近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞93个,影响到Oracle产品的其他厂商漏洞275个。包括Oracle Fusion Middleware 安全漏洞(CNNVD-202304-1464、CVE-2023-21996)、Oracle Virtualization 安全漏洞(CNNVD-202304-1468、CVE-2023-21990)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年4月18日,Oracle发布了2023年4月份安全更新,共368个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Hospitality Applications、Oracle Java SE、Oracle Solaris、Oracle E-Business Suite、Oracle Health Sciences Applications等。CNNVD对其危害等级进行了评价,其中超危漏洞54个,高危漏洞157个,中危漏洞145个,低危漏洞9个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpuapr2023.html
二、漏洞详情
此次更新共包括91个新增漏洞的补丁程序,其中高危漏洞14个,中危漏洞68个,低危漏洞9个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202304-1464 | CVE-2023-21996 | 高危 | https://www.oracle.com/security-alerts/cpuapr2040.html |
2 | Oracle Virtualization 安全漏洞 | CNNVD-202304-1468 | CVE-2023-21990 | 高危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
3 | Oracle Virtualization 安全漏洞 | CNNVD-202304-1471 | CVE-2023-21987 | 高危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
4 | Oracle Solaris 安全漏洞 | CNNVD-202304-1474 | CVE-2023-21985 | 高危 | https://www.oracle.com/security-alerts/cpuapr2032.html |
5 | Oracle MySQL 安全漏洞 | CNNVD-202304-1478 | CVE-2023-21980 | 高危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
6 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202304-1479 | CVE-2023-21979 | 高危 | https://www.oracle.com/security-alerts/cpuapr2037.html |
7 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202304-1492 | CVE-2023-21964 | 高危 | https://www.oracle.com/security-alerts/cpuapr2038.html |
8 | Oracle Solaris 安全漏洞 | CNNVD-202304-1504 | CVE-2023-21948 | 高危 | https://www.oracle.com/security-alerts/cpuapr2028.html |
9 | Oracle Solaris 安全漏洞 | CNNVD-202304-1512 | CVE-2023-21896 | 高危 | https://www.oracle.com/security-alerts/cpuapr2031.html |
10 | Oracle MySQL 安全漏洞 | CNNVD-202304-1533 | CVE-2023-21912 | 高危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
11 | Oracle Hospitality Applications 安全漏洞 | CNNVD-202304-1537 | CVE-2023-21932 | 高危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
12 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202304-1541 | CVE-2023-21931 | 高危 | https://www.oracle.com/security-alerts/cpuapr2036.html |
13 | Oracle Health Sciences Applications 安全漏洞 | CNNVD-202304-1545 | CVE-2023-21923 | 高危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
14 | Oracle Java SE 安全漏洞 | CNNVD-202304-1547 | CVE-2023-21930 | 高危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
15 | Oracle Virtualization 安全漏洞 | CNNVD-202304-1458 | CVE-2023-22002 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
16 | Oracle Virtualization 安全漏洞 | CNNVD-202304-1460 | CVE-2023-22000 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
17 | Oracle Virtualization 安全漏洞 | CNNVD-202304-1461 | CVE-2023-22001 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
18 | Oracle Virtualization 安全漏洞 | CNNVD-202304-1462 | CVE-2023-21998 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
19 | Oracle E-Business Suite 安全漏洞 | CNNVD-202304-1463 | CVE-2023-21997 | 中危 | https://www.oracle.com/security-alerts/cpuapr2034.html |
20 | Oracle Health Sciences Applications 安全漏洞 | CNNVD-202304-1465 | CVE-2023-21993 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
21 | Oracle PeopleSoft Products 安全漏洞 | CNNVD-202304-1467 | CVE-2023-21992 | 中危 | https://www.oracle.com/security-alerts/cpuapr2041.html |
22 | Oracle Virtualization 安全漏洞 | CNNVD-202304-1469 | CVE-2023-21989 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
23 | Oracle Java SE 安全漏洞 | CNNVD-202304-1472 | CVE-2023-21986 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
24 | Oracle MySQL 安全漏洞 | CNNVD-202304-1475 | CVE-2023-21982 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
25 | Oracle Solaris 安全漏洞 | CNNVD-202304-1476 | CVE-2023-21984 | 中危 | https://www.oracle.com/security-alerts/cpuapr2030.html |
26 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202304-1477 | CVE-2023-21981 | 中危 | https://www.oracle.com/security-alerts/cpuapr2042.html |
27 | Oracle E-Business Suite 安全漏洞 | CNNVD-202304-1480 | CVE-2023-21978 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
28 | Oracle MySQL 安全漏洞 | CNNVD-202304-1481 | CVE-2023-21977 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
29 | Oracle MySQL 安全漏洞 | CNNVD-202304-1482 | CVE-2023-21976 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
30 | Oracle E-Business Suite 安全漏洞 | CNNVD-202304-1483 | CVE-2023-21973 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
31 | Oracle MySQL 安全漏洞 | CNNVD-202304-1484 | CVE-2023-21972 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
32 | Oracle MySQL 安全漏洞 | CNNVD-202304-1486 | CVE-2023-21971 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
33 | Oracle BI Publisher 安全漏洞 | CNNVD-202304-1487 | CVE-2023-21970 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
34 | Oracle Java SE 安全漏洞 | CNNVD-202304-1489 | CVE-2023-21967 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
35 | Oracle MySQL 安全漏洞 | CNNVD-202304-1490 | CVE-2023-21966 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
36 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202304-1491 | CVE-2023-21965 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
37 | Oracle SQL Developer 安全漏洞 | CNNVD-202304-1493 | CVE-2023-21969 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
38 | Oracle MySQL 安全漏洞 | CNNVD-202304-1495 | CVE-2023-21962 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
39 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202304-1496 | CVE-2023-21960 | 中危 | https://www.oracle.com/security-alerts/cpuapr2035.html |
40 | Oracle E-Business Suite 安全漏洞 | CNNVD-202304-1497 | CVE-2023-21959 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
41 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202304-1498 | CVE-2023-21956 | 中危 | https://www.oracle.com/security-alerts/cpuapr2039.html |
42 | Oracle MySQL 安全漏洞 | CNNVD-202304-1499 | CVE-2023-21955 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
43 | Oracle MySQL 安全漏洞 | CNNVD-202304-1500 | CVE-2023-21953 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
44 | Oracle Java SE 安全漏洞 | CNNVD-202304-1501 | CVE-2023-21954 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
45 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202304-1502 | CVE-2023-21952 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
46 | Oracle MySQL 安全漏洞 | CNNVD-202304-1503 | CVE-2023-21947 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
47 | Oracle MySQL 安全漏洞 | CNNVD-202304-1505 | CVE-2023-21946 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
48 | Oracle MySQL 安全漏洞 | CNNVD-202304-1506 | CVE-2023-21945 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
49 | Oracle Essbase 安全漏洞 | CNNVD-202304-1507 | CVE-2023-21944 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
50 | Oracle Essbase 安全漏洞 | CNNVD-202304-1508 | CVE-2023-21943 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
51 | Oracle Essbase 安全漏洞 | CNNVD-202304-1509 | CVE-2023-21942 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
52 | Oracle MySQL 安全漏洞 | CNNVD-202304-1510 | CVE-2023-21940 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
53 | Oracle BI Publisher 安全漏洞 | CNNVD-202304-1511 | CVE-2023-21941 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
54 | Oracle Java SE 安全漏洞 | CNNVD-202304-1516 | CVE-2023-21939 | 中危 | https://www.oracle.com/security-alerts/cpuapr2027.html |
55 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202304-1517 | CVE-2023-21902 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
56 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202304-1519 | CVE-2023-21904 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
57 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202304-1521 | CVE-2023-21903 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
58 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202304-1522 | CVE-2023-21936 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
59 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202304-1523 | CVE-2023-21905 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
60 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202304-1524 | CVE-2023-21907 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
61 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202304-1525 | CVE-2023-21906 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
62 | Oracle MySQL 安全漏洞 | CNNVD-202304-1526 | CVE-2023-21935 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
63 | Oracle Business Intelligence Enterprise Edition 安全漏洞 | CNNVD-202304-1527 | CVE-2023-21910 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
64 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202304-1528 | CVE-2023-21908 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
65 | Oracle Siebel CRM 安全漏洞 | CNNVD-202304-1529 | CVE-2023-21909 | 中危 | https://www.oracle.com/security-alerts/cpuapr2044.html |
66 | Oracle Database Server 安全漏洞 | CNNVD-202304-1530 | CVE-2023-21934 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
67 | Oracle MySQL 安全漏洞 | CNNVD-202304-1531 | CVE-2023-21913 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
68 | Oracle MySQL 安全漏洞 | CNNVD-202304-1532 | CVE-2023-21911 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
69 | Oracle MySQL 安全漏洞 | CNNVD-202304-1534 | CVE-2023-21933 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
70 | Oracle MySQL 安全漏洞 | CNNVD-202304-1535 | CVE-2023-21917 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
71 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202304-1536 | CVE-2023-21915 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
72 | Oracle MySQL 安全漏洞 | CNNVD-202304-1538 | CVE-2023-21919 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
73 | Oracle PeopleSoft Products 安全漏洞 | CNNVD-202304-1539 | CVE-2023-21916 | 中危 | https://www.oracle.com/security-alerts/cpuapr2043.html |
74 | Oracle Database Server 安全漏洞 | CNNVD-202304-1540 | CVE-2023-21918 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
75 | Oracle Health Sciences Applications 安全漏洞 | CNNVD-202304-1542 | CVE-2023-21921 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
76 | Oracle Health Sciences Applications 安全漏洞 | CNNVD-202304-1543 | CVE-2023-21922 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
77 | Oracle MySQL 安全漏洞 | CNNVD-202304-1544 | CVE-2023-21920 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
78 | Oracle Health Sciences Applications 安全漏洞 | CNNVD-202304-1546 | CVE-2023-21925 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
79 | Oracle MySQL 安全漏洞 | CNNVD-202304-1548 | CVE-2023-21929 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
80 | Oracle Health Sciences Applications 安全漏洞 | CNNVD-202304-1550 | CVE-2023-21926 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
81 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202304-1551 | CVE-2023-21927 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
82 | Oracle Health Sciences Applications 安全漏洞 | CNNVD-202304-1552 | CVE-2023-21924 | 中危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
83 | Oracle Solaris 安全漏洞 | CNNVD-202304-1456 | CVE-2023-22003 | 低危 | https://www.oracle.com/security-alerts/cpuapr2033.html |
84 | Oracle Virtualization 安全漏洞 | CNNVD-202304-1459 | CVE-2023-21999 | 低危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
85 | Oracle Virtualization 安全漏洞 | CNNVD-202304-1466 | CVE-2023-21991 | 低危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
86 | Oracle Virtualization 安全漏洞 | CNNVD-202304-1470 | CVE-2023-21988 | 低危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
87 | Oracle Java SE 安全漏洞 | CNNVD-202304-1488 | CVE-2023-21968 | 低危 | https://www.oracle.com/security-alerts/cpuapr2025.html |
88 | Oracle MySQL 安全漏洞 | CNNVD-202304-1494 | CVE-2023-21963 | 低危 | https://www.oracle.com/security-alerts/cpuapr2023.html |
89 | Oracle Java SE 安全漏洞 | CNNVD-202304-1514 | CVE-2023-21938 | 低危 | https://www.oracle.com/security-alerts/cpuapr2024.html |
90 | Oracle Java SE 安全漏洞 | CNNVD-202304-1518 | CVE-2023-21937 | 低危 | https://www.oracle.com/security-alerts/cpuapr2026.html |
91 | Oracle Solaris 安全漏洞 | CNNVD-202304-1549 | CVE-2023-21928 | 低危 | https://www.oracle.com/security-alerts/cpuapr2029.html |
此次更新共包括2个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Database Server 输入验证错误漏洞 | CNNVD-202107-1424 | CVE-2021-2351 | 高危 | https://www.oracle.com/security-alerts/cpujul2021.html |
2 | Oracle Fusion Middleware 路径遍历漏洞 | CNNVD-202001-687 | CVE-2020-6950 | 中危 | https://www.oracle.com/security-alerts/cpujan2020.html |
此次更新共包括275个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞54个,高危漏洞142个,中危漏洞76个,低危漏洞3个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | urllib3 信任管理问题漏洞 | CNNVD-201812-491 | CVE-2018-20060 | 超危 | fedoraproject | https://github.com/urllib3/urllib3/blob/master/CHANGES.rst |
2 | Progress Telerik UI for ASP.NET AJAX 代码问题漏洞 | CNNVD-201912-504 | CVE-2019-18935 | 超危 | 个人开发者 | https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization |
3 | PyYAML 输入验证错误漏洞 | CNNVD-202102-918 | CVE-2020-14343 | 超危 | 个人开发者 | https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
4 | Dell BSAFE 安全漏洞 | CNNVD-202207-835 | CVE-2020-29506 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
5 | Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-837 | CVE-2020-29507 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
6 | Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-838 | CVE-2020-29508 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
7 | Dell BSAFE 安全特征问题漏洞 | CNNVD-202207-834 | CVE-2020-35163 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
8 | Dell BSAFE 安全漏洞 | CNNVD-202207-832 | CVE-2020-35166 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
9 | Dell BSAFE 安全漏洞 | CNNVD-202207-831 | CVE-2020-35167 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
10 | Dell BSAFE 安全漏洞 | CNNVD-202207-828 | CVE-2020-35168 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
11 | Dell BSAFE 输入验证错误漏洞 | CNNVD-202207-830 | CVE-2020-35169 | 超危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
12 | Apache Xmlbeans 输入验证错误漏洞 | CNNVD-202101-1146 | CVE-2021-23926 | 超危 | Apache基金会 | https://issues.apache.org/jira/browse/XMLBEANS-517 |
13 | Python 安全漏洞 | CNNVD-202104-2308 | CVE-2021-29921 | 超危 | Python基金会 | https://www.python.org/ |
14 | json-schema 安全漏洞 | CNNVD-202111-1201 | CVE-2021-3918 | 超危 | 个人开发者 | https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9 |
15 | Lapack 缓冲区错误漏洞 | CNNVD-202112-725 | CVE-2021-4048 | 超危 | Lapack社区 | https://bugzilla.redhat.com/show_bug.cgi?id=2024358 |
16 | Sanitize 输入验证错误漏洞 | CNNVD-202110-1259 | CVE-2021-42575 | 超危 | 个人开发者 | https://owasp.org/www-project-java-html-sanitizer/ |
17 | GNU Libtasn1 缓冲区错误漏洞 | CNNVD-202210-1689 | CVE-2021-46848 | 超危 | GNU基金会 | https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 |
18 | OpenSSL 操作系统命令注入漏洞 | CNNVD-202205-1962 | CVE-2022-1292 | 超危 | Openssl团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 |
19 | SnakeYAML 代码问题漏洞 | CNNVD-202212-1820 | CVE-2022-1471 | 超危 | 个人开发者 | https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 |
20 | PCRE 缓冲区错误漏洞 | CNNVD-202205-3348 | CVE-2022-1586 | 超危 | 个人开发者 | https://fossies.org/linux/pcre2/src/pcre2_jit_compile.c |
21 | PCRE 缓冲区错误漏洞 | CNNVD-202205-3350 | CVE-2022-1587 | 超危 | 个人开发者 | https://fossies.org/linux/pcre2/src/pcre2_jit_compile.c |
22 | OpenSSL 操作系统命令注入漏洞 | CNNVD-202206-2112 | CVE-2022-2068 | 超危 | OpenSSL | https://www.openssl.org/source/ |
23 | OpenSSL 缓冲区错误漏洞 | CNNVD-202207-242 | CVE-2022-2274 | 超危 | OpenSSL | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345 |
24 | Spring Framework 代码注入漏洞 | CNNVD-202203-2514 | CVE-2022-22965 | 超危 | Spring团队 | https://tanzu.vmware.com/security/cve-2022-22965 |
25 | VMware Spring Security 授权问题漏洞 | CNNVD-202205-3584 | CVE-2022-22978 | 超危 | VMware | https://tanzu.vmware.com/security/cve-2022-22978 |
26 | glibc 安全漏洞 | CNNVD-202201-1163 | CVE-2022-23218 | 超危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=28768 |
27 | glibc 安全漏洞 | CNNVD-202201-1164 | CVE-2022-23219 | 超危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=22542 |
28 | H2Console 代码注入漏洞 | CNNVD-202201-1749 | CVE-2022-23221 | 超危 | 个人开发者 | https://github.com/h2database/h2database/releases/tag/version-2.1.210 |
29 | Apache Log4j SQL注入漏洞 | CNNVD-202201-1421 | CVE-2022-23305 | 超危 | Apache基金会 | https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y |
30 | OWASP ESAPI 路径遍历漏洞 | CNNVD-202204-4378 | CVE-2022-23457 | 超危 | 个人开发者 | https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 |
31 | Expat 代码注入漏洞 | CNNVD-202202-1315 | CVE-2022-25235 | 超危 | 个人开发者 | https://github.com/libexpat/libexpa |
32 | Expat 输入验证错误漏洞 | CNNVD-202202-1316 | CVE-2022-25236 | 超危 | 个人开发者 | https://github.com/libexpat/libexpa |
33 | Expat 输入验证错误漏洞 | CNNVD-202202-1615 | CVE-2022-25315 | 超危 | 个人开发者 | https://github.com/libexpat/libexpat/pull/559 |
34 | FreeType 缓冲区错误漏洞 | CNNVD-202204-4272 | CVE-2022-27404 | 超危 | 个人开发者 | https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 |
35 | Ruby 资源管理错误漏洞 | CNNVD-202204-3370 | CVE-2022-28738 | 超危 | 个人开发者 | https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/ |
36 | Github ejs 注入漏洞 | CNNVD-202204-4327 | CVE-2022-29078 | 超危 | 个人开发者 | https://github.com/mde/ejs/releases |
37 | Apache Maven 命令注入漏洞 | CNNVD-202204-4397 | CVE-2022-29599 | 超危 | Apache基金会 | http://github.com/apache/maven-shared-utils/pull/40 |
38 | VMware Spring Security 安全漏洞 | CNNVD-202210-2599 | CVE-2022-31692 | 超危 | VMware | https://tanzu.vmware.com/security/cve-2022-31692 |
39 | Apache Commons Configuration 代码注入漏洞 | CNNVD-202207-428 | CVE-2022-33980 | 超危 | Apache基金会 | https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s |
40 | Apache HTTP Server 环境问题漏洞 | CNNVD-202301-1299 | CVE-2022-36760 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
41 | zlib 缓冲区错误漏洞 | CNNVD-202208-2276 | CVE-2022-37434 | 超危 | 个人开发者 | https://github.com/madler/zlib/ |
42 | XKCP 输入验证错误漏洞 | CNNVD-202210-1541 | CVE-2022-37454 | 超危 | XKCP | https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a |
43 | Apache Ivy 路径遍历漏洞 | CNNVD-202211-2196 | CVE-2022-37865 | 超危 | Apache基金会 | https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy |
44 | Apache Calcite 代码问题漏洞 | CNNVD-202209-697 | CVE-2022-39135 | 超危 | Apache基金会 | https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082 |
45 | Apache Commons Text 代码注入漏洞 | CNNVD-202210-790 | CVE-2022-42889 | 超危 | Apache基金会 | https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om |
46 | curl 资源管理错误漏洞 | CNNVD-202210-2217 | CVE-2022-42915 | 超危 | curl | https://curl.se/docs/CVE-2022-42915.html |
47 | Jenkins Plugin Script Security 安全漏洞 | CNNVD-202210-1411 | CVE-2022-43401 | 超危 | Jenkins | https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1) |
48 | Jenkins Plugin Pipeline: Groovy 安全漏洞 | CNNVD-202210-1410 | CVE-2022-43402 | 超危 | Jenkins | https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1) |
49 | Apache MINA 代码问题漏洞 | CNNVD-202211-2918 | CVE-2022-45047 | 超危 | Apache基金会 | https://www.mail-archive.com/dev@mina.apache.org/msg39312.html |
50 | Apache CXF 代码问题漏洞 | CNNVD-202212-3143 | CVE-2022-46364 | 超危 | Apache基金会 | https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c |
51 | libksba 输入验证错误漏洞 | CNNVD-202212-3662 | CVE-2022-47629 | 超危 | 个人开发者 | https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 |
52 | curl 安全漏洞 | CNNVD-202302-1929 | CVE-2023-23914 | 超危 | 个人开发者 | https://github.com/curl/curl/releases/tag/curl-7_88_1 |
53 | Apache Kerby 注入漏洞 | CNNVD-202302-1606 | CVE-2023-25613 | 超危 | Apache基金会 | https://lists.apache.org/thread/ynz3hhbbq6d980fzpncwbh5jd8mkyt5y |
54 | Apache HTTP Server 环境问题漏洞 | CNNVD-202303-456 | CVE-2023-25690 | 超危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
55 | Pallets Project Flask 输入验证错误漏洞 | CNNVD-201808-601 | CVE-2018-1000656 | 高危 | Palletsprojects | https://github.com/pallets/flask/releases/tag/0.12.3 |
56 | Apache Xerces-C 资源管理错误漏洞 | CNNVD-201912-755 | CVE-2018-1311 | 高危 | Apache基金会 | https://xerces.apache.org |
57 | Eclipse Mojarra 路径遍历漏洞 | CNNVD-201807-1528 | CVE-2018-14371 | 高危 | Eclipse | https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24 |
58 | Python 信任管理问题漏洞 | CNNVD-201810-457 | CVE-2018-18074 | 高危 | canonical | https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff |
59 | Pip 输入验证错误漏洞 | CNNVD-202005-362 | CVE-2018-20225 | 高危 | Python软件基金会 | https://pip.pypa.io/en/stable/news/ |
60 | zlib 缓冲区错误漏洞 | CNNVD-202203-2221 | CVE-2018-25032 | 高危 | 个人开发者 | https://z-lib.org/ |
61 | Apache Commons Beanutils 代码问题漏洞 | CNNVD-201908-1140 | CVE-2019-10086 | 高危 | debian | https://issues.apache.org/jira/browse/BEANUTILS-520 |
62 | jackson-mapper-asl 代码问题漏洞 | CNNVD-201911-1110 | CVE-2019-10172 | 高危 | 个人开发者 | https://mvnrepository.com/artifact/org.codehaus.jackson |
63 | Pivotal Software RabbitMQ 格式化字符串错误漏洞 | CNNVD-201911-1307 | CVE-2019-11287 | 高危 | Pivotal Software | https://pivotal.io/security/cve-2019-11287 |
64 | Apache Commons Compress 资源管理错误漏洞 | CNNVD-201908-2148 | CVE-2019-12402 | 高危 | apache | https://commons.apache.org/proper/commons-compress/security-reports.html |
65 | libxml2 安全漏洞 | CNNVD-202001-963 | CVE-2019-20388 | 高危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 |
66 | Python 输入验证错误漏洞 | CNNVD-202007-558 | CVE-2019-20907 | 高危 | Python软件基金会 | https://bugs.python.org/issue39017 |
67 | Python 路径遍历漏洞 | CNNVD-202009-303 | CVE-2019-20916 | 高危 | Python软件基金会 | https://github.com/pypa/pip/issues/6413 |
68 | Python 代码问题漏洞 | CNNVD-202209-155 | CVE-2020-10735 | 高危 | Python基金会 | https://www.python.org/ |
69 | Apache Ant 安全漏洞 | CNNVD-202010-015 | CVE-2020-11979 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E |
70 | Apache Batik 代码问题漏洞 | CNNVD-202102-1586 | CVE-2020-11987 | 高危 | Apache基金会 | https://xmlgraphics.apache.org/security.html |
71 | Apache XmlGraphics Commons 代码问题漏洞 | CNNVD-202102-1587 | CVE-2020-11988 | 高危 | Apache基金会 | https://xmlgraphics.apache.org/security.html |
72 | Iteris Apache Velocity 安全漏洞 | CNNVD-202103-758 | CVE-2020-13936 | 高危 | Iteris | https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E |
73 | Red Hat Hibernate ORM SQL注入漏洞 | CNNVD-202011-1706 | CVE-2020-25638 | 高危 | Red Hat | https://hibernate.org/ |
74 | Fasterxml Jackson 代码问题漏洞 | CNNVD-202010-622 | CVE-2020-25649 | 高危 | Fasterxml | https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 |
75 | Bouncy Castle BC 安全漏洞 | CNNVD-202012-1340 | CVE-2020-28052 | 高危 | Bouncy Castle | https://www.bouncycastle.org/releasenotes.html |
76 | Dell BSAFE 安全漏洞 | CNNVD-202207-833 | CVE-2020-35164 | 高危 | Dell | https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
77 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202012-1285 | CVE-2020-35490 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2986 |
78 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202012-1270 | CVE-2020-35491 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2986 |
79 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202012-1602 | CVE-2020-35728 | 高危 | 个人开发者 | https://github.com/FasterXML/jackson-databind/issues/2999 |
80 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-327 | CVE-2020-36179 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3004 |
81 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-326 | CVE-2020-36180 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3004 |
82 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-330 | CVE-2020-36181 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3004 |
83 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-325 | CVE-2020-36182 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3004 |
84 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-371 | CVE-2020-36183 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/3003 |
85 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-344 | CVE-2020-36184 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2998 |
86 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-337 | CVE-2020-36185 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2998 |
87 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-333 | CVE-2020-36186 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2997 |
88 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-331 | CVE-2020-36187 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2997 |
89 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-355 | CVE-2020-36188 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2996 |
90 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202101-329 | CVE-2020-36189 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/issues/2996 |
91 | FasterXML jackson-databind 缓冲区错误漏洞 | CNNVD-202203-1165 | CVE-2020-36518 | 高危 | 个人开发者 | https://github.com/FasterXML/jackson-databind/issues/2816 |
92 | Elasticsearch 安全漏洞 | CNNVD-202003-1748 | CVE-2020-7009 | 高危 | Elasticsearch | https://www.elastic.co/cn/community/security/ |
93 | libxml2 安全漏洞 | CNNVD-202001-965 | CVE-2020-7595 | 高危 | Libxml2 | https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076 |
94 | joyent json 操作系统命令注入漏洞 | CNNVD-202008-1430 | CVE-2020-7712 | 高危 | 个人开发者 | https://snyk.io/vuln/SNYK-JS-JSON-597481 |
95 | F5 NGINX Controller 安全漏洞 | CNNVD-202105-1581 | CVE-2021-23017 | 高危 | F5 | https://www.nginx.com/blog/updating-nginx-dns-resolver-vulnerability-cve-2021-23017/ |
96 | lodash 代码注入漏洞 | CNNVD-202102-1137 | CVE-2021-23337 | 高危 | 个人开发者 | https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 |
97 | Github json-smart-v1 缓冲区错误漏洞 | CNNVD-202106-103 | CVE-2021-31684 | 高危 | 个人开发者 | https://github.com/netplex |
98 | Libgcrypt 安全漏洞 | CNNVD-202106-573 | CVE-2021-33560 | 高危 | GNU计划 | https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61 |
99 | Apache HTTP Server 代码问题漏洞 | CNNVD-202109-1109 | CVE-2021-34798 | 高危 | Apache基金会 | http://httpd.apache.org/security/vulnerabilities_24.html |
100 | libxml2 缓冲区错误漏洞 | CNNVD-202105-234 | CVE-2021-3517 | 高危 | 个人开发者 | https://bugzilla.redhat.com/show_bug.cgi?id=1954232 |
101 | libxml2 资源管理错误漏洞 | CNNVD-202105-238 | CVE-2021-3518 | 高危 | 个人开发者 | https://bugzilla.redhat.com/show_bug.cgi?id=1954242 |
102 | Apache Commons Compress 安全漏洞 | CNNVD-202107-896 | CVE-2021-35515 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E |
103 | Apache Commons Compress 安全漏洞 | CNNVD-202107-897 | CVE-2021-35516 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E |
104 | Apache Commons Compress 安全漏洞 | CNNVD-202107-898 | CVE-2021-35517 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E |
105 | Apache Commons Compress 安全漏洞 | CNNVD-202107-899 | CVE-2021-36090 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E |
106 | OpenSSL 缓冲区错误漏洞 | CNNVD-202108-1947 | CVE-2021-3712 | 高危 | Openssl团队 | https://git.openssl.org/?p=openssl.git;a=summary |
107 | Netty 资源管理错误漏洞 | CNNVD-202110-1442 | CVE-2021-37136 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv |
108 | Netty 资源管理错误漏洞 | CNNVD-202110-1441 | CVE-2021-37137 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 |
109 | GNU C Library 代码问题漏洞 | CNNVD-202108-1172 | CVE-2021-38604 | 高危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=28213 |
110 | Apache Santuario 信息泄露漏洞 | CNNVD-202109-1259 | CVE-2021-40690 | 高危 | Apache基金会 | https://santuario.apache.org/javaindex.html |
111 | Apache Log4j 代码问题漏洞 | CNNVD-202112-1011 | CVE-2021-4104 | 高危 | Apache基金会 | https://logging.apache.org/log4j/2.x/security.html |
112 | GNU C Library 安全漏洞 | CNNVD-202111-457 | CVE-2021-43396 | 高危 | 个人开发者 | https://sourceware.org/bugzilla/show_bug.cgi?id=28524 |
113 | XStream 资源管理错误漏洞 | CNNVD-202201-2709 | CVE-2021-43859 | 高危 | XStream | https://x-stream.github.io/CVE-2021-43859.html |
114 | nodejs 信任管理问题漏洞 | CNNVD-202201-727 | CVE-2021-44531 | 高危 | 个人开发者 | https://nodejs.org/en/ |
115 | Eclipse Jetty 资源管理错误漏洞 | CNNVD-202207-594 | CVE-2022-2048 | 高危 | 个人开发者 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j |
116 | nodejs 代码注入漏洞 | CNNVD-202201-726 | CVE-2022-21824 | 高危 | 个人开发者 | https://nodejs.org/en/ |
117 | Eclipse Jetty 安全漏洞 | CNNVD-202207-589 | CVE-2022-2191 | 高危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 |
118 | Spring Cloud 安全漏洞 | CNNVD-202206-2126 | CVE-2022-22979 | 高危 | Spring | https://tanzu.vmware.com/security/cve-2022-22979 |
119 | Apache Tomcat 权限许可和访问控制问题漏洞 | CNNVD-202201-2423 | CVE-2022-23181 | 高危 | Apache基金会 | https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.75 |
120 | Apache Log4j 代码问题漏洞 | CNNVD-202201-1420 | CVE-2022-23302 | 高危 | Apache基金会 | https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w |
121 | Apache Log4j 代码问题漏洞 | CNNVD-202201-1425 | CVE-2022-23307 | 高危 | Apache基金会 | https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh |
122 | libxml2 资源管理错误漏洞 | CNNVD-202202-1722 | CVE-2022-23308 | 高危 | 个人开发者 | https://vigilance.fr/vulnerability/libxml2-five-vulnerabilities-37614 |
123 | Certifi 数据伪造问题漏洞 | CNNVD-202212-2660 | CVE-2022-23491 | 高危 | Certifi | https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 |
124 | Google Go 安全漏洞 | CNNVD-202204-3892 | CVE-2022-24675 | 高危 | https://github.com/golang/go/issues/51853 | |
125 | CKEditor 资源管理错误漏洞 | CNNVD-202203-1545 | CVE-2022-24729 | 高危 | 个人开发者 | https://ckeditor.com/cke4/release/CKEditor-4.18 |
126 | nekohtml资源管理错误漏洞 | CNNVD-202204-2918 | CVE-2022-24839 | 高危 | 个人开发者 | https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d |
127 | Expat 输入验证错误漏洞 | CNNVD-202202-1606 | CVE-2022-25314 | 高危 | 个人开发者 | https://nvd.nist.gov/vuln/detail/CVE-2022-25314 |
128 | gson 代码问题漏洞 | CNNVD-202205-1791 | CVE-2022-25647 | 高危 | 个人开发者 | https://github.com/google/gson/pull/1991/files |
129 | SnakeYAML 资源管理错误漏洞 | CNNVD-202208-4428 | CVE-2022-25857 | 高危 | 个人开发者 | https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174 |
130 | FreeType 缓冲区错误漏洞 | CNNVD-202204-4275 | CVE-2022-27405 | 高危 | 个人开发者 | https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139 |
131 | FreeType 缓冲区错误漏洞 | CNNVD-202204-4261 | CVE-2022-27406 | 高危 | 个人开发者 | http://freetype.com |
132 | curl 安全漏洞 | CNNVD-202205-3032 | CVE-2022-27778 | 高危 | 个人开发者 | https://curl.se/docs/CVE-2022-27778.html |
133 | curl 代码问题漏洞 | CNNVD-202205-2982 | CVE-2022-27780 | 高危 | 个人开发者 | https://curl.se/docs/CVE-2022-27780.html |
134 | curl 安全漏洞 | CNNVD-202205-2986 | CVE-2022-27781 | 高危 | 个人开发者 | https://curl.se/docs/CVE-2022-27781.html |
135 | curl 信任管理问题漏洞 | CNNVD-202205-2991 | CVE-2022-27782 | 高危 | 个人开发者 | https://curl.se/docs/CVE-2022-27782.html |
136 | Google Go 安全漏洞 | CNNVD-202204-3890 | CVE-2022-28327 | 高危 | https://go.dev/doc/devel/release#go1.18.minor | |
137 | Ruby 缓冲区错误漏洞 | CNNVD-202204-3369 | CVE-2022-28739 | 高危 | 个人开发者 | https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/ |
138 | Google Golang 安全漏洞 | CNNVD-202210-126 | CVE-2022-2879 | 高危 | https://github.com/golang/go/issues/54853 | |
139 | Google Golang 环境问题漏洞 | CNNVD-202210-124 | CVE-2022-2880 | 高危 | https://github.com/golang/go/issues/54663 | |
140 | Grafana 数据伪造问题漏洞 | CNNVD-202210-682 | CVE-2022-31123 | 高危 | Grafana实验室 | https://grafana.com/ |
141 | Moment.js 资源管理错误漏洞 | CNNVD-202207-502 | CVE-2022-31129 | 高危 | 个人开发者 | https://github.com/moment/moment/pull/6015#issuecomment-1152961973 |
142 | Grafana 信息泄露漏洞 | CNNVD-202210-396 | CVE-2022-31130 | 高危 | Grafana实验室 | https://grafana.com/ |
143 | PHP 缓冲区错误漏洞 | CNNVD-202210-2512 | CVE-2022-31630 | 高危 | PHP | https://www.php.net/ChangeLog-8.php#8.0. |
144 | VMware Spring Security 安全漏洞 | CNNVD-202210-2598 | CVE-2022-31690 | 高危 | VMware | https://tanzu.vmware.com/security/cve-2022-31690 |
145 | Google protobuf 安全漏洞 | CNNVD-202210-769 | CVE-2022-3171 | 高危 | https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 | |
146 | Node.js 操作系统命令注入漏洞 | CNNVD-202207-684 | CVE-2022-32212 | 高危 | Node.js | https://access.redhat.com/security/cve/cve-2022-32212 |
147 | OpenSSL 代码问题漏洞 | CNNVD-202210-400 | CVE-2022-3358 | 高危 | OpenSSL团队 | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b |
148 | Apache Xalan 输入验证错误漏洞 | CNNVD-202207-1617 | CVE-2022-34169 | 高危 | Apache基金会 | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
149 | NSS 安全漏洞 | CNNVD-202210-947 | CVE-2022-3479 | 高危 | Mozilla基金会 | https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 |
150 | Apache Kafka 安全漏洞 | CNNVD-202209-1525 | CVE-2022-34917 | 高危 | Apache基金会 | https://kafka.apache.org/ |
151 | SQLite 输入验证错误漏洞 | CNNVD-202207-2282 | CVE-2022-35737 | 高危 | SQLite | https://www.sqlite.org/cgi/docsrc/info/6c12812e54d369d5ba596fba91c29f08b325d237f69eace6e6eb6feed835c817 |
152 | OpenSSL 安全漏洞 | CNNVD-202210-2605 | CVE-2022-3602 | 高危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20221101.txt |
153 | OpenSSL 安全漏洞 | CNNVD-202210-2604 | CVE-2022-3786 | 高危 | OpenSSL团队 | https://www.openssl.org/news/secadv/20221101.txt |
154 | Apache Ivy 路径遍历漏洞 | CNNVD-202211-2195 | CVE-2022-37866 | 高危 | Apache基金会 | https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b |
155 | Grafana 信息泄露漏洞 | CNNVD-202210-863 | CVE-2022-39201 | 高危 | Grafana实验室 | https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr |
156 | Containous Traefik 资源管理错误漏洞 | CNNVD-202210-522 | CVE-2022-39271 | 高危 | Containous | https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr |
157 | Apache XML Graphics Batik代码问题漏洞 | CNNVD-202209-2287 | CVE-2022-40146 | 高危 | Apache基金会 | https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx |
158 | Jettison 缓冲区错误漏洞 | CNNVD-202209-1235 | CVE-2022-40149 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/issues/45 |
159 | Jettison 资源管理错误漏洞 | CNNVD-202209-1233 | CVE-2022-40150 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/issues/45 |
160 | XStream 缓冲区错误漏洞 | CNNVD-202209-1234 | CVE-2022-40151 | 高危 | XStream | https://github.com/x-stream/xstream/issues/304 |
161 | XStream 缓冲区错误漏洞 | CNNVD-202209-1230 | CVE-2022-40152 | 高危 | XStream | https://github.com/x-stream/xstream/issues/304 |
162 | libxml2 输入验证错误漏洞 | CNNVD-202210-1031 | CVE-2022-40303 | 高危 | 个人开发者 | https://github.com/GNOME/libxml2 |
163 | libxml2 代码问题漏洞 | CNNVD-202210-1022 | CVE-2022-40304 | 高危 | 个人开发者 | https://github.com/GNOME/libxml2 |
164 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202210-1712 | CVE-2022-41704 | 高危 | Apache基金会 | https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf |
165 | Google Golang 安全漏洞 | CNNVD-202210-125 | CVE-2022-41715 | 高危 | https://github.com/golang/go/issues/55951 | |
166 | Netty 安全漏洞 | CNNVD-202212-2914 | CVE-2022-41881 | 高危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v |
167 | XStream 安全漏洞 | CNNVD-202212-4034 | CVE-2022-41966 | 高危 | XStream | https://x-stream.github.io/CVE-2022-41966.html |
168 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202210-007 | CVE-2022-42003 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 |
169 | FasterXML jackson-databind 代码问题漏洞 | CNNVD-202210-006 | CVE-2022-42004 | 高危 | FasterXML | https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 |
170 | Apache Tomcat 环境问题漏洞 | CNNVD-202210-2602 | CVE-2022-42252 | 高危 | Apache基金会 | https://tomcat.apache.org/security-8.html |
171 | Apache XML Graphics Batik 代码问题漏洞 | CNNVD-202210-1707 | CVE-2022-42890 | 高危 | Apache基金会 | https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly |
172 | MIT Kerberos 输入验证错误漏洞 | CNNVD-202211-2910 | CVE-2022-42898 | 高危 | MIT | https://web.mit.edu/kerberos/ |
173 | curl 安全漏洞 | CNNVD-202210-2216 | CVE-2022-42916 | 高危 | curl | https://curl.se/docs/CVE-2022-42916.html |
174 | Python 安全漏洞 | CNNVD-202210-2513 | CVE-2022-42919 | 高危 | Python基金会 | https://github.com/python/cpython/issues/97514 |
175 | Node.js 操作系统命令注入漏洞 | CNNVD-202211-2070 | CVE-2022-43548 | 高危 | 个人开发者 | https://nodejs.org/en/ |
176 | curl 安全漏洞 | CNNVD-202212-3665 | CVE-2022-43551 | 高危 | 个人开发者 | https://curl.se/docs/CVE-2022-43551.html |
177 | libexpat 资源管理错误漏洞 | CNNVD-202210-1676 | CVE-2022-43680 | 高危 | 个人开发者 | https://github.com/libexpat/libexpat/issues/649 |
178 | OpenSSL 资源管理错误漏洞 | CNNVD-202302-510 | CVE-2022-4450 | 高危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
179 | Python 资源管理错误漏洞 | CNNVD-202211-2414 | CVE-2022-45061 | 高危 | Python基金会 | https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html |
180 | Apache Tomcat 注入漏洞 | CNNVD-202301-137 | CVE-2022-45143 | 高危 | Apache基金会 | https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj |
181 | Jettison 缓冲区错误漏洞 | CNNVD-202212-3132 | CVE-2022-45685 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3 |
182 | Jettison 缓冲区错误漏洞 | CNNVD-202212-3128 | CVE-2022-45693 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3 |
183 | Apache CXF 输入验证错误漏洞 | CNNVD-202212-3125 | CVE-2022-46363 | 高危 | Apache基金会 | https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c |
184 | SQLite 安全漏洞 | CNNVD-202212-2843 | CVE-2022-46908 | 高危 | 个人开发者 | https://sqlite.org/src/info/cefc032473ac5ad2 |
185 | OpenSSL 资源管理错误漏洞 | CNNVD-202302-521 | CVE-2023-0215 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5845-1 |
186 | OpenSSL 安全漏洞 | CNNVD-202302-524 | CVE-2023-0286 | 高危 | OpenSSL | https://ubuntu.com/security/notices/USN-5845-1 |
187 | GnuTLS 安全漏洞 | CNNVD-202302-884 | CVE-2023-0361 | 高危 | 个人开发者 | https://gitlab.com/gnutls/gnutls/-/issues/1050 |
188 | PHP 安全漏洞 | CNNVD-202302-1356 | CVE-2023-0568 | 高危 | PHP | https://bugs.php.net/bug.php?id=81746 |
189 | PHP 资源管理错误漏洞 | CNNVD-202302-1353 | CVE-2023-0662 | 高危 | PHP | https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv |
190 | netplex json-smart 安全漏洞 | CNNVD-202303-1658 | CVE-2023-1370 | 高危 | netplex | https://netplex.github.io/json-smart/ |
191 | Node.js 安全漏洞 | CNNVD-202302-1960 | CVE-2023-23918 | 高危 | 个人开发者 | https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/ |
192 | Node.js 安全漏洞 | CNNVD-202302-1945 | CVE-2023-23919 | 高危 | 个人开发者 | https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/ |
193 | Apache Commons FileUpload 安全漏洞 | CNNVD-202302-1610 | CVE-2023-24998 | 高危 | Apache基金会 | https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy |
194 | Apache Kafka 代码问题漏洞 | CNNVD-202302-515 | CVE-2023-25194 | 高危 | Apache基金会 | https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz |
195 | Pallets Werkzeug 安全漏洞 | CNNVD-202302-1160 | CVE-2023-25577 | 高危 | 个人开发者 | https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323 |
196 | Apache HTTP Server 环境问题漏洞 | CNNVD-202303-452 | CVE-2023-27522 | 高危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
197 | Apache POI 代码问题漏洞 | CNNVD-201910-1431 | CVE-2019-12415 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@ |
198 | Mojarra 跨站脚本漏洞 | CNNVD-201910-136 | CVE-2019-17091 | 中危 | Eclipse | https://github.com/eclipse-ee4j/mojarra/pull/4567 |
199 | Hibernate Validator 输入验证错误漏洞 | CNNVD-202005-159 | CVE-2020-10693 | 中危 | 个人开发者 | https://hibernate.org/ |
200 | Apache CXF 跨站脚本漏洞 | CNNVD-202011-981 | CVE-2020-13954 | 中危 | Apache基金会 | http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2 |
201 | Junit 信息泄露漏洞 | CNNVD-202010-445 | CVE-2020-15250 | 中危 | 个人开发者 | https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md |
202 | Bouncy Castle BC 竞争条件问题漏洞 | CNNVD-202105-1290 | CVE-2020-15522 | 中危 | Bouncy Castle | https://github.com/LINBIT/csync2/commit/416f1de878ef97e27e27508914f7ba8599a0be22 |
203 | Apache Groovy 安全漏洞 | CNNVD-202012-422 | CVE-2020-17521 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel |
204 | Apache Ant 信息泄露漏洞 | CNNVD-202005-777 | CVE-2020-1945 | 中危 | Apache基金会 | https://ant.apache.org/security.html |
205 | libxml2 缓冲区错误漏洞 | CNNVD-202009-268 | CVE-2020-24977 | 中危 | Libxml2 | https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 |
206 | lodash 安全漏洞 | CNNVD-202102-1168 | CVE-2020-28500 | 中危 | 个人开发者 | https://github.com/lodash/lodash/pull/5065 |
207 | Google protobuf 安全漏洞 | CNNVD-202201-628 | CVE-2021-22569 | 中危 | https://cloud.google.com/support/bulletins#gcp-2022-001 | |
208 | jszip 安全漏洞 | CNNVD-202107-1826 | CVE-2021-23413 | 中危 | 个人开发者 | https://github.com/Stuk/jszip/pull/766 |
209 | netplex json-smart-v 代码问题漏洞 | CNNVD-202102-1490 | CVE-2021-27568 | 中危 | 个人开发者 | https://github.com/netplex/json-smart-v2 |
210 | Maxim Nesen jersey 安全漏洞 | CNNVD-202104-1669 | CVE-2021-28168 | 中危 | Maxim Nesen | https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv |
211 | Apache Commons IO 路径遍历漏洞 | CNNVD-202104-702 | CVE-2021-29425 | 中危 | Apache基金会 | https://issues.apache.org/jira/browse/IO-556 |
212 | Apache MINA 安全漏洞 | CNNVD-202107-630 | CVE-2021-30129 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E |
213 | CKEditor 跨站脚本漏洞 | CNNVD-202108-1181 | CVE-2021-32808 | 中危 | 个人开发者 | https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c |
214 | CKEditor 跨站脚本漏洞 | CNNVD-202108-1175 | CVE-2021-32809 | 中危 | 个人开发者 | https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg |
215 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202107-1281 | CVE-2021-35043 | 中危 | OWASP基金会 | https://owasp.org/ |
216 | libxml2 代码问题漏洞 | CNNVD-202105-002 | CVE-2021-3537 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61 |
217 | Apache Ant 安全漏洞 | CNNVD-202107-983 | CVE-2021-36373 | 中危 | Apache基金会 | https://ant.apache.org/ |
218 | Apache Ant 安全漏洞 | CNNVD-202107-984 | CVE-2021-36374 | 中危 | Apache基金会 | https://ant.apache.org/ |
219 | Memcached 缓冲区错误漏洞 | CNNVD-202302-239 | CVE-2021-37519 | 中危 | 个人开发者 | https://github.com/memcached/memcached/pull/806/commits/264722ae4e248b453be00e97197dadc685b60fd0 |
220 | Apache Commons Net 输入验证错误漏洞 | CNNVD-202212-2188 | CVE-2021-37533 | 中危 | Apache基金会 | https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 |
221 | CKEditor 跨站脚本漏洞 | CNNVD-202108-1157 | CVE-2021-37695 | 中危 | 个人开发者 | https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc |
222 | Libgcrypt 加密问题漏洞 | CNNVD-202109-275 | CVE-2021-40528 | 中危 | GNU社区 | https://gnupg.org/index.html |
223 | jQuery 跨站脚本漏洞 | CNNVD-202110-1843 | CVE-2021-41182 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
224 | jQuery 跨站脚本漏洞 | CNNVD-202110-1839 | CVE-2021-41183 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
225 | Openjs Jquery Ui 跨站脚本漏洞 | CNNVD-202110-1845 | CVE-2021-41184 | 中危 | Openjs基金会 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
226 | Apache MINA 安全漏洞 | CNNVD-202111-238 | CVE-2021-41973 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E |
227 | nodejs 信任管理问题漏洞 | CNNVD-202201-728 | CVE-2021-44532 | 中危 | 个人开发者 | https://nodejs.org/en/ |
228 | nodejs 信任管理问题漏洞 | CNNVD-202201-725 | CVE-2021-44533 | 中危 | 个人开发者 | https://nodejs.org/en/ |
229 | Apache Log4j 输入验证错误漏洞 | CNNVD-202112-2743 | CVE-2021-44832 | 中危 | Apache基金会 | https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf |
230 | OpenSSL 加密问题漏洞 | CNNVD-202207-379 | CVE-2022-2097 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20220705.txt |
231 | Vmware Spring Framework 安全漏洞 | CNNVD-202203-2333 | CVE-2022-22950 | 中危 | VMware | https://tanzu.vmware.com/security/cve-2022-22950 |
232 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-2988 | CVE-2022-22970 | 中危 | Spring团队 | https://spring.io/projects/spring-framework |
233 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-2980 | CVE-2022-22971 | 中危 | Spring团队 | https://spring.io/projects/spring-framework |
234 | Spring Framework 输入验证错误漏洞 | CNNVD-202205-3586 | CVE-2022-22976 | 中危 | Spring团队 | https://tanzu.vmware.com/security/cve-2022-22976 |
235 | Xerces 安全漏洞 | CNNVD-202201-2238 | CVE-2022-23437 | 中危 | Apache基金会 | https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl |
236 | CKEditor 跨站脚本漏洞 | CNNVD-202203-1546 | CVE-2022-24728 | 中危 | 个人开发者 | https://ckeditor.com/cke4/release/CKEditor-4.18 |
237 | Netty 安全漏洞 | CNNVD-202205-2566 | CVE-2022-24823 | 中危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 |
238 | OWASP ESAPI 跨站脚本漏洞 | CNNVD-202204-4523 | CVE-2022-24891 | 中危 | 个人开发者 | https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q |
239 | Expat 资源管理错误漏洞 | CNNVD-202202-1613 | CVE-2022-25313 | 中危 | 个人开发者 | https://github.com/libexpat/libexpat/pull/558 |
240 | Apache POI 资源管理错误漏洞 | CNNVD-202203-460 | CVE-2022-26336 | 中危 | Apache基金会 | https://lists.apache.org/thread/sprg0kq986pc2271dc3v2oxb1f9qx09j |
241 | curl 信息泄露漏洞 | CNNVD-202205-3033 | CVE-2022-27779 | 中危 | 个人开发者 | https://curl.se/docs/CVE-2022-27779.html |
242 | DPDK 输入验证错误漏洞 | CNNVD-202208-4449 | CVE-2022-28199 | 中危 | 个人开发者 | https://git.dpdk.org/dpdk/commit/?id=60b254e3923d007bcadbb8d410f95ad89a2f13fa |
243 | Apache HTTP Server 输入验证错误漏洞 | CNNVD-202206-847 | CVE-2022-28614 | 中危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
244 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202204-4024 | CVE-2022-29577 | 中危 | Owasp基金会 | https://github.com/nahsra/antisamy/releases/tag/v1.6.7 |
245 | libxslt和libxml2 输入验证错误漏洞 | CNNVD-202205-1926 | CVE-2022-29824 | 中危 | 个人开发者 | https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab |
246 | curl 安全漏洞 | CNNVD-202205-3034 | CVE-2022-30115 | 中危 | 个人开发者 | https://curl.se/docs/CVE-2022-30115.html |
247 | HTTP::Daemon 环境问题漏洞 | CNNVD-202206-2650 | CVE-2022-31081 | 中危 | 个人开发者 | https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf |
248 | jQuery 跨站脚本漏洞 | CNNVD-202207-2121 | CVE-2022-31160 | 中危 | 个人开发者 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
249 | Node.js 环境问题漏洞 | CNNVD-202207-683 | CVE-2022-32213 | 中危 | Node.js | https://access.redhat.com/security/cve/cve-2022-32213 |
250 | Node.js 环境问题漏洞 | CNNVD-202207-678 | CVE-2022-32215 | 中危 | Node.js | https://access.redhat.com/security/cve/cve-2022-32215 |
251 | Node.js 加密问题漏洞 | CNNVD-202207-682 | CVE-2022-32222 | 中危 | Node.js | https://nodejs.org/zh-cn/ |
252 | Apache Tomcat 跨站脚本漏洞 | CNNVD-202206-2227 | CVE-2022-34305 | 中危 | Apache基金会 | https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k |
253 | jsoup 跨站脚本漏洞 | CNNVD-202208-4329 | CVE-2022-36033 | 中危 | 个人开发者 | https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
254 | Apache HTTP Server 注入漏洞 | CNNVD-202301-1298 | CVE-2022-37436 | 中危 | Apache基金会 | https://httpd.apache.org/security/vulnerabilities_24.html |
255 | systemd 安全漏洞 | CNNVD-202211-2364 | CVE-2022-3821 | 中危 | 个人开发者 | https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e |
256 | SnakeYAML 缓冲区错误漏洞 | CNNVD-202209-183 | CVE-2022-38749 | 中危 | SnakeYAML | https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
257 | SnakeYAML 缓冲区错误漏洞 | CNNVD-202209-172 | CVE-2022-38750 | 中危 | snakeYAML | https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
258 | SnakeYAML 缓冲区错误漏洞 | CNNVD-202209-169 | CVE-2022-38751 | 中危 | SnakeYAML | https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
259 | SnakeYAML 缓冲区错误漏洞 | CNNVD-202209-171 | CVE-2022-38752 | 中危 | snakeYAML | https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
260 | Grafana 授权问题漏洞 | CNNVD-202210-762 | CVE-2022-39229 | 中危 | Grafana实验室 | https://grafana.com/grafana/download/9.2?pg=blog&plcmt=body-txt |
261 | Netty 安全漏洞 | CNNVD-202212-3060 | CVE-2022-41915 | 中危 | Netty社区 | https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp |
262 | OpenSSL 安全漏洞 | CNNVD-202302-514 | CVE-2022-4304 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20230207.txt |
263 | systemd 信息泄露漏洞 | CNNVD-202212-3721 | CVE-2022-4415 | 中危 | 个人开发者 | https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c |
264 | SUSE Linux Enterprise Server 安全漏洞 | CNNVD-202302-1900 | CVE-2023-0567 | 中危 | SUSE | https://www.suse.com/support/update/announcement/2023/suse-su-20230476-1 |
265 | Zip4j 访问控制错误漏洞 | CNNVD-202301-648 | CVE-2023-22899 | 中危 | 个人开发者 | https://github.com/srikanth-lingala/zip4j/releases |
266 | curl 安全漏洞 | CNNVD-202302-1928 | CVE-2023-23915 | 中危 | 个人开发者 | https://github.com/curl/curl/releases/tag/curl-7_88_1 |
267 | curl 安全漏洞 | CNNVD-202302-1927 | CVE-2023-23916 | 中危 | 个人开发者 | https://github.com/curl/curl/releases/tag/curl-7_88_1 |
268 | Node.js 代码问题漏洞 | CNNVD-202302-1924 | CVE-2023-23920 | 中危 | Node.js | https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/ |
269 | cryptography 代码问题漏洞 | CNNVD-202302-523 | CVE-2023-23931 | 中危 | Cryptographic | https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r |
270 | undici 注入漏洞 | CNNVD-202302-1436 | CVE-2023-23936 | 中危 | 个人开发者 | https://github.com/nodejs/undici/releases/tag/v5.19.1 |
271 | OpenSSH 资源管理错误漏洞 | CNNVD-202302-205 | CVE-2023-25136 | 中危 | OpenBSD | https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig |
272 | Apache Tomcat 安全漏洞 | CNNVD-202303-1662 | CVE-2023-28708 | 中危 | Apache基金会 | https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 |
273 | Google Guava 访问控制错误漏洞 | CNNVD-202012-827 | CVE-2020-8908 | 低危 | https://github.com/google/guava/issues/4011 | |
274 | Eclipse Jetty 输入验证错误漏洞 | CNNVD-202207-599 | CVE-2022-2047 | 低危 | Eclipse基金会 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q |
275 | Pallets Werkzeug 安全漏洞 | CNNVD-202302-1170 | CVE-2023-23934 | 低危 | 个人开发者 | https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028 |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpuapr2023.html
