CNNVD | 关于Oracle多个安全漏洞的通报

CNNVD | 关于Oracle多个安全漏洞的通报
2024-1-19 17:57:36 Author: mp.weixin.qq.com(查看原文) 阅读量:28 收藏

扫码订阅《中国信息安全》

邮发代号 2-786

征订热线：010-82341063

近日，Oracle官方发布了多个安全漏洞的公告，其中Oracle产品本身漏洞89个，影响到Oracle产品的其他厂商漏洞169个。包括Oracle Financial Services Applications 安全漏洞（CNNVD-202401-1551、CVE-2023-21901）、Oracle Enterprise Manager Base Platform 安全漏洞（CNNVD-202401-1567、CVE-2024-20916）等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据，提升权限等。Oracle多个产品和系统受漏洞影响。目前，Oracle官方已经发布了漏洞修复补丁，建议用户及时确认是否受到漏洞影响，尽快采取修补措施。

一、漏洞介绍

2024年1月17日，Oracle发布了2024年1月份安全更新，共258个漏洞的补丁程序，CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle ZFS Storage Appliance、Oracle Business Intelligence Enterprise Edition、Oracle Java SE和Oracle GraalVM、Oracle Audit Vault and Database Firewall等。CNNVD对其危害等级进行了评价，其中超危漏洞30个，高危漏洞94个，中危漏洞116个，低危漏洞18个。Oracle多个产品和系统版本受漏洞影响，具体影响范围可访问Oracle官方网站查询：

https://www.oracle.com/security-alerts/cpujan2024.html

二、漏洞详情

此次更新共包括86个新增漏洞的补丁程序，其中高危漏洞12个，中危漏洞63个，低危漏洞11个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle部分产品安全漏洞	CNNVD-202401-1537	CVE-2024-20952	高危	https://www.oracle.com/security-alerts/cpujan2024.html
2	Oracle部分产品安全漏洞	CNNVD-202401-1546	CVE-2024-20932	高危	https://www.oracle.com/security-alerts/cpujan2024.html
3	Oracle Audit Vault and Database Firewall 安全漏洞	CNNVD-202401-1549	CVE-2024-20924	高危	https://www.oracle.com/security-alerts/cpujan2024.html
4	Oracle Financial Services Applications 安全漏洞	CNNVD-202401-1551	CVE-2023-21901	高危	https://www.oracle.com/security-alerts/cpujan2024.html
5	Oracle部分产品安全漏洞	CNNVD-202401-1563	CVE-2024-20918	高危	https://www.oracle.com/security-alerts/cpujan2024.html
6	Oracle Enterprise Manager Base Platform 安全漏洞	CNNVD-202401-1567	CVE-2024-20916	高危	https://www.oracle.com/security-alerts/cpujan2024.html
7	Oracle Supply Chain Products Suite 安全漏洞	CNNVD-202401-1659	CVE-2024-20956	高危	https://www.oracle.com/security-alerts/cpujan2024.html
8	Oracle Supply Chain Products Suite 安全漏洞	CNNVD-202401-1660	CVE-2024-20953	高危	https://www.oracle.com/security-alerts/cpujan2024.html
9	Oracle WebLogic Server 安全漏洞	CNNVD-202401-1680	CVE-2024-20931	高危	https://www.oracle.com/security-alerts/cpujan2024.html
10	Oracle Fusion Middleware 安全漏洞	CNNVD-202401-1681	CVE-2024-20927	高危	https://www.oracle.com/security-alerts/cpujan2024.html
11	Oracle Enterprise Manager Base Platform 安全漏洞	CNNVD-202401-1682	CVE-2024-20917	高危	https://www.oracle.com/security-alerts/cpujan2024.html
12	Oracle Audit Vault and Database Firewall 安全漏洞	CNNVD-202401-1696	CVE-2024-20909	高危	https://www.oracle.com/security-alerts/cpujan2024.html
13	Oracle BI Publisher 安全漏洞	CNNVD-202401-1517	CVE-2024-20987	中危	https://www.oracle.com/security-alerts/cpujan2024.html
14	Oracle MySQL 安全漏洞	CNNVD-202401-1518	CVE-2024-20985	中危	https://www.oracle.com/security-alerts/cpujan2024.html
15	Oracle MySQL 安全漏洞	CNNVD-202401-1520	CVE-2024-20983	中危	https://www.oracle.com/security-alerts/cpujan2024.html
16	Oracle MySQL 安全漏洞	CNNVD-202401-1521	CVE-2024-20981	中危	https://www.oracle.com/security-alerts/cpujan2024.html
17	Oracle BI Publisher 安全漏洞	CNNVD-202401-1522	CVE-2024-20979	中危	https://www.oracle.com/security-alerts/cpujan2024.html
18	Oracle MySQL 安全漏洞	CNNVD-202401-1523	CVE-2024-20975	中危	https://www.oracle.com/security-alerts/cpujan2024.html
19	Oracle MySQL 安全漏洞	CNNVD-202401-1524	CVE-2024-20977	中危	https://www.oracle.com/security-alerts/cpujan2024.html
20	Oracle MySQL 安全漏洞	CNNVD-202401-1525	CVE-2024-20973	中危	https://www.oracle.com/security-alerts/cpujan2024.html
21	Oracle MySQL 安全漏洞	CNNVD-202401-1526	CVE-2024-20967	中危	https://www.oracle.com/security-alerts/cpujan2024.html
22	Oracle MySQL 安全漏洞	CNNVD-202401-1527	CVE-2024-20969	中危	https://www.oracle.com/security-alerts/cpujan2024.html
23	Oracle MySQL 安全漏洞	CNNVD-202401-1528	CVE-2024-20971	中危	https://www.oracle.com/security-alerts/cpujan2024.html
24	Oracle MySQL 安全漏洞	CNNVD-202401-1529	CVE-2024-20965	中危	https://www.oracle.com/security-alerts/cpujan2024.html
25	Oracle MySQL 安全漏洞	CNNVD-202401-1530	CVE-2024-20963	中危	https://www.oracle.com/security-alerts/cpujan2024.html
26	Oracle MySQL 安全漏洞	CNNVD-202401-1531	CVE-2024-20961	中危	https://www.oracle.com/security-alerts/cpujan2024.html
27	Oracle ZFS Storage Appliance 安全漏洞	CNNVD-202401-1532	CVE-2024-20959	中危	https://www.oracle.com/security-alerts/cpujan2024.html
28	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1535	CVE-2024-20950	中危	https://www.oracle.com/security-alerts/cpujan2024.html
29	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1536	CVE-2024-20948	中危	https://www.oracle.com/security-alerts/cpujan2024.html
30	Oracle Solaris 安全漏洞	CNNVD-202401-1538	CVE-2024-20946	中危	https://www.oracle.com/security-alerts/cpujan2024.html
31	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1539	CVE-2024-20944	中危	https://www.oracle.com/security-alerts/cpujan2024.html
32	Oracle Supply Chain Products Suite 安全漏洞	CNNVD-202401-1540	CVE-2024-20942	中危	https://www.oracle.com/security-alerts/cpujan2024.html
33	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1541	CVE-2024-20940	中危	https://www.oracle.com/security-alerts/cpujan2024.html
34	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1542	CVE-2024-20938	中危	https://www.oracle.com/security-alerts/cpujan2024.html
35	Oracle Installed Base 安全漏洞	CNNVD-202401-1543	CVE-2024-20934	中危	https://www.oracle.com/security-alerts/cpujan2024.html
36	Oracle One-to-One Fulfillment 安全漏洞	CNNVD-202401-1544	CVE-2024-20936	中危	https://www.oracle.com/security-alerts/cpujan2024.html
37	Oracle Outside In Technology 安全漏洞	CNNVD-202401-1545	CVE-2024-20930	中危	https://www.oracle.com/security-alerts/cpujan2024.html
38	Oracle Fusion Middleware 安全漏洞	CNNVD-202401-1547	CVE-2024-20928	中危	https://www.oracle.com/security-alerts/cpujan2024.html
39	Oracle Java SE和Oracle GraalVM 安全漏洞	CNNVD-202401-1548	CVE-2024-20926	中危	https://www.oracle.com/security-alerts/cpujan2024.html
40	Oracle Integrated Lights Out Manager 安全漏洞	CNNVD-202401-1564	CVE-2024-20906	中危	https://www.oracle.com/security-alerts/cpujan2024.html
41	Oracle Business Intelligence Enterprise Edition 安全漏洞	CNNVD-202401-1566	CVE-2024-20904	中危	https://www.oracle.com/security-alerts/cpujan2024.html
42	Oracle Fusion Middleware 安全漏洞	CNNVD-202401-1568	CVE-2024-20908	中危	https://www.oracle.com/security-alerts/cpujan2024.html
43	Oracle Java SE 安全漏洞	CNNVD-202401-1582	CVE-2024-20919	中危	https://www.oracle.com/security-alerts/cpujan2024verbose.html
44	Oracle Java SE 安全漏洞	CNNVD-202401-1583	CVE-2024-20921	中危	https://www.oracle.com/security-alerts/cpujan2024verbose.html
45	Oracle Java SE 安全漏洞	CNNVD-202401-1584	CVE-2024-20945	中危	https://www.oracle.com/security-alerts/cpujan2024verbose.html
46	Oracle ZFS Storage Appliance 安全漏洞	CNNVD-202401-1658	CVE-2023-21833	中危	https://www.oracle.com/security-alerts/cpujan2024.html
47	Oracle MySQL 安全漏洞	CNNVD-202401-1661	CVE-2024-20984	中危	https://www.oracle.com/security-alerts/cpujan2024.html
48	Oracle MySQL 安全漏洞	CNNVD-202401-1662	CVE-2024-20982	中危	https://www.oracle.com/security-alerts/cpujan2024.html
49	Oracle MySQL 安全漏洞	CNNVD-202401-1663	CVE-2024-20968	中危	https://www.oracle.com/security-alerts/cpujan2024.html
50	Oracle MySQL 安全漏洞	CNNVD-202401-1664	CVE-2024-20978	中危	https://www.oracle.com/security-alerts/cpujan2024.html
51	Oracle MySQL 安全漏洞	CNNVD-202401-1665	CVE-2024-20976	中危	https://www.oracle.com/security-alerts/cpujan2024.html
52	Oracle MySQL 安全漏洞	CNNVD-202401-1666	CVE-2024-20974	中危	https://www.oracle.com/security-alerts/cpujan2024.html
53	Oracle MySQL 安全漏洞	CNNVD-202401-1667	CVE-2024-20972	中危	https://www.oracle.com/security-alerts/cpujan2024.html
54	Oracle MySQL 安全漏洞	CNNVD-202401-1668	CVE-2024-20970	中危	https://www.oracle.com/security-alerts/cpujan2024.html
55	Oracle MySQL 安全漏洞	CNNVD-202401-1669	CVE-2024-20966	中危	https://www.oracle.com/security-alerts/cpujan2024.html
56	Oracle MySQL 安全漏洞	CNNVD-202401-1670	CVE-2024-20960	中危	https://www.oracle.com/security-alerts/cpujan2024.html
57	Oracle MySQL 安全漏洞	CNNVD-202401-1671	CVE-2024-20962	中危	https://www.oracle.com/security-alerts/cpujan2024.html
58	Oracle MySQL 安全漏洞	CNNVD-202401-1672	CVE-2024-20964	中危	https://www.oracle.com/security-alerts/cpujan2024.html
59	Oracle JD Edwards Products 安全漏洞	CNNVD-202401-1676	CVE-2024-20937	中危	https://www.oracle.com/security-alerts/cpujan2024.html
60	Oracle Business Intelligence Enterprise Edition 安全漏洞	CNNVD-202401-1677	CVE-2024-20913	中危	https://www.oracle.com/security-alerts/cpujan2024.html
61	Oracle BI Publisher 安全漏洞	CNNVD-202401-1678	CVE-2024-20980	中危	https://www.oracle.com/security-alerts/cpujan2024.html
62	Oracle Fusion Middleware 安全漏洞	CNNVD-202401-1679	CVE-2024-20986	中危	https://www.oracle.com/security-alerts/cpujan2024.html
63	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1683	CVE-2024-20939	中危	https://www.oracle.com/security-alerts/cpujan2024.html
64	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1684	CVE-2024-20915	中危	https://www.oracle.com/security-alerts/cpujan2024.html
65	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1685	CVE-2024-20943	中危	https://www.oracle.com/security-alerts/cpujan2024.html
66	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1686	CVE-2024-20958	中危	https://www.oracle.com/security-alerts/cpujan2024.html
67	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1687	CVE-2024-20907	中危	https://www.oracle.com/security-alerts/cpujan2024.html
68	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1688	CVE-2024-20947	中危	https://www.oracle.com/security-alerts/cpujan2024.html
69	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1689	CVE-2024-20941	中危	https://www.oracle.com/security-alerts/cpujan2024.html
70	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1690	CVE-2024-20935	中危	https://www.oracle.com/security-alerts/cpujan2024.html
71	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1691	CVE-2024-20933	中危	https://www.oracle.com/security-alerts/cpujan2024.html
72	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1692	CVE-2024-20951	中危	https://www.oracle.com/security-alerts/cpujan2024.html
73	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1693	CVE-2024-20949	中危	https://www.oracle.com/security-alerts/cpujan2024.html
74	Oracle E-Business Suite 安全漏洞	CNNVD-202401-1694	CVE-2024-20929	中危	https://www.oracle.com/security-alerts/cpujan2024.html
75	Oracle Database Server 安全漏洞	CNNVD-202401-1697	CVE-2024-20903	中危	https://www.oracle.com/security-alerts/cpujan2024.html
76	Oracle JD Edwards Products 安全漏洞	CNNVD-202401-1533	CVE-2024-20957	低危	https://www.oracle.com/security-alerts/cpujan2024.html
77	Oracle部分产品安全漏洞	CNNVD-202401-1534	CVE-2024-20955	低危	https://www.oracle.com/security-alerts/cpujan2024.html
78	Oracle部分产品安全漏洞	CNNVD-202401-1556	CVE-2024-20922	低危	https://www.oracle.com/security-alerts/cpujan2024.html
79	Oracle Solaris 安全漏洞	CNNVD-202401-1557	CVE-2024-20920	低危	https://www.oracle.com/security-alerts/cpujan2024.html
80	Oracle ZFS Storage Appliance 安全漏洞	CNNVD-202401-1569	CVE-2024-20914	低危	https://www.oracle.com/security-alerts/cpujan2024.html
81	Oracle Audit Vault and Database Firewall 安全漏洞	CNNVD-202401-1571	CVE-2024-20912	低危	https://www.oracle.com/security-alerts/cpujan2024.html
82	Oracle Audit Vault and Database Firewall 安全漏洞	CNNVD-202401-1575	CVE-2024-20910	低危	https://www.oracle.com/security-alerts/cpujan2024.html
83	Oracle Java SE和Oracle GraalVM 安全漏洞	CNNVD-202401-1673	CVE-2024-20925	低危	https://www.oracle.com/security-alerts/cpujan2024.html
84	Oracle JD Edwards Products 安全漏洞	CNNVD-202401-1674	CVE-2024-20905	低危	https://www.oracle.com/security-alerts/cpujan2024.html
85	Oracle部分产品安全漏洞	CNNVD-202401-1675	CVE-2024-20923	低危	https://www.oracle.com/security-alerts/cpujan2024.html
86	Oracle Audit Vault and Database Firewall 安全漏洞	CNNVD-202401-1695	CVE-2024-20911	低危	https://www.oracle.com/security-alerts/cpujan2024.html

此次更新共包括3个更新漏洞的补丁程序，其中高危漏洞1个，低危漏洞2个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle MySQL 安全漏洞	CNNVD-202310-1410	CVE-2023-22102	高危	https://www.oracle.com/security-alerts/cpuoct2023.html
2	Oracle Database Server 安全漏洞	CNNVD-202207-1680	CVE-2022-21432	低危	https://www.oracle.com/security-alerts/cpujul2022.html
3	Oracle Database Server 安全漏洞	CNNVD-202307-1573	CVE-2023-21949	低危	https://www.oracle.com/security-alerts/cpujul2023.html

此次更新共包括169个影响Oracle产品的其他厂商漏洞的补丁程序，其中超危漏洞30个，高危漏洞81个，中危漏洞53个，低危漏洞5个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	厂商	官方链接
1	Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞	CNNVD-202207-838	CVE-2020-29508	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
2	Dell BSAFE 安全特征问题漏洞	CNNVD-202207-834	CVE-2020-35163	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
3	Dell BSAFE 安全漏洞	CNNVD-202207-832	CVE-2020-35166	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
4	Dell BSAFE 安全漏洞	CNNVD-202207-831	CVE-2020-35167	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
5	Dell BSAFE 安全漏洞	CNNVD-202207-828	CVE-2020-35168	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
6	H2database代码问题漏洞	CNNVD-202201-572	CVE-2021-42392	超危	个人开发者	https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
7	Sanitize 输入验证错误漏洞	CNNVD-202110-1259	CVE-2021-42575	超危	个人开发者	https://owasp.org/www-project-java-html-sanitizer/
8	Mozilla Network Security Services 缓冲区错误漏洞	CNNVD-202112-002	CVE-2021-43527	超危	Mozilla基金会	https://packetstormsecurity.com/files/165110/NSS-Signature-Validation-Memory-Corruption.html
9	GNU Libtasn1 缓冲区错误漏洞	CNNVD-202210-1689	CVE-2021-46848	超危	GNU基金会	https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5
10	SnakeYAML 代码问题漏洞	CNNVD-202212-1820	CVE-2022-1471	超危	个人开发者	https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
11	H2Console 参数注入漏洞	CNNVD-202201-1749	CVE-2022-23221	超危	个人开发者	https://github.com/h2database/h2database/releases/tag/version-2.1.210
12	OpenLDAP SQL注入漏洞	CNNVD-202205-2146	CVE-2022-29155	超危	Openldap基金会	https://bugs.openldap.org/show_bug.cgi?id=9815
13	VMware Spring Security 安全漏洞	CNNVD-202210-2599	CVE-2022-31692	超危	VMware	https://tanzu.vmware.com/security/cve-2022-31692
14	Scala 代码问题漏洞	CNNVD-202209-2463	CVE-2022-36944	超危	Scala	https://www.scala-lang.org/download/
15	zlib 缓冲区错误漏洞	CNNVD-202208-2276	CVE-2022-37434	超危	个人开发者	https://github.com/madler/zlib/
16	Apache Commons Text 代码注入漏洞	CNNVD-202210-790	CVE-2022-42889	超危	Apache基金会	https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
17	Apache Commons BCEL 缓冲区错误漏洞	CNNVD-202211-2199	CVE-2022-42920	超危	Apache基金会	https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
18	Apache Derby 注入漏洞	CNNVD-202311-1655	CVE-2022-46337	超危	Apache基金会	https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
19	BusyBox 缓冲区错误漏洞	CNNVD-202208-4625	CVE-2022-48174	超危	个人开发者	https://bugs.busybox.net/show_bug.cgi?id=15216
20	Node.js 安全漏洞	CNNVD-202308-1703	CVE-2023-32002	超危	个人开发者	https://nodejs.org/en
21	SQLite 代码注入漏洞	CNNVD-202305-2084	CVE-2023-32697	超危	SQLite	https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
22	VMware Spring Security 安全漏洞	CNNVD-202307-1680	CVE-2023-34034	超危	VMware	https://spring.io/security/cve-2023-34034
23	PHP 缓冲区错误漏洞	CNNVD-202308-1102	CVE-2023-3824	超危	PHP	https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
24	curl 缓冲区错误漏洞	CNNVD-202310-917	CVE-2023-38545	超危	curl	https://github.com/curl/curl/commit/fb4415d8aee6c1
25	Google Go 代码注入漏洞	CNNVD-202309-669	CVE-2023-39320	超危	Google	https://github.com/golang/go/issues/62198
26	Apache ZooKeeper 安全漏洞	CNNVD-202310-856	CVE-2023-44981	超危	Apache基金会	https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b
27	Apache ActiveMQ 代码问题漏洞	CNNVD-202310-2332	CVE-2023-46604	超危	Apache基金会	https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
28	Apache Arrow 代码问题漏洞	CNNVD-202311-735	CVE-2023-47248	超危	Apache基金会	https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
29	HtmlUnit 安全漏洞	CNNVD-202312-267	CVE-2023-49093	超危	HtmlUnit	https://www.htmlunit.org/changes-report.html#a3.9
30	Apache Struts 安全漏洞	CNNVD-202312-546	CVE-2023-50164	超危	Apache基金会	https://struts.apache.org/download.cgi#struts-ga
31	Apache Commons Beanutils 代码问题漏洞	CNNVD-201908-1140	CVE-2019-10086	高危	debian	https://issues.apache.org/jira/browse/BEANUTILS-520
32	Dell BSAFE 安全漏洞	CNNVD-202207-833	CVE-2020-35164	高危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
33	VMware Spring Cloud Config 路径遍历漏洞	CNNVD-202006-075	CVE-2020-5410	高危	Vmware	https://tanzu.vmware.com/security/cve-2020-5410
34	CodeMirror 资源管理错误漏洞	CNNVD-202010-1679	CVE-2020-7760	高危	Codemirror	https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
35	Google Android 信任管理问题漏洞	CNNVD-202102-128	CVE-2021-0341	高危	Google	https://source.android.com/security/bulletin/2021-02-01
36	JDOM 代码问题漏洞	CNNVD-202106-1323	CVE-2021-33813	高危	个人开发者	https://github.com/hunterhacker/jdom。
37	Apache Commons Compress 安全漏洞	CNNVD-202107-896	CVE-2021-35515	高危	Apache基金会	https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E
38	Apache Commons Compress 安全漏洞	CNNVD-202107-897	CVE-2021-35516	高危	Apache基金会	https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E
39	Apache Commons Compress 安全漏洞	CNNVD-202107-898	CVE-2021-35517	高危	Apache基金会	https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E
40	Apache Commons Compress 安全漏洞	CNNVD-202107-899	CVE-2021-36090	高危	Apache基金会	https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
41	Apache Log4j 代码问题漏洞	CNNVD-202112-1011	CVE-2021-4104	高危	Apache基金会	https://logging.apache.org/log4j/2.x/security.html
42	npm jquery-validation 安全漏洞	CNNVD-202206-318	CVE-2021-43306	高危	个人开发者	https://www.npmjs.com/package/jquery-validation
43	Spring Cloud 安全漏洞	CNNVD-202206-2126	CVE-2022-22979	高危	Spring	https://tanzu.vmware.com/security/cve-2022-22979
44	nekohtml资源管理错误漏洞	CNNVD-202204-2918	CVE-2022-24839	高危	个人开发者	https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d
45	gson 代码问题漏洞	CNNVD-202205-1791	CVE-2022-25647	高危	个人开发者	https://github.com/google/gson/pull/1991/files
46	jquery-validation 安全漏洞	CNNVD-202207-1332	CVE-2022-31147	高危	个人开发者	https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3
47	VMware Spring Security 安全漏洞	CNNVD-202210-2598	CVE-2022-31690	高危	VMware	https://tanzu.vmware.com/security/cve-2022-31690
48	Apache Xalan 输入验证错误漏洞	CNNVD-202207-1617	CVE-2022-34169	高危	Apache基金会	https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
49	NSS 安全漏洞	CNNVD-202210-947	CVE-2022-3479	高危	Mozilla基金会	https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
50	Google protobuf 安全漏洞	CNNVD-202212-2865	CVE-2022-3510	高危	Google	https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
51	OpenSSL 缓冲区错误漏洞	CNNVD-202210-2605	CVE-2022-3602	高危	OpenSSL团队	https://www.openssl.org/news/secadv/20221101.txt
52	OpenSSL 安全漏洞	CNNVD-202210-2604	CVE-2022-3786	高危	OpenSSL团队	https://www.openssl.org/news/secadv/20221101.txt
53	XStream 缓冲区错误漏洞	CNNVD-202209-1230	CVE-2022-40152	高危	XStream	https://github.com/x-stream/xstream/issues/304
54	PCRE2 输入验证错误漏洞	CNNVD-202307-1523	CVE-2022-41409	高危	PCRE2Project	https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35
55	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202210-1712	CVE-2022-41704	高危	Apache基金会	https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
56	FasterXML jackson-databind 代码问题漏洞	CNNVD-202210-007	CVE-2022-42003	高危	FasterXML	https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
57	FasterXML jackson-databind 代码问题漏洞	CNNVD-202210-006	CVE-2022-42004	高危	FasterXML	https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
58	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202210-1707	CVE-2022-42890	高危	Apache基金会	https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
59	OpenSSL 资源管理错误漏洞	CNNVD-202302-510	CVE-2022-4450	高危	OpenSSL	https://www.openssl.org/news/secadv/20230207.txt
60	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202308-1802	CVE-2022-44729	高危	Apache基金会	https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
61	H2database 安全漏洞	CNNVD-202211-3421	CVE-2022-45868	高危	个人开发者	https://github.com/h2database/h2database/
62	Apache Ivy 代码问题漏洞	CNNVD-202308-1684	CVE-2022-46751	高危	Apache基金会	https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8
63	SQLite 安全漏洞	CNNVD-202212-2843	CVE-2022-46908	高危	个人开发者	https://sqlite.org/src/info/cefc032473ac5ad2
64	OpenSSL 信任管理问题漏洞	CNNVD-202303-1681	CVE-2023-0464	高危	OpenSSL	https://www.openssl.org/news/secadv/20230322.txt
65	Red Hat JBoss Enterprise Application Platform 安全漏洞	CNNVD-202303-798	CVE-2023-1108	高危	Red Hat	https://github.com/ICEPAY/REST-API-NET/commit/61f6b8758e5c971abff5f901cfa9f231052b775f
66	netplex json-smart 安全漏洞	CNNVD-202303-1658	CVE-2023-1370	高危	netplex	https://netplex.github.io/json-smart/
67	Jettison 安全漏洞	CNNVD-202303-1656	CVE-2023-1436	高危	Jettison	https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
68	Spring Framework 资源管理错误漏洞	CNNVD-202305-2284	CVE-2023-20883	高危	Spring	https://spring.io/security/cve-2023-20883
69	Apache Commons FileUpload 安全漏洞	CNNVD-202302-1610	CVE-2023-24998	高危	Apache基金会	https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
70	Apache Kafka 代码问题漏洞	CNNVD-202302-515	CVE-2023-25194	高危	Apache基金会	https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
71	OpenCV 代码问题漏洞	CNNVD-202305-852	CVE-2023-2617	高危	OpenCV	https://github.com/opencv/opencv_contrib/pull/3480
72	OpenCV 安全漏洞	CNNVD-202305-851	CVE-2023-2618	高危	OpenCV	https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6
73	Intel oneAPI Toolkits 代码问题漏洞	CNNVD-202308-1031	CVE-2023-28823	高危	Intel	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
74	Google Guava 安全漏洞	CNNVD-202306-1141	CVE-2023-2976	高危	Google	https://github.com/google/guava
75	Flask 安全漏洞	CNNVD-202305-091	CVE-2023-30861	高危	Pallets	https://github.com/pallets/flask/releases/tag/2.3.2
76	Apache HTTP Server 缓冲区错误漏洞	CNNVD-202310-1640	CVE-2023-31122	高危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
77	Comprehensive Perl Archive Network 信任管理问题漏洞	CNNVD-202304-2326	CVE-2023-31484	高危	CPAN	https://github.com/andk/cpanpm/releases/tag/2.35
78	HTTP::Tiny 信任管理问题漏洞	CNNVD-202304-2318	CVE-2023-31486	高危	Perldoc	https://perldoc.perl.org/HTTP::Tiny
79	jose4j 安全特征问题漏洞	CNNVD-202310-2110	CVE-2023-31582	高危	个人开发者	https://bitbucket.org/b_c/jose4j/commits/1929fe3
80	Node.js 安全漏洞	CNNVD-202308-1336	CVE-2023-32006	高危	Nodejs	https://nodejs.org/en/blog/vulnerability/august-2023-security-releases
81	Node.js 安全漏洞	CNNVD-202308-1984	CVE-2023-32559	高危	个人开发者	https://nodejs.org/en/blog/vulnerability/august-2023-security-releases
82	Spring Framework 安全漏洞	CNNVD-202311-2123	CVE-2023-34053	高危	Spring团队	https://github.com/spring-projects/spring-framework/releases/tag/v6.0.
83	snappy-java 输入验证错误漏洞	CNNVD-202306-1200	CVE-2023-34453	高危	个人开发者	https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
84	snappy-java 输入验证错误漏洞	CNNVD-202306-1198	CVE-2023-34454	高危	个人开发者	https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r
85	Snappy 输入验证错误漏洞	CNNVD-202306-1248	CVE-2023-34455	高危	个人开发者	https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh
86	htmlcleaner 缓冲区错误漏洞	CNNVD-202306-1106	CVE-2023-34624	高危	个人开发者	https://github.com/amplafi/htmlcleaner/issues/13
87	Apache Tomcat 安全漏洞	CNNVD-202306-1525	CVE-2023-34981	高危	Apache基金会	https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
88	Jenkins 跨站请求伪造漏洞	CNNVD-202306-1089	CVE-2023-35141	高危	Jenkins	https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135
89	Okio 安全漏洞	CNNVD-202307-1161	CVE-2023-3635	高危	square	https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
90	Eclipse Jetty 资源管理错误漏洞	CNNVD-202310-691	CVE-2023-36478	高危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
91	Python 安全漏洞	CNNVD-202306-1804	CVE-2023-36632	高危	Python基金会	https://docs.python.org/3/library/email.html
92	HCL BigFix Platform 输入验证错误漏洞	CNNVD-202310-848	CVE-2023-37536	高危	HCL Technologies	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
93	curl 安全漏洞	CNNVD-202309-1067	CVE-2023-38039	高危	curl	https://github.com/curl/curl
94	PHP 代码问题漏洞	CNNVD-202308-1104	CVE-2023-3823	高危	PHP	https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr
95	python-cryptography 信任管理问题漏洞	CNNVD-202307-1332	CVE-2023-38325	高危	Cryptographic团队	https://github.com/pyca/cryptography/issues/9207
96	Google Golang 安全漏洞	CNNVD-202309-663	CVE-2023-39321	高危	Google	https://github.com/golang/go/issues/62266
97	Google Go 安全漏洞	CNNVD-202309-662	CVE-2023-39322	高危	Google	https://github.com/golang/go/issues/62266
98	Apache Avro 代码问题漏洞	CNNVD-202309-2636	CVE-2023-39410	高危	Apache基金会	https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
99	MIT Kerberos 资源管理错误漏洞	CNNVD-202308-1454	CVE-2023-39975	高危	MIT	https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840
100	Eclipse Parsson 安全漏洞	CNNVD-202311-268	CVE-2023-4043	高危	Eclipse基金会	https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
101	Python 代码问题漏洞	CNNVD-202308-1930	CVE-2023-41105	高危	Python基金会	https://github.com/python/cpython/pull/107982
102	Jenkins 安全漏洞	CNNVD-202309-1972	CVE-2023-43496	高危	Jenkins	https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072
103	Jenkins 代码问题漏洞	CNNVD-202309-1971	CVE-2023-43497	高危	Jenkins	https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
104	Jenkins 安全漏洞	CNNVD-202309-1970	CVE-2023-43498	高危	Jenkins	https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
105	Apache HTTP Server 资源管理错误漏洞	CNNVD-202310-1641	CVE-2023-43622	高危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
106	Snappy 安全漏洞	CNNVD-202309-2204	CVE-2023-43642	高危	个人开发者	https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
107	Apache HTTP/2 资源管理错误漏洞	CNNVD-202310-667	CVE-2023-44487	高危	Apache基金会	https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
108	Apache Tomcat 环境问题漏洞	CNNVD-202311-2168	CVE-2023-46589	高危	Apache基金会	https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
109	glibc 缓冲区错误漏洞	CNNVD-202310-197	CVE-2023-4911	高危	GNU社区	https://www.gnu.org/software/libc/
110	JSON-Java 安全漏洞	CNNVD-202310-951	CVE-2023-5072	高危	个人开发者	https://github.com/stleary/JSON-java/
111	OpenSSL 安全漏洞	CNNVD-202310-1871	CVE-2023-5363	高危	OpenSSL团队	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
112	Junit 信息泄露漏洞	CNNVD-202010-445	CVE-2020-15250	中危	个人开发者	https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md
113	DOMPurify 跨站脚本漏洞	CNNVD-202010-199	CVE-2020-26870	中危	个人开发者	https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
114	Vmware Spring Framework 安全漏洞	CNNVD-202009-1050	CVE-2020-5421	中危	Vmware	https://tanzu.vmware.com/security/cve-2020-5421
115	Apache Commons IO 路径遍历漏洞	CNNVD-202104-702	CVE-2021-29425	中危	Apache基金会	https://issues.apache.org/jira/browse/IO-556
116	Apache Commons Net 输入验证错误漏洞	CNNVD-202212-2188	CVE-2021-37533	中危	Apache基金会	https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
117	jQuery 跨站脚本漏洞	CNNVD-202110-1843	CVE-2021-41182	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
118	jQuery 跨站脚本漏洞	CNNVD-202110-1839	CVE-2021-41183	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
119	Openjs Jquery Ui 跨站脚本漏洞	CNNVD-202110-1845	CVE-2021-41184	中危	Openjs基金会	https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
120	Vmware Spring Framework 安全漏洞	CNNVD-202203-2333	CVE-2022-22950	中危	VMware	https://tanzu.vmware.com/security/cve-2022-22950
121	Pivotal Spring Security OAuth 资源管理错误漏洞	CNNVD-202204-3951	CVE-2022-22969	中危	Pivotal	https://tanzu.vmware.com/security/cve-2022-22969
122	Apache Portable Runtime 输入验证错误漏洞	CNNVD-202301-2414	CVE-2022-25147	中危	Apache基金会	https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
123	jQuery 跨站脚本漏洞	CNNVD-202207-2121	CVE-2022-31160	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
124	jsoup 跨站脚本漏洞	CNNVD-202208-4329	CVE-2022-36033	中危	个人开发者	https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
125	Matthäus G. Chajdas pygments 代码问题漏洞	CNNVD-202307-1683	CVE-2022-40896	中危	Matthäus G. Chajdas	https://pypi.org/project/Pygments/
126	OpenSSL 安全漏洞	CNNVD-202302-514	CVE-2022-4304	中危	OpenSSL	https://www.openssl.org/news/secadv/20230207.txt
127	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202308-1801	CVE-2022-44730	中危	Apache基金会	https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0
128	OpenSSL 信任管理问题漏洞	CNNVD-202303-2432	CVE-2023-0465	中危	OpenSSL	https://www.openssl.org/news/secadv/20230328.txt
129	OpenSSL 信任管理问题漏洞	CNNVD-202303-2431	CVE-2023-0466	中危	OpenSSL	https://www.openssl.org/news/secadv/20230328.txt
130	Spring Framework 安全漏洞	CNNVD-202304-1094	CVE-2023-20863	中危	Spring	https://spring.io/security/cve-2023-20863
131	libssh 授权问题漏洞	CNNVD-202305-2087	CVE-2023-2283	中危	libssh	https://www.debian.org/security/2023/
132	cryptography 代码问题漏洞	CNNVD-202302-523	CVE-2023-23931	中危	Cryptographic	https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
133	OpenSSL 安全漏洞	CNNVD-202305-2503	CVE-2023-2650	中危	OpenSSL	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
134	Intel oneAPI Toolkits 安全漏洞	CNNVD-202308-1047	CVE-2023-27391	中危	Intel	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
135	CKEditor 跨站脚本漏洞	CNNVD-202303-1790	CVE-2023-28439	中危	CKEditor	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
136	libxml2 代码问题漏洞	CNNVD-202304-908	CVE-2023-28484	中危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
137	Ruby 安全漏洞	CNNVD-202303-2412	CVE-2023-28755	中危	个人开发者	https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
138	Ruby 安全漏洞	CNNVD-202303-2720	CVE-2023-28756	中危	个人开发者	https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
139	libxml2 资源管理错误漏洞	CNNVD-202304-907	CVE-2023-29469	中危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
140	OpenSSL 授权问题漏洞	CNNVD-202307-1295	CVE-2023-2975	中危	OpenSSL团队	https://www.openssl.org/news/secadv/20230714.txt
141	Bouncy Castle 信任管理问题漏洞	CNNVD-202307-168	CVE-2023-33201	中危	Bouncy Castle	https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
142	Spring Security 安全漏洞	CNNVD-202307-1539	CVE-2023-34035	中危	Spring	https://spring.io/security/cve-2023-34035
143	VMware Spring Boot 安全漏洞	CNNVD-202311-2124	CVE-2023-34055	中危	VMware	https://github.com/spring-projects/spring-boot/releases/tag/v3.0.
144	OpenSSL 安全漏洞	CNNVD-202307-1681	CVE-2023-3446	中危	OpenSSL团队	https://www.openssl.org/news/secadv/20230719.txt
145	Netty 资源管理错误漏洞	CNNVD-202306-1639	CVE-2023-34462	中危	Netty	https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
146	Apache MINA 路径遍历漏洞	CNNVD-202307-582	CVE-2023-35887	中危	Apache基金会	https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
147	MIT Kerberos 缓冲区错误漏洞	CNNVD-202308-488	CVE-2023-36054	中危	MIT	https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
148	Eclipse Jetty 安全漏洞	CNNVD-202309-1093	CVE-2023-36479	中危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
149	OpenSSL 安全漏洞	CNNVD-202307-2314	CVE-2023-3817	中危	OpenSSL团队	https://www.openssl.org/news/secadv/20230731.txt
150	Jenkins 跨站脚本漏洞	CNNVD-202307-2099	CVE-2023-39151	中危	Jenkins	https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188
151	Google Golang 跨站脚本漏洞	CNNVD-202309-671	CVE-2023-39318	中危	Google	https://github.com/golang/go/issues/62196
152	Google Golang 跨站脚本漏洞	CNNVD-202309-667	CVE-2023-39319	中危	Google	https://github.com/golang/go/issues/62197
153	Eclipse Jetty 安全漏洞	CNNVD-202309-1102	CVE-2023-40167	中危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
154	Eclipse Jetty 安全漏洞	CNNVD-202309-1113	CVE-2023-41900	中危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
155	Apache Commons Compress 资源管理错误漏洞	CNNVD-202309-1000	CVE-2023-42503	中危	Apache基金会	https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
156	Apache Tomcat 安全漏洞	CNNVD-202310-717	CVE-2023-42794	中危	Apache基金会	https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
157	Apache Tomcat 安全漏洞	CNNVD-202310-716	CVE-2023-42795	中危	Apache基金会	https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
158	Jenkins 安全漏洞	CNNVD-202309-1974	CVE-2023-43494	中危	Jenkins	https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261
159	Jenkins 跨站脚本漏洞	CNNVD-202309-1973	CVE-2023-43495	中危	Jenkins	https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245
160	OWASP AntiSamy 跨站脚本漏洞	CNNVD-202310-525	CVE-2023-43643	中危	OWASP基金会	https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2
161	Apache Santuario 日志信息泄露漏洞	CNNVD-202310-1720	CVE-2023-44483	中危	Apache基金会	https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
162	Apache Tomcat 输入验证错误漏洞	CNNVD-202310-712	CVE-2023-45648	中危	Apache基金会	https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
163	Apache HTTP Server 资源管理错误漏洞	CNNVD-202310-1636	CVE-2023-45802	中危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
164	OpenSSH 安全漏洞	CNNVD-202312-1668	CVE-2023-48795	中危	OpenBSD	https://www.openssh.com/openbsd.html
165	Apache Tika 安全漏洞	CNNVD-202206-2671	CVE-2022-33879	低危	Apache基金会	https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
166	curl 安全漏洞	CNNVD-202310-916	CVE-2023-38546	低危	curl	https://github.com/curl/curl/releases
167	Redis Labs Redis 安全漏洞	CNNVD-202309-560	CVE-2023-41053	低危	Redis Labs	https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6
168	undici 信息泄露漏洞	CNNVD-202310-953	CVE-2023-45143	低危	nodejs	https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
169	Redis Labs Redis 安全漏洞	CNNVD-202310-1522	CVE-2023-45145	低危	Redis Labs	https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx

三、修复建议

目前，Oracle官方已经发布补丁修复了上述漏洞，建议用户及时确认漏洞影响，尽快采取修补措施。Oracle官方补丁下载地址：

https://www.oracle.com/security-alerts/cpujan2024.html

CNNVD将继续跟踪上述漏洞的相关情况，及时发布相关信息。如有需要，可与CNNVD联系。

联系方式: [email protected]

（来源：CNNVD）

《中国安全信息》杂志倾力推荐

“企业成长计划”

点击下图了解详情

文章来源: https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664203461&idx=3&sn=a4b34c1671e7b85c475cf3604115b28b&chksm=8b59863cbc2e0f2a9ca50f7363d801bcfa2258686069053f7ff9342ef5064274f62b821414f3&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh