CNNVD通报Oracle多个安全漏洞情况
2024-1-22 12:22:35 Author: mp.weixin.qq.com(查看原文) 阅读量:36 收藏

近日,CNNVD正式通报了Oracle官方发布的多个安全漏洞情况,其中Oracle产品本身漏洞89个,影响到Oracle产品的其他厂商漏洞169个。包括Oracle Financial Services Applications 安全漏洞(CNNVD-202401-1551、CVE-2023-21901)、Oracle Enterprise Manager Base Platform 安全漏洞(CNNVD-202401-1567、CVE-2024-20916)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍2024年1月17日,Oracle发布了2024年1月份安全更新,共258个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle ZFS Storage Appliance、Oracle Business Intelligence Enterprise Edition、Oracle Java SE和Oracle GraalVM、Oracle Audit Vault and Database Firewall等。CNNVD对其危害等级进行了评价,其中超危漏洞30个,高危漏洞94个,中危漏洞116个,低危漏洞18个。

Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpujan2024.html

二、漏洞详情此次更新共包括86个新增漏洞的补丁程序,其中高危漏洞12个,中危漏洞63个,低危漏洞11个。

序号
漏洞名称
CNNVD编号
CVE编号
危害等级
官方链接
1
Oracle部分产品 安全漏洞
CNNVD-202401-1537
CVE-2024-20952
高危
https://www.oracle.com/security-alerts/cpujan2024.html
2
Oracle部分产品 安全漏洞
CNNVD-202401-1546
CVE-2024-20932
高危
https://www.oracle.com/security-alerts/cpujan2024.html
3
Oracle Audit Vault and Database Firewall 安全漏洞
CNNVD-202401-1549
CVE-2024-20924
高危
https://www.oracle.com/security-alerts/cpujan2024.html
4
Oracle Financial Services Applications 安全漏洞
CNNVD-202401-1551
CVE-2023-21901
高危
https://www.oracle.com/security-alerts/cpujan2024.html
5
Oracle部分产品 安全漏洞
CNNVD-202401-1563
CVE-2024-20918
高危
https://www.oracle.com/security-alerts/cpujan2024.html
6
Oracle Enterprise Manager Base Platform 安全漏洞
CNNVD-202401-1567
CVE-2024-20916
高危
https://www.oracle.com/security-alerts/cpujan2024.html
7
Oracle Supply Chain Products Suite 安全漏洞
CNNVD-202401-1659
CVE-2024-20956
高危
https://www.oracle.com/security-alerts/cpujan2024.html
8
Oracle Supply Chain Products Suite 安全漏洞
CNNVD-202401-1660
CVE-2024-20953
高危
https://www.oracle.com/security-alerts/cpujan2024.html
9
Oracle WebLogic Server 安全漏洞
CNNVD-202401-1680
CVE-2024-20931
高危
https://www.oracle.com/security-alerts/cpujan2024.html
10
Oracle Fusion Middleware 安全漏洞
CNNVD-202401-1681
CVE-2024-20927
高危
https://www.oracle.com/security-alerts/cpujan2024.html
11
Oracle Enterprise Manager Base Platform 安全漏洞
CNNVD-202401-1682
CVE-2024-20917
高危
https://www.oracle.com/security-alerts/cpujan2024.html
12
Oracle Audit Vault and Database Firewall 安全漏洞
CNNVD-202401-1696
CVE-2024-20909
高危
https://www.oracle.com/security-alerts/cpujan2024.html
13
Oracle BI Publisher 安全漏洞
CNNVD-202401-1517
CVE-2024-20987
中危
https://www.oracle.com/security-alerts/cpujan2024.html
14
Oracle MySQL 安全漏洞
CNNVD-202401-1518
CVE-2024-20985
中危
https://www.oracle.com/security-alerts/cpujan2024.html
15
Oracle MySQL 安全漏洞
CNNVD-202401-1520
CVE-2024-20983
中危
https://www.oracle.com/security-alerts/cpujan2024.html
16
Oracle MySQL 安全漏洞
CNNVD-202401-1521
CVE-2024-20981
中危
https://www.oracle.com/security-alerts/cpujan2024.html
17
Oracle BI Publisher 安全漏洞
CNNVD-202401-1522
CVE-2024-20979
中危
https://www.oracle.com/security-alerts/cpujan2024.html
18
Oracle MySQL 安全漏洞
CNNVD-202401-1523
CVE-2024-20975
中危
https://www.oracle.com/security-alerts/cpujan2024.html
19
Oracle MySQL 安全漏洞
CNNVD-202401-1524
CVE-2024-20977
中危
https://www.oracle.com/security-alerts/cpujan2024.html
20
Oracle MySQL 安全漏洞
CNNVD-202401-1525
CVE-2024-20973
中危
https://www.oracle.com/security-alerts/cpujan2024.html
21
Oracle MySQL 安全漏洞
CNNVD-202401-1526
CVE-2024-20967
中危
https://www.oracle.com/security-alerts/cpujan2024.html
22
Oracle MySQL 安全漏洞
CNNVD-202401-1527
CVE-2024-20969
中危
https://www.oracle.com/security-alerts/cpujan2024.html
23
Oracle MySQL 安全漏洞
CNNVD-202401-1528
CVE-2024-20971
中危
https://www.oracle.com/security-alerts/cpujan2024.html
24
Oracle MySQL 安全漏洞
CNNVD-202401-1529
CVE-2024-20965
中危
https://www.oracle.com/security-alerts/cpujan2024.html
25
Oracle MySQL 安全漏洞
CNNVD-202401-1530
CVE-2024-20963
中危
https://www.oracle.com/security-alerts/cpujan2024.html
26
Oracle MySQL 安全漏洞
CNNVD-202401-1531
CVE-2024-20961
中危
https://www.oracle.com/security-alerts/cpujan2024.html
27
Oracle ZFS Storage Appliance 安全漏洞
CNNVD-202401-1532
CVE-2024-20959
中危
https://www.oracle.com/security-alerts/cpujan2024.html
28
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1535
CVE-2024-20950
中危
https://www.oracle.com/security-alerts/cpujan2024.html
29
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1536
CVE-2024-20948
中危
https://www.oracle.com/security-alerts/cpujan2024.html
30
Oracle Solaris 安全漏洞
CNNVD-202401-1538
CVE-2024-20946
中危
https://www.oracle.com/security-alerts/cpujan2024.html
31
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1539
CVE-2024-20944
中危
https://www.oracle.com/security-alerts/cpujan2024.html
32
Oracle Supply Chain Products Suite 安全漏洞
CNNVD-202401-1540
CVE-2024-20942
中危
https://www.oracle.com/security-alerts/cpujan2024.html
33
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1541
CVE-2024-20940
中危
https://www.oracle.com/security-alerts/cpujan2024.html
34
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1542
CVE-2024-20938
中危
https://www.oracle.com/security-alerts/cpujan2024.html
35
Oracle Installed Base 安全漏洞
CNNVD-202401-1543
CVE-2024-20934
中危
https://www.oracle.com/security-alerts/cpujan2024.html
36
Oracle One-to-One Fulfillment 安全漏洞
CNNVD-202401-1544
CVE-2024-20936
中危
https://www.oracle.com/security-alerts/cpujan2024.html
37
Oracle Outside In Technology 安全漏洞
CNNVD-202401-1545
CVE-2024-20930
中危
https://www.oracle.com/security-alerts/cpujan2024.html
38
Oracle Fusion Middleware 安全漏洞
CNNVD-202401-1547
CVE-2024-20928
中危
https://www.oracle.com/security-alerts/cpujan2024.html
39
Oracle Java SE和Oracle GraalVM 安全漏洞
CNNVD-202401-1548
CVE-2024-20926
中危
https://www.oracle.com/security-alerts/cpujan2024.html
40
Oracle Integrated Lights Out Manager 安全漏洞
CNNVD-202401-1564
CVE-2024-20906
中危
https://www.oracle.com/security-alerts/cpujan2024.html
41
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202401-1566
CVE-2024-20904
中危
https://www.oracle.com/security-alerts/cpujan2024.html
42
Oracle Fusion Middleware 安全漏洞
CNNVD-202401-1568
CVE-2024-20908
中危
https://www.oracle.com/security-alerts/cpujan2024.html
43
Oracle Java SE 安全漏洞
CNNVD-202401-1582
CVE-2024-20919
中危
https://www.oracle.com/security-alerts/cpujan2024verbose.html
44
Oracle Java SE 安全漏洞
CNNVD-202401-1583
CVE-2024-20921
中危
https://www.oracle.com/security-alerts/cpujan2024verbose.html
45
Oracle Java SE 安全漏洞
CNNVD-202401-1584
CVE-2024-20945
中危
https://www.oracle.com/security-alerts/cpujan2024verbose.html
46
Oracle ZFS Storage Appliance 安全漏洞
CNNVD-202401-1658
CVE-2023-21833
中危
https://www.oracle.com/security-alerts/cpujan2024.html
47
Oracle MySQL 安全漏洞
CNNVD-202401-1661
CVE-2024-20984
中危
https://www.oracle.com/security-alerts/cpujan2024.html
48
Oracle MySQL 安全漏洞
CNNVD-202401-1662
CVE-2024-20982
中危
https://www.oracle.com/security-alerts/cpujan2024.html
49
Oracle MySQL 安全漏洞
CNNVD-202401-1663
CVE-2024-20968
中危
https://www.oracle.com/security-alerts/cpujan2024.html
50
Oracle MySQL 安全漏洞
CNNVD-202401-1664
CVE-2024-20978
中危
https://www.oracle.com/security-alerts/cpujan2024.html
51
Oracle MySQL 安全漏洞
CNNVD-202401-1665
CVE-2024-20976
中危
https://www.oracle.com/security-alerts/cpujan2024.html
52
Oracle MySQL 安全漏洞
CNNVD-202401-1666
CVE-2024-20974
中危
https://www.oracle.com/security-alerts/cpujan2024.html
53
Oracle MySQL 安全漏洞
CNNVD-202401-1667
CVE-2024-20972
中危
https://www.oracle.com/security-alerts/cpujan2024.html
54
Oracle MySQL 安全漏洞
CNNVD-202401-1668
CVE-2024-20970
中危
https://www.oracle.com/security-alerts/cpujan2024.html
55
Oracle MySQL 安全漏洞
CNNVD-202401-1669
CVE-2024-20966
中危
https://www.oracle.com/security-alerts/cpujan2024.html
56
Oracle MySQL 安全漏洞
CNNVD-202401-1670
CVE-2024-20960
中危
https://www.oracle.com/security-alerts/cpujan2024.html
57
Oracle MySQL 安全漏洞
CNNVD-202401-1671
CVE-2024-20962
中危
https://www.oracle.com/security-alerts/cpujan2024.html
58
Oracle MySQL 安全漏洞
CNNVD-202401-1672
CVE-2024-20964
中危
https://www.oracle.com/security-alerts/cpujan2024.html
59
Oracle JD Edwards Products 安全漏洞
CNNVD-202401-1676
CVE-2024-20937
中危
https://www.oracle.com/security-alerts/cpujan2024.html
60
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202401-1677
CVE-2024-20913
中危
https://www.oracle.com/security-alerts/cpujan2024.html
61
Oracle BI Publisher 安全漏洞
CNNVD-202401-1678
CVE-2024-20980
中危
https://www.oracle.com/security-alerts/cpujan2024.html
62
Oracle Fusion Middleware 安全漏洞
CNNVD-202401-1679
CVE-2024-20986
中危
https://www.oracle.com/security-alerts/cpujan2024.html
63
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1683
CVE-2024-20939
中危
https://www.oracle.com/security-alerts/cpujan2024.html
64
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1684
CVE-2024-20915
中危
https://www.oracle.com/security-alerts/cpujan2024.html
65
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1685
CVE-2024-20943
中危
https://www.oracle.com/security-alerts/cpujan2024.html
66
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1686
CVE-2024-20958
中危
https://www.oracle.com/security-alerts/cpujan2024.html
67
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1687
CVE-2024-20907
中危
https://www.oracle.com/security-alerts/cpujan2024.html
68
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1688
CVE-2024-20947
中危
https://www.oracle.com/security-alerts/cpujan2024.html
69
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1689
CVE-2024-20941
中危
https://www.oracle.com/security-alerts/cpujan2024.html
70
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1690
CVE-2024-20935
中危
https://www.oracle.com/security-alerts/cpujan2024.html
71
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1691
CVE-2024-20933
中危
https://www.oracle.com/security-alerts/cpujan2024.html
72
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1692
CVE-2024-20951
中危
https://www.oracle.com/security-alerts/cpujan2024.html
73
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1693
CVE-2024-20949
中危
https://www.oracle.com/security-alerts/cpujan2024.html
74
Oracle E-Business Suite 安全漏洞
CNNVD-202401-1694
CVE-2024-20929
中危
https://www.oracle.com/security-alerts/cpujan2024.html
75
Oracle Database Server 安全漏洞
CNNVD-202401-1697
CVE-2024-20903
中危
https://www.oracle.com/security-alerts/cpujan2024.html
76
Oracle JD Edwards Products 安全漏洞
CNNVD-202401-1533
CVE-2024-20957
低危
https://www.oracle.com/security-alerts/cpujan2024.html
77
Oracle部分产品 安全漏洞
CNNVD-202401-1534
CVE-2024-20955
低危
https://www.oracle.com/security-alerts/cpujan2024.html
78
Oracle部分产品 安全漏洞
CNNVD-202401-1556
CVE-2024-20922
低危
https://www.oracle.com/security-alerts/cpujan2024.html
79
Oracle Solaris 安全漏洞
CNNVD-202401-1557
CVE-2024-20920
低危
https://www.oracle.com/security-alerts/cpujan2024.html
80
Oracle ZFS Storage Appliance 安全漏洞
CNNVD-202401-1569
CVE-2024-20914
低危
https://www.oracle.com/security-alerts/cpujan2024.html
81
Oracle Audit Vault and Database Firewall 安全漏洞
CNNVD-202401-1571
CVE-2024-20912
低危
https://www.oracle.com/security-alerts/cpujan2024.html
82
Oracle Audit Vault and Database Firewall 安全漏洞
CNNVD-202401-1575
CVE-2024-20910
低危
https://www.oracle.com/security-alerts/cpujan2024.html
83
Oracle Java SE和Oracle GraalVM 安全漏洞
CNNVD-202401-1673
CVE-2024-20925
低危
https://www.oracle.com/security-alerts/cpujan2024.html
84
Oracle JD Edwards Products 安全漏洞
CNNVD-202401-1674
CVE-2024-20905
低危
https://www.oracle.com/security-alerts/cpujan2024.html
85
Oracle部分产品 安全漏洞
CNNVD-202401-1675
CVE-2024-20923
低危
https://www.oracle.com/security-alerts/cpujan2024.html
86
Oracle Audit Vault and Database Firewall 安全漏洞
CNNVD-202401-1695
CVE-2024-20911
低危
https://www.oracle.com/security-alerts/cpujan2024.html
此次更新共包括3个更新漏洞的补丁程序,其中高危漏洞1个,低危漏洞2个。
序号
漏洞名称
CNNVD编号
CVE编号
危害等级
官方链接
1
Oracle MySQL 安全漏洞
CNNVD-202310-1410
CVE-2023-22102
高危
https://www.oracle.com/security-alerts/cpuoct2023.html
2
Oracle Database Server 安全漏洞
CNNVD-202207-1680
CVE-2022-21432
低危
https://www.oracle.com/security-alerts/cpujul2022.html
3
Oracle Database Server 安全漏洞
CNNVD-202307-1573
CVE-2023-21949
低危
https://www.oracle.com/security-alerts/cpujul2023.html
此次更新共包括169个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞30个,高危漏洞81个,中危漏洞53个,低危漏洞5个。
序号
漏洞名称
CNNVD编号
CVE编号
危害等级
厂商
官方链接
1
Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞
CNNVD-202207-838
CVE-2020-29508
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
2
Dell BSAFE 安全特征问题漏洞
CNNVD-202207-834
CVE-2020-35163
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
3
Dell BSAFE 安全漏洞
CNNVD-202207-832
CVE-2020-35166
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
4
Dell BSAFE 安全漏洞
CNNVD-202207-831
CVE-2020-35167
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
5
Dell BSAFE 安全漏洞
CNNVD-202207-828
CVE-2020-35168
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
6
H2database代码问题漏洞
CNNVD-202201-572
CVE-2021-42392
超危
个人开发者
https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
7
Sanitize 输入验证错误漏洞
CNNVD-202110-1259
CVE-2021-42575
超危
个人开发者
https://owasp.org/www-project-java-html-sanitizer/
8
Mozilla Network Security Services 缓冲区错误漏洞
CNNVD-202112-002
CVE-2021-43527
超危
Mozilla基金会
https://packetstormsecurity.com/files/165110/NSS-Signature-Validation-Memory-Corruption.html
9
GNU Libtasn1 缓冲区错误漏洞
CNNVD-202210-1689
CVE-2021-46848
超危
GNU基金会
https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5
10
SnakeYAML 代码问题漏洞
CNNVD-202212-1820
CVE-2022-1471
超危
个人开发者
https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
11
H2Console 参数注入漏洞
CNNVD-202201-1749
CVE-2022-23221
超危
个人开发者
https://github.com/h2database/h2database/releases/tag/version-2.1.210
12
OpenLDAP SQL注入漏洞
CNNVD-202205-2146
CVE-2022-29155
超危
Openldap基金会
https://bugs.openldap.org/show_bug.cgi?id=9815
13
VMware Spring Security 安全漏洞
CNNVD-202210-2599
CVE-2022-31692
超危
VMware
https://tanzu.vmware.com/security/cve-2022-31692
14
Scala 代码问题漏洞
CNNVD-202209-2463
CVE-2022-36944
超危
Scala
https://www.scala-lang.org/download/
15
zlib 缓冲区错误漏洞
CNNVD-202208-2276
CVE-2022-37434
超危
个人开发者
https://github.com/madler/zlib/
16
Apache Commons Text 代码注入漏洞
CNNVD-202210-790
CVE-2022-42889
超危
Apache基金会
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
17
Apache Commons BCEL 缓冲区错误漏洞
CNNVD-202211-2199
CVE-2022-42920
超危
Apache基金会
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
18
Apache Derby 注入漏洞
CNNVD-202311-1655
CVE-2022-46337
超危
Apache基金会
https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
19
BusyBox 缓冲区错误漏洞
CNNVD-202208-4625
CVE-2022-48174
超危
个人开发者
https://bugs.busybox.net/show_bug.cgi?id=15216
20
Node.js 安全漏洞
CNNVD-202308-1703
CVE-2023-32002
超危
个人开发者
https://nodejs.org/en
21
SQLite 代码注入漏洞
CNNVD-202305-2084
CVE-2023-32697
超危
SQLite
https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
22
VMware Spring Security 安全漏洞
CNNVD-202307-1680
CVE-2023-34034
超危
VMware
https://spring.io/security/cve-2023-34034
23
PHP 缓冲区错误漏洞
CNNVD-202308-1102
CVE-2023-3824
超危
PHP
https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
24
curl 缓冲区错误漏洞
CNNVD-202310-917
CVE-2023-38545
超危
curl
https://github.com/curl/curl/commit/fb4415d8aee6c1
25
Google Go 代码注入漏洞
CNNVD-202309-669
CVE-2023-39320
超危
Google
https://github.com/golang/go/issues/62198
26
Apache ZooKeeper 安全漏洞
CNNVD-202310-856
CVE-2023-44981
超危
Apache基金会
https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b
27
Apache ActiveMQ 代码问题漏洞
CNNVD-202310-2332
CVE-2023-46604
超危
Apache基金会
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
28
Apache Arrow 代码问题漏洞
CNNVD-202311-735
CVE-2023-47248
超危
Apache基金会
https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
29
HtmlUnit 安全漏洞
CNNVD-202312-267
CVE-2023-49093
超危
HtmlUnit
https://www.htmlunit.org/changes-report.html#a3.9
30
Apache Struts 安全漏洞
CNNVD-202312-546
CVE-2023-50164
超危
Apache基金会
https://struts.apache.org/download.cgi#struts-ga
31
Apache Commons Beanutils 代码问题漏洞
CNNVD-201908-1140
CVE-2019-10086
高危
debian
https://issues.apache.org/jira/browse/BEANUTILS-520
32
Dell BSAFE 安全漏洞
CNNVD-202207-833
CVE-2020-35164
高危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
33
VMware Spring Cloud Config 路径遍历漏洞
CNNVD-202006-075
CVE-2020-5410
高危
Vmware
https://tanzu.vmware.com/security/cve-2020-5410
34
CodeMirror 资源管理错误漏洞
CNNVD-202010-1679
CVE-2020-7760
高危
Codemirror
https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
35
Google Android 信任管理问题漏洞
CNNVD-202102-128
CVE-2021-0341
高危
Google
https://source.android.com/security/bulletin/2021-02-01
36
JDOM 代码问题漏洞
CNNVD-202106-1323
CVE-2021-33813
高危
个人开发者
https://github.com/hunterhacker/jdom。
37
Apache Commons Compress 安全漏洞
CNNVD-202107-896
CVE-2021-35515
高危
Apache基金会
https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E
38
Apache Commons Compress 安全漏洞
CNNVD-202107-897
CVE-2021-35516
高危
Apache基金会
https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E
39
Apache Commons Compress 安全漏洞
CNNVD-202107-898
CVE-2021-35517
高危
Apache基金会
https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E
40
Apache Commons Compress 安全漏洞
CNNVD-202107-899
CVE-2021-36090
高危
Apache基金会
https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
41
Apache Log4j 代码问题漏洞
CNNVD-202112-1011
CVE-2021-4104
高危
Apache基金会
https://logging.apache.org/log4j/2.x/security.html
42
npm jquery-validation 安全漏洞
CNNVD-202206-318
CVE-2021-43306
高危
个人开发者
https://www.npmjs.com/package/jquery-validation
43
Spring Cloud 安全漏洞
CNNVD-202206-2126
CVE-2022-22979
高危
Spring
https://tanzu.vmware.com/security/cve-2022-22979
44
nekohtml资源管理错误漏洞
CNNVD-202204-2918
CVE-2022-24839
高危
个人开发者
https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d
45
gson 代码问题漏洞
CNNVD-202205-1791
CVE-2022-25647
高危
个人开发者
https://github.com/google/gson/pull/1991/files
46
jquery-validation 安全漏洞
CNNVD-202207-1332
CVE-2022-31147
高危
个人开发者
https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3
47
VMware Spring Security 安全漏洞
CNNVD-202210-2598
CVE-2022-31690
高危
VMware
https://tanzu.vmware.com/security/cve-2022-31690
48
Apache Xalan 输入验证错误漏洞
CNNVD-202207-1617
CVE-2022-34169
高危
Apache基金会
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
49
NSS 安全漏洞
CNNVD-202210-947
CVE-2022-3479
高危
Mozilla基金会
https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
50
Google protobuf 安全漏洞
CNNVD-202212-2865
CVE-2022-3510
高危
Google
https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
51
OpenSSL 缓冲区错误漏洞
CNNVD-202210-2605
CVE-2022-3602
高危
OpenSSL团队
https://www.openssl.org/news/secadv/20221101.txt
52
OpenSSL 安全漏洞
CNNVD-202210-2604
CVE-2022-3786
高危
OpenSSL团队
https://www.openssl.org/news/secadv/20221101.txt
53
XStream 缓冲区错误漏洞
CNNVD-202209-1230
CVE-2022-40152
高危
XStream
https://github.com/x-stream/xstream/issues/304
54
PCRE2 输入验证错误漏洞
CNNVD-202307-1523
CVE-2022-41409
高危
PCRE2Project
https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35
55
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202210-1712
CVE-2022-41704
高危
Apache基金会
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
56
FasterXML jackson-databind 代码问题漏洞
CNNVD-202210-007
CVE-2022-42003
高危
FasterXML
https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
57
FasterXML jackson-databind 代码问题漏洞
CNNVD-202210-006
CVE-2022-42004
高危
FasterXML
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
58
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202210-1707
CVE-2022-42890
高危
Apache基金会
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
59
OpenSSL 资源管理错误漏洞
CNNVD-202302-510
CVE-2022-4450
高危
OpenSSL
https://www.openssl.org/news/secadv/20230207.txt
60
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202308-1802
CVE-2022-44729
高危
Apache基金会
https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
61
H2database 安全漏洞
CNNVD-202211-3421
CVE-2022-45868
高危
个人开发者
https://github.com/h2database/h2database/
62
Apache Ivy 代码问题漏洞
CNNVD-202308-1684
CVE-2022-46751
高危
Apache基金会
https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8
63
SQLite 安全漏洞
CNNVD-202212-2843
CVE-2022-46908
高危
个人开发者
https://sqlite.org/src/info/cefc032473ac5ad2
64
OpenSSL 信任管理问题漏洞
CNNVD-202303-1681
CVE-2023-0464
高危
OpenSSL
https://www.openssl.org/news/secadv/20230322.txt
65
Red Hat JBoss Enterprise Application Platform 安全漏洞
CNNVD-202303-798
CVE-2023-1108
高危
Red Hat
https://github.com/ICEPAY/REST-API-NET/commit/61f6b8758e5c971abff5f901cfa9f231052b775f
66
netplex json-smart 安全漏洞
CNNVD-202303-1658
CVE-2023-1370
高危
netplex
https://netplex.github.io/json-smart/
67
Jettison 安全漏洞
CNNVD-202303-1656
CVE-2023-1436
高危
Jettison
https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
68
Spring Framework 资源管理错误漏洞
CNNVD-202305-2284
CVE-2023-20883
高危
Spring
https://spring.io/security/cve-2023-20883
69
Apache Commons FileUpload 安全漏洞
CNNVD-202302-1610
CVE-2023-24998
高危
Apache基金会
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
70
Apache Kafka 代码问题漏洞
CNNVD-202302-515
CVE-2023-25194
高危
Apache基金会
https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
71
OpenCV 代码问题漏洞
CNNVD-202305-852
CVE-2023-2617
高危
OpenCV
https://github.com/opencv/opencv_contrib/pull/3480
72
OpenCV 安全漏洞
CNNVD-202305-851
CVE-2023-2618
高危
OpenCV
https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6
73
Intel oneAPI Toolkits 代码问题漏洞
CNNVD-202308-1031
CVE-2023-28823
高危
Intel
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
74
Google Guava 安全漏洞
CNNVD-202306-1141
CVE-2023-2976
高危
Google
https://github.com/google/guava
75
Flask 安全漏洞
CNNVD-202305-091
CVE-2023-30861
高危
Pallets
https://github.com/pallets/flask/releases/tag/2.3.2
76
Apache HTTP Server 缓冲区错误漏洞
CNNVD-202310-1640
CVE-2023-31122
高危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
77
Comprehensive Perl Archive Network 信任管理问题漏洞
CNNVD-202304-2326
CVE-2023-31484
高危
CPAN
https://github.com/andk/cpanpm/releases/tag/2.35
78
HTTP::Tiny 信任管理问题漏洞
CNNVD-202304-2318
CVE-2023-31486
高危
Perldoc
https://perldoc.perl.org/HTTP::Tiny
79
jose4j 安全特征问题漏洞
CNNVD-202310-2110
CVE-2023-31582
高危
个人开发者
https://bitbucket.org/b_c/jose4j/commits/1929fe3
80
Node.js 安全漏洞
CNNVD-202308-1336
CVE-2023-32006
高危
Nodejs
https://nodejs.org/en/blog/vulnerability/august-2023-security-releases
81
Node.js 安全漏洞
CNNVD-202308-1984
CVE-2023-32559
高危
个人开发者
https://nodejs.org/en/blog/vulnerability/august-2023-security-releases
82
Spring Framework 安全漏洞
CNNVD-202311-2123
CVE-2023-34053
高危
Spring团队
https://github.com/spring-projects/spring-framework/releases/tag/v6.0.
83
snappy-java 输入验证错误漏洞
CNNVD-202306-1200
CVE-2023-34453
高危
个人开发者
https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
84
snappy-java 输入验证错误漏洞
CNNVD-202306-1198
CVE-2023-34454
高危
个人开发者
https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r
85
Snappy 输入验证错误漏洞
CNNVD-202306-1248
CVE-2023-34455
高危
个人开发者
https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh
86
htmlcleaner 缓冲区错误漏洞
CNNVD-202306-1106
CVE-2023-34624
高危
个人开发者
https://github.com/amplafi/htmlcleaner/issues/13
87
Apache Tomcat 安全漏洞
CNNVD-202306-1525
CVE-2023-34981
高危
Apache基金会
https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
88
Jenkins 跨站请求伪造漏洞
CNNVD-202306-1089
CVE-2023-35141
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135
89
Okio 安全漏洞
CNNVD-202307-1161
CVE-2023-3635
高危
square
https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
90
Eclipse Jetty 资源管理错误漏洞
CNNVD-202310-691
CVE-2023-36478
高危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
91
Python 安全漏洞
CNNVD-202306-1804
CVE-2023-36632
高危
Python基金会
https://docs.python.org/3/library/email.html
92
HCL BigFix Platform 输入验证错误漏洞
CNNVD-202310-848
CVE-2023-37536
高危
HCL Technologies
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
93
curl 安全漏洞
CNNVD-202309-1067
CVE-2023-38039
高危
curl
https://github.com/curl/curl
94
PHP 代码问题漏洞
CNNVD-202308-1104
CVE-2023-3823
高危
PHP
https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr
95
python-cryptography 信任管理问题漏洞
CNNVD-202307-1332
CVE-2023-38325
高危
Cryptographic团队
https://github.com/pyca/cryptography/issues/9207
96
Google Golang 安全漏洞
CNNVD-202309-663
CVE-2023-39321
高危
Google
https://github.com/golang/go/issues/62266
97
Google Go 安全漏洞
CNNVD-202309-662
CVE-2023-39322
高危
Google
https://github.com/golang/go/issues/62266
98
Apache Avro 代码问题漏洞
CNNVD-202309-2636
CVE-2023-39410
高危
Apache基金会
https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
99
MIT Kerberos 资源管理错误漏洞
CNNVD-202308-1454
CVE-2023-39975
高危
MIT
https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840
100
Eclipse Parsson 安全漏洞
CNNVD-202311-268
CVE-2023-4043
高危
Eclipse基金会
https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
101
Python 代码问题漏洞
CNNVD-202308-1930
CVE-2023-41105
高危
Python基金会
https://github.com/python/cpython/pull/107982
102
Jenkins 安全漏洞
CNNVD-202309-1972
CVE-2023-43496
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072
103
Jenkins 代码问题漏洞
CNNVD-202309-1971
CVE-2023-43497
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
104
Jenkins 安全漏洞
CNNVD-202309-1970
CVE-2023-43498
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
105
Apache HTTP Server 资源管理错误漏洞
CNNVD-202310-1641
CVE-2023-43622
高危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
106
Snappy 安全漏洞
CNNVD-202309-2204
CVE-2023-43642
高危
个人开发者
https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
107
Apache HTTP/2 资源管理错误漏洞
CNNVD-202310-667
CVE-2023-44487
高危
Apache基金会
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
108
Apache Tomcat 环境问题漏洞
CNNVD-202311-2168
CVE-2023-46589
高危
Apache基金会
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
109
glibc 缓冲区错误漏洞
CNNVD-202310-197
CVE-2023-4911
高危
GNU社区
https://www.gnu.org/software/libc/
110
JSON-Java 安全漏洞
CNNVD-202310-951
CVE-2023-5072
高危
个人开发者
https://github.com/stleary/JSON-java/
111
OpenSSL 安全漏洞
CNNVD-202310-1871
CVE-2023-5363
高危
OpenSSL团队
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
112
Junit 信息泄露漏洞
CNNVD-202010-445
CVE-2020-15250
中危
个人开发者
https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md
113
DOMPurify 跨站脚本漏洞
CNNVD-202010-199
CVE-2020-26870
中危
个人开发者
https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
114
Vmware Spring Framework 安全漏洞
CNNVD-202009-1050
CVE-2020-5421
中危
Vmware
https://tanzu.vmware.com/security/cve-2020-5421
115
Apache Commons IO 路径遍历漏洞
CNNVD-202104-702
CVE-2021-29425
中危
Apache基金会
https://issues.apache.org/jira/browse/IO-556
116
Apache Commons Net 输入验证错误漏洞
CNNVD-202212-2188
CVE-2021-37533
中危
Apache基金会
https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
117
jQuery 跨站脚本漏洞
CNNVD-202110-1843
CVE-2021-41182
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
118
jQuery 跨站脚本漏洞
CNNVD-202110-1839
CVE-2021-41183
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
119
Openjs Jquery Ui 跨站脚本漏洞
CNNVD-202110-1845
CVE-2021-41184
中危
Openjs基金会
https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
120
Vmware Spring Framework 安全漏洞
CNNVD-202203-2333
CVE-2022-22950
中危
VMware
https://tanzu.vmware.com/security/cve-2022-22950
121
Pivotal Spring Security OAuth 资源管理错误漏洞
CNNVD-202204-3951
CVE-2022-22969
中危
Pivotal
https://tanzu.vmware.com/security/cve-2022-22969
122
Apache Portable Runtime 输入验证错误漏洞
CNNVD-202301-2414
CVE-2022-25147
中危
Apache基金会
https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
123
jQuery 跨站脚本漏洞
CNNVD-202207-2121
CVE-2022-31160
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
124
jsoup 跨站脚本漏洞
CNNVD-202208-4329
CVE-2022-36033
中危
个人开发者
https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
125
Matthäus G. Chajdas pygments 代码问题漏洞
CNNVD-202307-1683
CVE-2022-40896
中危
Matthäus G. Chajdas
https://pypi.org/project/Pygments/
126
OpenSSL 安全漏洞
CNNVD-202302-514
CVE-2022-4304
中危
OpenSSL
https://www.openssl.org/news/secadv/20230207.txt
127
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202308-1801
CVE-2022-44730
中危
Apache基金会
https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0
128
OpenSSL 信任管理问题漏洞
CNNVD-202303-2432
CVE-2023-0465
中危
OpenSSL
https://www.openssl.org/news/secadv/20230328.txt
129
OpenSSL 信任管理问题漏洞
CNNVD-202303-2431
CVE-2023-0466
中危
OpenSSL
https://www.openssl.org/news/secadv/20230328.txt
130
Spring Framework 安全漏洞
CNNVD-202304-1094
CVE-2023-20863
中危
Spring
https://spring.io/security/cve-2023-20863
131
libssh 授权问题漏洞
CNNVD-202305-2087
CVE-2023-2283
中危
libssh
https://www.debian.org/security/2023/
132
cryptography 代码问题漏洞
CNNVD-202302-523
CVE-2023-23931
中危
Cryptographic
https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
133
OpenSSL 安全漏洞
CNNVD-202305-2503
CVE-2023-2650
中危
OpenSSL
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
134
Intel oneAPI Toolkits 安全漏洞
CNNVD-202308-1047
CVE-2023-27391
中危
Intel
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
135
CKEditor 跨站脚本漏洞
CNNVD-202303-1790
CVE-2023-28439
中危
CKEditor
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
136
libxml2 代码问题漏洞
CNNVD-202304-908
CVE-2023-28484
中危
个人开发者
https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
137
Ruby 安全漏洞
CNNVD-202303-2412
CVE-2023-28755
中危
个人开发者
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
138
Ruby 安全漏洞
CNNVD-202303-2720
CVE-2023-28756
中危
个人开发者
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
139
libxml2 资源管理错误漏洞
CNNVD-202304-907
CVE-2023-29469
中危
个人开发者
https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
140
OpenSSL 授权问题漏洞
CNNVD-202307-1295
CVE-2023-2975
中危
OpenSSL团队
https://www.openssl.org/news/secadv/20230714.txt
141
Bouncy Castle 信任管理问题漏洞
CNNVD-202307-168
CVE-2023-33201
中危
Bouncy Castle
https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
142
Spring Security 安全漏洞
CNNVD-202307-1539
CVE-2023-34035
中危
Spring
https://spring.io/security/cve-2023-34035
143
VMware Spring Boot 安全漏洞
CNNVD-202311-2124
CVE-2023-34055
中危
VMware
https://github.com/spring-projects/spring-boot/releases/tag/v3.0.
144
OpenSSL 安全漏洞
CNNVD-202307-1681
CVE-2023-3446
中危
OpenSSL团队
https://www.openssl.org/news/secadv/20230719.txt
145
Netty 资源管理错误漏洞
CNNVD-202306-1639
CVE-2023-34462
中危
Netty
https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
146
Apache MINA 路径遍历漏洞
CNNVD-202307-582
CVE-2023-35887
中危
Apache基金会
https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
147
MIT Kerberos 缓冲区错误漏洞
CNNVD-202308-488
CVE-2023-36054
中危
MIT
https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
148
Eclipse Jetty 安全漏洞
CNNVD-202309-1093
CVE-2023-36479
中危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
149
OpenSSL 安全漏洞
CNNVD-202307-2314
CVE-2023-3817
中危
OpenSSL团队
https://www.openssl.org/news/secadv/20230731.txt
150
Jenkins 跨站脚本漏洞
CNNVD-202307-2099
CVE-2023-39151
中危
Jenkins
https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188
151
Google Golang 跨站脚本漏洞
CNNVD-202309-671
CVE-2023-39318
中危
Google
https://github.com/golang/go/issues/62196
152
Google Golang 跨站脚本漏洞
CNNVD-202309-667
CVE-2023-39319
中危
Google
https://github.com/golang/go/issues/62197
153
Eclipse Jetty 安全漏洞
CNNVD-202309-1102
CVE-2023-40167
中危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
154
Eclipse Jetty 安全漏洞
CNNVD-202309-1113
CVE-2023-41900
中危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
155
Apache Commons Compress 资源管理错误漏洞
CNNVD-202309-1000
CVE-2023-42503
中危
Apache基金会
https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
156
Apache Tomcat 安全漏洞
CNNVD-202310-717
CVE-2023-42794
中危
Apache基金会
https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
157
Apache Tomcat 安全漏洞
CNNVD-202310-716
CVE-2023-42795
中危
Apache基金会
https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
158
Jenkins 安全漏洞
CNNVD-202309-1974
CVE-2023-43494
中危
Jenkins
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261
159
Jenkins 跨站脚本漏洞
CNNVD-202309-1973
CVE-2023-43495
中危
Jenkins
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245
160
OWASP AntiSamy 跨站脚本漏洞
CNNVD-202310-525
CVE-2023-43643
中危
OWASP基金会
https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2
161
Apache Santuario 日志信息泄露漏洞
CNNVD-202310-1720
CVE-2023-44483
中危
Apache基金会
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
162
Apache Tomcat 输入验证错误漏洞
CNNVD-202310-712
CVE-2023-45648
中危
Apache基金会
https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
163
Apache HTTP Server 资源管理错误漏洞
CNNVD-202310-1636
CVE-2023-45802
中危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
164
OpenSSH 安全漏洞
CNNVD-202312-1668
CVE-2023-48795
中危
OpenBSD
https://www.openssh.com/openbsd.html
165
Apache Tika 安全漏洞
CNNVD-202206-2671
CVE-2022-33879
低危
Apache基金会
https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
166
curl 安全漏洞
CNNVD-202310-916
CVE-2023-38546
低危
curl
https://github.com/curl/curl/releases
167
Redis Labs Redis 安全漏洞
CNNVD-202309-560
CVE-2023-41053
低危
Redis Labs
https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6
168
undici 信息泄露漏洞
CNNVD-202310-953
CVE-2023-45143
低危
nodejs
https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
169
Redis Labs Redis 安全漏洞
CNNVD-202310-1522
CVE-2023-45145
低危
Redis Labs
https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx


三、修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。

Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpujan2024.html

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: [email protected]

文章来源:CNNVD安全动态微信公众号


文章来源: https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651127473&idx=2&sn=d156440c1a71d1a35118c237cd049d80&chksm=bd144e628a63c774fa4b69fa8adf1579dc085d85930d7034cf7cab4f405498ecdfcfb7d7f770&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh