CNNVD | 关于Oracle多个安全漏洞的通报
2024-4-19 18:8:14 Author: mp.weixin.qq.com(查看原文) 阅读量:35 收藏

扫码订阅《中国信息安全》

邮发代号 2-786

征订热线:010-82341063

近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞143个,影响到Oracle产品的其他厂商漏洞193个。包括Oracle BI Publisher 安全漏洞(CNNVD-202404-2284、CVE-2024-21082)、Oracle Food and Beverage Applications 安全漏洞(CNNVD-202404-2316、CVE-2024-21014)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据、提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2024年4月16日,Oracle发布了2024年4月份安全更新,共336个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle PeopleSoft Enterprise PeopleTools、Oracle Java SE 的 Oracle GraalVM、Oracle Database Server、Oracle MySQL、Oracle Fusion Middleware等。CNNVD对其危害等级进行了评价,其中超危漏洞31个,高危漏洞122个,中危漏洞158个,低危漏洞25个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpuapr2024.html

二、漏洞详情

此次更新共包括133个新增漏洞的补丁程序,其中超危漏洞5个,高危漏洞26个,中危漏洞86个,低危漏洞16个。

序号
漏洞名称
CNNVD编号
CVE编号
危害等级
官方链接
1
Oracle BI Publisher 安全漏洞
CNNVD-202404-2284
CVE-2024-21082
超危
https://www.oracle.com/security-alerts/cpuapr2024.html
2
Oracle Food and Beverage Applications 安全漏洞
CNNVD-202404-2316
CVE-2024-21014
超危
https://www.oracle.com/security-alerts/cpuapr2024.html
3
Oracle Food and Beverage Applications 安全漏洞
CNNVD-202404-2317
CVE-2024-20997
超危
https://www.oracle.com/security-alerts/cpuapr2024.html
4
Oracle Food and Beverage Applications 安全漏洞
CNNVD-202404-2318
CVE-2024-21010
超危
https://www.oracle.com/security-alerts/cpuapr2024.html
5
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2363
CVE-2024-21071
超危
https://www.oracle.com/security-alerts/cpuapr2024.html
6
Oracle Virtualization 安全漏洞
CNNVD-202404-2199
CVE-2024-21110
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
7
Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞
CNNVD-202404-2200
CVE-2024-21116
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
8
Oracle Virtualization 安全漏洞
CNNVD-202404-2201
CVE-2024-21111
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
9
Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞
CNNVD-202404-2202
CVE-2024-21103
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
10
Oracle Virtualization 安全漏洞
CNNVD-202404-2203
CVE-2024-21113
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
11
Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞
CNNVD-202404-2204
CVE-2024-21114
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
12
Oracle Virtualization 安全漏洞
CNNVD-202404-2205
CVE-2024-21112
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
13
Oracle Virtualization 安全漏洞
CNNVD-202404-2208
CVE-2024-21115
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
14
Oracle Solaris 安全漏洞
CNNVD-202404-2209
CVE-2024-20999
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
15
Oracle Solaris 安全漏洞
CNNVD-202404-2210
CVE-2024-21059
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
16
Oracle Supply Chain Products Suite 安全漏洞
CNNVD-202404-2212
CVE-2024-21092
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
17
Oracle MySQL 的 MySQL Connectors 安全漏洞
CNNVD-202404-2243
CVE-2024-21090
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
18
Oracle BI Publisher 安全漏洞
CNNVD-202404-2277
CVE-2024-21083
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
19
Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞
CNNVD-202404-2304
CVE-2024-21007
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
20
Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞
CNNVD-202404-2306
CVE-2024-21006
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
21
Oracle Food and Beverage Applications 安全漏洞
CNNVD-202404-2315
CVE-2024-20989
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
22
Oracle Enterprise Manager Base Platform 安全漏洞
CNNVD-202404-2319
CVE-2024-21067
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
23
Oracle Construction and Engineering Suite 安全漏洞
CNNVD-202404-2327
CVE-2024-21095
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
24
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2337
CVE-2024-21088
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
25
Oracle E-Business Suite 的 Oracle Marketing 安全漏洞
CNNVD-202404-2346
CVE-2024-21079
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
26
Oracle E-Business Suite 的 Oracle Trade Management 安全漏洞
CNNVD-202404-2351
CVE-2024-21077
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
27
Oracle E-Business Suite 的 Oracle Trade Management 安全漏洞
CNNVD-202404-2354
CVE-2024-21075
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
28
Oracle E-Business Suite 的 Oracle Marketing 安全漏洞
CNNVD-202404-2355
CVE-2024-21078
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
29
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2356
CVE-2024-21076
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
30
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2357
CVE-2024-21074
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
31
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2360
CVE-2024-21073
高危
https://www.oracle.com/security-alerts/cpuapr2024.html
32
Oracle Virtualization 安全漏洞
CNNVD-202404-2195
CVE-2024-21109
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
33
Oracle Virtualization 的 Oracle VM VirtualBox 安全漏洞
CNNVD-202404-2196
CVE-2024-21121
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
34
Oracle Virtualization 安全漏洞
CNNVD-202404-2197
CVE-2024-21106
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
35
Oracle Virtualization 安全漏洞
CNNVD-202404-2198
CVE-2024-21107
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
36
Oracle ZFS Storage Appliance 安全漏洞
CNNVD-202404-2207
CVE-2024-21104
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
37
Oracle Supply Chain Products Suite 安全漏洞
CNNVD-202404-2211
CVE-2024-21091
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
38
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞
CNNVD-202404-2213
CVE-2024-21097
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
39
Oracle PeopleSoft 安全漏洞
CNNVD-202404-2214
CVE-2024-21070
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
40
Oracle PeopleSoft Products 安全漏洞
CNNVD-202404-2215
CVE-2024-21063
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
41
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞
CNNVD-202404-2216
CVE-2024-21065
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
42
Oracle MySQL 安全漏洞
CNNVD-202404-2219
CVE-2024-21013
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
43
Oracle MySQL 安全漏洞
CNNVD-202404-2220
CVE-2024-21008
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
44
Oracle MySQL 安全漏洞
CNNVD-202404-2221
CVE-2024-21096
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
45
Oracle MySQL 安全漏洞
CNNVD-202404-2222
CVE-2024-21057
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
46
Oracle MySQL 安全漏洞
CNNVD-202404-2223
CVE-2024-21062
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
47
Oracle MySQL 安全漏洞
CNNVD-202404-2224
CVE-2024-21055
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
48
Oracle MySQL 安全漏洞
CNNVD-202404-2225
CVE-2024-21054
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
49
Oracle MySQL 安全漏洞
CNNVD-202404-2226
CVE-2024-21009
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
50
Oracle MySQL 安全漏洞
CNNVD-202404-2227
CVE-2024-20993
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
51
Oracle MySQL 安全漏洞
CNNVD-202404-2228
CVE-2024-20998
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
52
Oracle MySQL 安全漏洞
CNNVD-202404-2229
CVE-2024-21087
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
53
Oracle MySQL 安全漏洞
CNNVD-202404-2230
CVE-2024-21060
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
54
Oracle MySQL 安全漏洞
CNNVD-202404-2231
CVE-2024-21056
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
55
Oracle MySQL 安全漏洞
CNNVD-202404-2232
CVE-2024-21053
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
56
Oracle MySQL 安全漏洞
CNNVD-202404-2233
CVE-2024-21052
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
57
Oracle MySQL 安全漏洞
CNNVD-202404-2234
CVE-2024-21051
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
58
Oracle MySQL 安全漏洞
CNNVD-202404-2235
CVE-2024-21050
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
59
Oracle MySQL 安全漏洞
CNNVD-202404-2236
CVE-2024-21049
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
60
Oracle MySQL 安全漏洞
CNNVD-202404-2237
CVE-2024-21069
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
61
Oracle MySQL 安全漏洞
CNNVD-202404-2238
CVE-2024-21061
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
62
Oracle MySQL 安全漏洞
CNNVD-202404-2239
CVE-2024-21047
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
63
Oracle MySQL 安全漏洞
CNNVD-202404-2240
CVE-2024-21102
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
64
Oracle MySQL 安全漏洞
CNNVD-202404-2241
CVE-2024-20994
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
65
Oracle MySQL 安全漏洞
CNNVD-202404-2242
CVE-2024-21015
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
66
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202404-2268
CVE-2024-21099
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
67
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202404-2271
CVE-2024-21001
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
68
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202404-2273
CVE-2024-21064
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
69
Oracle BI Publisher 安全漏洞
CNNVD-202404-2275
CVE-2024-21084
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
70
Oracle Fusion Middleware 安全漏洞
CNNVD-202404-2287
CVE-2024-20992
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
71
Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞
CNNVD-202404-2290
CVE-2024-21118
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
72
Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞
CNNVD-202404-2292
CVE-2024-21120
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
73
Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞
CNNVD-202404-2294
CVE-2024-21117
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
74
Oracle Fusion Middleware 的 Oracle Outside In Technology 安全漏洞
CNNVD-202404-2297
CVE-2024-21119
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
75
Oracle Fusion Middleware 的 Oracle HTTP Server 安全漏洞
CNNVD-202404-2298
CVE-2024-20991
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
76
Oracle E-Business Suite 的 Oracle Web Applications Desktop Integrator 安全漏洞
CNNVD-202404-2320
CVE-2024-21048
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
77
Oracle Commerce 的 Oracle Commerce Platform 安全漏洞
CNNVD-202404-2321
CVE-2024-21100
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
78
Oracle E-Business Suite 的 Oracle CRM Technical Foundation 安全漏洞
CNNVD-202404-2322
CVE-2024-21086
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
79
Oracle E-Business Suite 的 Oracle Partner Management 安全漏洞
CNNVD-202404-2323
CVE-2024-21081
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
80
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2324
CVE-2024-20990
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
81
Oracle E-Business Suite 的 Oracle Installed Base 安全漏洞
CNNVD-202404-2325
CVE-2024-21072
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
82
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2326
CVE-2024-21046
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
83
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2328
CVE-2024-21045
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
84
Oracle Database Server 安全漏洞
CNNVD-202404-2329
CVE-2024-21093
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
85
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2330
CVE-2024-21044
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
86
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2331
CVE-2024-21043
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
87
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2332
CVE-2024-21042
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
88
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2333
CVE-2024-21041
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
89
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2334
CVE-2024-21040
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
90
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2335
CVE-2024-21089
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
91
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2336
CVE-2024-21039
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
92
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2338
CVE-2024-21038
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
93
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2339
CVE-2024-21037
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
94
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2340
CVE-2024-21036
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
95
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2341
CVE-2024-21035
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
96
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2342
CVE-2024-21034
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
97
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2343
CVE-2024-21033
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
98
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2344
CVE-2024-21032
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
99
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2345
CVE-2024-21031
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
100
Oracle E-Business Suite 的 Oracle Applications Framework 安全漏洞
CNNVD-202404-2347
CVE-2024-21080
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
101
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2348
CVE-2024-21030
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
102
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2349
CVE-2024-21029
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
103
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2350
CVE-2024-21028
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
104
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2352
CVE-2024-21027
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
105
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2353
CVE-2024-21026
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
106
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2358
CVE-2024-21025
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
107
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2359
CVE-2024-21024
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
108
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2361
CVE-2024-21023
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
109
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2362
CVE-2024-21021
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
110
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2364
CVE-2024-21020
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
111
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2365
CVE-2024-21022
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
112
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2366
CVE-2024-21018
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
113
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2367
CVE-2024-21017
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
114
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2368
CVE-2024-21019
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
115
Oracle Database Server 安全漏洞
CNNVD-202404-2369
CVE-2024-21066
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
116
Oracle Database Server 安全漏洞
CNNVD-202404-2370
CVE-2024-21058
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
117
Oracle E-Business Suite 安全漏洞
CNNVD-202404-2371
CVE-2024-21016
中危
https://www.oracle.com/security-alerts/cpuapr2024.html
118
Oracle Virtualization 安全漏洞
CNNVD-202404-2194
CVE-2024-21108
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
119
Oracle Solaris 安全漏洞
CNNVD-202404-2206
CVE-2024-21105
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
120
Oracle MySQL 安全漏洞
CNNVD-202404-2217
CVE-2024-21101
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
121
Oracle MySQL 安全漏洞
CNNVD-202404-2218
CVE-2024-21000
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
122
Oracle Java SE 安全漏洞
CNNVD-202404-2244
CVE-2024-21004
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
123
Oracle Java SE 安全漏洞
CNNVD-202404-2245
CVE-2024-21002
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
124
Oracle Java SE 和 Oracle GraalVM 安全漏洞
CNNVD-202404-2246
CVE-2024-21005
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
125
Oracle Java SE 安全漏洞
CNNVD-202404-2247
CVE-2024-21003
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
126
Oracle Java SE 和Oracle GraalVM 安全漏洞
CNNVD-202404-2248
CVE-2024-21012
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
127
Oracle Java SE 安全漏洞
CNNVD-202404-2249
CVE-2024-21094
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
128
Oracle Java SE 安全漏洞
CNNVD-202404-2250
CVE-2024-21068
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
129
Oracle Java SE 安全漏洞
CNNVD-202404-2251
CVE-2024-21011
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
130
Oracle Java SE 安全漏洞
CNNVD-202404-2252
CVE-2024-21085
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
131
Oracle Java SE 安全漏洞
CNNVD-202404-2253
CVE-2024-21098
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
132
Oracle Java SE 的 Oracle GraalVM 安全漏洞
CNNVD-202404-2256
CVE-2024-20954
低危
https://www.oracle.com/security-alerts/cpuapr2024.html
133
Oracle Database Server 安全漏洞
CNNVD-202404-2372
CVE-2024-20995
低危
https://www.oracle.com/security-alerts/cpuapr2024.html

此次更新共包括10个更新漏洞的补丁程序,其中高危漏洞3个,中危漏洞4个,低危漏洞3个。

序号
漏洞名称
CNNVD编号
CVE编号
危害等级
官方链接
1
Oracle部分产品 安全漏洞
CNNVD-202401-1563
CVE-2024-20918
高危
https://www.oracle.com/security-alerts/cpujan2024.html
2
Oracle部分产品 安全漏洞
CNNVD-202401-1546
CVE-2024-20932
高危
https://www.oracle.com/security-alerts/cpujan2024.html
3
Oracle部分产品 安全漏洞
CNNVD-202401-1537
CVE-2024-20952
高危
https://www.oracle.com/security-alerts/cpujan2024.html
4
Oracle Java SE 安全漏洞
CNNVD-202401-1582
CVE-2024-20919
中危
https://www.oracle.com/security-alerts/cpujan2024.html
5
Oracle Java SE 安全漏洞
CNNVD-202401-1583
CVE-2024-20921
中危
https://www.oracle.com/security-alerts/cpujan2024verbose.html
6
Oracle Java SE和Oracle GraalVM 安全漏洞
CNNVD-202401-1548
CVE-2024-20926
中危
https://www.oracle.com/security-alerts/cpujan2024.html
7
Oracle Java SE 安全漏洞
CNNVD-202401-1584
CVE-2024-20945
中危
https://www.oracle.com/security-alerts/cpujan2024.html
8
Oracle部分产品 安全漏洞
CNNVD-202401-1556
CVE-2024-20922
低危
https://www.oracle.com/security-alerts/cpujan2024.html
9
Oracle部分产品安全漏洞
CNNVD-202401-1675
CVE-2024-20923
低危
https://www.oracle.com/security-alerts/cpujan2024.html
10
Oracle Java SE和Oracle GraalVM 安全漏洞
CNNVD-202401-1673
CVE-2024-20925
低危
https://www.oracle.com/security-alerts/cpujan2024.html

此次更新共包括193个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞26个,高危漏洞93个,中危漏洞68个,低危漏洞6个。

序号

漏洞名称
CNNVD编号
CVE编号
危害等级
厂商
官方链接
1
Terracotta Quartz Scheduler 代码问题漏洞
CNNVD-201907-1383
CVE-2019-13990
超危
softwareag
http://www.quartz-scheduler.org/
2
Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞
CNNVD-202207-838
CVE-2020-29508
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
3
Dell BSAFE 安全特征问题漏洞
CNNVD-202207-834
CVE-2020-35163
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
4
Dell BSAFE 安全漏洞
CNNVD-202207-832
CVE-2020-35166
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
5
Dell BSAFE 安全漏洞
CNNVD-202207-831
CVE-2020-35167
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
6
Dell BSAFE 安全漏洞
CNNVD-202207-828
CVE-2020-35168
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
7
handlebars 安全漏洞
CNNVD-202104-686
CVE-2021-23369
超危
个人开发者
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
8
handlebars 安全漏洞
CNNVD-202105-130
CVE-2021-23383
超危
个人开发者
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
9
Apache DB DdlUtils 代码问题漏洞
CNNVD-202109-1960
CVE-2021-41616
超危
Apache基金会
https://lists.apache.org/thread.html/r3d7a8303a820144f5e2d1fd0b067e18d419421b58346b53b58d3fa72%40%3Cannounce.apache.org%3E
10
iText 命令注入漏洞
CNNVD-202112-1333
CVE-2021-43113
超危
个人开发者
https://github.com/itext/itext7/releases/tag/7.1.17
11
SnakeYAML 代码问题漏洞
CNNVD-202212-1820
CVE-2022-1471
超危
个人开发者
https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
12
Dell BSAFE 安全漏洞
CNNVD-202402-197
CVE-2022-34381
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability
13
HSQLDB 安全漏洞
CNNVD-202210-196
CVE-2022-41853
超危
The HSQL Development Group
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7
14
Apache Commons Text 代码注入漏洞
CNNVD-202210-790
CVE-2022-42889
超危
Apache基金会
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
15
Apache Commons BCEL 缓冲区错误漏洞
CNNVD-202211-2199
CVE-2022-42920
超危
Apache基金会
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
16
Apache SOAP 访问控制错误漏洞
CNNVD-202211-2683
CVE-2022-45378
超危
Apache
https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31
17
Apache Derby 注入漏洞
CNNVD-202311-1655
CVE-2022-46337
超危
Apache基金会
https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
18
Apache CXF 代码问题漏洞
CNNVD-202212-3143
CVE-2022-46364
超危
Apache基金会
https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
19
VMware Spring Security 安全漏洞
CNNVD-202307-1680
CVE-2023-34034
超危
VMware
https://spring.io/security/cve-2023-34034
20
curl 缓冲区错误漏洞
CNNVD-202310-917
CVE-2023-38545
超危
curl
https://github.com/curl/curl/commit/fb4415d8aee6c1
21
Apple Safari 代码问题漏洞
CNNVD-202309-2063
CVE-2023-41993
超危
Apple
https://support.apple.com/en-us/HT213930
22
npm IP Package 代码问题漏洞
CNNVD-202402-689
CVE-2023-42282
超危
npm
https://www.npmjs.com/package/ip
23
Apache ZooKeeper 安全漏洞
CNNVD-202310-856
CVE-2023-44981
超危
Apache基金会
https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b
24
Apache ActiveMQ 代码问题漏洞
CNNVD-202310-2332
CVE-2023-46604
超危
Apache基金会
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
25
Perl 安全漏洞
CNNVD-202312-067
CVE-2023-47100
超危
Perl
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
26
PostgreSQL JDBC Driver 安全漏洞
CNNVD-202402-1534
CVE-2024-1597
超危
PostgreSQL
https://github.com/pgjdbc/pgjdbc/releases/tag/REL42.7.2
27
Apache MINA 安全漏洞
CNNVD-201910-048
CVE-2019-0231
高危
Apache基金会
http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019
28
jackson-mapper-asl 代码问题漏洞
CNNVD-201911-1110
CVE-2019-10172
高危
个人开发者
https://mvnrepository.com/artifact/org.codehaus.jackson
29
Red Hat Hibernate ORM SQL注入漏洞
CNNVD-202011-1706
CVE-2020-25638
高危
Red Hat
https://hibernate.org/
30
Dell BSAFE 安全漏洞
CNNVD-202207-833
CVE-2020-35164
高危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
31
Python 输入验证错误漏洞
CNNVD-202208-3716
CVE-2021-28861
高危
Python
https://bugs.python.org/issue43223
32
Perl 代码问题漏洞
CNNVD-202108-807
CVE-2021-36770
高危
Perl
https://access.redhat.com/security/cve/cve-2021-36770
33
Certifi 数据伪造问题漏洞
CNNVD-202212-2660
CVE-2022-23491
高危
Certifi
https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
34
nekohtml资源管理错误漏洞
CNNVD-202204-2918
CVE-2022-24839
高危
个人开发者
https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d
35
Google protobuf 安全漏洞
CNNVD-202210-769
CVE-2022-3171
高危
Google
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
36
Apache Xalan 输入验证错误漏洞
CNNVD-202207-1617
CVE-2022-34169
高危
Apache基金会
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
37
XStream 缓冲区错误漏洞
CNNVD-202209-1230
CVE-2022-40152
高危
XStream
https://github.com/x-stream/xstream/issues/304
38
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202210-1712
CVE-2022-41704
高危
Apache基金会
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
39
FasterXML jackson-databind 代码问题漏洞
CNNVD-202210-007
CVE-2022-42003
高危
FasterXML
https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
40
FasterXML jackson-databind 代码问题漏洞
CNNVD-202210-006
CVE-2022-42004
高危
FasterXML
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
41
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202210-1707
CVE-2022-42890
高危
Apache基金会
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
42
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202308-1802
CVE-2022-44729
高危
Apache基金会
https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
43
Hutool 缓冲区错误漏洞
CNNVD-202212-3131
CVE-2022-45688
高危
Dromara社区
https://github.com/dromara/hutool/issues/2748
44
Apache Ivy 代码问题漏洞
CNNVD-202308-1684
CVE-2022-46751
高危
Apache基金会
https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8
45
UnRAR 后置链接漏洞
CNNVD-202308-425
CVE-2022-48579
高危
个人开发者
https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee
46
OpenSSL 信任管理问题漏洞
CNNVD-202303-1681
CVE-2023-0464
高危
OpenSSL
https://www.openssl.org/news/secadv/20230322.txt
47
Red Hat JBoss Enterprise Application Platform 安全漏洞
CNNVD-202303-798
CVE-2023-1108
高危
Red Hat
https://github.com/ICEPAY/REST-API-NET/commit/61f6b8758e5c971abff5f901cfa9f231052b775f
48
netplex json-smart 安全漏洞
CNNVD-202303-1658
CVE-2023-1370
高危
netplex
https://netplex.github.io/json-smart/
49
Jettison 安全漏洞
CNNVD-202303-1656
CVE-2023-1436
高危
Jettison
https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
50
Spring Framework 安全漏洞
CNNVD-202303-2401
CVE-2023-20860
高危
Spring
https://spring.io/security/cve-2023-20860
51
ModSecurity 安全漏洞
CNNVD-202301-1585
CVE-2023-24021
高危
个人开发者
https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334
52
Apache Commons FileUpload 安全漏洞
CNNVD-202302-1610
CVE-2023-24998
高危
Apache基金会
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
53
OpenCV 代码问题漏洞
CNNVD-202305-852
CVE-2023-2617
高危
OpenCV
https://github.com/opencv/opencv_contrib/pull/3480
54
OpenCV 安全漏洞
CNNVD-202305-851
CVE-2023-2618
高危
OpenCV
https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6
55
Intel oneAPI Toolkits 代码问题漏洞
CNNVD-202308-1031
CVE-2023-28823
高危
Intel
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
56
glib2 资源管理错误漏洞
CNNVD-202306-1169
CVE-2023-29499
高危
GNOME
https://gitlab.gnome.org/GNOME/glib/
57
Google Guava 安全漏洞
CNNVD-202306-1141
CVE-2023-2976
高危
Google
https://github.com/google/guava
58
Apache HTTP Server 缓冲区错误漏洞
CNNVD-202310-1640
CVE-2023-31122
高危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
59
Red Hat Undertow 安全漏洞
CNNVD-202308-506
CVE-2023-3223
高危
Red Hat
https://undertow.io/
60
glib2 资源管理错误漏洞
CNNVD-202306-1170
CVE-2023-32636
高危
GNOME
https://gitlab.gnome.org/GNOME/glib/
61
glib2 缓冲区错误漏洞
CNNVD-202306-1172
CVE-2023-32643
高危
GNOME
https://gitlab.gnome.org/GNOME/glib/
62
Spring Framework 安全漏洞
CNNVD-202311-2123
CVE-2023-34053
高危
Spring团队
https://github.com/spring-projects/spring-framework/releases/tag/v6.0.
63
Apache Tomcat 安全漏洞
CNNVD-202306-1525
CVE-2023-34981
高危
Apache基金会
https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
64
Jenkins 跨站请求伪造漏洞
CNNVD-202306-1089
CVE-2023-35141
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135
65
Okio 安全漏洞
CNNVD-202307-1161
CVE-2023-3635
高危
square
https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
66
Eclipse Jetty 资源管理错误漏洞
CNNVD-202310-691
CVE-2023-36478
高危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
67
Python 安全漏洞
CNNVD-202306-1804
CVE-2023-36632
高危
Python基金会
https://docs.python.org/3/library/email.html
68
HCL BigFix Platform 输入验证错误漏洞
CNNVD-202310-848
CVE-2023-37536
高危
HCL Technologies
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
69
curl 安全漏洞
CNNVD-202309-1067
CVE-2023-38039
高危
curl
https://github.com/curl/curl
70
python-cryptography 信任管理问题漏洞
CNNVD-202307-1332
CVE-2023-38325
高危
Cryptographic团队
https://github.com/pyca/cryptography/issues/9207
71
MIT Kerberos 资源管理错误漏洞
CNNVD-202308-1454
CVE-2023-39975
高危
MIT
https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840
72
Eclipse Parsson 安全漏洞
CNNVD-202311-268
CVE-2023-4043
高危
Eclipse基金会
https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
73
Redis 安全漏洞
CNNVD-202401-776
CVE-2023-41056
高危
Redis Labs
https://github.com/redis/redis/commit/e351099e1119fb89496be578f5232c61ce300224
74
Apple iOS 和 iPadOS 安全漏洞
CNNVD-202309-2265
CVE-2023-41074
高危
Apple
https://support.apple.com/en-us/HT213938
75
Python 代码问题漏洞
CNNVD-202308-1930
CVE-2023-41105
高危
Python基金会
https://github.com/python/cpython/pull/107982
76
Apple Safari 安全漏洞
CNNVD-202311-2397
CVE-2023-42917
高危
Apple
https://support.apple.com/en-us/HT214033
77
Jenkins 安全漏洞
CNNVD-202309-1972
CVE-2023-43496
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072
78
Jenkins 代码问题漏洞
CNNVD-202309-1971
CVE-2023-43497
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
79
Jenkins 安全漏洞
CNNVD-202309-1970
CVE-2023-43498
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
80
Apache HTTP Server 资源管理错误漏洞
CNNVD-202310-1641
CVE-2023-43622
高危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
81
urllib3 信息泄露漏洞
CNNVD-202310-281
CVE-2023-43804
高危
个人开发者
https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
82
Pillow 安全漏洞
CNNVD-202311-282
CVE-2023-44271
高危
个人开发者
https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
83
Apache HTTP/2 资源管理错误漏洞
CNNVD-202310-667
CVE-2023-44487
高危
Apache基金会
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
84
OpenTelemetry-Go Contrib 安全漏洞
CNNVD-202310-955
CVE-2023-45142
高危
OpenTelemetry
https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh
85
Plotly.js 安全漏洞
CNNVD-202401-128
CVE-2023-46308
高危
个人开发者
https://github.com/plotly/plotly.js/releases/tag/v2.25.2
86
shadow 安全漏洞
CNNVD-202310-843
CVE-2023-4641
高危
个人开发者
https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904
87
Apache Tomcat 环境问题漏洞
CNNVD-202311-2168
CVE-2023-46589
高危
Apache基金会
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
88
Perl 安全漏洞
CNNVD-202311-2025
CVE-2023-47038
高危
PERL社区
https://bugzilla.redhat.com/show_bug.cgi?id=2249523
89
Perl 安全漏洞
CNNVD-202311-2026
CVE-2023-47039
高危
PERL社区
https://www.perl.org/
90
OpenSSL 安全漏洞
CNNVD-202309-665
CVE-2023-4807
高危
OpenSSL
https://www.openssl.org/news/secadv/20230908.txt
91
Google Chrome 缓冲区错误漏洞
CNNVD-202309-784
CVE-2023-4863
高危
Google
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
92
glibc 缓冲区错误漏洞
CNNVD-202310-197
CVE-2023-4911
高危
GNU社区
https://www.gnu.org/software/libc/
93
Apache Solr 安全漏洞
CNNVD-202402-792
CVE-2023-50298
高危
Apache
https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
94
Apache Solr 代码问题漏洞
CNNVD-202402-791
CVE-2023-50386
高危
Apache
https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets
95
JSON-Java 安全漏洞
CNNVD-202310-951
CVE-2023-5072
高危
个人开发者
https://github.com/stleary/JSON-java/
96
Jasper 安全漏洞
CNNVD-202401-1315
CVE-2023-51257
高危
Jasper
https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a
97
GNU C Library 安全漏洞
CNNVD-202309-2162
CVE-2023-5156
高危
GNU社区
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
98
jose4j 安全漏洞
CNNVD-202402-2688
CVE-2023-51775
高危
Bitbucket
https://bitbucket.org/b_c/jose4j/downloads/
99
Connect2id Nimbus JOSE+JWT 安全漏洞
CNNVD-202402-845
CVE-2023-52428
高危
Connect2id
https://connect2id.com/products/nimbus-jose-jwt
100
OpenSSL 安全漏洞
CNNVD-202310-1871
CVE-2023-5363
高危
OpenSSL团队
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
101
Red Hat Undertow 安全漏洞
CNNVD-202312-977
CVE-2023-5379
高危
Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=2242099
102
glibc 缓冲区错误漏洞
CNNVD-202401-2632
CVE-2023-6246
高危
个人开发者
https://github.com/kraj/glibc/releases/tag/glibc-2.37
103
logback 代码问题漏洞
CNNVD-202311-2206
CVE-2023-6378
高危
Quality Open Software
https://logback.qos.ch/download.html
104
Quality Open Software Logback 安全漏洞
CNNVD-202312-277
CVE-2023-6481
高危
Quality Open Software
https://logback.qos.ch/news.html
105
glibc 缓冲区错误漏洞
CNNVD-202401-2633
CVE-2023-6779
高危
个人开发者
https://github.com/kraj/glibc/releases/tag/glibc-2.38
106
Red Hat Undertow 资源管理错误漏洞
CNNVD-202402-1551
CVE-2024-1635
高危
Red Hat
https://undertow.io/
107
runc 安全漏洞
CNNVD-202401-2725
CVE-2024-21626
高危
个人开发者
https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
108
Amazon Ion 安全漏洞
CNNVD-202401-216
CVE-2024-21634
高危
Amazon
https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6
109
Node.js 安全漏洞
CNNVD-202402-1466
CVE-2024-21892
高危
Node.js
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high
110
Node.js 安全漏洞
CNNVD-202402-1467
CVE-2024-22019
高危
Node.js
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high
111
Eclipse Jetty 安全漏洞
CNNVD-202402-2103
CVE-2024-22201
高危
Eclipse
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
112
Spring Framework 安全漏洞
CNNVD-202401-1957
CVE-2024-22233
高危
Spring
https://spring.io/security/cve-2024-22233/
113
Spring Framework 安全漏洞
CNNVD-202402-1929
CVE-2024-22243
高危
Spring
https://spring.io/projects/spring-framework#support
114
VMware Spring Security 安全漏洞
CNNVD-202403-1650
CVE-2024-22257
高危
VMware
https://spring.io/security/cve-2024-22257
115
Spring Framework 安全漏洞
CNNVD-202403-1543
CVE-2024-22259
高危
Spring
https://spring.io/security/cve-2024-22259
116
Apache Tomcat 安全漏洞
CNNVD-202403-1180
CVE-2024-23672
高危
Apache
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
117
Apache Tomcat 输入验证错误漏洞
CNNVD-202403-1179
CVE-2024-24549
高危
Apache
https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
118
libxml2 安全漏洞
CNNVD-202402-242
CVE-2024-25062
高危
个人开发者
https://gitlab.gnome.org/GNOME/libxml2/-/tags
119
python-cryptography 安全漏洞
CNNVD-202402-1783
CVE-2024-26130
高危
Cryptographic
https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
120
Apache Ant 安全漏洞
CNNVD-202107-983
CVE-2021-36373
中危
Apache基金会
https://ant.apache.org/
121
Apache Ant 安全漏洞
CNNVD-202107-984
CVE-2021-36374
中危
Apache基金会
https://ant.apache.org/
122
Apache Commons Net 输入验证错误漏洞
CNNVD-202212-2188
CVE-2021-37533
中危
Apache基金会
https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
123
JetBrains Kotlin 安全特征问题漏洞
CNNVD-202202-606
CVE-2022-24329
中危
JetBrains
http://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021
124
MetadataExtractor 安全漏洞
CNNVD-202202-1859
CVE-2022-24613
中危
个人开发者
https://cxsecurity.com/cveshow/CVE-2022-24613/
125
MetadataExtractor 安全漏洞
CNNVD-202202-1858
CVE-2022-24614
中危
个人开发者
https://cxsecurity.com/cveshow/CVE-2022-24614/
126
Apache Portable Runtime 输入验证错误漏洞
CNNVD-202301-2414
CVE-2022-25147
中危
Apache基金会
https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
127
jQuery 跨站脚本漏洞
CNNVD-202207-2121
CVE-2022-31160
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
128
jsoup 跨站脚本漏洞
CNNVD-202208-4329
CVE-2022-36033
中危
个人开发者
https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
129
Matthäus G. Chajdas pygments 代码问题漏洞
CNNVD-202307-1683
CVE-2022-40896
中危
Matthäus G. Chajdas
https://pypi.org/project/Pygments/
130
OpenSSL 信任管理问题漏洞
CNNVD-202303-2432
CVE-2023-0465
中危
OpenSSL
https://www.openssl.org/news/secadv/20230328.txt
131
OpenSSL 信任管理问题漏洞
CNNVD-202303-2431
CVE-2023-0466
中危
OpenSSL
https://www.openssl.org/news/secadv/20230328.txt
132
Red Hat AMQ 安全漏洞
CNNVD-202302-1203
CVE-2023-0833
中危
Red Hat
https://www.redhat.com/en/resources/amq-streams-datasheet
133
OpenSSL 缓冲区错误漏洞
CNNVD-202304-1714
CVE-2023-1255
中危
OpenSSL
https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
134
Spring Framework 安全漏洞
CNNVD-202303-1917
CVE-2023-20861
中危
Spring
https://spring.io/security/cve-2023-20861
135
Spring Framework 安全漏洞
CNNVD-202304-1667
CVE-2023-20862
中危
Spring
https://spring.io/security/cve-2023-20862
136
Spring Framework 安全漏洞
CNNVD-202304-1094
CVE-2023-20863
中危
Spring
https://spring.io/security/cve-2023-20863
137
libssh 授权问题漏洞
CNNVD-202305-2087
CVE-2023-2283
中危
libssh
https://www.debian.org/security/2023/
138
OpenSSL 安全漏洞
CNNVD-202305-2503
CVE-2023-2650
中危
OpenSSL
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
139
Intel oneAPI Toolkits 安全漏洞
CNNVD-202308-1047
CVE-2023-27391
中危
Intel
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
140
Apache Tomcat 安全漏洞
CNNVD-202303-1662
CVE-2023-28708
中危
Apache基金会
https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
141
Flexera InstallShield 安全漏洞
CNNVD-202401-2402
CVE-2023-29081
中危
Flexera
https://community.flexera.com/t5/Product-Downloads/ct-p/Downloads
142
OpenSSL 授权问题漏洞
CNNVD-202307-1295
CVE-2023-2975
中危
OpenSSL团队
https://www.openssl.org/news/secadv/20230714.txt
143
glib2 资源管理错误漏洞
CNNVD-202306-1171
CVE-2023-32611
中危
GNOME
https://gitlab.gnome.org/GNOME/glib/
144
glib2 代码问题漏洞
CNNVD-202306-1168
CVE-2023-32665
中危
GNOME
https://gitlab.gnome.org/GNOME/glib/
145
Bouncy Castle 信任管理问题漏洞
CNNVD-202307-168
CVE-2023-33201
中危
Bouncy Castle
https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
146
Bouncy Castle 资源管理错误漏洞
CNNVD-202311-1981
CVE-2023-33202
中危
Bouncy Castle
https://www.bouncycastle.org/latest_releases.html
147
Spring Security 安全漏洞
CNNVD-202307-1539
CVE-2023-34035
中危
Spring
https://spring.io/security/cve-2023-34035
148
VMware Spring Boot 安全漏洞
CNNVD-202311-2124
CVE-2023-34055
中危
VMware
https://github.com/spring-projects/spring-boot/releases/tag/v3.0.
149
OpenSSL 安全漏洞
CNNVD-202307-1681
CVE-2023-3446
中危
OpenSSL团队
https://www.openssl.org/news/secadv/20230719.txt
150
FasterXML jackson-databind 代码问题漏洞
CNNVD-202306-1121
CVE-2023-35116
中危
FasterXML
https://github.com/FasterXML/jackson-databind/issues/3972
151
Apache MINA 路径遍历漏洞
CNNVD-202307-582
CVE-2023-35887
中危
Apache基金会
https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
152
Eclipse Jetty 安全漏洞
CNNVD-202309-1093
CVE-2023-36479
中危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
153
OpenSSL 安全漏洞
CNNVD-202307-2314
CVE-2023-3817
中危
OpenSSL团队
https://www.openssl.org/news/secadv/20230731.txt
154
Jenkins 跨站脚本漏洞
CNNVD-202307-2099
CVE-2023-39151
中危
Jenkins
https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188
155
procps 缓冲区错误漏洞
CNNVD-202308-085
CVE-2023-4016
中危
procps-ng
https://gitlab.com/procps-ng/procps
156
Eclipse Jetty 安全漏洞
CNNVD-202309-1102
CVE-2023-40167
中危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
157
Python 安全漏洞
CNNVD-202308-2059
CVE-2023-40217
中危
Python基金会
https://www.python.org/dev/security/
158
Apache Tomcat 输入验证错误漏洞
CNNVD-202308-2096
CVE-2023-41080
中危
Apache基金会
https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
159
Eclipse Jetty 安全漏洞
CNNVD-202309-1113
CVE-2023-41900
中危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
160
Apache Commons Compress 资源管理错误漏洞
CNNVD-202309-1000
CVE-2023-42503
中危
Apache基金会
https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
161
Jenkins 安全漏洞
CNNVD-202309-1974
CVE-2023-43494
中危
Jenkins
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261
162
Jenkins 跨站脚本漏洞
CNNVD-202309-1973
CVE-2023-43495
中危
Jenkins
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245
163
Apache Santuario 日志信息泄露漏洞
CNNVD-202310-1720
CVE-2023-44483
中危
Apache基金会
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
164
glibc 缓冲区错误漏洞
CNNVD-202309-933
CVE-2023-4527
中危
个人开发者
https://sourceware.org/bugzilla/show_bug.cgi?id=30842
165
Apache HTTP Server 资源管理错误漏洞
CNNVD-202310-1636
CVE-2023-45802
中危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
166
urllib3 信息泄露漏洞
CNNVD-202310-1359
CVE-2023-45803
中危
urllib3
https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
167
curl 安全漏洞
CNNVD-202312-490
CVE-2023-46218
中危
curl
https://curl.se/docs/CVE-2023-46218.html
168
curl 安全漏洞
CNNVD-202312-499
CVE-2023-46219
中危
curl
https://curl.se/docs/CVE-2023-46219.html
169
Node.js 安全漏洞
CNNVD-202402-1465
CVE-2023-46809
中危
Node.js
https://nodejs.org/
170
glibc 资源管理错误漏洞
CNNVD-202309-932
CVE-2023-4806
中危
GNU社区
https://sourceware.org/bugzilla/show_bug.cgi?id=30843
171
OpenSSH 安全漏洞
CNNVD-202312-1668
CVE-2023-48795
中危
OpenBSD
https://www.openssh.com/openbsd.html
172
Python cryptography 代码问题漏洞
CNNVD-202311-2230
CVE-2023-49083
中危
Python基金会
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
173
python-cryptography 安全漏洞
CNNVD-202312-1318
CVE-2023-50782
中危
Cryptographic团队
https://cryptography.io/en/latest/
174
Jayway JsonPath 安全漏洞
CNNVD-202312-2349
CVE-2023-51074
中危
json-path
https://github.com/json-path/JsonPath/issues/973
175
ImageMagick 资源管理错误漏洞
CNNVD-202310-092
CVE-2023-5341
中危
ImageMagick
https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1
176
OpenSSL 代码问题漏洞
CNNVD-202311-423
CVE-2023-5678
中危
OpenSSL
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
177
OpenSSL 安全漏洞
CNNVD-202401-736
CVE-2023-6129
中危
OpenSSL
https://www.openssl.org/news/secadv/20240109.txt
178
Python 安全漏洞
CNNVD-202312-708
CVE-2023-6507
中危
Python基金会
https://mail.python.org/archives/list/[email protected]/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/
179
glibc 缓冲区错误漏洞
CNNVD-202401-2631
CVE-2023-6780
中危
个人开发者
https://github.com/kraj/glibc/releases/tag/glibc-2.38
180
curl 安全漏洞
CNNVD-202401-2732
CVE-2024-0853
中危
curl
https://curl.se/docs/CVE-2024-0853.html
181
Red Hat Undertow 安全漏洞
CNNVD-202402-940
CVE-2024-1459
中危
Red Hat
https://undertow.io/downloads.html
182
Jinja 跨站脚本漏洞
CNNVD-202401-963
CVE-2024-22195
中危
个人开发者
https://github.com/pallets/jinja/releases/tag/3.1.3
183
OWASP AntiSamy 跨站脚本漏洞
CNNVD-202402-204
CVE-2024-23635
中危
OWASP
https://github.com/nahsra/antisamy/releases/tag/v1.7.5
184
CKEditor 跨站脚本漏洞
CNNVD-202402-598
CVE-2024-24815
中危
CKEditor
https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
185
CKEditor 跨站脚本漏洞
CNNVD-202402-605
CVE-2024-24816
中危
CKEditor
https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
186
Apache Commons Compress 安全漏洞
CNNVD-202402-1528
CVE-2024-25710
中危
Apache
https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
187
Apache Commons Compress 安全漏洞
CNNVD-202402-1527
CVE-2024-26308
中危
Apache
https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
188
Google Guava 访问控制错误漏洞
CNNVD-202012-827
CVE-2020-8908
低危
Google
https://github.com/google/guava/issues/4011
189
curl 安全漏洞
CNNVD-202310-916
CVE-2023-38546
低危
curl
https://github.com/curl/curl/releases
190
Pip 命令注入漏洞
CNNVD-202310-1912
CVE-2023-5752
低危
Python Packaging Authority
https://github.com/pypa/pip/releases/tag/23.3.1
191
libssh 安全漏洞
CNNVD-202312-1736
CVE-2023-6004
低危
libssh
https://www.libssh.org/files/0.10/
192
libssh 安全漏洞
CNNVD-202312-1734
CVE-2023-6918
低危
libssh
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
193
OpenSSL 安全漏洞
CNNVD-202401-2353
CVE-2024-0727
低危
OpenSSL
https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

三、修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpuapr2024.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。
联系方式: [email protected]
(来源:CNNVD)

分享网络安全知识 强化网络安全意识

欢迎关注《中国信息安全》杂志官方抖音号

《中国信息安全》杂志倾力推荐

“企业成长计划”

点击下图 了解详情


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664211278&idx=4&sn=e4de21613365aeacdaf08d5da06b5203&chksm=8b59a1b7bc2e28a147111295854054753d06d75895d6cbb77440f03c11ec314cf7880ad79de3&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh