CNNVD | 关于Oracle多个安全漏洞的通报

CNNVD | 关于Oracle多个安全漏洞的通报
2024-10-18 02:28:0 Author: mp.weixin.qq.com(查看原文) 阅读量:16 收藏

扫码订阅《中国信息安全》

邮发代号 2-786

征订热线：010-82341063

漏洞情况

近日，Oracle官方发布了多个安全漏洞的公告，其中Oracle产品本身漏洞91个，影响到Oracle产品的其他厂商漏洞225个。Oracle Mysql、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products等多个产品和系统受漏洞影响。目前，Oracle官方已经发布了漏洞修复补丁，建议用户及时确认是否受到漏洞影响，尽快采取修补措施。

一
漏洞介绍

2024年10月15日，Oracle发布了2024年10月份安全更新，共316个漏洞的补丁程序，CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Java SE、Oracle E-Business Suite、Oracle PeopleSoft Products、Oracle PeopleSoft Enterprise HCM Global Payroll、Oracle Hyperion等。CNNVD对其危害等级进行了评价，其中超危漏洞23个，高危漏洞133个，中危漏洞131个，低危漏洞29个。

Oracle多个产品和系统版本受漏洞影响，具体影响范围可访问Oracle官方网站查询：

https://www.oracle.com/security-alerts/cpuoct2024.html

二
漏洞详情

此次更新共316个漏洞的补丁程序，包括85个新增漏洞的补丁程序、6个更新漏洞的补丁程序和225个影响Oracle产品的其他厂商漏洞的补丁程序。

此次更新共包括85个新增漏洞的补丁程序，其中超危漏洞2个，高危漏洞32个，中危漏洞36个，低危漏洞15个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle Hospitality Applications 安全漏洞	CNNVD-202410-1411	CVE-2024-21172	超危	https://www.oracle.com/security-alerts/cpuoct2024.html
2	Oracle Fusion Middleware 安全漏洞	CNNVD-202410-1425	CVE-2024-21216	超危	https://www.oracle.com/security-alerts/cpuoct2024.html
3	Oracle Virtualization 安全漏洞	CNNVD-202410-1370	CVE-2024-21259	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
4	Oracle PeopleSoft Enterprise PeopleTools 安全漏洞	CNNVD-202410-1374	CVE-2024-21214	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
5	Oracle PeopleSoft Enterprise PeopleTools 安全漏洞	CNNVD-202410-1376	CVE-2024-21255	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
6	Oracle PeopleSoft Enterprise HCM Global Payroll 安全漏洞	CNNVD-202410-1378	CVE-2024-21283	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
7	Oracle MySQL 安全漏洞	CNNVD-202410-1406	CVE-2024-21272	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
8	Oracle BI Publisher 安全漏洞	CNNVD-202410-1413	CVE-2024-21195	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
9	Oracle Analytics 安全漏洞	CNNVD-202410-1414	CVE-2024-21254	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
10	Oracle Fusion Middleware 安全漏洞	CNNVD-202410-1417	CVE-2024-21234	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
11	Oracle Fusion Middleware 安全漏洞	CNNVD-202410-1418	CVE-2024-21215	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
12	Oracle Fusion Middleware 安全漏洞	CNNVD-202410-1420	CVE-2024-21260	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
13	Oracle Fusion Middleware 安全漏洞	CNNVD-202410-1421	CVE-2024-21274	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
14	Oracle Fusion Middleware 安全漏洞	CNNVD-202410-1422	CVE-2024-21246	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
15	Oracle Fusion Middleware 安全漏洞	CNNVD-202410-1423	CVE-2024-21190	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
16	Oracle Fusion Middleware 安全漏洞	CNNVD-202410-1424	CVE-2024-21191	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
17	Oracle Financial Services Applications 安全漏洞	CNNVD-202410-1427	CVE-2024-21284	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
18	Oracle Financial Services Applications 安全漏洞	CNNVD-202410-1428	CVE-2024-21285	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
19	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1431	CVE-2024-21276	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
20	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1432	CVE-2024-21279	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
21	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1433	CVE-2024-21265	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
22	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1434	CVE-2024-21252	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
23	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1435	CVE-2024-21280	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
24	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1436	CVE-2024-21275	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
25	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1437	CVE-2024-21277	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
26	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1438	CVE-2024-21269	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
27	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1439	CVE-2024-21250	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
28	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1440	CVE-2024-21271	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
29	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1441	CVE-2024-21282	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
30	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1442	CVE-2024-21267	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
31	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1443	CVE-2024-21278	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
32	Oracle Applications Manager 安全漏洞	CNNVD-202410-1444	CVE-2024-21268	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
33	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1445	CVE-2024-21270	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
34	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1446	CVE-2024-21266	高危	https://www.oracle.com/security-alerts/cpuoct2024.html
35	Oracle Virtualization 安全漏洞	CNNVD-202410-1367	CVE-2024-21248	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
36	Oracle Virtualization 安全漏洞	CNNVD-202410-1368	CVE-2024-21273	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
37	Oracle Virtualization 安全漏洞	CNNVD-202410-1369	CVE-2024-21263	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
38	Oracle PeopleSoft 安全漏洞	CNNVD-202410-1371	CVE-2024-21249	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
39	Oracle PeopleSoft Products 安全漏洞	CNNVD-202410-1372	CVE-2024-21286	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
40	Oracle PeopleSoft Enterprise CC Common Application Objects 安全漏洞	CNNVD-202410-1373	CVE-2024-21264	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
41	Oracle PeopleSoft Enterprise PeopleTools 安全漏洞	CNNVD-202410-1375	CVE-2024-21202	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
42	Oracle MySQL 安全漏洞	CNNVD-202410-1382	CVE-2024-21200	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
43	Oracle MySQL 安全漏洞	CNNVD-202410-1385	CVE-2024-21212	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
44	Oracle MySQL 安全漏洞	CNNVD-202410-1386	CVE-2024-21204	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
45	Oracle MySQL 安全漏洞	CNNVD-202410-1387	CVE-2024-21193	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
46	Oracle MySQL 安全漏洞	CNNVD-202410-1389	CVE-2024-21213	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
47	Oracle MySQL 安全漏洞	CNNVD-202410-1390	CVE-2024-21201	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
48	Oracle MySQL 安全漏洞	CNNVD-202410-1391	CVE-2024-21241	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
49	Oracle MySQL 安全漏洞	CNNVD-202410-1392	CVE-2024-21219	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
50	Oracle MySQL 安全漏洞	CNNVD-202410-1393	CVE-2024-21198	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
51	Oracle MySQL 安全漏洞	CNNVD-202410-1394	CVE-2024-21239	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
52	Oracle MySQL 安全漏洞	CNNVD-202410-1395	CVE-2024-21197	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
53	Oracle MySQL 安全漏洞	CNNVD-202410-1396	CVE-2024-21236	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
54	Oracle MySQL 安全漏洞	CNNVD-202410-1397	CVE-2024-21199	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
55	Oracle MySQL 安全漏洞	CNNVD-202410-1398	CVE-2024-21207	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
56	Oracle MySQL 安全漏洞	CNNVD-202410-1399	CVE-2024-21203	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
57	Oracle MySQL 安全漏洞	CNNVD-202410-1400	CVE-2024-21194	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
58	Oracle MySQL 安全漏洞	CNNVD-202410-1401	CVE-2024-21218	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
59	Oracle MySQL 安全漏洞	CNNVD-202410-1402	CVE-2024-21238	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
60	Oracle MySQL 安全漏洞	CNNVD-202410-1403	CVE-2024-21196	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
61	Oracle MySQL 安全漏洞	CNNVD-202410-1404	CVE-2024-21230	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
62	Oracle MySQL 安全漏洞	CNNVD-202410-1405	CVE-2024-21262	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
63	Oracle Java SE 安全漏洞	CNNVD-202410-1412	CVE-2024-21235	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
64	Oracle Fusion Middleware 安全漏洞	CNNVD-202410-1415	CVE-2024-21192	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
65	Oracle Fusion Middleware 安全漏洞	CNNVD-202410-1416	CVE-2024-21205	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
66	Oracle Financial Services Applications 安全漏洞	CNNVD-202410-1426	CVE-2024-21281	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
67	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1429	CVE-2024-21206	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
68	Oracle E-Business Suite 安全漏洞	CNNVD-202410-1430	CVE-2024-21258	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
69	Oracle Database Server 安全漏洞	CNNVD-202410-1515	CVE-2024-21233	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
70	Oracle Application Express 安全漏洞	CNNVD-202410-1517	CVE-2024-21261	中危	https://www.oracle.com/security-alerts/cpuoct2024.html
71	Oracle Virtualization 安全漏洞	CNNVD-202410-1366	CVE-2024-21253	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
72	Oracle MySQL 安全漏洞	CNNVD-202410-1377	CVE-2024-21209	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
73	Oracle MySQL 安全漏洞	CNNVD-202410-1379	CVE-2024-21243	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
74	Oracle MySQL 安全漏洞	CNNVD-202410-1380	CVE-2024-21232	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
75	Oracle MySQL 安全漏洞	CNNVD-202410-1381	CVE-2024-21237	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
76	Oracle MySQL 安全漏洞	CNNVD-202410-1383	CVE-2024-21247	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
77	Oracle MySQL 安全漏洞	CNNVD-202410-1384	CVE-2024-21231	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
78	Oracle MySQL 安全漏洞	CNNVD-202410-1388	CVE-2024-21244	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
79	Oracle Java SE 安全漏洞	CNNVD-202410-1407	CVE-2024-21217	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
80	Oracle Java SE 安全漏洞	CNNVD-202410-1408	CVE-2024-21211	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
81	Oracle Java SE 安全漏洞	CNNVD-202410-1409	CVE-2024-21210	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
82	Oracle Hyperion 安全漏洞	CNNVD-202410-1410	CVE-2024-21257	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
83	Oracle Java SE 安全漏洞	CNNVD-202410-1419	CVE-2024-21208	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
84	Oracle Database Server 安全漏洞	CNNVD-202410-1516	CVE-2024-21242	低危	https://www.oracle.com/security-alerts/cpuoct2024.html
85	Oracle Database Server 安全漏洞	CNNVD-202410-1518	CVE-2024-21251	低危	https://www.oracle.com/security-alerts/cpuoct2024.html

此次更新共包括6个更新漏洞的补丁程序，其中高危漏洞1个，中危漏洞2个，低危漏洞3个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle Java SE 安全漏洞	CNNVD-202407-1739	CVE-2024-21147	高危	https://www.oracle.com/security-alerts/cpujul2024.html
2	Oracle Java SE 安全漏洞	CNNVD-202407-1735	CVE-2024-21140	中危	https://www.oracle.com/security-alerts/cpujul2024.html
3	Oracle Java SE 安全漏洞	CNNVD-202407-1737	CVE-2024-21145	中危	https://www.oracle.com/security-alerts/cpujul2024.html
4	Oracle Java SE 安全漏洞	CNNVD-202407-1734	CVE-2024-21131	低危	https://www.oracle.com/security-alerts/cpujul2024.html
5	Oracle Java SE 安全漏洞	CNNVD-202407-1729	CVE-2024-21138	低危	https://www.oracle.com/security-alerts/cpujul2024.html
6	Oracle Java SE 安全漏洞	CNNVD-202407-1732	CVE-2024-21144	低危	https://www.oracle.com/security-alerts/cpujul2024.html

此次更新共包括225个影响Oracle产品的其他厂商漏洞的补丁程序，其中超危漏洞21个，高危漏洞100个，中危漏洞93个，低危漏洞11个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	厂商	官方链接
1	Apache Chainsaw 代码问题漏洞	CNNVD-202106-1293	CVE-2020-9493	超危	Apache基金会	https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E
2	OpenSSL 操作系统命令注入漏洞	CNNVD-202205-1962	CVE-2022-1292	超危	Openssl团队	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
3	SnakeYAML 代码问题漏洞	CNNVD-202212-1820	CVE-2022-1471	超危	个人开发者	https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
4	OpenSSL 操作系统命令注入漏洞	CNNVD-202206-2112	CVE-2022-2068	超危	OpenSSL	https://www.openssl.org/source/
5	Apache Log4j SQL注入漏洞	CNNVD-202201-1421	CVE-2022-23305	超危	Apache基金会	https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y
6	Dell BSAFE 安全漏洞	CNNVD-202402-197	CVE-2022-34381	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability
7	Apache HTTP Server 环境问题漏洞	CNNVD-202301-1299	CVE-2022-36760	超危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
8	XKCP 输入验证错误漏洞	CNNVD-202210-1541	CVE-2022-37454	超危	XKCP	https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
9	Apache Derby 注入漏洞	CNNVD-202311-1655	CVE-2022-46337	超危	Apache基金会	https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
10	Certifi 数据伪造问题漏洞	CNNVD-202307-2046	CVE-2023-37920	超危	Certifi	https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
11	OpenSSH 代码问题漏洞	CNNVD-202307-1721	CVE-2023-38408	超危	OpenBSD	https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
12	curl 缓冲区错误漏洞	CNNVD-202310-917	CVE-2023-38545	超危	curl	https://github.com/curl/curl/commit/fb4415d8aee6c1
13	Apache ZooKeeper 安全漏洞	CNNVD-202310-856	CVE-2023-44981	超危	Apache基金会	https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b
14	zlib 输入验证错误漏洞	CNNVD-202310-1086	CVE-2023-45853	超危	个人开发者	https://github.com/madler/zlib/pull/843
15	Pillow 安全漏洞	CNNVD-202401-1886	CVE-2023-50447	超危	个人开发者	https://github.com/python-pillow/Pillow/releases/tag/10.2
16	OpenSSH 安全漏洞	CNNVD-202312-1665	CVE-2023-51385	超危	OpenBSD	https://www.openssh.com/txt/release-9.6
17	PHP 安全漏洞	CNNVD-202404-3501	CVE-2024-1874	超危	PHP	https://www.php.net/downloads.php
18	RequireJS 安全漏洞	CNNVD-202407-034	CVE-2024-38999	超危	RequireJS	https://github.com/requirejs/r.js
19	Jenkins 安全漏洞	CNNVD-202408-533	CVE-2024-43044	超危	Jenkins	https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430
20	libexpat 安全漏洞	CNNVD-202408-2839	CVE-2024-45490	超危	libexpat	https://github.com/libexpat/libexpat
21	PHP 操作系统命令注入漏洞	CNNVD-202406-852	CVE-2024-4577	超危	PHP	https://www.php.net/downloads
22	jackson-mapper-asl 代码问题漏洞	CNNVD-201911-1110	CVE-2019-10172	高危	个人开发者	https://mvnrepository.com/artifact/org.codehaus.jackson
23	OpenSSH 操作系统命令注入漏洞	CNNVD-202007-1519	CVE-2020-15778	高危	OpenBSD	https://www.openssh.com/
24	Npm underscore 代码注入漏洞	CNNVD-202103-1621	CVE-2021-23358	高危	Npm	https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504
25	Netty 资源管理错误漏洞	CNNVD-202110-1442	CVE-2021-37136	高危	Netty社区	https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
26	Netty 资源管理错误漏洞	CNNVD-202110-1441	CVE-2021-37137	高危	Netty社区	https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
27	Apache Log4j 代码问题漏洞	CNNVD-202201-1420	CVE-2022-23302	高危	Apache基金会	https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w
28	Apache Log4j 代码问题漏洞	CNNVD-202201-1425	CVE-2022-23307	高危	Apache基金会	https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
29	grub2 安全漏洞	CNNVD-202211-2822	CVE-2022-2601	高危	GNU社区	https://access.redhat.com/security/cve/cve-2022-2601
30	Moment.js 资源管理错误漏洞	CNNVD-202207-502	CVE-2022-31129	高危	个人开发者	https://github.com/moment/moment/pull/6015#issuecomment-1152961973
31	Apache Xalan 输入验证错误漏洞	CNNVD-202207-1617	CVE-2022-34169	高危	Apache基金会	https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
32	Intel(R) oneAPI DPC++/C++ Compiler 代码问题漏洞	CNNVD-202301-904	CVE-2022-38136	高危	Intel	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
33	OpenSSL 安全漏洞	CNNVD-202212-2982	CVE-2022-3996	高危	OpenSSL	https://github.com/openssl/openssl/
34	Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞	CNNVD-202301-905	CVE-2022-40196	高危	Intel	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
35	Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞	CNNVD-202301-906	CVE-2022-41342	高危	Intel	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
36	Python 安全漏洞	CNNVD-202210-2513	CVE-2022-42919	高危	Python基金会	https://github.com/python/cpython/issues/97514
37	OpenSSL 资源管理错误漏洞	CNNVD-202302-510	CVE-2022-4450	高危	OpenSSL	https://www.openssl.org/news/secadv/20230207.txt
38	Python 资源管理错误漏洞	CNNVD-202211-2414	CVE-2022-45061	高危	Python基金会	https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html
39	OpenSSL 资源管理错误漏洞	CNNVD-202302-521	CVE-2023-0215	高危	OpenSSL	https://ubuntu.com/security/notices/USN-5845-1
40	OpenSSL 代码问题漏洞	CNNVD-202302-512	CVE-2023-0216	高危	OpenSSL	https://ubuntu.com/security/notices/USN-5844-1
41	OpenSSL 代码问题漏洞	CNNVD-202302-516	CVE-2023-0217	高危	OpenSSL	https://ubuntu.com/security/notices/USN-5844-1
42	OpenSSL 安全漏洞	CNNVD-202302-524	CVE-2023-0286	高危	OpenSSL	https://ubuntu.com/security/notices/USN-5845-1
43	OpenSSL 代码问题漏洞	CNNVD-202302-518	CVE-2023-0401	高危	OpenSSL	https://ubuntu.com/security/notices/USN-5844-1
44	Apache Hadoop 代码问题漏洞	CNNVD-202311-1444	CVE-2023-26031	高危	Apache基金会	https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r
45	Apache Log4j 代码问题漏洞	CNNVD-202303-736	CVE-2023-26464	高危	Apache基金会	https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t
46	Intel oneAPI Toolkits 代码问题漏洞	CNNVD-202308-1031	CVE-2023-28823	高危	Intel	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
47	OpenLDAP 代码问题漏洞	CNNVD-202305-2588	CVE-2023-2953	高危	OpenLDAP	https://www.openldap.org/software/download/
48	Google Guava 安全漏洞	CNNVD-202306-1141	CVE-2023-2976	高危	Google	https://github.com/google/guava
49	snappy-java 输入验证错误漏洞	CNNVD-202306-1200	CVE-2023-34453	高危	个人开发者	https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
50	snappy-java 输入验证错误漏洞	CNNVD-202306-1198	CVE-2023-34454	高危	个人开发者	https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r
51	Snappy 输入验证错误漏洞	CNNVD-202306-1248	CVE-2023-34455	高危	个人开发者	https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh
52	Okio 安全漏洞	CNNVD-202307-1161	CVE-2023-3635	高危	square	https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
53	Apache Avro 代码问题漏洞	CNNVD-202309-2636	CVE-2023-39410	高危	Apache基金会	https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
54	Eclipse Parsson 安全漏洞	CNNVD-202311-268	CVE-2023-4043	高危	Eclipse基金会	https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31
55	Apple iOS 和 iPadOS 安全漏洞	CNNVD-202403-3045	CVE-2023-42950	高危	Apple	https://support.apple.com/en-us/HT214035
56	Snappy 安全漏洞	CNNVD-202309-2204	CVE-2023-43642	高危	个人开发者	https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
57	Apache HTTP/2 资源管理错误漏洞	CNNVD-202310-667	CVE-2023-44487	高危	Apache基金会	https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
58	Google Go 安全漏洞	CNNVD-202404-632	CVE-2023-45288	高危	Google	https://pkg.go.dev/vuln/GO-2024-2687
59	Pallets Werkzeug 缓冲区错误漏洞	CNNVD-202310-2005	CVE-2023-46136	高危	Pallets	https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
60	Eclipse JGit 安全漏洞	CNNVD-202309-850	CVE-2023-4759	高危	Eclipse基金会	https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11
61	OpenSSL 安全漏洞	CNNVD-202309-665	CVE-2023-4807	高危	OpenSSL	https://www.openssl.org/news/secadv/20230908.txt
62	Google Chrome 缓冲区错误漏洞	CNNVD-202309-784	CVE-2023-4863	高危	Google	https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
63	JSON-Java 安全漏洞	CNNVD-202310-951	CVE-2023-5072	高危	个人开发者	https://github.com/stleary/JSON-java/
64	jose4j 安全漏洞	CNNVD-202402-2688	CVE-2023-51775	高危	Bitbucket	https://bitbucket.org/b_c/jose4j/downloads/
65	libexpat 安全漏洞	CNNVD-202402-245	CVE-2023-52425	高危	个人开发者	https://github.com/libexpat/libexpat/pull/789
66	Connect2id Nimbus JOSE+JWT 安全漏洞	CNNVD-202402-845	CVE-2023-52428	高危	Connect2id	https://connect2id.com/products/nimbus-jose-jwt
67	OpenSSL 安全漏洞	CNNVD-202310-1871	CVE-2023-5363	高危	OpenSSL团队	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
68	Red Hat XNIO 资源管理错误漏洞	CNNVD-202403-455	CVE-2023-5685	高危	Red Hat	https://github.com/xnio/xnio/tags
69	Python 安全漏洞	CNNVD-202403-1882	CVE-2023-6597	高危	Python	https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
70	X.org Server 安全漏洞	CNNVD-202401-1731	CVE-2023-6816	高危	X.org	https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11
71	X.org Server 安全漏洞	CNNVD-202401-1736	CVE-2024-0229	高危	X.org	https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-21.1.11
72	X.org Server 安全漏洞	CNNVD-202401-1733	CVE-2024-21885	高危	X.org	https://www.x.org/wiki/XServer/
73	X.org Server 安全漏洞	CNNVD-202401-1732	CVE-2024-21886	高危	X.org	https://www.x.org/wiki/XServer/
74	Node.js 安全漏洞	CNNVD-202407-536	CVE-2024-22020	高危	Node.js	https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
75	Eclipse Jetty 安全漏洞	CNNVD-202402-2103	CVE-2024-22201	高危	Eclipse	https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
76	VMware Spring Security 安全漏洞	CNNVD-202403-1650	CVE-2024-22257	高危	VMware	https://spring.io/security/cve-2024-22257
77	Spring Framework 安全漏洞	CNNVD-202404-2193	CVE-2024-22262	高危	Spring	https://spring.io/security/cve-2024-22262
78	Apache Tomcat 安全漏洞	CNNVD-202403-1180	CVE-2024-23672	高危	Apache	https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
79	Apache Xerces-C 资源管理错误漏洞	CNNVD-202402-1469	CVE-2024-23807	高危	Apache	https://github.com/apache/xerces-c/pull/54
80	Curl 安全漏洞	CNNVD-202403-2674	CVE-2024-2398	高危	Curl	https://curl.se/docs/CVE-2024-2398.html
81	Apache Tomcat 输入验证错误漏洞	CNNVD-202403-1179	CVE-2024-24549	高危	Apache	https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
82	F5 Nginx 安全漏洞	CNNVD-202402-1248	CVE-2024-24989	高危	F5	https://my.f5.com/manage/s/article/K000138444
83	F5 Nginx 安全漏洞	CNNVD-202402-1247	CVE-2024-24990	高危	F5	https://my.f5.com/manage/s/article/K000138445
84	libxml2 安全漏洞	CNNVD-202402-242	CVE-2024-25062	高危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/-/tags
85	OpenSSL 安全漏洞	CNNVD-202404-941	CVE-2024-2511	高危	OpenSSL	https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
86	libheif 安全漏洞	CNNVD-202403-378	CVE-2024-25269	高危	个人开发者	https://github.com/strukturag/libheif/pull/1074
87	python-cryptography 安全漏洞	CNNVD-202402-1783	CVE-2024-26130	高危	Cryptographic	https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
88	Node.js 安全漏洞	CNNVD-202404-991	CVE-2024-27983	高危	Node.js	https://nodejs.org/en/blog/vulnerability/april-2024-security-releases
89	Apache Commons Configuration 缓冲区错误漏洞	CNNVD-202403-2143	CVE-2024-29131	高危	Apache	https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
90	Apache Commons Configuration 缓冲区错误漏洞	CNNVD-202403-2142	CVE-2024-29133	高危	Apache	https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2
91	Bouncy Castle 安全漏洞	CNNVD-202405-2601	CVE-2024-29857	高危	Bouncy Castle	https://www.bouncycastle.org/latest_releases.html
92	aiohttp 安全漏洞	CNNVD-202405-305	CVE-2024-30251	高危	aio-libs	https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5
93	X.org Server 安全漏洞	CNNVD-202404-510	CVE-2024-31080	高危	X.org	https://www.x.org/wiki/Development/Documentation/SubmittingPatches/
94	X.org Server 资源管理错误漏洞	CNNVD-202404-682	CVE-2024-31083	高危	X.org	https://www.x.org/wiki/Development/Documentation/SubmittingPatches/
95	Apache CXF 安全漏洞	CNNVD-202407-1957	CVE-2024-32007	高危	Apache	https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633
96	Apache ActiveMQ 安全漏洞	CNNVD-202405-256	CVE-2024-32114	高危	Apache	https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt
97	glibc 安全漏洞	CNNVD-202405-1511	CVE-2024-33599	高危	GNU	https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005
98	glibc 安全漏洞	CNNVD-202404-3209	CVE-2024-33602	高危	GNU	https://sourceware.org/bugzilla/show_bug.cgi?id=31680
99	Apache Tomcat 安全漏洞	CNNVD-202407-326	CVE-2024-34750	高危	Apache	https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
100	Node.js 安全漏洞	CNNVD-202409-508	CVE-2024-36138	高危	Node.js	https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
101	MIT Kerberos 安全漏洞	CNNVD-202406-3113	CVE-2024-37370	高危	MIT	https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
102	Apache HTTP Server 安全漏洞	CNNVD-202407-094	CVE-2024-38474	高危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
103	Apache HTTP Server 安全漏洞	CNNVD-202407-093	CVE-2024-38475	高危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
104	Apache HTTP Server 代码问题漏洞	CNNVD-202407-091	CVE-2024-38477	高危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
105	VMware Spring Framework 安全漏洞	CNNVD-202409-1142	CVE-2024-38816	高危	VMware	https://spring.io/security/cve-2024-38816
106	Certifi 安全漏洞	CNNVD-202407-421	CVE-2024-39689	高危	Certifi	https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
107	Apache HTTP Server 安全漏洞	CNNVD-202407-339	CVE-2024-39884	高危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
108	Apache CXF 安全漏洞	CNNVD-202407-1956	CVE-2024-41172	高危	Apache	https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6
109	ImageMagick 安全漏洞	CNNVD-202407-2766	CVE-2024-41817	高危	ImageMagick	https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.1-36
110	libexpat 输入验证错误漏洞	CNNVD-202408-2842	CVE-2024-45491	高危	libexpat	https://github.com/libexpat/libexpat
111	libexpat 输入验证错误漏洞	CNNVD-202408-2841	CVE-2024-45492	高危	libexpat	https://github.com/libexpat/libexpat
112	DOMPurify 安全漏洞	CNNVD-202409-1375	CVE-2024-45801	高危	个人开发者	https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674
113	PHP 安全漏洞	CNNVD-202406-829	CVE-2024-5458	高危	PHP	https://www.php.net/downloads
114	PHP 安全漏洞	CNNVD-202406-828	CVE-2024-5585	高危	PHP	https://www.php.net/downloads
115	Red Hat Undertow 安全漏洞	CNNVD-202407-518	CVE-2024-5971	高危	Red Hat	https://access.redhat.com/security/cve/CVE-2024-5971
116	Red Hat Undertow 资源管理错误漏洞	CNNVD-202406-2368	CVE-2024-6162	高危	Red Hat	https://bugzilla.redhat.com/show_bug.cgi?id=2293069
117	setuptools 代码注入漏洞	CNNVD-202407-1480	CVE-2024-6345	高危	PyPI	https://github.com/pypa/setuptools/releases/tag/v70.3
118	OpenSSH 竞争条件问题漏洞	CNNVD-202407-017	CVE-2024-6387	高危	OpenBSD	https://www.openssh.com/txt/release-9.8
119	Protocol Buffers 安全漏洞	CNNVD-202409-1841	CVE-2024-7254	高危	Protocol Buffers	http://protobuf.dev/
120	curl 安全漏洞	CNNVD-202407-3105	CVE-2024-7264	高危	cURL	https://curl.se/docs/CVE-2024-7264.html
121	Red Hat Undertow 竞争条件问题漏洞	CNNVD-202408-2070	CVE-2024-7885	高危	Red Hat	https://undertow.io/
122	jQuery 跨站脚本漏洞	CNNVD-202004-2429	CVE-2020-11022	中危	个人开发者	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
123	jQuery 跨站脚本漏洞	CNNVD-202004-2420	CVE-2020-11023	中危	个人开发者	https://jquery.com/upgrade-guide/3.5/
124	Apache HttpClient 安全漏洞	CNNVD-202010-372	CVE-2020-13956	中危	Apache基金会	https://www.apache.org/
125	OpenSSH 信息泄露漏洞	CNNVD-202006-1822	CVE-2020-14145	中危	Openbsd计划组	https://www.openssh.com/
126	Apache Groovy 安全漏洞	CNNVD-202012-422	CVE-2020-17521	中危	Apache基金会	https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
127	Jakarta Expression Language 输入验证错误漏洞	CNNVD-202105-1760	CVE-2021-28170	中危	Jakarta	https://jakarta.ee/specifications/expression-language/3.
128	Sprymedia Datatables 跨站脚本漏洞	CNNVD-202303-377	CVE-2021-36713	中危	Sprymedia	https://github.com/DataTables/DataTables/releases/tag/1.10.21
129	jQuery 跨站脚本漏洞	CNNVD-202110-1843	CVE-2021-41182	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
130	jQuery 跨站脚本漏洞	CNNVD-202110-1839	CVE-2021-41183	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
131	Openjs Jquery Ui 跨站脚本漏洞	CNNVD-202110-1845	CVE-2021-41184	中危	Openjs基金会	https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
132	Xerces 安全漏洞	CNNVD-202201-2238	CVE-2022-23437	中危	Apache基金会	https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl
133	jQuery 跨站脚本漏洞	CNNVD-202207-2121	CVE-2022-31160	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
134	jsoup 跨站脚本漏洞	CNNVD-202208-4329	CVE-2022-36033	中危	个人开发者	https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
135	OpenSSL 缓冲区错误漏洞	CNNVD-202302-506	CVE-2022-4203	中危	OpenSSL	https://www.openssl.org/news/secadv/20230207.txt
136	OpenSSL 安全漏洞	CNNVD-202302-514	CVE-2022-4304	中危	OpenSSL	https://www.openssl.org/news/secadv/20230207.txt
137	Spring Framework 安全漏洞	CNNVD-202304-1094	CVE-2023-20863	中危	Spring	https://spring.io/security/cve-2023-20863
138	NTP 缓冲区错误漏洞	CNNVD-202304-899	CVE-2023-26551	中危	nwtime	https://www.ntppool.org/zh/
139	NTP 缓冲区错误漏洞	CNNVD-202304-898	CVE-2023-26552	中危	nwtime	https://www.ntppool.org/zh/
140	NTP 缓冲区错误漏洞	CNNVD-202304-897	CVE-2023-26553	中危	nwtime	https://www.ntppool.org/zh/
141	NTP 缓冲区错误漏洞	CNNVD-202304-892	CVE-2023-26554	中危	nwtime	https://www.ntppool.org/zh/
142	NTP 缓冲区错误漏洞	CNNVD-202304-891	CVE-2023-26555	中危	nwtime	https://www.ntppool.org/zh/
143	Intel oneAPI Toolkits 安全漏洞	CNNVD-202308-1047	CVE-2023-27391	中危	Intel	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
144	CKEditor 跨站脚本漏洞	CNNVD-202303-1790	CVE-2023-28439	中危	CKEditor	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
145	libxml2 代码问题漏洞	CNNVD-202304-908	CVE-2023-28484	中危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
146	libxml2 资源管理错误漏洞	CNNVD-202304-907	CVE-2023-29469	中危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
147	Bouncy Castle 信任管理问题漏洞	CNNVD-202307-168	CVE-2023-33201	中危	Bouncy Castle	https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
148	VMware Spring Boot 安全漏洞	CNNVD-202311-2124	CVE-2023-34055	中危	VMware	https://github.com/spring-projects/spring-boot/releases/tag/v3.0.
149	FasterXML jackson-databind 代码问题漏洞	CNNVD-202306-1121	CVE-2023-35116	中危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/3972
150	lrzip 安全漏洞	CNNVD-202308-1538	CVE-2023-39743	中危	个人开发者	https://github.com/pete4abw/lrzip-next/issues/132
151	Apache Commons Compress 资源管理错误漏洞	CNNVD-202309-1000	CVE-2023-42503	中危	Apache基金会	https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
152	Apple iOS 和 iPadOS 安全漏洞	CNNVD-202402-1738	CVE-2023-42843	中危	Apple	https://support.apple.com/en-us/HT213981
153	Apple iOS 和 iPadOS 安全漏洞	CNNVD-202403-3044	CVE-2023-42956	中危	Apple	https://support.apple.com/en-us/HT214035
154	Apache Santuario 日志信息泄露漏洞	CNNVD-202310-1720	CVE-2023-44483	中危	Apache基金会	https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
155	OpenSSH 安全漏洞	CNNVD-202312-1668	CVE-2023-48795	中危	OpenBSD	https://www.openssh.com/openbsd.html
156	Python cryptography 代码问题漏洞	CNNVD-202311-2230	CVE-2023-49083	中危	Python基金会	https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
157	OpenSSH 安全漏洞	CNNVD-202312-1662	CVE-2023-51384	中危	OpenBSD	https://www.openssh.com/txt/release-9.6
158	libexpat 安全漏洞	CNNVD-202402-243	CVE-2023-52426	中危	个人开发者	https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
159	OpenSSL 代码问题漏洞	CNNVD-202311-423	CVE-2023-5678	中危	OpenSSL	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
160	OpenSSL 安全漏洞	CNNVD-202401-736	CVE-2023-6129	中危	OpenSSL	https://www.openssl.org/news/secadv/20240109.txt
161	OpenSSL 安全漏洞	CNNVD-202401-1378	CVE-2023-6237	中危	OpenSSL	https://git.openssl.org/?p=openssl.git;a=commit;h=18c02492138d1eb8b6548cb26e7b625fb2414a2a
162	SQLite 安全漏洞	CNNVD-202312-2480	CVE-2023-7104	中危	SQLite	https://sqlite.org/releaselog/3_44_2.html
163	SQLite 安全漏洞	CNNVD-202401-1406	CVE-2024-0232	中危	个人开发者	https://sqlite.org/forum/forumpost/4aa381993a
164	Python 安全漏洞	CNNVD-202403-1880	CVE-2024-0450	中危	Python	https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85
165	Apple Safari 安全漏洞	CNNVD-202403-713	CVE-2024-23254	中危	Apple	https://support.apple.com/en-us/HT214089
166	Apple Safari 安全漏洞	CNNVD-202403-708	CVE-2024-23263	中危	Apple	https://support.apple.com/en-us/HT214089
167	Apple Safari 安全漏洞	CNNVD-202403-705	CVE-2024-23280	中危	Apple	https://support.apple.com/en-us/HT214089
168	Apple Safari 安全漏洞	CNNVD-202403-699	CVE-2024-23284	中危	Apple	https://support.apple.com/en-us/HT214089
169	OWASP AntiSamy 跨站脚本漏洞	CNNVD-202402-204	CVE-2024-23635	中危	OWASP	https://github.com/nahsra/antisamy/releases/tag/v1.7.5
170	Apache Zookeeper 信息泄露漏洞	CNNVD-202403-1401	CVE-2024-23944	中危	Apache	https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k
171	PHP 安全漏洞	CNNVD-202406-854	CVE-2024-2408	中危	PHP	https://www.php.net/
172	dnsjava 安全漏洞	CNNVD-202407-2260	CVE-2024-25638	中危	dnsjava	https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw
173	Apache Commons Compress 安全漏洞	CNNVD-202402-1528	CVE-2024-25710	中危	Apache	https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
174	Apache Commons Compress 安全漏洞	CNNVD-202402-1527	CVE-2024-26308	中危	Apache	https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
175	aiohttp 跨站脚本漏洞	CNNVD-202404-2760	CVE-2024-27306	中危	aiohttp	https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
176	Apple iOS 和 iPadOS 安全漏洞	CNNVD-202405-1869	CVE-2024-27834	中危	Apple	https://support.apple.com/en-us/HT214101
177	Nghttp2 安全漏洞	CNNVD-202404-586	CVE-2024-28182	中危	Nghttp2	https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
178	Apache CXF 代码问题漏洞	CNNVD-202403-1399	CVE-2024-28752	中危	Apache	https://cxf.apache.org/
179	Follow Redirects 信息泄露漏洞	CNNVD-202403-1332	CVE-2024-28849	中危	个人开发者	https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
180	Intel IPP 安全漏洞	CNNVD-202408-1264	CVE-2024-28887	中危	Intel	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html
181	Netty 安全漏洞	CNNVD-202403-2434	CVE-2024-29025	中危	Netty	https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
182	GNU C Library 安全漏洞	CNNVD-202404-2641	CVE-2024-2961	中危	GNU	https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
183	Apache CXF 代码问题漏洞	CNNVD-202407-1958	CVE-2024-29736	中危	Apache	https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2
184	F5 Nginx 安全漏洞	CNNVD-202405-4793	CVE-2024-31079	中危	F5	https://my.f5.com/manage/s/article/K000139611
185	Jasper 安全漏洞	CNNVD-202404-2850	CVE-2024-31744	中危	Jasper	https://github.com/jasper-software/jasper/releases/tag/version-4.2.3
186	F5 Nginx 安全漏洞	CNNVD-202405-4792	CVE-2024-32760	中危	F5	https://my.f5.com/manage/s/article/K000139609
187	glibc 安全漏洞	CNNVD-202404-3208	CVE-2024-33600	中危	GNU	https://sourceware.org/bugzilla/show_bug.cgi?id=31678
188	glibc 安全漏洞	CNNVD-202404-3210	CVE-2024-33601	中危	GNU	https://sourceware.org/bugzilla/show_bug.cgi?id=31679
189	RARLAB WinRAR 安全漏洞	CNNVD-202404-3492	CVE-2024-33899	中危	RARLAB	https://www.rarlab.com/rarnew.htm
190	F5 Nginx 安全漏洞	CNNVD-202405-4791	CVE-2024-34161	中危	F5	https://my.f5.com/manage/s/article/K000139627
191	F5 Nginx 安全漏洞	CNNVD-202405-4790	CVE-2024-35200	中危	F5	https://my.f5.com/manage/s/article/K000139612
192	WinRAR 安全漏洞	CNNVD-202405-3858	CVE-2024-36052	中危	个人开发者	https://www.rarlab.com/rarnew.htm
193	Apache HTTP Server 代码问题漏洞	CNNVD-202407-101	CVE-2024-36387	中危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
194	Red Hat Undertow 安全漏洞	CNNVD-202407-521	CVE-2024-3653	中危	Red Hat	https://undertow.io/
195	MIT Kerberos 安全漏洞	CNNVD-202406-3108	CVE-2024-37371	中危	MIT	https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
196	urllib3 安全漏洞	CNNVD-202406-1954	CVE-2024-37891	中危	urllib3	https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
197	Tiny Technologies TinyMCE 安全漏洞	CNNVD-202406-2256	CVE-2024-38356	中危	Tiny Technologies	https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph
198	Tiny Technologies TinyMCE 安全漏洞	CNNVD-202406-2249	CVE-2024-38357	中危	Tiny Technologies	https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x
199	Apache HTTP Server 安全漏洞	CNNVD-202407-096	CVE-2024-38472	中危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
200	Apache HTTP Server 安全漏洞	CNNVD-202407-095	CVE-2024-38473	中危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
201	Apache HTTP Server 安全漏洞	CNNVD-202407-092	CVE-2024-38476	中危	Apache	https://lists.apache.org/thread/p2xfjsvpogyrg4hw9cjs2nrnqnl34qf0
202	Spring Framework 安全漏洞	CNNVD-202408-1848	CVE-2024-38808	中危	VMware	https://spring.io/security/cve-2024-38808
203	VMware Spring Framework 安全漏洞	CNNVD-202409-2323	CVE-2024-38809	中危	VMware	https://spring.io/security/cve-2024-38809
204	RequireJS 安全漏洞	CNNVD-202407-032	CVE-2024-38998	中危	RequireJS	https://github.com/requirejs/r.js
205	Apache HTTP Server 输入验证错误漏洞	CNNVD-202407-086	CVE-2024-39573	中危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
206	Apache HTTP Server 安全漏洞	CNNVD-202407-1912	CVE-2024-40725	中危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
207	Apache HTTP Server 代码问题漏洞	CNNVD-202407-1910	CVE-2024-40898	中危	Apache	https://httpd.apache.org/security/vulnerabilities_24.html
208	Apache MINA SSHD 安全漏洞	CNNVD-202408-865	CVE-2024-41909	中危	Apache	https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b
209	Jenkins 安全漏洞	CNNVD-202408-532	CVE-2024-43045	中危	Jenkins	https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349
210	CKEditor4 安全漏洞	CNNVD-202408-2064	CVE-2024-43407	中危	CKEditor	https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l
211	OpenSSL 安全漏洞	CNNVD-202405-4739	CVE-2024-4741	中危	OpenSSL	https://github.com/openssl/openssl
212	OpenSSL 安全漏洞	CNNVD-202409-141	CVE-2024-6119	中危	OpenSSL	https://openssl-library.org/news/secadv/20240903.txt
213	CPython 安全漏洞	CNNVD-202409-120	CVE-2024-6232	中危	Python	https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
214	Python 安全漏洞	CNNVD-202408-1775	CVE-2024-7592	中危	Python	https://github.com/jeremyhylton/cpython/commit/1587608515127032778669c8232d46ec6d8f593c
215	Google Guava 访问控制错误漏洞	CNNVD-202012-827	CVE-2020-8908	低危	Google	https://github.com/google/guava/issues/4011
216	OpenSSH 授权问题漏洞	CNNVD-202203-1230	CVE-2021-36368	低危	OpenBSD	https://www.openssh.com/security.html
217	Pip 命令注入漏洞	CNNVD-202310-1912	CVE-2023-5752	低危	Python Packaging Authority	https://github.com/pypa/pip/releases/tag/23.3.1
218	libssh 安全漏洞	CNNVD-202312-1736	CVE-2023-6004	低危	libssh	https://www.libssh.org/files/0.10/
219	libssh 安全漏洞	CNNVD-202312-1734	CVE-2023-6918	低危	libssh	https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
220	OpenSSL 安全漏洞	CNNVD-202401-2353	CVE-2024-0727	低危	OpenSSL	https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
221	Node.js 安全漏洞	CNNVD-202407-1007	CVE-2024-22018	低危	Node.js	https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
222	Node.js 安全漏洞	CNNVD-202409-509	CVE-2024-36137	低危	Node.js	https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
223	CKEditor 安全漏洞	CNNVD-202408-2102	CVE-2024-43411	低危	个人开发者	https://github.com/ckeditor/ckeditor4/releases/tag/4.25.0-l
224	OpenSSL 安全漏洞	CNNVD-202405-2902	CVE-2024-4603	低危	OpenSSL	https://www.openssl.org/news/secadv/20240516.txt
225	OpenSSL 安全漏洞	CNNVD-202406-2936	CVE-2024-5535	低危	OpenSSL	https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87

三
修复建议

目前，Oracle官方已经发布补丁修复了上述漏洞，建议用户及时确认漏洞影响，尽快采取修补措施。

Oracle官方补丁下载地址：

https://www.oracle.com/security-alerts/cpuoct2024.html

CNNVD将继续跟踪上述漏洞的相关情况，及时发布相关信息。如有需要，可与CNNVD联系。

联系方式：[email protected]

（来源：CNNVD）

分享网络安全知识强化网络安全意识

欢迎关注《中国信息安全》杂志官方抖音号

《中国信息安全》杂志倾力推荐

“企业成长计划”

点击下图了解详情

文章来源: https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664227620&idx=4&sn=e9585c8752086698d13714a906e6256c&chksm=8b59e1ddbc2e68cb89f65aeb671229f601d5cc51c1faa29f8cc724c2e7a1893aba22919cf478&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh

一 漏洞介绍

二漏洞详情

三修复建议

一
漏洞介绍

二
漏洞详情

三
修复建议