINA 代码问题漏洞CNNVD-202211-2918CVE-2022-45047超危Apache基金会https://www.mail-archive.com/[email protected]/msg39312.html
41Apache CXF 代码问题漏洞CNNVD-202212-3143CVE-2022-46364超危Apache基金会https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
42Spring Framework 安全漏洞CNNVD-202304-1667CVE-2023-20862超危Springhttps://spring.io/security/cve-2023-20862
43Spring Framework 安全漏洞CNNVD-202304-1732CVE-2023-20873超危Springhttps://spring.io/security/cve-2023-20873
44Apache Spark 安全漏洞CNNVD-202304-1307CVE-2023-22946超危Apache基金会https://lists.apache.org/thread/yllfl25xh5tbotjmg93zrq4bzwhqc0gv
45curl 安全漏洞CNNVD-202302-1929CVE-2023-23914超危个人开发者https://github.com/curl/curl/releases/tag/curl-7_88_1
46Google TensorFlow 安全漏洞CNNVD-202303-2124CVE-2023-25664超危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr
47Google TensorFlow 安全漏洞CNNVD-202303-2120CVE-2023-25668超危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96
48Apache HTTP Server 环境问题漏洞CNNVD-202303-456CVE-2023-25690超危Apache基金会https://httpd.apache.org/security/vulnerabilities_24.html
49HtmlUnit 安全漏洞CNNVD-202304-058CVE-2023-26119超危个人开发者https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b
50Jenkins 跨站脚本漏洞CNNVD-202303-668CVE-2023-27898超危Jenkinshttps://www.jenkins.io/security/advisory/2023-03-08/
51Apache HTTP Server 缓冲区错误漏洞CNNVD-202301-1294CVE-2006-20001高危Apache基金会https://httpd.apache.org/security/vulnerabilities_24.html
52zlib 缓冲区错误漏洞CNNVD-202203-2221CVE-2018-25032高危个人开发者https://z-lib.org/
53Apache Axis 代码问题漏洞CNNVD-201904-472CVE-2019-0227高危apachehttp://axis.apache.org/
54Apache Commons Beanutils 代码问题漏洞CNNVD-201908-1140CVE-2019-10086高危debianhttps://issues.apache.org/jira/browse/BEANUTILS-520
55Apache Commons Compress 资源管理错误漏洞CNNVD-201908-2148CVE-2019-12402高危apachehttps://commons.apache.org/proper/commons-compress/security-reports.html
56Python 代码问题漏洞CNNVD-202209-155CVE-2020-10735高危Python基金会https://www.python.org/
57Apache XmlGraphics Commons 代码问题漏洞CNNVD-202102-1587CVE-2020-11988高危Apache基金会https://xmlgraphics.apache.org/security.html
58Iteris Apache Velocity 安全漏洞CNNVD-202103-758CVE-2020-13936高危Iterishttps://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E
59Apache Thrift 资源管理错误漏洞CNNVD-202102-1099CVE-2020-13949高危Apache基金会https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E
60Dell BSAFE 安全漏洞CNNVD-202207-833CVE-2020-35164高危Dellhttps://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
61FasterXML jackson-databind 缓冲区错误漏洞CNNVD-202203-1165CVE-2020-36518高危个人开发者https://github.com/FasterXML/jackson-databind/issues/2816
62joyent json 操作系统命令注入漏洞CNNVD-202008-1430CVE-2020-7712高危个人开发者https://snyk.io/vuln/SNYK-JS-JSON-597481
63CodeMirror 资源管理错误漏洞CNNVD-202010-1679CVE-2020-7760高危Codemirrorhttps://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
64Apache Hadoop 代码问题漏洞CNNVD-202208-3967CVE-2021-25642高危Apache基金会https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150
65Apache ActiveMQ 授权问题漏洞CNNVD-202101-2471CVE-2021-26117高危Apache基金会https://issues.apache.org/jira/browse/AMQ-8035
66JDOM 代码问题漏洞CNNVD-202106-1323CVE-2021-33813高危个人开发者https://github.com/hunterhacker/jdom。
67Apache Hive 访问控制错误漏洞CNNVD-202207-1393CVE-2021-34538高危Apache基金会https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354
68Apache Commons Compress 安全漏洞CNNVD-202107-896CVE-2021-35515高危Apache基金会https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E
69Apache Commons Compress 安全漏洞CNNVD-202107-897CVE-2021-35516高危Apache基金会https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E
70Apache Commons Compress 安全漏洞CNNVD-202107-898CVE-2021-35517高危Apache基金会https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E
71Apache Commons Compress 安全漏洞CNNVD-202107-899CVE-2021-36090高危Apache基金会https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
72Apache Santuario 信息泄露漏洞CNNVD-202109-1259CVE-2021-40690高危Apache基金会https://santuario.apache.org/javaindex.html
73Apache Log4j 代码问题漏洞CNNVD-202112-1011CVE-2021-4104高危Apache基金会https://logging.apache.org/log4j/2.x/security.html
74XStream 资源管理错误漏洞CNNVD-202201-2709CVE-2021-43859高危XStreamhttps://x-stream.github.io/CVE-2021-43859.html
75FasterXML jackson-databind 安全漏洞CNNVD-202303-1466CVE-2021-46877高危FasterXMLhttps://github.com/FasterXML/jackson-databind/issues/3328
76Eclipse Jetty 资源管理错误漏洞CNNVD-202207-594CVE-2022-2048高危个人开发者https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
77Eclipse Jetty 安全漏洞CNNVD-202207-589CVE-2022-2191高危Eclipse基金会https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
78Apache Log4j 代码问题漏洞CNNVD-202201-1420CVE-2022-23302高危Apache基金会https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w
79Apache Log4j 代码问题漏洞CNNVD-202201-1425CVE-2022-23307高危Apache基金会https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
80Certifi 数据伪造问题漏洞CNNVD-202212-2660CVE-2022-23491高危Certifihttps://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
81DELL BSAFE SSL-J 安全漏洞CNNVD-202202-1801CVE-2022-24409高危DELLhttps://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel
82CKEditor 资源管理错误漏洞CNNVD-202203-1545CVE-2022-24729高危个人开发者https://ckeditor.com/cke4/release/CKEditor-4.18
83gson 代码问题漏洞CNNVD-202205-1791CVE-2022-25647高危个人开发者https://github.com/google/gson/pull/1991/files
84FreeType 缓冲区错误漏洞CNNVD-202204-4275CVE-2022-27405高危个人开发者https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
85FreeType 缓冲区错误漏洞CNNVD-202204-4261CVE-2022-27406高危个人开发者http://freetype.com
86HtmlUnit 安全漏洞CNNVD-202204-4297CVE-2022-29546高危个人开发者https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg
87JasPer 安全漏洞CNNVD-202210-1004CVE-2022-2963高危个人开发者https://github.com/jasper-software/jasper/commit/270000671d4f411fe7e65c7bc02fd6ff14dd6946
88Moment.js 资源管理错误漏洞CNNVD-202207-502CVE-2022-31129高危个人开发者https://github.com/moment/moment/pull/6015#issuecomment-1152961973
89PostgreSQL JDBC Driver SQL注入漏洞CNNVD-202208-2126CVE-2022-31197高危PostgreSQLhttps://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
90PHP 缓冲区错误漏洞CNNVD-202210-2512CVE-2022-31630高危PHPhttps://www.php.net/ChangeLog-8.php#8.0.
91VMware Spring Security 安全漏洞CNNVD-202210-2598CVE-2022-31690高危VMwarehttps://tanzu.vmware.com/security/cve-2022-31690
92Google protobuf 安全漏洞CNNVD-202210-769CVE-2022-3171高危Googlehttps://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
93NSS 安全漏洞CNNVD-202210-947CVE-2022-3479高危Mozilla基金会https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
94OpenSSL 安全漏洞CNNVD-202210-2605CVE-2022-3602高危OpenSSL团队https://www.openssl.org/news/secadv/20221101.txt
95OpenSSL 安全漏洞CNNVD-202210-2604CVE-2022-3786高危OpenSSL团队https://www.openssl.org/news/secadv/20221101.txt
96Apache Ivy 路径遍历漏洞CNNVD-202211-2195CVE-2022-37866高危Apache基金会https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b
97OpenSSL 安全漏洞CNNVD-202212-2982CVE-2022-3996高危OpenSSLhttps://github.com/openssl/openssl/
98Apache XML Graphics Batik代码问题漏洞CNNVD-202209-2287CVE-2022-40146高危Apache基金会https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx
99Jettison 缓冲区错误漏洞CNNVD-202209-1235CVE-2022-40149高危个人开发者https://github.com/jettison-json/jettison/issues/45
100Jettison 资源管理错误漏洞CNNVD-202209-1233CVE-2022-40150高危个人开发者https://github.com/jettison-json/jettison/issues/45
101XStream 缓冲区错误漏洞CNNVD-202209-1234CVE-2022-40151高危XStreamhttps://github.com/x-stream/xstream/issues/304
102XStream 缓冲区错误漏洞CNNVD-202209-1230CVE-2022-40152高危XStreamhttps://github.com/x-stream/xstream/issues/304
103Apache SOAP 代码问题漏洞CNNVD-202209-2283CVE-2022-40705高危Apache基金会https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl
104Apache XML Graphics Batik 代码问题漏洞CNNVD-202210-1712CVE-2022-41704高危Apache基金会https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
105Netty 安全漏洞CNNVD-202212-2914CVE-2022-41881高危Netty社区https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
106XStream 安全漏洞CNNVD-202212-4034CVE-2022-41966高危XStreamhttps://x-stream.github.io/CVE-2022-41966.html
107FasterXML jackson-databind 代码问题漏洞CNNVD-202210-007CVE-2022-42003高危FasterXMLhttps://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
108FasterXML jackson-databind 代码问题漏洞CNNVD-202210-006CVE-2022-42004高危FasterXMLhttps://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
109Apache Tomcat 环境问题漏洞CNNVD-202210-2602CVE-2022-42252高危Apache基金会https://tomcat.apache.org/security-8.html
110Apache XML Graphics Batik 代码问题漏洞CNNVD-202210-1707CVE-2022-42890高危Apache基金会https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
111MIT Kerberos 输入验证错误漏洞CNNVD-202211-2910CVE-2022-42898高危MIThttps://web.mit.edu/kerberos/
112Python 安全漏洞CNNVD-202210-2513CVE-2022-42919高危Python基金会https://github.com/python/cpython/issues/97514
113Node.js 操作系统命令注入漏洞CNNVD-202211-2070CVE-2022-43548高危个人开发者https://nodejs.org/en/
114libexpat 资源管理错误漏洞CNNVD-202210-1676CVE-2022-43680高危个人开发者https://github.com/libexpat/libexpat/issues/649
115OpenSSL 资源管理错误漏洞CNNVD-202302-510CVE-2022-4450高危OpenSSLhttps://www.openssl.org/news/secadv/20230207.txt
116Python 资源管理错误漏洞CNNVD-202211-2414CVE-2022-45061高危Python基金会https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html
117Apache Tomcat 注入漏洞CNNVD-202301-137CVE-2022-45143高危Apache基金会https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
118Pillow 资源管理错误漏洞CNNVD-202211-2677CVE-2022-45199高危个人开发者https://github.com/python-pillow/Pillow/releases/tag/9.3
119Jettison 缓冲区错误漏洞CNNVD-202212-3132CVE-2022-45685高危个人开发者https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
120Hutool 缓冲区错误漏洞CNNVD-202212-3131CVE-2022-45688高危Dromara社区https://github.com/dromara/hutool/issues/2748
121Jettison 缓冲区错误漏洞CNNVD-202212-3128CVE-2022-45693高危个人开发者https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
122Apache CXF 输入验证错误漏洞CNNVD-202212-3125CVE-2022-46363高危Apache基金会https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
123jszip 路径遍历漏洞CNNVD-202301-2295CVE-2022-48285高危个人开发者https://github.com/Stuk/jszip/releases/tag/v3.10.1
124Zstandard 资源管理错误漏洞CNNVD-202303-2716CVE-2022-4899高危Facebookhttps://github.com/facebook/zstd/pull/3220
125OpenSSL 资源管理错误漏洞CNNVD-202302-521CVE-2023-0215高危OpenSSLhttps://ubuntu.com/security/notices/USN-5845-1
126OpenSSL 代码问题漏洞CNNVD-202302-512CVE-2023-0216高危OpenSSLhttps://ubuntu.com/security/notices/USN-5844-1
127OpenSSL 代码问题漏洞CNNVD-202302-516CVE-2023-0217高危OpenSSLhttps://ubuntu.com/security/notices/USN-5844-1
128OpenSSL 安全漏洞CNNVD-202302-524CVE-2023-0286高危OpenSSLhttps://ubuntu.com/security/notices/USN-5845-1
129GnuTLS 安全漏洞CNNVD-202302-884CVE-2023-0361高危个人开发者https://gitlab.com/gnutls/gnutls/-/issues/1050
130OpenSSL 代码问题漏洞CNNVD-202302-518CVE-2023-0401高危OpenSSLhttps://ubuntu.com/security/notices/USN-5844-1
131OpenSSL 信任管理问题漏洞CNNVD-202303-1681CVE-2023-0464高危OpenSSLhttps://www.openssl.org/news/secadv/20230322.txt
132Mozilla Firefox 安全漏洞CNNVD-202302-1554CVE-2023-0767高危Mozilla基金会https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-0767
133netplex json-smart 安全漏洞CNNVD-202303-1658CVE-2023-1370高危netplexhttps://netplex.github.io/json-smart/
134Jettison 安全漏洞CNNVD-202303-1656CVE-2023-1436高危Jettisonhttps://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
135libwebp 资源管理错误漏洞CNNVD-202305-177CVE-2023-1999高危WebP项目https://github.com/webmproject/libwebp
136Spring Framework 安全漏洞CNNVD-202303-2401CVE-2023-20860高危Springhttps://spring.io/security/cve-2023-20860
137Sudo 安全漏洞CNNVD-202301-1468CVE-2023-22809高危个人开发者https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
138Apache Commons FileUpload 安全漏洞CNNVD-202302-1610CVE-2023-24998高危Apache基金会https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
139HarfBuzz 安全漏洞CNNVD-202302-331CVE-2023-25193高危个人开发者https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
140Apache Kafka 代码问题漏洞CNNVD-202302-515CVE-2023-25194高危Apache基金会https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
141Git 路径遍历漏洞CNNVD-202304-2045CVE-2023-25652高危githubhttps://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
142Google TensorFlow 缓冲区错误漏洞CNNVD-202303-2129CVE-2023-25658高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6
143Google TensorFlow 缓冲区错误漏洞CNNVD-202303-2128CVE-2023-25659高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p
144Google TensorFlow 代码问题漏洞CNNVD-202303-2127CVE-2023-25660高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj
145Google TensorFlow 输入验证错误漏洞CNNVD-202303-2126CVE-2023-25662高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw
146Google TensorFlow 代码问题漏洞CNNVD-202303-2125CVE-2023-25663高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w
147Google TensorFlow 代码问题漏洞CNNVD-202303-2123CVE-2023-25665高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g
148Google TensorFlow 安全漏洞CNNVD-202303-2122CVE-2023-25666高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2
149Google TensorFlow 输入验证错误漏洞CNNVD-202303-2121CVE-2023-25667高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68
150Google TensorFlow 安全漏洞CNNVD-202303-2119CVE-2023-25669高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p
151Google TensorFlow 代码问题漏洞CNNVD-202303-2118CVE-2023-25670高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w
152Google TensorFlow 缓冲区错误漏洞CNNVD-202303-2117CVE-2023-25671高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6
153Google TensorFlow 代码问题漏洞CNNVD-202303-2114CVE-2023-25672高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r
154Google TensorFlow 安全漏洞CNNVD-202303-2116CVE-2023-25673高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh
155Google TensorFlow 代码问题漏洞CNNVD-202303-2115CVE-2023-25674高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579
156Google TensorFlow 安全漏洞CNNVD-202303-2113CVE-2023-25675高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj
157Google TensorFlow 代码问题漏洞CNNVD-202303-2112CVE-2023-25676高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq
158Google TensorFlow 资源管理错误漏洞CNNVD-202303-2111CVE-2023-25801高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q
159OpenSSL 安全漏洞CNNVD-202305-2503CVE-2023-2650高危OpenSSLhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
160Apache HTTP Server 环境问题漏洞CNNVD-202303-452CVE-2023-27522高危Apache基金会https://httpd.apache.org/security/vulnerabilities_24.html
161curl 注入漏洞CNNVD-202303-1551CVE-2023-27533高危个人开发者https://curl.se/download.html
162curl 路径遍历漏洞CNNVD-202303-1547CVE-2023-27534高危个人开发者https://curl.se/download.html
163Google TensorFlow 安全漏洞CNNVD-202303-2110CVE-2023-27579高危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
164Jenkins 安全漏洞CNNVD-202303-670CVE-2023-27899高危Jenkinshttps://www.jenkins.io/security/advisory/2023-03-08/
165Jenkins 安全漏洞CNNVD-202303-669CVE-2023-27900高危Jenkinshttps://www.jenkins.io/security/advisory/2023-03-08/
166Jenkins 安全漏洞CNNVD-202303-671CVE-2023-27901高危Jenkinshttps://www.jenkins.io/security/advisory/2023-03-08/
167Apache Tomcat 安全漏洞CNNVD-202305-1931CVE-2023-28709高危Apache基金会https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j
168Git 注入漏洞CNNVD-202304-2063CVE-2023-29007高危githubhttps://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844
169SheetJS 安全漏洞CNNVD-202304-1870CVE-2023-30533高危sheetjshttps://cdn.sheetjs.com/advisories/CVE-2023-30533
170Snowflake JDBC 命令注入漏洞CNNVD-202304-1210CVE-2023-30535高危Snowflakehttps://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-4g3j-c4wg-6j7x
171Flask 安全漏洞CNNVD-202305-091CVE-2023-30861高危Palletshttps://github.com/pallets/flask/releases/tag/2.3.2
172illumos 缓冲区错误漏洞CNNVD-202305-266CVE-2023-31284高危个人开发者https://illumos.topicbox.com/groups/developer/T13ef186a53edeb5c-M821cc18b5884e04e16daa8fd/cve-2023-31284-buffer-overflow-in-dev-net
173Apache Tomcat 安全漏洞CNNVD-202306-1525CVE-2023-34981高危Apache基金会https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
174Apache Axis 跨站脚本漏洞CNNVD-201808-082CVE-2018-8032中危apachehttps://issues.apache.org/jira/browse/AXIS-2924
175Apache ActiveMQ 跨站脚本漏洞CNNVD-202102-588CVE-2020-13947中危Apache基金会http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt
176Apache HttpClient 安全漏洞CNNVD-202010-372CVE-2020-13956中危Apache基金会https://www.apache.org/
177Junit 信息泄露漏洞CNNVD-202010-445CVE-2020-15250中危个人开发者https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md
178Apache Groovy 安全漏洞CNNVD-202012-422CVE-2020-17521中危Apache基金会https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
179Apache Hive 信息泄露漏洞CNNVD-202103-1010CVE-2020-1926中危Apache基金会https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E
180Netty 环境问题漏洞CNNVD-202103-713CVE-2021-21295中危Netty社区https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4
181Google protobuf 安全漏洞CNNVD-202201-628CVE-2021-22569中危Googlehttps://cloud.google.com/support/bulletins#gcp-2022-001
182ISC BIND 环境问题漏洞CNNVD-202203-1514CVE-2021-25220中危ISChttps://vigilance.fr/vulnerability/ISC-BIND-spoofing-via-DNS-Forwarders-Cache-Poisoning-37754
183Maxim Nesen jersey 安全漏洞CNNVD-202104-1669CVE-2021-28168中危Maxim Nesenhttps://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv
184OpenJPEG 输入验证错误漏洞CNNVD-202104-1124CVE-2021-29338中危个人开发者https://github.com/uclouvain/openjpeg
185Apache Commons IO 路径遍历漏洞CNNVD-202104-702CVE-2021-29425中危Apache基金会https://issues.apache.org/jira/browse/IO-556
186Eclipse Jetty 安全漏洞CNNVD-202107-1094CVE-2021-34429中危Eclipse基金会https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
187Apache Ant 安全漏洞CNNVD-202107-983CVE-2021-36373中危Apache基金会https://ant.apache.org/
188Apache Ant 安全漏洞CNNVD-202107-984CVE-2021-36374中危Apache基金会https://ant.apache.org/
189Apache Commons Net 输入验证错误漏洞CNNVD-202212-2188CVE-2021-37533中危Apache基金会https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
190Libgcrypt 加密问题漏洞CNNVD-202109-275CVE-2021-40528中危GNU社区https://gnupg.org/index.html
191jQuery 跨站脚本漏洞CNNVD-202110-1843CVE-2021-41182中危个人开发者https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
192jQuery 跨站脚本漏洞CNNVD-202110-1839CVE-2021-41183中危个人开发者https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
193Openjs Jquery Ui 跨站脚本漏洞CNNVD-202110-1845CVE-2021-41184中危Openjs基金会https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
194Apache MINA 安全漏洞CNNVD-202111-238CVE-2021-41973中危Apache基金会https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
195Apache Log4j 输入验证错误漏洞CNNVD-202112-2743CVE-2021-44832中危Apache基金会https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf
196Apache Log4j 安全漏洞CNNVD-202112-1493CVE-2021-45105中危Apache基金会https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
197OpenJPEG 安全漏洞CNNVD-202203-2498CVE-2022-1122中危个人开发者https://github.com/uclouvain/openjpeg/issues/1368
198Vmware Spring Framework 安全漏洞CNNVD-202203-2333CVE-2022-22950中危VMwarehttps://tanzu.vmware.com/security/cve-2022-22950
199Spring Framework 输入验证错误漏洞CNNVD-202205-2988CVE-2022-22970中危Spring团队https://spring.io/projects/spring-framework
200Spring Framework 输入验证错误漏洞CNNVD-202205-2980CVE-2022-22971中危Spring团队https://spring.io/projects/spring-framework
201Xerces 安全漏洞CNNVD-202201-2238CVE-2022-23437中危Apache基金会https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl
202Containous Traefik 日志信息泄露漏洞CNNVD-202212-2756CVE-2022-23469中危Containoushttps://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp
203CKEditor 跨站脚本漏洞CNNVD-202203-1546CVE-2022-24728中危个人开发者https://ckeditor.com/cke4/release/CKEditor-4.18
204OWASP ESAPI 安全漏洞CNNVD-202204-4523CVE-2022-24891中危个人开发者https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q
205Apache Portable Runtime 输入验证错误漏洞CNNVD-202301-2414CVE-2022-25147中危Apache基金会https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
206ISC BIND 资源管理错误漏洞CNNVD-202209-1695CVE-2022-2795中危ISChttps://kb.isc.org/docs/cve-2022-2795
207jQuery 跨站脚本漏洞CNNVD-202207-2121CVE-2022-31160中危个人开发者https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
208Apache Spark 注入漏洞CNNVD-202211-1852CVE-2022-31777中危Apache基金会https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q
209Apache Tomcat 跨站脚本漏洞CNNVD-202206-2227CVE-2022-34305中危Apache基金会https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k
210Dell BSAFE 安全漏洞CNNVD-202302-738CVE-2022-34364中危Dellhttps://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability
211jsoup 跨站脚本漏洞CNNVD-202208-4329CVE-2022-36033中危个人开发者https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
212Apache HTTP Server 注入漏洞CNNVD-202301-1298CVE-2022-37436中危Apache基金会https://httpd.apache.org/security/vulnerabilities_24.html
213Apache XML Graphics Batik 代码问题漏洞CNNVD-202209-2289CVE-2022-38398中危Apache基金会https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx
214Apache XML Graphics Batik 代码问题漏洞CNNVD-202209-2288CVE-2022-38648中危Apache基金会https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
215SnakeYAML 缓冲区错误漏洞CNNVD-202209-169CVE-2022-38751中危SnakeYAMLhttps://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
216SnakeYAML 缓冲区错误漏洞CNNVD-202209-171CVE-2022-38752中危snakeYAMLhttps://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
217JasPer 安全漏洞CNNVD-202209-1374CVE-2022-40755中危个人开发者https://github.com/jasper-software/jasper/issues/338
218Python 安全漏洞CNNVD-202212-3796CVE-2022-40897中危Python基金会https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
219Netty 安全漏洞CNNVD-202212-3060CVE-2022-41915中危Netty社区https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
220OpenSSL 缓冲区错误漏洞CNNVD-202302-506CVE-2022-4203中危OpenSSLhttps://www.openssl.org/news/secadv/20230207.txt
221OpenSSL 安全漏洞CNNVD-202302-514CVE-2022-4304中危OpenSSLhttps://www.openssl.org/news/secadv/20230207.txt
222Apache James 信息泄露漏洞CNNVD-202301-447CVE-2022-45787中危Apache基金会https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj
223Containous Traefik 信任管理问题漏洞CNNVD-202212-2752CVE-2022-46153中危Containoushttps://github.com/traefik/traefik/releases/tag/v2.9.6
224OpenSSL 信任管理问题漏洞CNNVD-202303-2432CVE-2023-0465中危OpenSSLhttps://www.openssl.org/news/secadv/20230328.txt
225OpenSSL 信任管理问题漏洞CNNVD-202303-2431CVE-2023-0466中危OpenSSLhttps://www.openssl.org/news/secadv/20230328.txt
226OpenSSL 缓冲区错误漏洞CNNVD-202304-1714CVE-2023-1255中危OpenSSLhttps://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
227Spring Framework 安全漏洞CNNVD-202303-1917CVE-2023-20861中危Springhttps://spring.io/security/cve-2023-20861
228Spring Framework 安全漏洞CNNVD-202304-1094CVE-2023-20863中危Springhttps://spring.io/security/cve-2023-20863
229Zip4j 访问控制错误漏洞CNNVD-202301-648CVE-2023-22899中危个人开发者https://github.com/srikanth-lingala/zip4j/releases
230curl 安全漏洞CNNVD-202302-1928CVE-2023-23915中危个人开发者https://github.com/curl/curl/releases/tag/curl-7_88_1
231curl 安全漏洞CNNVD-202302-1927CVE-2023-23916中危个人开发者https://github.com/curl/curl/releases/tag/curl-7_88_1
232cryptography 代码问题漏洞CNNVD-202302-523CVE-2023-23931中危Cryptographichttps://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
233Google Golang 安全漏洞CNNVD-202303-632CVE-2023-24532中危Googlehttps://github.com/golang/go/issues/58647
234TensorFlow 输入验证错误漏洞CNNVD-202303-2284CVE-2023-25661中危Googlehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq
235Eclipse Jetty 资源管理错误漏洞CNNVD-202304-1443CVE-2023-26048中危Eclipse基金会https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8
236Eclipse Jetty 信息泄露漏洞CNNVD-202304-1442CVE-2023-26049中危Eclipse基金会https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
237Jenkins 安全漏洞CNNVD-202303-675CVE-2023-27902中危Jenkinshttps://www.jenkins.io/security/advisory/2023-03-08/
238Jenkins 安全漏洞CNNVD-202303-674CVE-2023-27903中危Jenkinshttps://www.jenkins.io/security/advisory/2023-03-08/
239Jenkins 安全漏洞CNNVD-202303-673CVE-2023-27904中危Jenkinshttps://www.jenkins.io/security/advisory/2023-03-08/
240CKEditor 跨站脚本漏洞CNNVD-202303-1790CVE-2023-28439中危CKEditorhttps://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
241libxml2 代码问题漏洞CNNVD-202304-908CVE-2023-28484中危个人开发者https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
242Apache Tomcat 安全漏洞CNNVD-202303-1662CVE-2023-28708中危Apache基金会https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
243Redis 安全漏洞CNNVD-202304-1384CVE-2023-28856中危Redis Labshttps://github.com/redis/redis/
244libxml2 资源管理错误漏洞CNNVD-202304-907CVE-2023-29469中危个人开发者https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
245Google Guava 访问控制错误漏洞CNNVD-202012-827CVE-2020-8908低危Googlehttps://github.com/google/guava/issues/4011
246Eclipse Jetty 输入验证错误漏洞CNNVD-202207-599CVE-2022-2047低危Eclipse基金会https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
247Apache Tika 安全漏洞CNNVD-202206-2671CVE-2022-33879低危Apache基金会https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

文章来源: https://www.aqniu.com/vendor/97983.html
如有侵权请联系:admin#unsafe.sh