CNNVD | 关于Oracle多个安全漏洞的通报
2024-10-18 02:28:0 Author: mp.weixin.qq.com(查看原文) 阅读量:24 收藏

 扫码订阅《中国信息安全》

邮发代号 2-786

征订热线:010-82341063

漏洞情况

近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞91个,影响到Oracle产品的其他厂商漏洞225个。Oracle Mysql、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products等多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

 漏洞介绍

2024年10月15日,Oracle发布了2024年10月份安全更新,共316个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products、Oracle PeopleSoft Enterprise HCM Global Payroll、Oracle Hyperion等。CNNVD对其危害等级进行了评价,其中超危漏洞23个,高危漏洞133个,中危漏洞131个,低危漏洞29个。

Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpuoct2024.html

漏洞详情

此次更新共316个漏洞的补丁程序,包括85个新增漏洞的补丁程序、6个更新漏洞的补丁程序和225个影响Oracle产品的其他厂商漏洞的补丁程序。

此次更新共包括85个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞32个,中危漏洞36个,低危漏洞15个。

序号
漏洞名称
CNNVD编号
CVE编号
危害等级
官方链接
1
Oracle Hospitality Applications 安全漏洞
CNNVD-202410-1411
CVE-2024-21172
超危
https://www.oracle.com/security-alerts/cpuoct2024.html
2
Oracle Fusion Middleware 安全漏洞
CNNVD-202410-1425
CVE-2024-21216
超危
https://www.oracle.com/security-alerts/cpuoct2024.html
3
Oracle Virtualization 安全漏洞
CNNVD-202410-1370
CVE-2024-21259
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
4
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞
CNNVD-202410-1374
CVE-2024-21214
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
5
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞
CNNVD-202410-1376
CVE-2024-21255
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
6
Oracle PeopleSoft Enterprise HCM Global Payroll 安全漏洞
CNNVD-202410-1378
CVE-2024-21283
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
7
Oracle MySQL 安全漏洞
CNNVD-202410-1406
CVE-2024-21272
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
8
Oracle BI Publisher 安全漏洞
CNNVD-202410-1413
CVE-2024-21195
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
9
Oracle Analytics 安全漏洞
CNNVD-202410-1414
CVE-2024-21254
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
10
Oracle Fusion Middleware 安全漏洞
CNNVD-202410-1417
CVE-2024-21234
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
11
Oracle Fusion Middleware 安全漏洞
CNNVD-202410-1418
CVE-2024-21215
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
12
Oracle Fusion Middleware 安全漏洞
CNNVD-202410-1420
CVE-2024-21260
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
13
Oracle Fusion Middleware 安全漏洞
CNNVD-202410-1421
CVE-2024-21274
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
14
Oracle Fusion Middleware 安全漏洞
CNNVD-202410-1422
CVE-2024-21246
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
15
Oracle Fusion Middleware 安全漏洞
CNNVD-202410-1423
CVE-2024-21190
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
16
Oracle Fusion Middleware 安全漏洞
CNNVD-202410-1424
CVE-2024-21191
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
17
Oracle Financial Services Applications 安全漏洞
CNNVD-202410-1427
CVE-2024-21284
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
18
Oracle Financial Services Applications 安全漏洞
CNNVD-202410-1428
CVE-2024-21285
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
19
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1431
CVE-2024-21276
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
20
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1432
CVE-2024-21279
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
21
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1433
CVE-2024-21265
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
22
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1434
CVE-2024-21252
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
23
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1435
CVE-2024-21280
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
24
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1436
CVE-2024-21275
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
25
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1437
CVE-2024-21277
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
26
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1438
CVE-2024-21269
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
27
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1439
CVE-2024-21250
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
28
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1440
CVE-2024-21271
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
29
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1441
CVE-2024-21282
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
30
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1442
CVE-2024-21267
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
31
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1443
CVE-2024-21278
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
32
Oracle Applications Manager 安全漏洞
CNNVD-202410-1444
CVE-2024-21268
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
33
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1445
CVE-2024-21270
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
34
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1446
CVE-2024-21266
高危
https://www.oracle.com/security-alerts/cpuoct2024.html
35
Oracle Virtualization 安全漏洞
CNNVD-202410-1367
CVE-2024-21248
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
36
Oracle Virtualization 安全漏洞
CNNVD-202410-1368
CVE-2024-21273
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
37
Oracle Virtualization 安全漏洞
CNNVD-202410-1369
CVE-2024-21263
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
38
Oracle PeopleSoft 安全漏洞
CNNVD-202410-1371
CVE-2024-21249
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
39
Oracle PeopleSoft Products 安全漏洞
CNNVD-202410-1372
CVE-2024-21286
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
40
Oracle PeopleSoft Enterprise CC Common Application Objects 安全漏洞
CNNVD-202410-1373
CVE-2024-21264
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
41
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞
CNNVD-202410-1375
CVE-2024-21202
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
42
Oracle MySQL 安全漏洞
CNNVD-202410-1382
CVE-2024-21200
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
43
Oracle MySQL 安全漏洞
CNNVD-202410-1385
CVE-2024-21212
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
44
Oracle MySQL 安全漏洞
CNNVD-202410-1386
CVE-2024-21204
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
45
Oracle MySQL 安全漏洞
CNNVD-202410-1387
CVE-2024-21193
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
46
Oracle MySQL 安全漏洞
CNNVD-202410-1389
CVE-2024-21213
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
47
Oracle MySQL 安全漏洞
CNNVD-202410-1390
CVE-2024-21201
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
48
Oracle MySQL 安全漏洞
CNNVD-202410-1391
CVE-2024-21241
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
49
Oracle MySQL 安全漏洞
CNNVD-202410-1392
CVE-2024-21219
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
50
Oracle MySQL 安全漏洞
CNNVD-202410-1393
CVE-2024-21198
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
51
Oracle MySQL 安全漏洞
CNNVD-202410-1394
CVE-2024-21239
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
52
Oracle MySQL 安全漏洞
CNNVD-202410-1395
CVE-2024-21197
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
53
Oracle MySQL 安全漏洞
CNNVD-202410-1396
CVE-2024-21236
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
54
Oracle MySQL 安全漏洞
CNNVD-202410-1397
CVE-2024-21199
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
55
Oracle MySQL 安全漏洞
CNNVD-202410-1398
CVE-2024-21207
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
56
Oracle MySQL 安全漏洞
CNNVD-202410-1399
CVE-2024-21203
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
57
Oracle MySQL 安全漏洞
CNNVD-202410-1400
CVE-2024-21194
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
58
Oracle MySQL 安全漏洞
CNNVD-202410-1401
CVE-2024-21218
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
59
Oracle MySQL 安全漏洞
CNNVD-202410-1402
CVE-2024-21238
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
60
Oracle MySQL 安全漏洞
CNNVD-202410-1403
CVE-2024-21196
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
61
Oracle MySQL 安全漏洞
CNNVD-202410-1404
CVE-2024-21230
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
62
Oracle MySQL 安全漏洞
CNNVD-202410-1405
CVE-2024-21262
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
63
Oracle Java SE 安全漏洞
CNNVD-202410-1412
CVE-2024-21235
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
64
Oracle Fusion Middleware 安全漏洞
CNNVD-202410-1415
CVE-2024-21192
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
65
Oracle Fusion Middleware 安全漏洞
CNNVD-202410-1416
CVE-2024-21205
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
66
Oracle Financial Services Applications 安全漏洞
CNNVD-202410-1426
CVE-2024-21281
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
67
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1429
CVE-2024-21206
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
68
Oracle E-Business Suite 安全漏洞
CNNVD-202410-1430
CVE-2024-21258
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
69
Oracle Database Server 安全漏洞
CNNVD-202410-1515
CVE-2024-21233
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
70
Oracle Application Express 安全漏洞
CNNVD-202410-1517
CVE-2024-21261
中危
https://www.oracle.com/security-alerts/cpuoct2024.html
71
Oracle Virtualization 安全漏洞
CNNVD-202410-1366
CVE-2024-21253
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
72
Oracle MySQL 安全漏洞
CNNVD-202410-1377
CVE-2024-21209
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
73
Oracle MySQL 安全漏洞
CNNVD-202410-1379
CVE-2024-21243
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
74
Oracle MySQL 安全漏洞
CNNVD-202410-1380
CVE-2024-21232
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
75
Oracle MySQL 安全漏洞
CNNVD-202410-1381
CVE-2024-21237
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
76
Oracle MySQL 安全漏洞
CNNVD-202410-1383
CVE-2024-21247
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
77
Oracle MySQL 安全漏洞
CNNVD-202410-1384
CVE-2024-21231
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
78
Oracle MySQL 安全漏洞
CNNVD-202410-1388
CVE-2024-21244
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
79
Oracle Java SE 安全漏洞
CNNVD-202410-1407
CVE-2024-21217
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
80
Oracle Java SE 安全漏洞
CNNVD-202410-1408
CVE-2024-21211
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
81
Oracle Java SE 安全漏洞
CNNVD-202410-1409
CVE-2024-21210
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
82
Oracle Hyperion 安全漏洞
CNNVD-202410-1410
CVE-2024-21257
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
83
Oracle Java SE 安全漏洞
CNNVD-202410-1419
CVE-2024-21208
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
84
Oracle Database Server 安全漏洞
CNNVD-202410-1516
CVE-2024-21242
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
85
Oracle Database Server 安全漏洞
CNNVD-202410-1518
CVE-2024-21251
低危
https://www.oracle.com/security-alerts/cpuoct2024.html
此次更新共包括6个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞2个,低危漏洞3个。
序号
漏洞名称
CNNVD编号
CVE编号
危害等级
官方链接
1
Oracle Java SE 安全漏洞
CNNVD-202407-1739
CVE-2024-21147
高危
https://www.oracle.com/security-alerts/cpujul2024.html
2
Oracle Java SE 安全漏洞
CNNVD-202407-1735
CVE-2024-21140
中危
https://www.oracle.com/security-alerts/cpujul2024.html
3
Oracle Java SE 安全漏洞
CNNVD-202407-1737
CVE-2024-21145
中危
https://www.oracle.com/security-alerts/cpujul2024.html
4
Oracle Java SE 安全漏洞
CNNVD-202407-1734
CVE-2024-21131
低危
https://www.oracle.com/security-alerts/cpujul2024.html
5
Oracle Java SE 安全漏洞
CNNVD-202407-1729
CVE-2024-21138
低危
https://www.oracle.com/security-alerts/cpujul2024.html
6
Oracle Java SE 安全漏洞
CNNVD-202407-1732
CVE-2024-21144
低危
https://www.oracle.com/security-alerts/cpujul2024.html

此次更新共包括225个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞21个,高危漏洞100个,中危漏洞93个,低危漏洞11个。

序号
漏洞名称
CNNVD编号
CVE编号
危害等级
厂商
官方链接
1
Apache Chainsaw 代码问题漏洞
CNNVD-202106-1293
CVE-2020-9493
超危
Apache基金会
https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E
2
OpenSSL 操作系统命令注入漏洞
CNNVD-202205-1962
CVE-2022-1292
超危
Openssl团队
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
3
SnakeYAML 代码问题漏洞
CNNVD-202212-1820
CVE-2022-1471
超危
个人开发者
https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
4
OpenSSL 操作系统命令注入漏洞
CNNVD-202206-2112
CVE-2022-2068
超危
OpenSSL
https://www.openssl.org/source/
5
Apache Log4j SQL注入漏洞
CNNVD-202201-1421
CVE-2022-23305
超危
Apache基金会
https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y
6
Dell BSAFE 安全漏洞
CNNVD-202402-197
CVE-2022-34381
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability
7
Apache HTTP Server 环境问题漏洞
CNNVD-202301-1299
CVE-2022-36760
超危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
8
XKCP 输入验证错误漏洞
CNNVD-202210-1541
CVE-2022-37454
超危
XKCP
https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
9
Apache Derby 注入漏洞
CNNVD-202311-1655
CVE-2022-46337
超危
Apache基金会
https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
10
Certifi 数据伪造问题漏洞
CNNVD-202307-2046
CVE-2023-37920
超危
Certifi
https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
11
OpenSSH 代码问题漏洞
CNNVD-202307-1721
CVE-2023-38408
超危
OpenBSD
https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
12
curl 缓冲区错误漏洞
CNNVD-202310-917
CVE-2023-38545
超危
curl
https://github.com/curl/curl/commit/fb4415d8aee6c1
13
Apache ZooKeeper 安全漏洞
CNNVD-202310-856
CVE-2023-44981
超危
Apache基金会
https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b
14
zlib 输入验证错误漏洞
CNNVD-202310-1086
CVE-2023-45853
超危
个人开发者
https://github.com/madler/zlib/pull/843
15
Pillow 安全漏洞
CNNVD-202401-1886
CVE-2023-50447
超危
个人开发者
https://github.com/python-pillow/Pillow/releases/tag/10.2
16
OpenSSH 安全漏洞
CNNVD-202312-1665
CVE-2023-51385
超危
OpenBSD
https://www.openssh.com/txt/release-9.6
17
PHP 安全漏洞
CNNVD-202404-3501
CVE-2024-1874
超危
PHP
https://www.php.net/downloads.php
18
RequireJS 安全漏洞
CNNVD-202407-034
CVE-2024-38999
超危
RequireJS
https://github.com/requirejs/r.js
19
Jenkins 安全漏洞
CNNVD-202408-533
CVE-2024-43044
超危
Jenkins
https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430
20
libexpat 安全漏洞
CNNVD-202408-2839
CVE-2024-45490
超危
libexpat
https://github.com/libexpat/libexpat
21
PHP 操作系统命令注入漏洞
CNNVD-202406-852
CVE-2024-4577
超危
PHP
https://www.php.net/downloads
22
jackson-mapper-asl 代码问题漏洞
CNNVD-201911-1110
CVE-2019-10172
高危
个人开发者
https://mvnrepository.com/artifact/org.codehaus.jackson
23
OpenSSH 操作系统命令注入漏洞
CNNVD-202007-1519
CVE-2020-15778
高危
OpenBSD
https://www.openssh.com/
24
Npm underscore 代码注入漏洞
CNNVD-202103-1621
CVE-2021-23358
高危
Npm
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504
25
Netty 资源管理错误漏洞
CNNVD-202110-1442
CVE-2021-37136
高危
Netty社区
https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
26
Netty 资源管理错误漏洞
CNNVD-202110-1441
CVE-2021-37137
高危
Netty社区
https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
27
Apache Log4j 代码问题漏洞
CNNVD-202201-1420
CVE-2022-23302
高危
Apache基金会
https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w
28
Apache Log4j 代码问题漏洞
CNNVD-202201-1425
CVE-2022-23307
高危
Apache基金会
https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
29
grub2 安全漏洞
CNNVD-202211-2822
CVE-2022-2601
高危
GNU社区
https://access.redhat.com/security/cve/cve-2022-2601
30
Moment.js 资源管理错误漏洞
CNNVD-202207-502
CVE-2022-31129
高危
个人开发者
https://github.com/moment/moment/pull/6015#issuecomment-1152961973
31
Apache Xalan 输入验证错误漏洞
CNNVD-202207-1617
CVE-2022-34169
高危
Apache基金会
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
32
Intel(R) oneAPI DPC++/C++ Compiler 代码问题漏洞
CNNVD-202301-904
CVE-2022-38136
高危
Intel
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
33
OpenSSL 安全漏洞
CNNVD-202212-2982
CVE-2022-3996
高危
OpenSSL
https://github.com/openssl/openssl/
34
Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞
CNNVD-202301-905
CVE-2022-40196
高危
Intel
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
35
Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞
CNNVD-202301-906
CVE-2022-41342
高危
Intel
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
36
Python 安全漏洞
CNNVD-202210-2513
CVE-2022-42919
高危
Python基金会
https://github.com/python/cpython/issues/97514
37
OpenSSL 资源管理错误漏洞
CNNVD-202302-510
CVE-2022-4450
高危
OpenSSL
https://www.openssl.org/news/secadv/20230207.txt
38
Python 资源管理错误漏洞
CNNVD-202211-2414
CVE-2022-45061
高危
Python基金会
https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html
39
OpenSSL 资源管理错误漏洞
CNNVD-202302-521
CVE-2023-0215
高危
OpenSSL
https://ubuntu.com/security/notices/USN-5845-1
40
OpenSSL 代码问题漏洞
CNNVD-202302-512
CVE-2023-0216
高危
OpenSSL
https://ubuntu.com/security/notices/USN-5844-1
41
OpenSSL 代码问题漏洞
CNNVD-202302-516
CVE-2023-0217
高危
OpenSSL
https://ubuntu.com/security/notices/USN-5844-1
42
OpenSSL 安全漏洞
CNNVD-202302-524
CVE-2023-0286
高危
OpenSSL
https://ubuntu.com/security/notices/USN-5845-1
43
OpenSSL 代码问题漏洞
CNNVD-202302-518
CVE-2023-0401
高危
OpenSSL
https://ubuntu.com/security/notices/USN-5844-1
44
Apache Hadoop 代码问题漏洞
CNNVD-202311-1444
CVE-2023-26031
高危
Apache基金会
https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r
45
Apache Log4j 代码问题漏洞
CNNVD-202303-736
CVE-2023-26464
高危
Apache基金会
https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t
46
Intel oneAPI Toolkits 代码问题漏洞
CNNVD-202308-1031
CVE-2023-28823
高危
Intel
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
47
OpenLDAP 代码问题漏洞
CNNVD-202305-2588
CVE-2023-2953
高危
OpenLDAP
https://www.openldap.org/software/download/
48
Google Guava 安全漏洞
CNNVD-202306-1141
CVE-2023-2976
高危
Google
https://github.com/google/guava
49
snappy-java 输入验证错误漏洞
CNNVD-202306-1200
CVE-2023-34453
高危
个人开发者
https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
50
snappy-java 输入验证错误漏洞
CNNVD-202306-1198
CVE-2023-34454
高危
个人开发者
https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r
51
Snappy 输入验证错误漏洞
CNNVD-202306-1248
CVE-2023-34455
高危
个人开发者
https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh
52
Okio 安全漏洞
CNNVD-202307-1161
CVE-2023-3635
高危
square
https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
53
Apache Avro 代码问题漏洞
CNNVD-202309-2636
CVE-2023-39410
高危
Apache基金会
https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
54
Eclipse Parsson 安全漏洞
CNNVD-202311-268
CVE-2023-4043
高危
Eclipse基金会
https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
55
Apple iOS 和 iPadOS 安全漏洞
CNNVD-202403-3045
CVE-2023-42950
高危
Apple
https://support.apple.com/en-us/HT214035
56
Snappy 安全漏洞
CNNVD-202309-2204
CVE-2023-43642
高危
个人开发者
https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
57
Apache HTTP/2 资源管理错误漏洞
CNNVD-202310-667
CVE-2023-44487
高危
Apache基金会
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
58
Google Go 安全漏洞
CNNVD-202404-632
CVE-2023-45288
高危
Google
https://pkg.go.dev/vuln/GO-2024-2687
59
Pallets Werkzeug 缓冲区错误漏洞
CNNVD-202310-2005
CVE-2023-46136
高危
Pallets
https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
60
Eclipse JGit 安全漏洞
CNNVD-202309-850
CVE-2023-4759
高危
Eclipse基金会
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11
61
OpenSSL 安全漏洞
CNNVD-202309-665
CVE-2023-4807
高危
OpenSSL
https://www.openssl.org/news/secadv/20230908.txt
62
Google Chrome 缓冲区错误漏洞
CNNVD-202309-784
CVE-2023-4863
高危
Google
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
63
JSON-Java 安全漏洞
CNNVD-202310-951
CVE-2023-5072
高危
个人开发者
https://github.com/stleary/JSON-java/
64
jose4j 安全漏洞
CNNVD-202402-2688
CVE-2023-51775
高危
Bitbucket
https://bitbucket.org/b_c/jose4j/downloads/
65
libexpat 安全漏洞
CNNVD-202402-245
CVE-2023-52425
高危
个人开发者
https://github.com/libexpat/libexpat/pull/789
66
Connect2id Nimbus JOSE+JWT 安全漏洞
CNNVD-202402-845
CVE-2023-52428
高危
Connect2id
https://connect2id.com/products/nimbus-jose-jwt
67
OpenSSL 安全漏洞
CNNVD-202310-1871
CVE-2023-5363
高危
OpenSSL团队
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
68
Red Hat XNIO 资源管理错误漏洞
CNNVD-202403-455
CVE-2023-5685
高危
Red Hat
https://github.com/xnio/xnio/tags
69
Python 安全漏洞
CNNVD-202403-1882
CVE-2023-6597
高危
Python
https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
70
X.org Server 安全漏洞
CNNVD-202401-1731
CVE-2023-6816
高危
X.org
https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11
71
X.org Server 安全漏洞
CNNVD-202401-1736
CVE-2024-0229
高危
X.org
https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11
72
X.org Server 安全漏洞
CNNVD-202401-1733
CVE-2024-21885
高危
X.org
https://www.x.org/wiki/XServer/
73
X.org Server 安全漏洞
CNNVD-202401-1732
CVE-2024-21886
高危
X.org
https://www.x.org/wiki/XServer/
74
Node.js 安全漏洞
CNNVD-202407-536
CVE-2024-22020
高危
Node.js
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
75
Eclipse Jetty 安全漏洞
CNNVD-202402-2103
CVE-2024-22201
高危
Eclipse
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
76
VMware Spring Security 安全漏洞
CNNVD-202403-1650
CVE-2024-22257
高危
VMware
https://spring.io/security/cve-2024-22257
77
Spring Framework 安全漏洞
CNNVD-202404-2193
CVE-2024-22262
高危
Spring
https://spring.io/security/cve-2024-22262
78
Apache Tomcat 安全漏洞
CNNVD-202403-1180
CVE-2024-23672
高危
Apache
https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
79
Apache Xerces-C 资源管理错误漏洞
CNNVD-202402-1469
CVE-2024-23807
高危
Apache
https://github.com/apache/xerces-c/pull/54
80
Curl 安全漏洞
CNNVD-202403-2674
CVE-2024-2398
高危
Curl
https://curl.se/docs/CVE-2024-2398.html
81
Apache Tomcat 输入验证错误漏洞
CNNVD-202403-1179
CVE-2024-24549
高危
Apache
https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
82
F5 Nginx 安全漏洞
CNNVD-202402-1248
CVE-2024-24989
高危
F5
https://my.f5.com/manage/s/article/K000138444
83
F5 Nginx 安全漏洞
CNNVD-202402-1247
CVE-2024-24990
高危
F5
https://my.f5.com/manage/s/article/K000138445
84
libxml2 安全漏洞
CNNVD-202402-242
CVE-2024-25062
高危
个人开发者
https://gitlab.gnome.org/GNOME/libxml2/-/tags
85
OpenSSL 安全漏洞
CNNVD-202404-941
CVE-2024-2511
高危
OpenSSL
https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
86
libheif 安全漏洞
CNNVD-202403-378
CVE-2024-25269
高危
个人开发者
https://github.com/strukturag/libheif/pull/1074
87
python-cryptography 安全漏洞
CNNVD-202402-1783
CVE-2024-26130
高危
Cryptographic
https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
88
Node.js 安全漏洞
CNNVD-202404-991
CVE-2024-27983
高危
Node.js
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases
89
Apache Commons Configuration 缓冲区错误漏洞
CNNVD-202403-2143
CVE-2024-29131
高危
Apache
https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
90
Apache Commons Configuration 缓冲区错误漏洞
CNNVD-202403-2142
CVE-2024-29133
高危
Apache
https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2
91
Bouncy Castle 安全漏洞
CNNVD-202405-2601
CVE-2024-29857
高危
Bouncy Castle
https://www.bouncycastle.org/latest_releases.html
92
aiohttp 安全漏洞
CNNVD-202405-305
CVE-2024-30251
高危
aio-libs
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5
93
X.org Server 安全漏洞
CNNVD-202404-510
CVE-2024-31080
高危
X.org
https://www.x.org/wiki/Development/Documentation/SubmittingPatches/
94
X.org Server 资源管理错误漏洞
CNNVD-202404-682
CVE-2024-31083
高危
X.org
https://www.x.org/wiki/Development/Documentation/SubmittingPatches/
95
Apache CXF 安全漏洞
CNNVD-202407-1957
CVE-2024-32007
高危
Apache
https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633
96
Apache ActiveMQ 安全漏洞
CNNVD-202405-256
CVE-2024-32114
高危
Apache
https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt
97
glibc 安全漏洞
CNNVD-202405-1511
CVE-2024-33599
高危
GNU
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005
98
glibc 安全漏洞
CNNVD-202404-3209
CVE-2024-33602
高危
GNU
https://sourceware.org/bugzilla/show_bug.cgi?id=31680
99
Apache Tomcat 安全漏洞
CNNVD-202407-326
CVE-2024-34750
高危
Apache
https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
100
Node.js 安全漏洞
CNNVD-202409-508
CVE-2024-36138
高危
Node.js
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
101
MIT Kerberos 安全漏洞
CNNVD-202406-3113
CVE-2024-37370
高危
MIT
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
102
Apache HTTP Server 安全漏洞
CNNVD-202407-094
CVE-2024-38474
高危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
103
Apache HTTP Server 安全漏洞
CNNVD-202407-093
CVE-2024-38475
高危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
104
Apache HTTP Server 代码问题漏洞
CNNVD-202407-091
CVE-2024-38477
高危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
105
VMware Spring Framework 安全漏洞
CNNVD-202409-1142
CVE-2024-38816
高危
VMware
https://spring.io/security/cve-2024-38816
106
Certifi 安全漏洞
CNNVD-202407-421
CVE-2024-39689
高危
Certifi
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
107
Apache HTTP Server 安全漏洞
CNNVD-202407-339
CVE-2024-39884
高危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
108
Apache CXF 安全漏洞
CNNVD-202407-1956
CVE-2024-41172
高危
Apache
https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6
109
ImageMagick 安全漏洞
CNNVD-202407-2766
CVE-2024-41817
高危
ImageMagick
https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.1-36
110
libexpat 输入验证错误漏洞
CNNVD-202408-2842
CVE-2024-45491
高危
libexpat
https://github.com/libexpat/libexpat
111
libexpat 输入验证错误漏洞
CNNVD-202408-2841
CVE-2024-45492
高危
libexpat
https://github.com/libexpat/libexpat
112
DOMPurify 安全漏洞
CNNVD-202409-1375
CVE-2024-45801
高危
个人开发者
https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674
113
PHP 安全漏洞
CNNVD-202406-829
CVE-2024-5458
高危
PHP
https://www.php.net/downloads
114
PHP 安全漏洞
CNNVD-202406-828
CVE-2024-5585
高危
PHP
https://www.php.net/downloads
115
Red Hat Undertow 安全漏洞
CNNVD-202407-518
CVE-2024-5971
高危
Red Hat
https://access.redhat.com/security/cve/CVE-2024-5971
116
Red Hat Undertow 资源管理错误漏洞
CNNVD-202406-2368
CVE-2024-6162
高危
Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=2293069
117
setuptools 代码注入漏洞
CNNVD-202407-1480
CVE-2024-6345
高危
PyPI
https://github.com/pypa/setuptools/releases/tag/v70.3
118
OpenSSH 竞争条件问题漏洞
CNNVD-202407-017
CVE-2024-6387
高危
OpenBSD
https://www.openssh.com/txt/release-9.8
119
Protocol Buffers 安全漏洞
CNNVD-202409-1841
CVE-2024-7254
高危
Protocol Buffers
http://protobuf.dev/
120
curl 安全漏洞
CNNVD-202407-3105
CVE-2024-7264
高危
cURL
https://curl.se/docs/CVE-2024-7264.html
121
Red Hat Undertow 竞争条件问题漏洞
CNNVD-202408-2070
CVE-2024-7885
高危
Red Hat
https://undertow.io/
122
jQuery 跨站脚本漏洞
CNNVD-202004-2429
CVE-2020-11022
中危
个人开发者
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
123
jQuery 跨站脚本漏洞
CNNVD-202004-2420
CVE-2020-11023
中危
个人开发者
https://jquery.com/upgrade-guide/3.5/
124
Apache HttpClient 安全漏洞
CNNVD-202010-372
CVE-2020-13956
中危
Apache基金会
https://www.apache.org/
125
OpenSSH 信息泄露漏洞
CNNVD-202006-1822
CVE-2020-14145
中危
Openbsd计划组
https://www.openssh.com/
126
Apache Groovy 安全漏洞
CNNVD-202012-422
CVE-2020-17521
中危
Apache基金会
https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
127
Jakarta Expression Language 输入验证错误漏洞
CNNVD-202105-1760
CVE-2021-28170
中危
Jakarta
https://jakarta.ee/specifications/expression-language/3.
128
Sprymedia Datatables 跨站脚本漏洞
CNNVD-202303-377
CVE-2021-36713
中危
Sprymedia
https://github.com/DataTables/DataTables/releases/tag/1.10.21
129
jQuery 跨站脚本漏洞
CNNVD-202110-1843
CVE-2021-41182
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
130
jQuery 跨站脚本漏洞
CNNVD-202110-1839
CVE-2021-41183
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
131
Openjs Jquery Ui 跨站脚本漏洞
CNNVD-202110-1845
CVE-2021-41184
中危
Openjs基金会
https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
132
Xerces 安全漏洞
CNNVD-202201-2238
CVE-2022-23437
中危
Apache基金会
https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl
133
jQuery 跨站脚本漏洞
CNNVD-202207-2121
CVE-2022-31160
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
134
jsoup 跨站脚本漏洞
CNNVD-202208-4329
CVE-2022-36033
中危
个人开发者
https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
135
OpenSSL 缓冲区错误漏洞
CNNVD-202302-506
CVE-2022-4203
中危
OpenSSL
https://www.openssl.org/news/secadv/20230207.txt
136
OpenSSL 安全漏洞
CNNVD-202302-514
CVE-2022-4304
中危
OpenSSL
https://www.openssl.org/news/secadv/20230207.txt
137
Spring Framework 安全漏洞
CNNVD-202304-1094
CVE-2023-20863
中危
Spring
https://spring.io/security/cve-2023-20863
138
NTP 缓冲区错误漏洞
CNNVD-202304-899
CVE-2023-26551
中危
nwtime
https://www.ntppool.org/zh/
139
NTP 缓冲区错误漏洞
CNNVD-202304-898
CVE-2023-26552
中危
nwtime
https://www.ntppool.org/zh/
140
NTP 缓冲区错误漏洞
CNNVD-202304-897
CVE-2023-26553
中危
nwtime
https://www.ntppool.org/zh/
141
NTP 缓冲区错误漏洞
CNNVD-202304-892
CVE-2023-26554
中危
nwtime
https://www.ntppool.org/zh/
142
NTP 缓冲区错误漏洞
CNNVD-202304-891
CVE-2023-26555
中危
nwtime
https://www.ntppool.org/zh/
143
Intel oneAPI Toolkits 安全漏洞
CNNVD-202308-1047
CVE-2023-27391
中危
Intel
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
144
CKEditor 跨站脚本漏洞
CNNVD-202303-1790
CVE-2023-28439
中危
CKEditor
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
145
libxml2 代码问题漏洞
CNNVD-202304-908
CVE-2023-28484
中危
个人开发者
https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
146
libxml2 资源管理错误漏洞
CNNVD-202304-907
CVE-2023-29469
中危
个人开发者
https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
147
Bouncy Castle 信任管理问题漏洞
CNNVD-202307-168
CVE-2023-33201
中危
Bouncy Castle
https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
148
VMware Spring Boot 安全漏洞
CNNVD-202311-2124
CVE-2023-34055
中危
VMware
https://github.com/spring-projects/spring-boot/releases/tag/v3.0.
149
FasterXML jackson-databind 代码问题漏洞
CNNVD-202306-1121
CVE-2023-35116
中危
FasterXML
https://github.com/FasterXML/jackson-databind/issues/3972
150
lrzip 安全漏洞
CNNVD-202308-1538
CVE-2023-39743
中危
个人开发者
https://github.com/pete4abw/lrzip-next/issues/132
151
Apache Commons Compress 资源管理错误漏洞
CNNVD-202309-1000
CVE-2023-42503
中危
Apache基金会
https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
152
Apple iOS 和 iPadOS 安全漏洞
CNNVD-202402-1738
CVE-2023-42843
中危
Apple
https://support.apple.com/en-us/HT213981
153
Apple iOS 和 iPadOS 安全漏洞
CNNVD-202403-3044
CVE-2023-42956
中危
Apple
https://support.apple.com/en-us/HT214035
154
Apache Santuario 日志信息泄露漏洞
CNNVD-202310-1720
CVE-2023-44483
中危
Apache基金会
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
155
OpenSSH 安全漏洞
CNNVD-202312-1668
CVE-2023-48795
中危
OpenBSD
https://www.openssh.com/openbsd.html
156
Python cryptography 代码问题漏洞
CNNVD-202311-2230
CVE-2023-49083
中危
Python基金会
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
157
OpenSSH 安全漏洞
CNNVD-202312-1662
CVE-2023-51384
中危
OpenBSD
https://www.openssh.com/txt/release-9.6
158
libexpat 安全漏洞
CNNVD-202402-243
CVE-2023-52426
中危
个人开发者
https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
159
OpenSSL 代码问题漏洞
CNNVD-202311-423
CVE-2023-5678
中危
OpenSSL
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
160
OpenSSL 安全漏洞
CNNVD-202401-736
CVE-2023-6129
中危
OpenSSL
https://www.openssl.org/news/secadv/20240109.txt
161
OpenSSL 安全漏洞
CNNVD-202401-1378
CVE-2023-6237
中危
OpenSSL
https://git.openssl.org/?p=openssl.git;a=commit;h=18c02492138d1eb8b6548cb26e7b625fb2414a2a
162
SQLite 安全漏洞
CNNVD-202312-2480
CVE-2023-7104
中危
SQLite
https://sqlite.org/releaselog/3_44_2.html
163
SQLite 安全漏洞
CNNVD-202401-1406
CVE-2024-0232
中危
个人开发者
https://sqlite.org/forum/forumpost/4aa381993a
164
Python 安全漏洞
CNNVD-202403-1880
CVE-2024-0450
中危
Python
https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85
165
Apple Safari 安全漏洞
CNNVD-202403-713
CVE-2024-23254
中危
Apple
https://support.apple.com/en-us/HT214089
166
Apple Safari 安全漏洞
CNNVD-202403-708
CVE-2024-23263
中危
Apple
https://support.apple.com/en-us/HT214089
167
Apple Safari 安全漏洞
CNNVD-202403-705
CVE-2024-23280
中危
Apple
https://support.apple.com/en-us/HT214089
168
Apple Safari 安全漏洞
CNNVD-202403-699
CVE-2024-23284
中危
Apple
https://support.apple.com/en-us/HT214089
169
OWASP AntiSamy 跨站脚本漏洞
CNNVD-202402-204
CVE-2024-23635
中危
OWASP
https://github.com/nahsra/antisamy/releases/tag/v1.7.5
170
Apache Zookeeper 信息泄露漏洞
CNNVD-202403-1401
CVE-2024-23944
中危
Apache
https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k
171
PHP 安全漏洞
CNNVD-202406-854
CVE-2024-2408
中危
PHP
https://www.php.net/
172
dnsjava 安全漏洞
CNNVD-202407-2260
CVE-2024-25638
中危
dnsjava
https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw
173
Apache Commons Compress 安全漏洞
CNNVD-202402-1528
CVE-2024-25710
中危
Apache
https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
174
Apache Commons Compress 安全漏洞
CNNVD-202402-1527
CVE-2024-26308
中危
Apache
https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
175
aiohttp 跨站脚本漏洞
CNNVD-202404-2760
CVE-2024-27306
中危
aiohttp
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
176
Apple iOS 和 iPadOS 安全漏洞
CNNVD-202405-1869
CVE-2024-27834
中危
Apple
https://support.apple.com/en-us/HT214101
177
Nghttp2 安全漏洞
CNNVD-202404-586
CVE-2024-28182
中危
Nghttp2
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
178
Apache CXF 代码问题漏洞
CNNVD-202403-1399
CVE-2024-28752
中危
Apache
https://cxf.apache.org/
179
Follow Redirects 信息泄露漏洞
CNNVD-202403-1332
CVE-2024-28849
中危
个人开发者
https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
180
Intel IPP 安全漏洞
CNNVD-202408-1264
CVE-2024-28887
中危
Intel
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html
181
Netty 安全漏洞
CNNVD-202403-2434
CVE-2024-29025
中危
Netty
https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
182
GNU C Library 安全漏洞
CNNVD-202404-2641
CVE-2024-2961
中危
GNU
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
183
Apache CXF 代码问题漏洞
CNNVD-202407-1958
CVE-2024-29736
中危
Apache
https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2
184
F5 Nginx 安全漏洞
CNNVD-202405-4793
CVE-2024-31079
中危
F5
https://my.f5.com/manage/s/article/K000139611
185
Jasper 安全漏洞
CNNVD-202404-2850
CVE-2024-31744
中危
Jasper
https://github.com/jasper-software/jasper/releases/tag/version-4.2.3
186
F5 Nginx 安全漏洞
CNNVD-202405-4792
CVE-2024-32760
中危
F5
https://my.f5.com/manage/s/article/K000139609
187
glibc 安全漏洞
CNNVD-202404-3208
CVE-2024-33600
中危
GNU
https://sourceware.org/bugzilla/show_bug.cgi?id=31678
188
glibc 安全漏洞
CNNVD-202404-3210
CVE-2024-33601
中危
GNU
https://sourceware.org/bugzilla/show_bug.cgi?id=31679
189
RARLAB WinRAR 安全漏洞
CNNVD-202404-3492
CVE-2024-33899
中危
RARLAB
https://www.rarlab.com/rarnew.htm
190
F5 Nginx 安全漏洞
CNNVD-202405-4791
CVE-2024-34161
中危
F5
https://my.f5.com/manage/s/article/K000139627
191
F5 Nginx 安全漏洞
CNNVD-202405-4790
CVE-2024-35200
中危
F5
https://my.f5.com/manage/s/article/K000139612
192
WinRAR 安全漏洞
CNNVD-202405-3858
CVE-2024-36052
中危
个人开发者
https://www.rarlab.com/rarnew.htm
193
Apache HTTP Server 代码问题漏洞
CNNVD-202407-101
CVE-2024-36387
中危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
194
Red Hat Undertow 安全漏洞
CNNVD-202407-521
CVE-2024-3653
中危
Red Hat
https://undertow.io/
195
MIT Kerberos 安全漏洞
CNNVD-202406-3108
CVE-2024-37371
中危
MIT
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
196
urllib3 安全漏洞
CNNVD-202406-1954
CVE-2024-37891
中危
urllib3
https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
197
Tiny Technologies TinyMCE 安全漏洞
CNNVD-202406-2256
CVE-2024-38356
中危
Tiny Technologies
https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph
198
Tiny Technologies TinyMCE 安全漏洞
CNNVD-202406-2249
CVE-2024-38357
中危
Tiny Technologies
https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x
199
Apache HTTP Server 安全漏洞
CNNVD-202407-096
CVE-2024-38472
中危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
200
Apache HTTP Server 安全漏洞
CNNVD-202407-095
CVE-2024-38473
中危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
201
Apache HTTP Server 安全漏洞
CNNVD-202407-092
CVE-2024-38476
中危
Apache
https://lists.apache.org/thread/p2xfjsvpogyrg4hw9cjs2nrnqnl34qf0
202
Spring Framework 安全漏洞
CNNVD-202408-1848
CVE-2024-38808
中危
VMware
https://spring.io/security/cve-2024-38808
203
VMware Spring Framework 安全漏洞
CNNVD-202409-2323
CVE-2024-38809
中危
VMware
https://spring.io/security/cve-2024-38809
204
RequireJS 安全漏洞
CNNVD-202407-032
CVE-2024-38998
中危
RequireJS
https://github.com/requirejs/r.js
205
Apache HTTP Server 输入验证错误漏洞
CNNVD-202407-086
CVE-2024-39573
中危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
206
Apache HTTP Server 安全漏洞
CNNVD-202407-1912
CVE-2024-40725
中危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
207
Apache HTTP Server 代码问题漏洞
CNNVD-202407-1910
CVE-2024-40898
中危
Apache
https://httpd.apache.org/security/vulnerabilities_24.html
208
Apache MINA SSHD 安全漏洞
CNNVD-202408-865
CVE-2024-41909
中危
Apache
https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b
209
Jenkins 安全漏洞
CNNVD-202408-532
CVE-2024-43045
中危
Jenkins
https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349
210
CKEditor4 安全漏洞
CNNVD-202408-2064
CVE-2024-43407
中危
CKEditor
https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l
211
OpenSSL 安全漏洞
CNNVD-202405-4739
CVE-2024-4741
中危
OpenSSL
https://github.com/openssl/openssl
212
OpenSSL 安全漏洞
CNNVD-202409-141
CVE-2024-6119
中危
OpenSSL
https://openssl-library.org/news/secadv/20240903.txt
213
CPython 安全漏洞
CNNVD-202409-120
CVE-2024-6232
中危
Python
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
214
Python 安全漏洞
CNNVD-202408-1775
CVE-2024-7592
中危
Python
https://github.com/jeremyhylton/cpython/commit/1587608515127032778669c8232d46ec6d8f593c
215
Google Guava 访问控制错误漏洞
CNNVD-202012-827
CVE-2020-8908
低危
Google
https://github.com/google/guava/issues/4011
216
OpenSSH 授权问题漏洞
CNNVD-202203-1230
CVE-2021-36368
低危
OpenBSD
https://www.openssh.com/security.html
217
Pip 命令注入漏洞
CNNVD-202310-1912
CVE-2023-5752
低危
Python Packaging Authority
https://github.com/pypa/pip/releases/tag/23.3.1
218
libssh 安全漏洞
CNNVD-202312-1736
CVE-2023-6004
低危
libssh
https://www.libssh.org/files/0.10/
219
libssh 安全漏洞
CNNVD-202312-1734
CVE-2023-6918
低危
libssh
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
220
OpenSSL 安全漏洞
CNNVD-202401-2353
CVE-2024-0727
低危
OpenSSL
https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
221
Node.js 安全漏洞
CNNVD-202407-1007
CVE-2024-22018
低危
Node.js
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
222
Node.js 安全漏洞
CNNVD-202409-509
CVE-2024-36137
低危
Node.js
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
223
CKEditor 安全漏洞
CNNVD-202408-2102
CVE-2024-43411
低危
个人开发者
https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l
224
OpenSSL 安全漏洞
CNNVD-202405-2902
CVE-2024-4603
低危
OpenSSL
https://www.openssl.org/news/secadv/20240516.txt
225
OpenSSL 安全漏洞
CNNVD-202406-2936
CVE-2024-5535
低危
OpenSSL
https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87

修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。

Oracle官方补丁下载地址:

https://www.oracle.com/security-alerts/cpuoct2024.html

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。

联系方式:[email protected]

(来源:CNNVD)

分享网络安全知识 强化网络安全意识

欢迎关注《中国信息安全》杂志官方抖音号

《中国信息安全》杂志倾力推荐

“企业成长计划”

点击下图 了解详情


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664227620&idx=4&sn=e9585c8752086698d13714a906e6256c&chksm=8b59e1ddbc2e68cb89f65aeb671229f601d5cc51c1faa29f8cc724c2e7a1893aba22919cf478&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh