CNNVD | 关于Oracle多个安全漏洞的通报
2024-7-19 17:37:8 Author: mp.weixin.qq.com(查看原文) 阅读量:5 收藏

 扫码订阅《中国信息安全》

邮发代号 2-786

征订热线:010-82341063

漏洞情况

近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞65个,影响到Oracle产品的其他厂商漏洞170个。包括Oracle Fusion Middleware 安全漏洞(CNNVD-202407-1769、CVE-2024-21181)Oracle Virtualization 安全漏洞(CNNVD-202407-1644、CVE-2024-21141)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据、提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

 漏洞介绍

2024年7月16日,Oracle发布了2024年7月份安全更新,共235个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Analytics、Oracle PeopleSoft Products、Oracle Virtualization、Oracle E-Business Suite、Oracle Java SE等。CNNVD对其危害等级进行了评价,其中超危漏洞24个,高危漏洞78个,中危漏洞120个,低危漏洞13个。

Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpujul2024.html


漏洞详情

此次更新共235个漏洞的补丁程序,包括63个新增漏洞的补丁程序、2个更新漏洞的补丁程序和170个影响Oracle产品的其他厂商漏洞的补丁程序。

此次更新共包括63个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞12个,中危漏洞43个,低危漏洞7个。

序号
漏洞名称
CNNVD编号
CVE编号
危害等级
官方链接
1
Oracle Fusion Middleware 安全漏洞
CNNVD-202407-1769
CVE-2024-21181
超危
https://www.oracle.com/security-alerts/cpujul2024.html
2
Oracle Virtualization 安全漏洞
CNNVD-202407-1644
CVE-2024-21141
高危
https://www.oracle.com/security-alerts/cpujul2024.html
3
Oracle Retail Applications 安全漏洞
CNNVD-202407-1660
CVE-2024-21136
高危
https://www.oracle.com/security-alerts/cpujul2024.html
4
Oracle Java SE 安全漏洞
CNNVD-202407-1739
CVE-2024-21147
高危
https://www.oracle.com/security-alerts/cpujul2024.html
5
Oracle Fusion Middleware 安全漏洞
CNNVD-202407-1761
CVE-2024-21183
高危
https://www.oracle.com/security-alerts/cpujul2024.html
6
Oracle Fusion Middleware 安全漏洞
CNNVD-202407-1763
CVE-2024-21175
高危
https://www.oracle.com/security-alerts/cpujul2024.html
7
Oracle Fusion Middleware 安全漏洞
CNNVD-202407-1766
CVE-2024-21182
高危
https://www.oracle.com/security-alerts/cpujul2024.html
8
Oracle Database Server 安全漏洞
CNNVD-202407-1768
CVE-2024-21184
高危
https://www.oracle.com/security-alerts/cpujul2024.html
9
Oracle E-Business Suite 安全漏洞
CNNVD-202407-1772
CVE-2024-21167
高危
https://www.oracle.com/security-alerts/cpujul2024.html
10
Oracle E-Business Suite 安全漏洞
CNNVD-202407-1777
CVE-2024-21146
高危
https://www.oracle.com/security-alerts/cpujul2024.html
11
Oracle E-Business Suite 安全漏洞
CNNVD-202407-1778
CVE-2024-21153
高危
https://www.oracle.com/security-alerts/cpujul2024.html
12
Oracle E-Business Suite 安全漏洞
CNNVD-202407-1779
CVE-2024-21152
高危
https://www.oracle.com/security-alerts/cpujul2024.html
13
Oracle E-Business Suite 安全漏洞
CNNVD-202407-1780
CVE-2024-21149
高危
https://www.oracle.com/security-alerts/cpujul2024.html
14
Oracle Virtualization 安全漏洞
CNNVD-202407-1641
CVE-2024-21161
中危
https://www.oracle.com/security-alerts/cpujul2024.html
15
Oracle ZFS Storage Appliance 安全漏洞
CNNVD-202407-1647
CVE-2024-21155
中危
https://www.oracle.com/security-alerts/cpujul2024.html
16
Oracle PeopleSoft Products 安全漏洞
CNNVD-202407-1663
CVE-2024-21154
中危
https://www.oracle.com/security-alerts/cpujul2024.html
17
Oracle PeopleSoft Products 安全漏洞
CNNVD-202407-1664
CVE-2024-21122
中危
https://www.oracle.com/security-alerts/cpujul2024.html
18
Oracle PeopleSoft Products 安全漏洞
CNNVD-202407-1665
CVE-2024-21180
中危
https://www.oracle.com/security-alerts/cpujul2024.html
19
Oracle PeopleSoft Products 安全漏洞
CNNVD-202407-1668
CVE-2024-21178
中危
https://www.oracle.com/security-alerts/cpujul2024.html
20
Oracle PeopleSoft Products 安全漏洞
CNNVD-202407-1670
CVE-2024-21158
中危
https://www.oracle.com/security-alerts/cpujul2024.html
21
Oracle MySQL 安全漏洞
CNNVD-202407-1672
CVE-2024-21134
中危
https://www.oracle.com/security-alerts/cpujul2024.html
22
Oracle MySQL 安全漏洞
CNNVD-202407-1674
CVE-2024-21142
中危
https://www.oracle.com/security-alerts/cpujul2024.html
23
Oracle MySQL 安全漏洞
CNNVD-202407-1677
CVE-2024-21165
中危
https://www.oracle.com/security-alerts/cpujul2024.html
24
Oracle MySQL 安全漏洞
CNNVD-202407-1678
CVE-2024-21162
中危
https://www.oracle.com/security-alerts/cpujul2024.html
25
Oracle MySQL 安全漏洞
CNNVD-202407-1679
CVE-2024-21137
中危
https://www.oracle.com/security-alerts/cpujul2024.html
26
Oracle MySQL 安全漏洞
CNNVD-202407-1682
CVE-2024-21135
中危
https://www.oracle.com/security-alerts/cpujul2024.html
27
Oracle MySQL 安全漏洞
CNNVD-202407-1685
CVE-2024-21130
中危
https://www.oracle.com/security-alerts/cpujul2024.html
28
Oracle MySQL 安全漏洞
CNNVD-202407-1687
CVE-2024-21129
中危
https://www.oracle.com/security-alerts/cpujul2024.html
29
Oracle MySQL 安全漏洞
CNNVD-202407-1688
CVE-2024-21127
中危
https://www.oracle.com/security-alerts/cpujul2024.html
30
Oracle MySQL 安全漏洞
CNNVD-202407-1692
CVE-2024-21179
中危
https://www.oracle.com/security-alerts/cpujul2024.html
31
Oracle MySQL 安全漏洞
CNNVD-202407-1694
CVE-2024-21185
中危
https://www.oracle.com/security-alerts/cpujul2024.html
32
Oracle MySQL 安全漏洞
CNNVD-202407-1695
CVE-2024-21173
中危
https://www.oracle.com/security-alerts/cpujul2024.html
33
Oracle MySQL 安全漏洞
CNNVD-202407-1697
CVE-2024-21160
中危
https://www.oracle.com/security-alerts/cpujul2024.html
34
Oracle MySQL 安全漏洞
CNNVD-202407-1698
CVE-2024-21159
中危
https://www.oracle.com/security-alerts/cpujul2024.html
35
Oracle MySQL 安全漏洞
CNNVD-202407-1701
CVE-2024-20996
中危
https://www.oracle.com/security-alerts/cpujul2024.html
36
Oracle MySQL 安全漏洞
CNNVD-202407-1703
CVE-2024-21157
中危
https://www.oracle.com/security-alerts/cpujul2024.html
37
Oracle MySQL 安全漏洞
CNNVD-202407-1705
CVE-2024-21125
中危
https://www.oracle.com/security-alerts/cpujul2024.html
38
Oracle MySQL 安全漏洞
CNNVD-202407-1708
CVE-2024-21176
中危
https://www.oracle.com/security-alerts/cpujul2024.html
39
Oracle MySQL 安全漏洞
CNNVD-202407-1710
CVE-2024-21166
中危
https://www.oracle.com/security-alerts/cpujul2024.html
40
Oracle MySQL 安全漏洞
CNNVD-202407-1713
CVE-2024-21170
中危
https://www.oracle.com/security-alerts/cpujul2024.html
41
Oracle MySQL 安全漏洞
CNNVD-202407-1714
CVE-2024-21171
中危
https://www.oracle.com/security-alerts/cpujul2024.html
42
Oracle MySQL 安全漏洞
CNNVD-202407-1717
CVE-2024-21163
中危
https://www.oracle.com/security-alerts/cpujul2024.html
43
Oracle MySQL 安全漏洞
CNNVD-202407-1718
CVE-2024-21177
中危
https://www.oracle.com/security-alerts/cpujul2024.html
44
Oracle JD Edwards Products 安全漏洞
CNNVD-202407-1724
CVE-2024-21168
中危
https://www.oracle.com/security-alerts/cpujul2024.html
45
Oracle JD Edwards Products 安全漏洞
CNNVD-202407-1726
CVE-2024-21150
中危
https://www.oracle.com/security-alerts/cpujul2024.html
46
Oracle Java SE 安全漏洞
CNNVD-202407-1735
CVE-2024-21140
中危
https://www.oracle.com/security-alerts/cpujul2024.html
47
Oracle Java SE 安全漏洞
CNNVD-202407-1737
CVE-2024-21145
中危
https://www.oracle.com/security-alerts/cpujul2024.html
48
Oracle Analytics 安全漏洞
CNNVD-202407-1747
CVE-2024-21139
中危
https://www.oracle.com/security-alerts/cpujul2024.html
49
Oracle Fusion Middleware 安全漏洞
CNNVD-202407-1758
CVE-2024-21133
中危
https://www.oracle.com/security-alerts/cpujul2024.html
50
Oracle Financial Services Applications 安全漏洞
CNNVD-202407-1764
CVE-2024-21188
中危
https://www.oracle.com/security-alerts/cpujul2024.html
51
Oracle E-Business Suite 安全漏洞
CNNVD-202407-1770
CVE-2024-21169
中危
https://www.oracle.com/security-alerts/cpujul2024.html
52
Oracle E-Business Suite 安全漏洞
CNNVD-202407-1773
CVE-2024-21143
中危
https://www.oracle.com/security-alerts/cpujul2024.html
53
Oracle E-Business Suite 安全漏洞
CNNVD-202407-1774
CVE-2024-21128
中危
https://www.oracle.com/security-alerts/cpujul2024.html
54
Oracle E-Business Suite 安全漏洞
CNNVD-202407-1775
CVE-2024-21132
中危
https://www.oracle.com/security-alerts/cpujul2024.html
55
Oracle E-Business Suite 安全漏洞
CNNVD-202407-1776
CVE-2024-21148
中危
https://www.oracle.com/security-alerts/cpujul2024.html
56
Oracle Database Server 安全漏洞
CNNVD-202407-1781
CVE-2024-21126
中危
https://www.oracle.com/security-alerts/cpujul2024.html
57
Oracle Virtualization 安全漏洞
CNNVD-202407-1639
CVE-2024-21164
低危
https://www.oracle.com/security-alerts/cpujul2024.html
58
Oracle Solaris 安全漏洞
CNNVD-202407-1645
CVE-2024-21151
低危
https://www.oracle.com/security-alerts/cpujul2024.html
59
Oracle Java SE 安全漏洞
CNNVD-202407-1729
CVE-2024-21138
低危
https://www.oracle.com/security-alerts/cpujul2024.html
60
Oracle Java SE 安全漏洞
CNNVD-202407-1732
CVE-2024-21144
低危
https://www.oracle.com/security-alerts/cpujul2024.html
61
Oracle Java SE 安全漏洞
CNNVD-202407-1734
CVE-2024-21131
低危
https://www.oracle.com/security-alerts/cpujul2024.html
62
Oracle Database Server 安全漏洞
CNNVD-202407-1771
CVE-2024-21174
低危
https://www.oracle.com/security-alerts/cpujul2024.html
63
Oracle Database Server 安全漏洞
CNNVD-202407-1794
CVE-2024-21123
低危
https://www.oracle.com/security-alerts/cpujul2024.html

此次更新共包括2个更新漏洞的补丁程序,其中中危漏洞1个,低危漏洞1个。

序号
漏洞名称
CNNVD编号
CVE编号
危害等级
官方链接
1
Oracle Java SE 安全漏洞
CNNVD-202310-1388
CVE-2023-22081
中危
https://www.oracle.com/security-alerts/cpuoct2023.html
2
Oracle Java SE 安全漏洞
CNNVD-202404-2253
CVE-2024-21098
低危
https://www.oracle.com/security-alerts/cpuapr2024.html

此次更新共包括170个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞23个,高危漏洞66个,中危漏洞76个,低危漏洞5个。

序号
漏洞
名称
CNNV
D编号
CVE编号
危害等级
厂商
官方
链接
1
Terracotta Quartz Scheduler 代码问题漏洞
CNNVD-201907-1383
CVE-2019-13990
超危
softwareag
http://www.quartz-scheduler.org/
2
FasterXML jackson-databind 代码问题漏洞
CNNVD-201910-227
CVE-2019-17267
超危
fasterxml
https://github.com/FasterXML/jackson-databind/issues/2460
3
Apache Xmlbeans 输入验证错误漏洞
CNNVD-202101-1146
CVE-2021-23926
超危
Apache基金会
https://issues.apache.org/jira/browse/XMLBEANS-517
4
Stanford CoreNlp 注入漏洞
CNNVD-202202-1877
CVE-2021-44550
超危
Stanford Nlp Group
https://github.com/stanfordnlp/CoreNLP/issues/1222
5
corenlp 代码问题漏洞
CNNVD-202201-1390
CVE-2022-0239
超危
Stanford Nlp Group团队
https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3
6
OpenSSL 操作系统命令注入漏洞
CNNVD-202205-1962
CVE-2022-1292
超危
Openssl团队
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
7
joblib 安全漏洞
CNNVD-202209-2716
CVE-2022-21797
超危
joblib
https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059
8
Spring Framework 代码注入漏洞
CNNVD-202203-2514
CVE-2022-22965
超危
Spring团队
https://tanzu.vmware.com/security/cve-2022-22965
9
Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞
CNNVD-202302-1411
CVE-2022-25987
超危
Intel
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
10
Dell BSAFE 安全漏洞
CNNVD-202402-197
CVE-2022-34381
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability
11
Scala 代码问题漏洞
CNNVD-202209-2463
CVE-2022-36944
超危
Scala
https://www.scala-lang.org/download/
12
zlib 缓冲区错误漏洞
CNNVD-202208-2276
CVE-2022-37434
超危
个人开发者
https://github.com/madler/zlib/
13
Apache SOAP 访问控制错误漏洞
CNNVD-202211-2683
CVE-2022-45378
超危
Apache
https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31
14
Apache Derby 注入漏洞
CNNVD-202311-1655
CVE-2022-46337
超危
Apache基金会
https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
15
BusyBox 缓冲区错误漏洞
CNNVD-202208-4625
CVE-2022-48174
超危
个人开发者
https://bugs.busybox.net/show_bug.cgi?id=15216
16
VMware Spring Security 安全漏洞
CNNVD-202307-1680
CVE-2023-34034
超危
VMware
https://spring.io/security/cve-2023-34034
17
Certifi 数据伪造问题漏洞
CNNVD-202307-2046
CVE-2023-37920
超危
Certifi
https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
18
Node.js 路径遍历漏洞
CNNVD-202310-1126
CVE-2023-39332
超危
Nodejs
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
19
Apache Axis 输入验证错误漏洞
CNNVD-202309-348
CVE-2023-40743
超危
Apache基金会
https://lists.apache.org/thread/gs0qgk2mgss7zfhzdd6ftfjvm4kp7v82
20
zlib 输入验证错误漏洞
CNNVD-202310-1086
CVE-2023-45853
超危
个人开发者
https://github.com/madler/zlib/pull/843
21
Apache Arrow 代码问题漏洞
CNNVD-202311-735
CVE-2023-47248
超危
Apache基金会
https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
22
Pillow 安全漏洞
CNNVD-202401-1886
CVE-2023-50447
超危
个人开发者
https://github.com/python-pillow/Pillow/releases/tag/10.2
23
Jenkins 安全漏洞
CNNVD-202401-2204
CVE-2024-23897
超危
Jenkins
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
24
Apache Commons Beanutils 代码问题漏洞
CNNVD-201908-1140
CVE-2019-10086
高危
debian
https://issues.apache.org/jira/browse/BEANUTILS-520
25
Apache Batik 代码问题漏洞
CNNVD-202102-1586
CVE-2020-11987
高危
Apache基金会
https://xmlgraphics.apache.org/security.html
26
Microsoft .NET Core 安全漏洞
CNNVD-202102-681
CVE-2021-24112
高危
Microsoft
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112
27
Apache Commons Compress 安全漏洞
CNNVD-202107-899
CVE-2021-36090
高危
Apache基金会
https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
28
Apache Xalan 输入验证错误漏洞
CNNVD-202207-1617
CVE-2022-34169
高危
Apache基金会
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
29
OpenSSL 安全漏洞
CNNVD-202210-2604
CVE-2022-3786
高危
OpenSSL团队
https://www.openssl.org/news/secadv/20221101.txt
30
Apache XML Graphics Batik代码问题漏洞
CNNVD-202209-2287
CVE-2022-40146
高危
Apache基金会
https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx
31
Jettison 缓冲区错误漏洞
CNNVD-202209-1235
CVE-2022-40149
高危
个人开发者
https://github.com/jettison-json/jettison/issues/45
32
Jettison 资源管理错误漏洞
CNNVD-202209-1233
CVE-2022-40150
高危
个人开发者
https://github.com/jettison-json/jettison/issues/45
33
XStream 缓冲区错误漏洞
CNNVD-202209-1230
CVE-2022-40152
高危
XStream
https://github.com/x-stream/xstream/issues/304
34
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202210-1712
CVE-2022-41704
高危
Apache基金会
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
35
Netty 安全漏洞
CNNVD-202212-2914
CVE-2022-41881
高危
Netty社区
https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
36
FasterXML jackson-databind 代码问题漏洞
CNNVD-202210-007
CVE-2022-42003
高危
FasterXML
https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
37
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202210-1707
CVE-2022-42890
高危
Apache基金会
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
38
Jettison 缓冲区错误漏洞
CNNVD-202212-3132
CVE-2022-45685
高危
个人开发者
https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
39
Jettison 缓冲区错误漏洞
CNNVD-202212-3128
CVE-2022-45693
高危
个人开发者
https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
40
netplex json-smart 安全漏洞
CNNVD-202303-1658
CVE-2023-1370
高危
netplex
https://netplex.github.io/json-smart/
41
Jettison 安全漏洞
CNNVD-202303-1656
CVE-2023-1436
高危
Jettison
https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
42
Apache Commons FileUpload 安全漏洞
CNNVD-202302-1610
CVE-2023-24998
高危
Apache基金会
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
43
Apache Hadoop 代码问题漏洞
CNNVD-202311-1444
CVE-2023-26031
高危
Apache基金会
https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r
44
Google Guava 安全漏洞
CNNVD-202306-1141
CVE-2023-2976
高危
Google
https://github.com/google/guava
45
Spring Framework 代码问题漏洞
CNNVD-202308-1998
CVE-2023-34040
高危
Spring
https://spring.io/security/cve-2023-34040
46
Eclipse Jetty 资源管理错误漏洞
CNNVD-202310-691
CVE-2023-36478
高危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
47
HCL BigFix Platform 输入验证错误漏洞
CNNVD-202310-848
CVE-2023-37536
高危
HCL Technologies
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791
48
Node.js 数据伪造问题漏洞
CNNVD-202310-1128
CVE-2023-38552
高危
Nodejs
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
49
Node.js 路径遍历漏洞
CNNVD-202310-1127
CVE-2023-39331
高危
Nodejs
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
50
Eclipse Parsson 安全漏洞
CNNVD-202311-268
CVE-2023-4043
高危
Eclipse基金会
https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
51
Python 代码问题漏洞
CNNVD-202308-1930
CVE-2023-41105
高危
Python基金会
https://github.com/python/cpython/pull/107982
52
Apache HTTP/2 资源管理错误漏洞
CNNVD-202310-667
CVE-2023-44487
高危
Apache基金会
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
53
Apache Tomcat 环境问题漏洞
CNNVD-202311-2168
CVE-2023-46589
高危
Apache基金会
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
54
Eclipse JGit 安全漏洞
CNNVD-202309-850
CVE-2023-4759
高危
Eclipse基金会
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11
55
aiohttp 安全漏洞
CNNVD-202311-1314
CVE-2023-47627
高危
个人开发者
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
56
JSON-Java 安全漏洞
CNNVD-202310-951
CVE-2023-5072
高危
个人开发者
https://github.com/stleary/JSON-java/
57
jose4j 安全漏洞
CNNVD-202402-2688
CVE-2023-51775
高危
Bitbucket
https://bitbucket.org/b_c/jose4j/downloads/
58
libexpat 安全漏洞
CNNVD-202402-245
CVE-2023-52425
高危
个人开发者
https://github.com/libexpat/libexpat/pull/789
59
Connect2id Nimbus JOSE+JWT 安全漏洞
CNNVD-202402-845
CVE-2023-52428
高危
Connect2id
https://connect2id.com/products/nimbus-jose-jwt
60
OpenSSL 安全漏洞
CNNVD-202310-1871
CVE-2023-5363
高危
OpenSSL团队
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
61
Red Hat XNIO 资源管理错误漏洞
CNNVD-202403-455
CVE-2023-5685
高危
Red Hat
https://github.com/xnio/xnio/tags
62
Red Hat Ansible 安全漏洞
CNNVD-202311-262
CVE-2023-5764
高危
Red Hat
https://access.redhat.com/security/cve/cve-2023-5764
63
Python 安全漏洞
CNNVD-202403-1882
CVE-2023-6597
高危
Python
https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
64
cpython 安全漏洞
CNNVD-202406-1925
CVE-2024-0397
高危
Python
https://github.com/gentoo/cpython/commit/a6a90cac7e1af91b032dcf0df13437857bc6c112
65
Node.js 安全漏洞
CNNVD-202402-1466
CVE-2024-21892
高危
Node.js
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high
66
Node.js 安全漏洞
CNNVD-202402-1467
CVE-2024-22019
高危
Node.js
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high
67
Eclipse Jetty 安全漏洞
CNNVD-202402-2103
CVE-2024-22201
高危
Eclipse
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
68
Spring Framework 安全漏洞
CNNVD-202402-1929
CVE-2024-22243
高危
Spring
https://spring.io/projects/spring-framework#support
69
VMware Spring Security 安全漏洞
CNNVD-202403-1650
CVE-2024-22257
高危
VMware
https://spring.io/security/cve-2024-22257
70
Spring Framework 安全漏洞
CNNVD-202403-1543
CVE-2024-22259
高危
Spring
https://spring.io/security/cve-2024-22259
71
Spring Framework 安全漏洞
CNNVD-202404-2193
CVE-2024-22262
高危
Spring
https://spring.io/security/cve-2024-22262
72
Apache Tomcat 安全漏洞
CNNVD-202403-1180
CVE-2024-23672
高危
Apache
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
73
Apache Xerces-C 资源管理错误漏洞
CNNVD-202402-1469
CVE-2024-23807
高危
Apache
https://github.com/apache/xerces-c/pull/54
74
Jenkins 安全漏洞
CNNVD-202401-2202
CVE-2024-23898
高危
Jenkins
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315
75
Apache Tomcat 输入验证错误漏洞
CNNVD-202403-1179
CVE-2024-24549
高危
Apache
https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
76
libxml2 安全漏洞
CNNVD-202402-242
CVE-2024-25062
高危
个人开发者
https://gitlab.gnome.org/GNOME/libxml2/-/tags
77
OpenSSL 安全漏洞
CNNVD-202404-941
CVE-2024-2511
高危
OpenSSL
https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
78
python-cryptography 安全漏洞
CNNVD-202402-1783
CVE-2024-26130
高危
Cryptographic
https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
79
Apache httpd 资源管理错误漏洞
CNNVD-202404-635
CVE-2024-27316
高危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
80
Node.js 安全漏洞
CNNVD-202404-991
CVE-2024-27983
高危
Node.js
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases
81
libexpat 安全漏洞
CNNVD-202403-795
CVE-2024-28757
高危
libexpat
https://github.com/libexpat/libexpat/pull/842
82
Apache Commons Configuration 缓冲区错误漏洞
CNNVD-202403-2143
CVE-2024-29131
高危
Apache
https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
83
Apache Commons Configuration 缓冲区错误漏洞
CNNVD-202403-2142
CVE-2024-29133
高危
Apache
https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2
84
Bouncy Castle 安全漏洞
CNNVD-202405-2601
CVE-2024-29857
高危
Bouncy Castle
https://www.bouncycastle.org/latest_releases.html
85
Apache ActiveMQ 安全漏洞
CNNVD-202405-256
CVE-2024-32114
高危
Apache
https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt
86
Pallets Werkzeug 安全漏洞
CNNVD-202405-1428
CVE-2024-34069
高危
Pallets
https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
87
libxml2 安全漏洞
CNNVD-202405-2380
CVE-2024-34459
高危
个人开发者
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8
88
OpenSSL 安全漏洞
CNNVD-202405-4739
CVE-2024-4741
高危
OpenSSL
https://github.com/openssl/openssl
89
Red Hat Undertow 资源管理错误漏洞
CNNVD-202406-2368
CVE-2024-6162
高危
Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=2293069
90
Apache HttpClient 安全漏洞
CNNVD-202010-372
CVE-2020-13956
中危
Apache基金会
https://www.apache.org/
91
Apache Ant 信息泄露漏洞
CNNVD-202005-777
CVE-2020-1945
中危
Apache基金会
https://ant.apache.org/security.html
92
netplex json-smart-v  代码问题漏洞
CNNVD-202102-1490
CVE-2021-27568
中危
个人开发者
https://github.com/netplex/json-smart-v2
93
Apache Commons IO 路径遍历漏洞
CNNVD-202104-702
CVE-2021-29425
中危
Apache基金会
https://issues.apache.org/jira/browse/IO-556
94
Highcharts JS 跨站脚本漏洞
CNNVD-202105-177
CVE-2021-29489
中危
个人开发者
https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95
95
Apache Ant 安全漏洞
CNNVD-202107-983
CVE-2021-36373
中危
Apache基金会
https://ant.apache.org/
96
Apache Ant 安全漏洞
CNNVD-202107-984
CVE-2021-36374
中危
Apache基金会
https://ant.apache.org/
97
Apache Commons Net 输入验证错误漏洞
CNNVD-202212-2188
CVE-2021-37533
中危
Apache基金会
https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
98
jQuery 跨站脚本漏洞
CNNVD-202110-1843
CVE-2021-41182
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
99
jQuery 跨站脚本漏洞
CNNVD-202110-1839
CVE-2021-41183
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
100
Openjs Jquery Ui 跨站脚本漏洞
CNNVD-202110-1845
CVE-2021-41184
中危
Openjs基金会
https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
101
Vmware Spring Framework 安全漏洞
CNNVD-202203-2333
CVE-2022-22950
中危
VMware
https://tanzu.vmware.com/security/cve-2022-22950
102
Vmware Spring Framework 安全特征问题漏洞
CNNVD-202204-3302
CVE-2022-22968
中危
VMware
https://tanzu.vmware.com/security/cve-2022-22968
103
Spring Framework 输入验证错误漏洞
CNNVD-202205-2988
CVE-2022-22970
中危
Spring团队
https://spring.io/projects/spring-framework
104
jQuery 跨站脚本漏洞
CNNVD-202207-2121
CVE-2022-31160
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
105
jsoup 跨站脚本漏洞
CNNVD-202208-4329
CVE-2022-36033
中危
个人开发者
https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
106
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202209-2289
CVE-2022-38398
中危
Apache基金会
https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx
107
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202209-2288
CVE-2022-38648
中危
Apache基金会
https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
108
Netty 安全漏洞
CNNVD-202212-3060
CVE-2022-41915
中危
Netty社区
https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
109
Spring Framework 安全漏洞
CNNVD-202303-1917
CVE-2023-20861
中危
Spring
https://spring.io/security/cve-2023-20861
110
Google Pixel 安全漏洞
CNNVD-202303-1998
CVE-2023-21036
中危
Google
https://source.android.com/security/bulletin/pixel/2023-03-01
111
Ruby 安全漏洞
CNNVD-202303-2412
CVE-2023-28755
中危
个人开发者
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
112
Ruby 安全漏洞
CNNVD-202303-2720
CVE-2023-28756
中危
个人开发者
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
113
Flexera InstallShield 安全漏洞
CNNVD-202401-2402
CVE-2023-29081
中危
Flexera
https://community.flexera.com/t5/Product-Downloads/ct-p/Downloads
114
OpenSSL 授权问题漏洞
CNNVD-202307-1295
CVE-2023-2975
中危
OpenSSL团队
https://www.openssl.org/news/secadv/20230714.txt
115
Bouncy Castle 信任管理问题漏洞
CNNVD-202307-168
CVE-2023-33201
中危
Bouncy Castle
https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
116
Bouncy Castle 资源管理错误漏洞
CNNVD-202311-1981
CVE-2023-33202
中危
Bouncy Castle
https://www.bouncycastle.org/latest_releases.html
117
VMware Spring Boot 安全漏洞
CNNVD-202311-2124
CVE-2023-34055
中危
VMware
https://github.com/spring-projects/spring-boot/releases/tag/v3.0.
118
OpenSSL 安全漏洞
CNNVD-202307-1681
CVE-2023-3446
中危
OpenSSL团队
https://www.openssl.org/news/secadv/20230719.txt
119
FasterXML jackson-databind 代码问题漏洞
CNNVD-202306-1121
CVE-2023-35116
中危
FasterXML
https://github.com/FasterXML/jackson-databind/issues/3972
120
Apache MINA 路径遍历漏洞
CNNVD-202307-582
CVE-2023-35887
中危
Apache基金会
https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
121
Eclipse Jetty 安全漏洞
CNNVD-202309-1093
CVE-2023-36479
中危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
122
OpenSSL 安全漏洞
CNNVD-202307-2314
CVE-2023-3817
中危
OpenSSL团队
https://www.openssl.org/news/secadv/20230731.txt
123
Apache HTTP Server 安全漏洞
CNNVD-202404-641
CVE-2023-38709
中危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
124
Eclipse Jetty 安全漏洞
CNNVD-202309-1102
CVE-2023-40167
中危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
125
Eclipse Jetty 安全漏洞
CNNVD-202309-1113
CVE-2023-41900
中危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
126
Apache Commons Compress 资源管理错误漏洞
CNNVD-202309-1000
CVE-2023-42503
中危
Apache基金会
https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
127
Apache Santuario 日志信息泄露漏洞
CNNVD-202310-1720
CVE-2023-44483
中危
Apache基金会
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
128
curl 安全漏洞
CNNVD-202312-490
CVE-2023-46218
中危
curl
https://curl.se/docs/CVE-2023-46218.html
129
curl 安全漏洞
CNNVD-202312-499
CVE-2023-46219
中危
curl
https://curl.se/docs/CVE-2023-46219.html
130
Apache Shiro 输入验证错误漏洞
CNNVD-202312-1453
CVE-2023-46750
中危
Apache基金会
https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
131
OpenSSH 安全漏洞
CNNVD-202312-1668
CVE-2023-48795
中危
OpenBSD
https://www.openssh.com/openbsd.html
132
aiohttp 安全漏洞
CNNVD-202311-2265
CVE-2023-49081
中危
个人开发者
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
133
aiohttp 注入漏洞
CNNVD-202311-2232
CVE-2023-49082
中危
个人开发者
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx
134
Python cryptography 代码问题漏洞
CNNVD-202311-2230
CVE-2023-49083
中危
Python基金会
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
135
Jayway JsonPath 安全漏洞
CNNVD-202312-2349
CVE-2023-51074
中危
json-path
https://github.com/json-path/JsonPath/issues/973
136
libexpat 安全漏洞
CNNVD-202402-243
CVE-2023-52426
中危
个人开发者
https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
137
OpenSSL 代码问题漏洞
CNNVD-202311-423
CVE-2023-5678
中危
OpenSSL
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
138
GnuTLS 安全漏洞
CNNVD-202311-1944
CVE-2023-5981
中危
个人开发者
https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d
139
OpenSSL 安全漏洞
CNNVD-202401-736
CVE-2023-6129
中危
OpenSSL
https://www.openssl.org/news/secadv/20240109.txt
140
SQLite 安全漏洞
CNNVD-202401-1406
CVE-2024-0232
中危
个人开发者
https://sqlite.org/forum/forumpost/4aa381993a
141
Python 安全漏洞
CNNVD-202403-1880
CVE-2024-0450
中危
Python
https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85
142
curl 安全漏洞
CNNVD-202401-2732
CVE-2024-0853
中危
curl
https://curl.se/docs/CVE-2024-0853.html
143
Apache James MIME4J 输入验证错误漏洞
CNNVD-202402-2305
CVE-2024-21742
中危
Apache
https://james.apache.org/download.cgi#Apache_Mime4J
144
Node.js 安全漏洞
CNNVD-202403-1801
CVE-2024-22025
中危
Node.js
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
145
VMware Spring Security 安全漏洞
CNNVD-202402-1592
CVE-2024-22234
中危
VMware
https://spring.io/security/cve-2024-22234
146
OWASP AntiSamy 跨站脚本漏洞
CNNVD-202402-204
CVE-2024-23635
中危
OWASP
https://github.com/nahsra/antisamy/releases/tag/v1.7.5
147
Apache Zookeeper 信息泄露漏洞
CNNVD-202403-1401
CVE-2024-23944
中危
Apache
https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k
148
Apache HTTP Server 安全漏洞
CNNVD-202404-638
CVE-2024-24795
中危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
149
CKEditor 跨站脚本漏洞
CNNVD-202402-598
CVE-2024-24815
中危
CKEditor
https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
150
CKEditor 跨站脚本漏洞
CNNVD-202402-605
CVE-2024-24816
中危
CKEditor
https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
151
Apache Commons Compress 安全漏洞
CNNVD-202402-1528
CVE-2024-25710
中危
Apache
https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
152
Apache Commons Compress 安全漏洞
CNNVD-202402-1527
CVE-2024-26308
中危
Apache
https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
153
Node.js 安全漏洞
CNNVD-202405-1613
CVE-2024-27982
中危
Node.js
https://nodejs.org/
154
Nghttp2 安全漏洞
CNNVD-202404-586
CVE-2024-28182
中危
Nghttp2
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
155
Apache CXF 代码问题漏洞
CNNVD-202403-1399
CVE-2024-28752
中危
Apache
https://cxf.apache.org/
156
Follow Redirects 信息泄露漏洞
CNNVD-202403-1332
CVE-2024-28849
中危
个人开发者
https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
157
Netty 安全漏洞
CNNVD-202403-2434
CVE-2024-29025
中危
Netty
https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
158
Express.js 安全漏洞
CNNVD-202403-2433
CVE-2024-29041
中危
Express.js
https://github.com/expressjs/express/releases/tag/v5.0.0-beta
159
Tiny Technologies TinyMCE 安全漏洞
CNNVD-202403-2522
CVE-2024-29203
中危
Tiny Technologies
https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
160
GNU C Library 安全漏洞
CNNVD-202404-2641
CVE-2024-2961
中危
GNU
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
161
Tiny Technologies TinyMCE 安全漏洞
CNNVD-202403-2519
CVE-2024-29881
中危
Tiny Technologies
https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
162
Bouncy Castle 安全漏洞
CNNVD-202405-2620
CVE-2024-30171
中危
Bouncy Castle
https://www.bouncycastle.org/latest_releases.html
163
Bouncy Castle 安全漏洞
CNNVD-202405-2618
CVE-2024-30172
中危
Bouncy Castle
https://www.bouncycastle.org/latest_releases.html
164
Pallets Jinja 安全漏洞
CNNVD-202405-1436
CVE-2024-34064
中危
Pallets
https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
165
Bouncy Castle 安全漏洞
CNNVD-202405-1283
CVE-2024-34447
中危
Bouncy Castle
https://www.bouncycastle.org/latest_releases.html
166
Apache Tika 安全漏洞
CNNVD-202206-2671
CVE-2022-33879
低危
Apache基金会
https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
167
libssh 安全漏洞
CNNVD-202312-1736
CVE-2023-6004
低危
libssh
https://www.libssh.org/files/0.10/
168
libssh 安全漏洞
CNNVD-202312-1734
CVE-2023-6918
低危
libssh
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
169
OpenSSL 安全漏洞
CNNVD-202401-2353
CVE-2024-0727
低危
OpenSSL
https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
170
OpenSSL 安全漏洞
CNNVD-202405-2902
CVE-2024-4603
低危
OpenSSL
https://www.openssl.org/news/secadv/20240516.txt


修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:

https://www.oracle.com/security-alerts/cpujul2024.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。
联系方式:[email protected]

(来源:CNNVD)

分享网络安全知识 强化网络安全意识

欢迎关注《中国信息安全》杂志官方抖音号

《中国信息安全》杂志倾力推荐

“企业成长计划”

点击下图 了解详情


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664220358&idx=4&sn=649dce789eb58a23639314e1fa9bc65d&chksm=8b59c43fbc2e4d292edf11dd8ba02343cfaf86652bfae7dbf41f46364f7070a9e5cd0f53152a&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh