CNNVD | 关于Oracle多个安全漏洞的通报

CNNVD | 关于Oracle多个安全漏洞的通报
2024-4-19 18:8:14 Author: mp.weixin.qq.com(查看原文) 阅读量:35 收藏

扫码订阅《中国信息安全》

邮发代号 2-786

征订热线：010-82341063

近日，Oracle官方发布了多个安全漏洞的公告，其中Oracle产品本身漏洞143个，影响到Oracle产品的其他厂商漏洞193个。包括Oracle BI Publisher 安全漏洞（CNNVD-202404-2284、CVE-2024-21082）、Oracle Food and Beverage Applications 安全漏洞（CNNVD-202404-2316、CVE-2024-21014）等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据、提升权限等。Oracle多个产品和系统受漏洞影响。目前，Oracle官方已经发布了漏洞修复补丁，建议用户及时确认是否受到漏洞影响，尽快采取修补措施。

一、漏洞介绍

2024年4月16日，Oracle发布了2024年4月份安全更新，共336个漏洞的补丁程序，CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle PeopleSoft Enterprise PeopleTools、Oracle Java SE 的 Oracle GraalVM、Oracle Database Server、Oracle MySQL、Oracle Fusion Middleware等。CNNVD对其危害等级进行了评价，其中超危漏洞31个，高危漏洞122个，中危漏洞158个，低危漏洞25个。Oracle多个产品和系统版本受漏洞影响，具体影响范围可访问Oracle官方网站查询：

https://www.oracle.com/security-alerts/cpuapr2024.html

二、漏洞详情

此次更新共包括133个新增漏洞的补丁程序，其中超危漏洞5个，高危漏洞26个，中危漏洞86个，低危漏洞16个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle BI Publisher 安全漏洞	CNNVD-202404-2284	CVE-2024-21082	超危	https://www.oracle.com/security-alerts/cpuapr2024.html
2	Oracle Food and Beverage Applications 安全漏洞	CNNVD-202404-2316	CVE-2024-21014	超危	https://www.oracle.com/security-alerts/cpuapr2024.html
3	Oracle Food and Beverage Applications 安全漏洞	CNNVD-202404-2317	CVE-2024-20997	超危	https://www.oracle.com/security-alerts/cpuapr2024.html
4	Oracle Food and Beverage Applications 安全漏洞	CNNVD-202404-2318	CVE-2024-21010	超危	https://www.oracle.com/security-alerts/cpuapr2024.html
5	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2363	CVE-2024-21071	超危	https://www.oracle.com/security-alerts/cpuapr2024.html
6	Oracle Virtualization 安全漏洞	CNNVD-202404-2199	CVE-2024-21110	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
7	Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞	CNNVD-202404-2200	CVE-2024-21116	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
8	Oracle Virtualization 安全漏洞	CNNVD-202404-2201	CVE-2024-21111	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
9	Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞	CNNVD-202404-2202	CVE-2024-21103	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
10	Oracle Virtualization 安全漏洞	CNNVD-202404-2203	CVE-2024-21113	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
11	Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞	CNNVD-202404-2204	CVE-2024-21114	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
12	Oracle Virtualization 安全漏洞	CNNVD-202404-2205	CVE-2024-21112	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
13	Oracle Virtualization 安全漏洞	CNNVD-202404-2208	CVE-2024-21115	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
14	Oracle Solaris 安全漏洞	CNNVD-202404-2209	CVE-2024-20999	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
15	Oracle Solaris 安全漏洞	CNNVD-202404-2210	CVE-2024-21059	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
16	Oracle Supply Chain Products Suite 安全漏洞	CNNVD-202404-2212	CVE-2024-21092	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
17	Oracle MySQL 的 MySQL Connectors 安全漏洞	CNNVD-202404-2243	CVE-2024-21090	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
18	Oracle BI Publisher 安全漏洞	CNNVD-202404-2277	CVE-2024-21083	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
19	Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞	CNNVD-202404-2304	CVE-2024-21007	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
20	Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞	CNNVD-202404-2306	CVE-2024-21006	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
21	Oracle Food and Beverage Applications 安全漏洞	CNNVD-202404-2315	CVE-2024-20989	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
22	Oracle Enterprise Manager Base Platform 安全漏洞	CNNVD-202404-2319	CVE-2024-21067	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
23	Oracle Construction and Engineering Suite 安全漏洞	CNNVD-202404-2327	CVE-2024-21095	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
24	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2337	CVE-2024-21088	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
25	Oracle E-Business Suite 的 Oracle Marketing 安全漏洞	CNNVD-202404-2346	CVE-2024-21079	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
26	Oracle E-Business Suite 的 Oracle Trade Management 安全漏洞	CNNVD-202404-2351	CVE-2024-21077	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
27	Oracle E-Business Suite 的 Oracle Trade Management 安全漏洞	CNNVD-202404-2354	CVE-2024-21075	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
28	Oracle E-Business Suite 的 Oracle Marketing 安全漏洞	CNNVD-202404-2355	CVE-2024-21078	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
29	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2356	CVE-2024-21076	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
30	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2357	CVE-2024-21074	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
31	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2360	CVE-2024-21073	高危	https://www.oracle.com/security-alerts/cpuapr2024.html
32	Oracle Virtualization 安全漏洞	CNNVD-202404-2195	CVE-2024-21109	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
33	Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞	CNNVD-202404-2196	CVE-2024-21121	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
34	Oracle Virtualization 安全漏洞	CNNVD-202404-2197	CVE-2024-21106	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
35	Oracle Virtualization 安全漏洞	CNNVD-202404-2198	CVE-2024-21107	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
36	Oracle ZFS Storage Appliance 安全漏洞	CNNVD-202404-2207	CVE-2024-21104	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
37	Oracle Supply Chain Products Suite 安全漏洞	CNNVD-202404-2211	CVE-2024-21091	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
38	Oracle PeopleSoft Enterprise PeopleTools 安全漏洞	CNNVD-202404-2213	CVE-2024-21097	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
39	Oracle PeopleSoft 安全漏洞	CNNVD-202404-2214	CVE-2024-21070	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
40	Oracle PeopleSoft Products 安全漏洞	CNNVD-202404-2215	CVE-2024-21063	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
41	Oracle PeopleSoft Enterprise PeopleTools 安全漏洞	CNNVD-202404-2216	CVE-2024-21065	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
42	Oracle MySQL 安全漏洞	CNNVD-202404-2219	CVE-2024-21013	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
43	Oracle MySQL 安全漏洞	CNNVD-202404-2220	CVE-2024-21008	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
44	Oracle MySQL 安全漏洞	CNNVD-202404-2221	CVE-2024-21096	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
45	Oracle MySQL 安全漏洞	CNNVD-202404-2222	CVE-2024-21057	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
46	Oracle MySQL 安全漏洞	CNNVD-202404-2223	CVE-2024-21062	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
47	Oracle MySQL 安全漏洞	CNNVD-202404-2224	CVE-2024-21055	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
48	Oracle MySQL 安全漏洞	CNNVD-202404-2225	CVE-2024-21054	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
49	Oracle MySQL 安全漏洞	CNNVD-202404-2226	CVE-2024-21009	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
50	Oracle MySQL 安全漏洞	CNNVD-202404-2227	CVE-2024-20993	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
51	Oracle MySQL 安全漏洞	CNNVD-202404-2228	CVE-2024-20998	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
52	Oracle MySQL 安全漏洞	CNNVD-202404-2229	CVE-2024-21087	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
53	Oracle MySQL 安全漏洞	CNNVD-202404-2230	CVE-2024-21060	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
54	Oracle MySQL 安全漏洞	CNNVD-202404-2231	CVE-2024-21056	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
55	Oracle MySQL 安全漏洞	CNNVD-202404-2232	CVE-2024-21053	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
56	Oracle MySQL 安全漏洞	CNNVD-202404-2233	CVE-2024-21052	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
57	Oracle MySQL 安全漏洞	CNNVD-202404-2234	CVE-2024-21051	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
58	Oracle MySQL 安全漏洞	CNNVD-202404-2235	CVE-2024-21050	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
59	Oracle MySQL 安全漏洞	CNNVD-202404-2236	CVE-2024-21049	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
60	Oracle MySQL 安全漏洞	CNNVD-202404-2237	CVE-2024-21069	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
61	Oracle MySQL 安全漏洞	CNNVD-202404-2238	CVE-2024-21061	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
62	Oracle MySQL 安全漏洞	CNNVD-202404-2239	CVE-2024-21047	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
63	Oracle MySQL 安全漏洞	CNNVD-202404-2240	CVE-2024-21102	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
64	Oracle MySQL 安全漏洞	CNNVD-202404-2241	CVE-2024-20994	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
65	Oracle MySQL 安全漏洞	CNNVD-202404-2242	CVE-2024-21015	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
66	Oracle Business Intelligence Enterprise Edition 安全漏洞	CNNVD-202404-2268	CVE-2024-21099	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
67	Oracle Business Intelligence Enterprise Edition 安全漏洞	CNNVD-202404-2271	CVE-2024-21001	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
68	Oracle Business Intelligence Enterprise Edition 安全漏洞	CNNVD-202404-2273	CVE-2024-21064	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
69	Oracle BI Publisher 安全漏洞	CNNVD-202404-2275	CVE-2024-21084	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
70	Oracle Fusion Middleware 安全漏洞	CNNVD-202404-2287	CVE-2024-20992	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
71	Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞	CNNVD-202404-2290	CVE-2024-21118	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
72	Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞	CNNVD-202404-2292	CVE-2024-21120	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
73	Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞	CNNVD-202404-2294	CVE-2024-21117	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
74	Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞	CNNVD-202404-2297	CVE-2024-21119	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
75	Oracle Fusion Middleware 的 Oracle HTTP Server 安全漏洞	CNNVD-202404-2298	CVE-2024-20991	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
76	Oracle E-Business Suite 的 Oracle Web Applications Desktop Integrator 安全漏洞	CNNVD-202404-2320	CVE-2024-21048	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
77	Oracle Commerce 的 Oracle Commerce Platform 安全漏洞	CNNVD-202404-2321	CVE-2024-21100	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
78	Oracle E-Business Suite 的 Oracle CRM Technical Foundation 安全漏洞	CNNVD-202404-2322	CVE-2024-21086	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
79	Oracle E-Business Suite 的 Oracle Partner Management 安全漏洞	CNNVD-202404-2323	CVE-2024-21081	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
80	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2324	CVE-2024-20990	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
81	Oracle E-Business Suite 的 Oracle Installed Base 安全漏洞	CNNVD-202404-2325	CVE-2024-21072	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
82	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2326	CVE-2024-21046	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
83	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2328	CVE-2024-21045	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
84	Oracle Database Server 安全漏洞	CNNVD-202404-2329	CVE-2024-21093	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
85	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2330	CVE-2024-21044	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
86	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2331	CVE-2024-21043	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
87	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2332	CVE-2024-21042	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
88	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2333	CVE-2024-21041	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
89	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2334	CVE-2024-21040	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
90	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2335	CVE-2024-21089	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
91	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2336	CVE-2024-21039	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
92	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2338	CVE-2024-21038	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
93	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2339	CVE-2024-21037	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
94	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2340	CVE-2024-21036	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
95	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2341	CVE-2024-21035	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
96	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2342	CVE-2024-21034	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
97	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2343	CVE-2024-21033	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
98	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2344	CVE-2024-21032	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
99	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2345	CVE-2024-21031	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
100	Oracle E-Business Suite 的 Oracle Applications Framework 安全漏洞	CNNVD-202404-2347	CVE-2024-21080	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
101	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2348	CVE-2024-21030	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
102	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2349	CVE-2024-21029	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
103	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2350	CVE-2024-21028	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
104	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2352	CVE-2024-21027	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
105	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2353	CVE-2024-21026	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
106	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2358	CVE-2024-21025	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
107	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2359	CVE-2024-21024	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
108	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2361	CVE-2024-21023	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
109	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2362	CVE-2024-21021	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
110	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2364	CVE-2024-21020	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
111	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2365	CVE-2024-21022	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
112	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2366	CVE-2024-21018	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
113	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2367	CVE-2024-21017	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
114	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2368	CVE-2024-21019	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
115	Oracle Database Server 安全漏洞	CNNVD-202404-2369	CVE-2024-21066	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
116	Oracle Database Server 安全漏洞	CNNVD-202404-2370	CVE-2024-21058	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
117	Oracle E-Business Suite 安全漏洞	CNNVD-202404-2371	CVE-2024-21016	中危	https://www.oracle.com/security-alerts/cpuapr2024.html
118	Oracle Virtualization 安全漏洞	CNNVD-202404-2194	CVE-2024-21108	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
119	Oracle Solaris 安全漏洞	CNNVD-202404-2206	CVE-2024-21105	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
120	Oracle MySQL 安全漏洞	CNNVD-202404-2217	CVE-2024-21101	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
121	Oracle MySQL 安全漏洞	CNNVD-202404-2218	CVE-2024-21000	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
122	Oracle Java SE 安全漏洞	CNNVD-202404-2244	CVE-2024-21004	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
123	Oracle Java SE 安全漏洞	CNNVD-202404-2245	CVE-2024-21002	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
124	Oracle Java SE 和 Oracle GraalVM 安全漏洞	CNNVD-202404-2246	CVE-2024-21005	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
125	Oracle Java SE 安全漏洞	CNNVD-202404-2247	CVE-2024-21003	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
126	Oracle Java SE 和Oracle GraalVM 安全漏洞	CNNVD-202404-2248	CVE-2024-21012	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
127	Oracle Java SE 安全漏洞	CNNVD-202404-2249	CVE-2024-21094	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
128	Oracle Java SE 安全漏洞	CNNVD-202404-2250	CVE-2024-21068	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
129	Oracle Java SE 安全漏洞	CNNVD-202404-2251	CVE-2024-21011	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
130	Oracle Java SE 安全漏洞	CNNVD-202404-2252	CVE-2024-21085	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
131	Oracle Java SE 安全漏洞	CNNVD-202404-2253	CVE-2024-21098	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
132	Oracle Java SE 的 Oracle GraalVM 安全漏洞	CNNVD-202404-2256	CVE-2024-20954	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
133	Oracle Database Server 安全漏洞	CNNVD-202404-2372	CVE-2024-20995	低危	https://www.oracle.com/security-alerts/cpuapr2024.html

此次更新共包括10个更新漏洞的补丁程序，其中高危漏洞3个，中危漏洞4个，低危漏洞3个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle部分产品安全漏洞	CNNVD-202401-1563	CVE-2024-20918	高危	https://www.oracle.com/security-alerts/cpujan2024.html
2	Oracle部分产品安全漏洞	CNNVD-202401-1546	CVE-2024-20932	高危	https://www.oracle.com/security-alerts/cpujan2024.html
3	Oracle部分产品安全漏洞	CNNVD-202401-1537	CVE-2024-20952	高危	https://www.oracle.com/security-alerts/cpujan2024.html
4	Oracle Java SE 安全漏洞	CNNVD-202401-1582	CVE-2024-20919	中危	https://www.oracle.com/security-alerts/cpujan2024.html
5	Oracle Java SE 安全漏洞	CNNVD-202401-1583	CVE-2024-20921	中危	https://www.oracle.com/security-alerts/cpujan2024verbose.html
6	Oracle Java SE和Oracle GraalVM 安全漏洞	CNNVD-202401-1548	CVE-2024-20926	中危	https://www.oracle.com/security-alerts/cpujan2024.html
7	Oracle Java SE 安全漏洞	CNNVD-202401-1584	CVE-2024-20945	中危	https://www.oracle.com/security-alerts/cpujan2024.html
8	Oracle部分产品安全漏洞	CNNVD-202401-1556	CVE-2024-20922	低危	https://www.oracle.com/security-alerts/cpujan2024.html
9	Oracle部分产品安全漏洞	CNNVD-202401-1675	CVE-2024-20923	低危	https://www.oracle.com/security-alerts/cpujan2024.html
10	Oracle Java SE和Oracle GraalVM 安全漏洞	CNNVD-202401-1673	CVE-2024-20925	低危	https://www.oracle.com/security-alerts/cpujan2024.html

此次更新共包括193个影响Oracle产品的其他厂商漏洞的补丁程序，其中超危漏洞26个，高危漏洞93个，中危漏洞68个，低危漏洞6个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	厂商	官方链接
1	Terracotta Quartz Scheduler 代码问题漏洞	CNNVD-201907-1383	CVE-2019-13990	超危	softwareag	http://www.quartz-scheduler.org/
2	Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞	CNNVD-202207-838	CVE-2020-29508	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
3	Dell BSAFE 安全特征问题漏洞	CNNVD-202207-834	CVE-2020-35163	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
4	Dell BSAFE 安全漏洞	CNNVD-202207-832	CVE-2020-35166	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
5	Dell BSAFE 安全漏洞	CNNVD-202207-831	CVE-2020-35167	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
6	Dell BSAFE 安全漏洞	CNNVD-202207-828	CVE-2020-35168	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
7	handlebars 安全漏洞	CNNVD-202104-686	CVE-2021-23369	超危	个人开发者	https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
8	handlebars 安全漏洞	CNNVD-202105-130	CVE-2021-23383	超危	个人开发者	https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
9	Apache DB DdlUtils 代码问题漏洞	CNNVD-202109-1960	CVE-2021-41616	超危	Apache基金会	https://lists.apache.org/thread.html/r3d7a8303a820144f5e2d1fd0b067e18d419421b58346b53b58d3fa72%40%3Cannounce.apache.org%3E
10	iText 命令注入漏洞	CNNVD-202112-1333	CVE-2021-43113	超危	个人开发者	https://github.com/itext/itext7/releases/tag/7.1.17
11	SnakeYAML 代码问题漏洞	CNNVD-202212-1820	CVE-2022-1471	超危	个人开发者	https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
12	Dell BSAFE 安全漏洞	CNNVD-202402-197	CVE-2022-34381	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability
13	HSQLDB 安全漏洞	CNNVD-202210-196	CVE-2022-41853	超危	The HSQL Development Group	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7
14	Apache Commons Text 代码注入漏洞	CNNVD-202210-790	CVE-2022-42889	超危	Apache基金会	https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
15	Apache Commons BCEL 缓冲区错误漏洞	CNNVD-202211-2199	CVE-2022-42920	超危	Apache基金会	https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
16	Apache SOAP 访问控制错误漏洞	CNNVD-202211-2683	CVE-2022-45378	超危	Apache	https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31
17	Apache Derby 注入漏洞	CNNVD-202311-1655	CVE-2022-46337	超危	Apache基金会	https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
18	Apache CXF 代码问题漏洞	CNNVD-202212-3143	CVE-2022-46364	超危	Apache基金会	https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
19	VMware Spring Security 安全漏洞	CNNVD-202307-1680	CVE-2023-34034	超危	VMware	https://spring.io/security/cve-2023-34034
20	curl 缓冲区错误漏洞	CNNVD-202310-917	CVE-2023-38545	超危	curl	https://github.com/curl/curl/commit/fb4415d8aee6c1
21	Apple Safari 代码问题漏洞	CNNVD-202309-2063	CVE-2023-41993	超危	Apple	https://support.apple.com/en-us/HT213930
22	npm IP Package 代码问题漏洞	CNNVD-202402-689	CVE-2023-42282	超危	npm	https://www.npmjs.com/package/ip
23	Apache ZooKeeper 安全漏洞	CNNVD-202310-856	CVE-2023-44981	超危	Apache基金会	https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b
24	Apache ActiveMQ 代码问题漏洞	CNNVD-202310-2332	CVE-2023-46604	超危	Apache基金会	https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
25	Perl 安全漏洞	CNNVD-202312-067	CVE-2023-47100	超危	Perl	https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
26	PostgreSQL JDBC Driver 安全漏洞	CNNVD-202402-1534	CVE-2024-1597	超危	PostgreSQL	https://github.com/pgjdbc/pgjdbc/releases/tag/REL42.7.2
27	Apache MINA 安全漏洞	CNNVD-201910-048	CVE-2019-0231	高危	Apache基金会	http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019
28	jackson-mapper-asl 代码问题漏洞	CNNVD-201911-1110	CVE-2019-10172	高危	个人开发者	https://mvnrepository.com/artifact/org.codehaus.jackson
29	Red Hat Hibernate ORM SQL注入漏洞	CNNVD-202011-1706	CVE-2020-25638	高危	Red Hat	https://hibernate.org/
30	Dell BSAFE 安全漏洞	CNNVD-202207-833	CVE-2020-35164	高危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
31	Python 输入验证错误漏洞	CNNVD-202208-3716	CVE-2021-28861	高危	Python	https://bugs.python.org/issue43223
32	Perl 代码问题漏洞	CNNVD-202108-807	CVE-2021-36770	高危	Perl	https://access.redhat.com/security/cve/cve-2021-36770
33	Certifi 数据伪造问题漏洞	CNNVD-202212-2660	CVE-2022-23491	高危	Certifi	https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
34	nekohtml资源管理错误漏洞	CNNVD-202204-2918	CVE-2022-24839	高危	个人开发者	https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d
35	Google protobuf 安全漏洞	CNNVD-202210-769	CVE-2022-3171	高危	Google	https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
36	Apache Xalan 输入验证错误漏洞	CNNVD-202207-1617	CVE-2022-34169	高危	Apache基金会	https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
37	XStream 缓冲区错误漏洞	CNNVD-202209-1230	CVE-2022-40152	高危	XStream	https://github.com/x-stream/xstream/issues/304
38	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202210-1712	CVE-2022-41704	高危	Apache基金会	https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
39	FasterXML jackson-databind 代码问题漏洞	CNNVD-202210-007	CVE-2022-42003	高危	FasterXML	https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
40	FasterXML jackson-databind 代码问题漏洞	CNNVD-202210-006	CVE-2022-42004	高危	FasterXML	https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
41	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202210-1707	CVE-2022-42890	高危	Apache基金会	https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
42	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202308-1802	CVE-2022-44729	高危	Apache基金会	https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
43	Hutool 缓冲区错误漏洞	CNNVD-202212-3131	CVE-2022-45688	高危	Dromara社区	https://github.com/dromara/hutool/issues/2748
44	Apache Ivy 代码问题漏洞	CNNVD-202308-1684	CVE-2022-46751	高危	Apache基金会	https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8
45	UnRAR 后置链接漏洞	CNNVD-202308-425	CVE-2022-48579	高危	个人开发者	https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee
46	OpenSSL 信任管理问题漏洞	CNNVD-202303-1681	CVE-2023-0464	高危	OpenSSL	https://www.openssl.org/news/secadv/20230322.txt
47	Red Hat JBoss Enterprise Application Platform 安全漏洞	CNNVD-202303-798	CVE-2023-1108	高危	Red Hat	https://github.com/ICEPAY/REST-API-NET/commit/61f6b8758e5c971abff5f901cfa9f231052b775f
48	netplex json-smart 安全漏洞	CNNVD-202303-1658	CVE-2023-1370	高危	netplex	https://netplex.github.io/json-smart/
49	Jettison 安全漏洞	CNNVD-202303-1656	CVE-2023-1436	高危	Jettison	https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
50	Spring Framework 安全漏洞	CNNVD-202303-2401	CVE-2023-20860	高危	Spring	https://spring.io/security/cve-2023-20860
51	ModSecurity 安全漏洞	CNNVD-202301-1585	CVE-2023-24021	高危	个人开发者	https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334
52	Apache Commons FileUpload 安全漏洞	CNNVD-202302-1610	CVE-2023-24998	高危	Apache基金会	https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
53	OpenCV 代码问题漏洞	CNNVD-202305-852	CVE-2023-2617	高危	OpenCV	https://github.com/opencv/opencv_contrib/pull/3480
54	OpenCV 安全漏洞	CNNVD-202305-851	CVE-2023-2618	高危	OpenCV	https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6
55	Intel oneAPI Toolkits 代码问题漏洞	CNNVD-202308-1031	CVE-2023-28823	高危	Intel	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
56	glib2 资源管理错误漏洞	CNNVD-202306-1169	CVE-2023-29499	高危	GNOME	https://gitlab.gnome.org/GNOME/glib/
57	Google Guava 安全漏洞	CNNVD-202306-1141	CVE-2023-2976	高危	Google	https://github.com/google/guava
58	Apache HTTP Server 缓冲区错误漏洞	CNNVD-202310-1640	CVE-2023-31122	高危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
59	Red Hat Undertow 安全漏洞	CNNVD-202308-506	CVE-2023-3223	高危	Red Hat	https://undertow.io/
60	glib2 资源管理错误漏洞	CNNVD-202306-1170	CVE-2023-32636	高危	GNOME	https://gitlab.gnome.org/GNOME/glib/
61	glib2 缓冲区错误漏洞	CNNVD-202306-1172	CVE-2023-32643	高危	GNOME	https://gitlab.gnome.org/GNOME/glib/
62	Spring Framework 安全漏洞	CNNVD-202311-2123	CVE-2023-34053	高危	Spring团队	https://github.com/spring-projects/spring-framework/releases/tag/v6.0.
63	Apache Tomcat 安全漏洞	CNNVD-202306-1525	CVE-2023-34981	高危	Apache基金会	https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
64	Jenkins 跨站请求伪造漏洞	CNNVD-202306-1089	CVE-2023-35141	高危	Jenkins	https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135
65	Okio 安全漏洞	CNNVD-202307-1161	CVE-2023-3635	高危	square	https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
66	Eclipse Jetty 资源管理错误漏洞	CNNVD-202310-691	CVE-2023-36478	高危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
67	Python 安全漏洞	CNNVD-202306-1804	CVE-2023-36632	高危	Python基金会	https://docs.python.org/3/library/email.html
68	HCL BigFix Platform 输入验证错误漏洞	CNNVD-202310-848	CVE-2023-37536	高危	HCL Technologies	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
69	curl 安全漏洞	CNNVD-202309-1067	CVE-2023-38039	高危	curl	https://github.com/curl/curl
70	python-cryptography 信任管理问题漏洞	CNNVD-202307-1332	CVE-2023-38325	高危	Cryptographic团队	https://github.com/pyca/cryptography/issues/9207
71	MIT Kerberos 资源管理错误漏洞	CNNVD-202308-1454	CVE-2023-39975	高危	MIT	https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840
72	Eclipse Parsson 安全漏洞	CNNVD-202311-268	CVE-2023-4043	高危	Eclipse基金会	https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
73	Redis 安全漏洞	CNNVD-202401-776	CVE-2023-41056	高危	Redis Labs	https://github.com/redis/redis/commit/e351099e1119fb89496be578f5232c61ce300224
74	Apple iOS 和 iPadOS 安全漏洞	CNNVD-202309-2265	CVE-2023-41074	高危	Apple	https://support.apple.com/en-us/HT213938
75	Python 代码问题漏洞	CNNVD-202308-1930	CVE-2023-41105	高危	Python基金会	https://github.com/python/cpython/pull/107982
76	Apple Safari 安全漏洞	CNNVD-202311-2397	CVE-2023-42917	高危	Apple	https://support.apple.com/en-us/HT214033
77	Jenkins 安全漏洞	CNNVD-202309-1972	CVE-2023-43496	高危	Jenkins	https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072
78	Jenkins 代码问题漏洞	CNNVD-202309-1971	CVE-2023-43497	高危	Jenkins	https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
79	Jenkins 安全漏洞	CNNVD-202309-1970	CVE-2023-43498	高危	Jenkins	https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
80	Apache HTTP Server 资源管理错误漏洞	CNNVD-202310-1641	CVE-2023-43622	高危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
81	urllib3 信息泄露漏洞	CNNVD-202310-281	CVE-2023-43804	高危	个人开发者	https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
82	Pillow 安全漏洞	CNNVD-202311-282	CVE-2023-44271	高危	个人开发者	https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
83	Apache HTTP/2 资源管理错误漏洞	CNNVD-202310-667	CVE-2023-44487	高危	Apache基金会	https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
84	OpenTelemetry-Go Contrib 安全漏洞	CNNVD-202310-955	CVE-2023-45142	高危	OpenTelemetry	https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh
85	Plotly.js 安全漏洞	CNNVD-202401-128	CVE-2023-46308	高危	个人开发者	https://github.com/plotly/plotly.js/releases/tag/v2.25.2
86	shadow 安全漏洞	CNNVD-202310-843	CVE-2023-4641	高危	个人开发者	https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904
87	Apache Tomcat 环境问题漏洞	CNNVD-202311-2168	CVE-2023-46589	高危	Apache基金会	https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
88	Perl 安全漏洞	CNNVD-202311-2025	CVE-2023-47038	高危	PERL社区	https://bugzilla.redhat.com/show_bug.cgi?id=2249523
89	Perl 安全漏洞	CNNVD-202311-2026	CVE-2023-47039	高危	PERL社区	https://www.perl.org/
90	OpenSSL 安全漏洞	CNNVD-202309-665	CVE-2023-4807	高危	OpenSSL	https://www.openssl.org/news/secadv/20230908.txt
91	Google Chrome 缓冲区错误漏洞	CNNVD-202309-784	CVE-2023-4863	高危	Google	https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
92	glibc 缓冲区错误漏洞	CNNVD-202310-197	CVE-2023-4911	高危	GNU社区	https://www.gnu.org/software/libc/
93	Apache Solr 安全漏洞	CNNVD-202402-792	CVE-2023-50298	高危	Apache	https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
94	Apache Solr 代码问题漏洞	CNNVD-202402-791	CVE-2023-50386	高危	Apache	https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets
95	JSON-Java 安全漏洞	CNNVD-202310-951	CVE-2023-5072	高危	个人开发者	https://github.com/stleary/JSON-java/
96	Jasper 安全漏洞	CNNVD-202401-1315	CVE-2023-51257	高危	Jasper	https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a
97	GNU C Library 安全漏洞	CNNVD-202309-2162	CVE-2023-5156	高危	GNU社区	https://sourceware.org/bugzilla/show_bug.cgi?id=30884
98	jose4j 安全漏洞	CNNVD-202402-2688	CVE-2023-51775	高危	Bitbucket	https://bitbucket.org/b_c/jose4j/downloads/
99	Connect2id Nimbus JOSE+JWT 安全漏洞	CNNVD-202402-845	CVE-2023-52428	高危	Connect2id	https://connect2id.com/products/nimbus-jose-jwt
100	OpenSSL 安全漏洞	CNNVD-202310-1871	CVE-2023-5363	高危	OpenSSL团队	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
101	Red Hat Undertow 安全漏洞	CNNVD-202312-977	CVE-2023-5379	高危	Red Hat	https://bugzilla.redhat.com/show_bug.cgi?id=2242099
102	glibc 缓冲区错误漏洞	CNNVD-202401-2632	CVE-2023-6246	高危	个人开发者	https://github.com/kraj/glibc/releases/tag/glibc-2.37
103	logback 代码问题漏洞	CNNVD-202311-2206	CVE-2023-6378	高危	Quality Open Software	https://logback.qos.ch/download.html
104	Quality Open Software Logback 安全漏洞	CNNVD-202312-277	CVE-2023-6481	高危	Quality Open Software	https://logback.qos.ch/news.html
105	glibc 缓冲区错误漏洞	CNNVD-202401-2633	CVE-2023-6779	高危	个人开发者	https://github.com/kraj/glibc/releases/tag/glibc-2.38
106	Red Hat Undertow 资源管理错误漏洞	CNNVD-202402-1551	CVE-2024-1635	高危	Red Hat	https://undertow.io/
107	runc 安全漏洞	CNNVD-202401-2725	CVE-2024-21626	高危	个人开发者	https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
108	Amazon Ion 安全漏洞	CNNVD-202401-216	CVE-2024-21634	高危	Amazon	https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6
109	Node.js 安全漏洞	CNNVD-202402-1466	CVE-2024-21892	高危	Node.js	https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high
110	Node.js 安全漏洞	CNNVD-202402-1467	CVE-2024-22019	高危	Node.js	https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high
111	Eclipse Jetty 安全漏洞	CNNVD-202402-2103	CVE-2024-22201	高危	Eclipse	https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
112	Spring Framework 安全漏洞	CNNVD-202401-1957	CVE-2024-22233	高危	Spring	https://spring.io/security/cve-2024-22233/
113	Spring Framework 安全漏洞	CNNVD-202402-1929	CVE-2024-22243	高危	Spring	https://spring.io/projects/spring-framework#support
114	VMware Spring Security 安全漏洞	CNNVD-202403-1650	CVE-2024-22257	高危	VMware	https://spring.io/security/cve-2024-22257
115	Spring Framework 安全漏洞	CNNVD-202403-1543	CVE-2024-22259	高危	Spring	https://spring.io/security/cve-2024-22259
116	Apache Tomcat 安全漏洞	CNNVD-202403-1180	CVE-2024-23672	高危	Apache	https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
117	Apache Tomcat 输入验证错误漏洞	CNNVD-202403-1179	CVE-2024-24549	高危	Apache	https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
118	libxml2 安全漏洞	CNNVD-202402-242	CVE-2024-25062	高危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/-/tags
119	python-cryptography 安全漏洞	CNNVD-202402-1783	CVE-2024-26130	高危	Cryptographic	https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
120	Apache Ant 安全漏洞	CNNVD-202107-983	CVE-2021-36373	中危	Apache基金会	https://ant.apache.org/
121	Apache Ant 安全漏洞	CNNVD-202107-984	CVE-2021-36374	中危	Apache基金会	https://ant.apache.org/
122	Apache Commons Net 输入验证错误漏洞	CNNVD-202212-2188	CVE-2021-37533	中危	Apache基金会	https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
123	JetBrains Kotlin 安全特征问题漏洞	CNNVD-202202-606	CVE-2022-24329	中危	JetBrains	http://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021
124	MetadataExtractor 安全漏洞	CNNVD-202202-1859	CVE-2022-24613	中危	个人开发者	https://cxsecurity.com/cveshow/CVE-2022-24613/
125	MetadataExtractor 安全漏洞	CNNVD-202202-1858	CVE-2022-24614	中危	个人开发者	https://cxsecurity.com/cveshow/CVE-2022-24614/
126	Apache Portable Runtime 输入验证错误漏洞	CNNVD-202301-2414	CVE-2022-25147	中危	Apache基金会	https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
127	jQuery 跨站脚本漏洞	CNNVD-202207-2121	CVE-2022-31160	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
128	jsoup 跨站脚本漏洞	CNNVD-202208-4329	CVE-2022-36033	中危	个人开发者	https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
129	Matthäus G. Chajdas pygments 代码问题漏洞	CNNVD-202307-1683	CVE-2022-40896	中危	Matthäus G. Chajdas	https://pypi.org/project/Pygments/
130	OpenSSL 信任管理问题漏洞	CNNVD-202303-2432	CVE-2023-0465	中危	OpenSSL	https://www.openssl.org/news/secadv/20230328.txt
131	OpenSSL 信任管理问题漏洞	CNNVD-202303-2431	CVE-2023-0466	中危	OpenSSL	https://www.openssl.org/news/secadv/20230328.txt
132	Red Hat AMQ 安全漏洞	CNNVD-202302-1203	CVE-2023-0833	中危	Red Hat	https://www.redhat.com/en/resources/amq-streams-datasheet
133	OpenSSL 缓冲区错误漏洞	CNNVD-202304-1714	CVE-2023-1255	中危	OpenSSL	https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
134	Spring Framework 安全漏洞	CNNVD-202303-1917	CVE-2023-20861	中危	Spring	https://spring.io/security/cve-2023-20861
135	Spring Framework 安全漏洞	CNNVD-202304-1667	CVE-2023-20862	中危	Spring	https://spring.io/security/cve-2023-20862
136	Spring Framework 安全漏洞	CNNVD-202304-1094	CVE-2023-20863	中危	Spring	https://spring.io/security/cve-2023-20863
137	libssh 授权问题漏洞	CNNVD-202305-2087	CVE-2023-2283	中危	libssh	https://www.debian.org/security/2023/
138	OpenSSL 安全漏洞	CNNVD-202305-2503	CVE-2023-2650	中危	OpenSSL	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
139	Intel oneAPI Toolkits 安全漏洞	CNNVD-202308-1047	CVE-2023-27391	中危	Intel	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
140	Apache Tomcat 安全漏洞	CNNVD-202303-1662	CVE-2023-28708	中危	Apache基金会	https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
141	Flexera InstallShield 安全漏洞	CNNVD-202401-2402	CVE-2023-29081	中危	Flexera	https://community.flexera.com/t5/Product-Downloads/ct-p/Downloads
142	OpenSSL 授权问题漏洞	CNNVD-202307-1295	CVE-2023-2975	中危	OpenSSL团队	https://www.openssl.org/news/secadv/20230714.txt
143	glib2 资源管理错误漏洞	CNNVD-202306-1171	CVE-2023-32611	中危	GNOME	https://gitlab.gnome.org/GNOME/glib/
144	glib2 代码问题漏洞	CNNVD-202306-1168	CVE-2023-32665	中危	GNOME	https://gitlab.gnome.org/GNOME/glib/
145	Bouncy Castle 信任管理问题漏洞	CNNVD-202307-168	CVE-2023-33201	中危	Bouncy Castle	https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
146	Bouncy Castle 资源管理错误漏洞	CNNVD-202311-1981	CVE-2023-33202	中危	Bouncy Castle	https://www.bouncycastle.org/latest_releases.html
147	Spring Security 安全漏洞	CNNVD-202307-1539	CVE-2023-34035	中危	Spring	https://spring.io/security/cve-2023-34035
148	VMware Spring Boot 安全漏洞	CNNVD-202311-2124	CVE-2023-34055	中危	VMware	https://github.com/spring-projects/spring-boot/releases/tag/v3.0.
149	OpenSSL 安全漏洞	CNNVD-202307-1681	CVE-2023-3446	中危	OpenSSL团队	https://www.openssl.org/news/secadv/20230719.txt
150	FasterXML jackson-databind 代码问题漏洞	CNNVD-202306-1121	CVE-2023-35116	中危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/3972
151	Apache MINA 路径遍历漏洞	CNNVD-202307-582	CVE-2023-35887	中危	Apache基金会	https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
152	Eclipse Jetty 安全漏洞	CNNVD-202309-1093	CVE-2023-36479	中危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
153	OpenSSL 安全漏洞	CNNVD-202307-2314	CVE-2023-3817	中危	OpenSSL团队	https://www.openssl.org/news/secadv/20230731.txt
154	Jenkins 跨站脚本漏洞	CNNVD-202307-2099	CVE-2023-39151	中危	Jenkins	https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188
155	procps 缓冲区错误漏洞	CNNVD-202308-085	CVE-2023-4016	中危	procps-ng	https://gitlab.com/procps-ng/procps
156	Eclipse Jetty 安全漏洞	CNNVD-202309-1102	CVE-2023-40167	中危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
157	Python 安全漏洞	CNNVD-202308-2059	CVE-2023-40217	中危	Python基金会	https://www.python.org/dev/security/
158	Apache Tomcat 输入验证错误漏洞	CNNVD-202308-2096	CVE-2023-41080	中危	Apache基金会	https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
159	Eclipse Jetty 安全漏洞	CNNVD-202309-1113	CVE-2023-41900	中危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
160	Apache Commons Compress 资源管理错误漏洞	CNNVD-202309-1000	CVE-2023-42503	中危	Apache基金会	https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
161	Jenkins 安全漏洞	CNNVD-202309-1974	CVE-2023-43494	中危	Jenkins	https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261
162	Jenkins 跨站脚本漏洞	CNNVD-202309-1973	CVE-2023-43495	中危	Jenkins	https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245
163	Apache Santuario 日志信息泄露漏洞	CNNVD-202310-1720	CVE-2023-44483	中危	Apache基金会	https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
164	glibc 缓冲区错误漏洞	CNNVD-202309-933	CVE-2023-4527	中危	个人开发者	https://sourceware.org/bugzilla/show_bug.cgi?id=30842
165	Apache HTTP Server 资源管理错误漏洞	CNNVD-202310-1636	CVE-2023-45802	中危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
166	urllib3 信息泄露漏洞	CNNVD-202310-1359	CVE-2023-45803	中危	urllib3	https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
167	curl 安全漏洞	CNNVD-202312-490	CVE-2023-46218	中危	curl	https://curl.se/docs/CVE-2023-46218.html
168	curl 安全漏洞	CNNVD-202312-499	CVE-2023-46219	中危	curl	https://curl.se/docs/CVE-2023-46219.html
169	Node.js 安全漏洞	CNNVD-202402-1465	CVE-2023-46809	中危	Node.js	https://nodejs.org/
170	glibc 资源管理错误漏洞	CNNVD-202309-932	CVE-2023-4806	中危	GNU社区	https://sourceware.org/bugzilla/show_bug.cgi?id=30843
171	OpenSSH 安全漏洞	CNNVD-202312-1668	CVE-2023-48795	中危	OpenBSD	https://www.openssh.com/openbsd.html
172	Python cryptography 代码问题漏洞	CNNVD-202311-2230	CVE-2023-49083	中危	Python基金会	https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
173	python-cryptography 安全漏洞	CNNVD-202312-1318	CVE-2023-50782	中危	Cryptographic团队	https://cryptography.io/en/latest/
174	Jayway JsonPath 安全漏洞	CNNVD-202312-2349	CVE-2023-51074	中危	json-path	https://github.com/json-path/JsonPath/issues/973
175	ImageMagick 资源管理错误漏洞	CNNVD-202310-092	CVE-2023-5341	中危	ImageMagick	https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1
176	OpenSSL 代码问题漏洞	CNNVD-202311-423	CVE-2023-5678	中危	OpenSSL	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
177	OpenSSL 安全漏洞	CNNVD-202401-736	CVE-2023-6129	中危	OpenSSL	https://www.openssl.org/news/secadv/20240109.txt
178	Python 安全漏洞	CNNVD-202312-708	CVE-2023-6507	中危	Python基金会	https://mail.python.org/archives/list/[email protected]/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/
179	glibc 缓冲区错误漏洞	CNNVD-202401-2631	CVE-2023-6780	中危	个人开发者	https://github.com/kraj/glibc/releases/tag/glibc-2.38
180	curl 安全漏洞	CNNVD-202401-2732	CVE-2024-0853	中危	curl	https://curl.se/docs/CVE-2024-0853.html
181	Red Hat Undertow 安全漏洞	CNNVD-202402-940	CVE-2024-1459	中危	Red Hat	https://undertow.io/downloads.html
182	Jinja 跨站脚本漏洞	CNNVD-202401-963	CVE-2024-22195	中危	个人开发者	https://github.com/pallets/jinja/releases/tag/3.1.3
183	OWASP AntiSamy 跨站脚本漏洞	CNNVD-202402-204	CVE-2024-23635	中危	OWASP	https://github.com/nahsra/antisamy/releases/tag/v1.7.5
184	CKEditor 跨站脚本漏洞	CNNVD-202402-598	CVE-2024-24815	中危	CKEditor	https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
185	CKEditor 跨站脚本漏洞	CNNVD-202402-605	CVE-2024-24816	中危	CKEditor	https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
186	Apache Commons Compress 安全漏洞	CNNVD-202402-1528	CVE-2024-25710	中危	Apache	https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
187	Apache Commons Compress 安全漏洞	CNNVD-202402-1527	CVE-2024-26308	中危	Apache	https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
188	Google Guava 访问控制错误漏洞	CNNVD-202012-827	CVE-2020-8908	低危	Google	https://github.com/google/guava/issues/4011
189	curl 安全漏洞	CNNVD-202310-916	CVE-2023-38546	低危	curl	https://github.com/curl/curl/releases
190	Pip 命令注入漏洞	CNNVD-202310-1912	CVE-2023-5752	低危	Python Packaging Authority	https://github.com/pypa/pip/releases/tag/23.3.1
191	libssh 安全漏洞	CNNVD-202312-1736	CVE-2023-6004	低危	libssh	https://www.libssh.org/files/0.10/
192	libssh 安全漏洞	CNNVD-202312-1734	CVE-2023-6918	低危	libssh	https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
193	OpenSSL 安全漏洞	CNNVD-202401-2353	CVE-2024-0727	低危	OpenSSL	https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

三、修复建议

目前，Oracle官方已经发布补丁修复了上述漏洞，建议用户及时确认漏洞影响，尽快采取修补措施。Oracle官方补丁下载地址：

https://www.oracle.com/security-alerts/cpuapr2024.html

CNNVD将继续跟踪上述漏洞的相关情况，及时发布相关信息。如有需要，可与CNNVD联系。

联系方式: [email protected]

（来源：CNNVD）

分享网络安全知识强化网络安全意识

欢迎关注《中国信息安全》杂志官方抖音号

《中国信息安全》杂志倾力推荐

“企业成长计划”

点击下图了解详情

文章来源: https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664211278&idx=4&sn=e4de21613365aeacdaf08d5da06b5203&chksm=8b59a1b7bc2e28a147111295854054753d06d75895d6cbb77440f03c11ec314cf7880ad79de3&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh