长亭百川云 - 文章详情

CNNVD关于Oracle多个安全漏洞的通报

CNNVD安全动态

52

2024-07-20

点击蓝字 关注我们

漏洞情况

近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞65个,影响到Oracle产品的其他厂商漏洞170个。包括Oracle Fusion Middleware 安全漏洞(CNNVD-202407-1769、CVE-2024-21181)、Oracle Virtualization 安全漏洞(CNNVD-202407-1644、CVE-2024-21141)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据、提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

 漏洞介绍


2024年7月16日,Oracle发布了2024年7月份安全更新,共235个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Analytics、Oracle PeopleSoft Products、Oracle Virtualization、Oracle E-Business Suite、Oracle Java SE等。CNNVD对其危害等级进行了评价,其中超危漏洞24个,高危漏洞78个,中危漏洞120个,低危漏洞13个。

Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpujul2024.html

漏洞详情


此次更新共235个漏洞的补丁程序,包括63个新增漏洞的补丁程序、2个更新漏洞的补丁程序和170个影响Oracle产品的其他厂商漏洞的补丁程序。

此次更新共包括63个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞12个,中危漏洞43个,低危漏洞7个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle Fusion Middleware 安全漏洞

CNNVD-202407-1769

CVE-2024-21181

超危

https://www.oracle.com/security-alerts/cpujul2024.html

2

Oracle Virtualization 安全漏洞

CNNVD-202407-1644

CVE-2024-21141

高危

https://www.oracle.com/security-alerts/cpujul2024.html

3

Oracle Retail Applications 安全漏洞

CNNVD-202407-1660

CVE-2024-21136

高危

https://www.oracle.com/security-alerts/cpujul2024.html

4

Oracle Java SE 安全漏洞

CNNVD-202407-1739

CVE-2024-21147

高危

https://www.oracle.com/security-alerts/cpujul2024.html

5

Oracle Fusion Middleware 安全漏洞

CNNVD-202407-1761

CVE-2024-21183

高危

https://www.oracle.com/security-alerts/cpujul2024.html

6

Oracle Fusion Middleware 安全漏洞

CNNVD-202407-1763

CVE-2024-21175

高危

https://www.oracle.com/security-alerts/cpujul2024.html

7

Oracle Fusion Middleware 安全漏洞

CNNVD-202407-1766

CVE-2024-21182

高危

https://www.oracle.com/security-alerts/cpujul2024.html

8

Oracle Database Server 安全漏洞

CNNVD-202407-1768

CVE-2024-21184

高危

https://www.oracle.com/security-alerts/cpujul2024.html

9

Oracle E-Business Suite 安全漏洞

CNNVD-202407-1772

CVE-2024-21167

高危

https://www.oracle.com/security-alerts/cpujul2024.html

10

Oracle E-Business Suite 安全漏洞

CNNVD-202407-1777

CVE-2024-21146

高危

https://www.oracle.com/security-alerts/cpujul2024.html

11

Oracle E-Business Suite 安全漏洞

CNNVD-202407-1778

CVE-2024-21153

高危

https://www.oracle.com/security-alerts/cpujul2024.html

12

Oracle E-Business Suite 安全漏洞

CNNVD-202407-1779

CVE-2024-21152

高危

https://www.oracle.com/security-alerts/cpujul2024.html

13

Oracle E-Business Suite 安全漏洞

CNNVD-202407-1780

CVE-2024-21149

高危

https://www.oracle.com/security-alerts/cpujul2024.html

14

Oracle Virtualization 安全漏洞

CNNVD-202407-1641

CVE-2024-21161

中危

https://www.oracle.com/security-alerts/cpujul2024.html

15

Oracle ZFS Storage Appliance 安全漏洞

CNNVD-202407-1647

CVE-2024-21155

中危

https://www.oracle.com/security-alerts/cpujul2024.html

16

Oracle PeopleSoft Products 安全漏洞

CNNVD-202407-1663

CVE-2024-21154

中危

https://www.oracle.com/security-alerts/cpujul2024.html

17

Oracle PeopleSoft Products 安全漏洞

CNNVD-202407-1664

CVE-2024-21122

中危

https://www.oracle.com/security-alerts/cpujul2024.html

18

Oracle PeopleSoft Products 安全漏洞

CNNVD-202407-1665

CVE-2024-21180

中危

https://www.oracle.com/security-alerts/cpujul2024.html

19

Oracle PeopleSoft Products 安全漏洞

CNNVD-202407-1668

CVE-2024-21178

中危

https://www.oracle.com/security-alerts/cpujul2024.html

20

Oracle PeopleSoft Products 安全漏洞

CNNVD-202407-1670

CVE-2024-21158

中危

https://www.oracle.com/security-alerts/cpujul2024.html

21

Oracle MySQL 安全漏洞

CNNVD-202407-1672

CVE-2024-21134

中危

https://www.oracle.com/security-alerts/cpujul2024.html

22

Oracle MySQL 安全漏洞

CNNVD-202407-1674

CVE-2024-21142

中危

https://www.oracle.com/security-alerts/cpujul2024.html

23

Oracle MySQL 安全漏洞

CNNVD-202407-1677

CVE-2024-21165

中危

https://www.oracle.com/security-alerts/cpujul2024.html

24

Oracle MySQL 安全漏洞

CNNVD-202407-1678

CVE-2024-21162

中危

https://www.oracle.com/security-alerts/cpujul2024.html

25

Oracle MySQL 安全漏洞

CNNVD-202407-1679

CVE-2024-21137

中危

https://www.oracle.com/security-alerts/cpujul2024.html

26

Oracle MySQL 安全漏洞

CNNVD-202407-1682

CVE-2024-21135

中危

https://www.oracle.com/security-alerts/cpujul2024.html

27

Oracle MySQL 安全漏洞

CNNVD-202407-1685

CVE-2024-21130

中危

https://www.oracle.com/security-alerts/cpujul2024.html

28

Oracle MySQL 安全漏洞

CNNVD-202407-1687

CVE-2024-21129

中危

https://www.oracle.com/security-alerts/cpujul2024.html

29

Oracle MySQL 安全漏洞

CNNVD-202407-1688

CVE-2024-21127

中危

https://www.oracle.com/security-alerts/cpujul2024.html

30

Oracle MySQL 安全漏洞

CNNVD-202407-1692

CVE-2024-21179

中危

https://www.oracle.com/security-alerts/cpujul2024.html

31

Oracle MySQL 安全漏洞

CNNVD-202407-1694

CVE-2024-21185

中危

https://www.oracle.com/security-alerts/cpujul2024.html

32

Oracle MySQL 安全漏洞

CNNVD-202407-1695

CVE-2024-21173

中危

https://www.oracle.com/security-alerts/cpujul2024.html

33

Oracle MySQL 安全漏洞

CNNVD-202407-1697

CVE-2024-21160

中危

https://www.oracle.com/security-alerts/cpujul2024.html

34

Oracle MySQL 安全漏洞

CNNVD-202407-1698

CVE-2024-21159

中危

https://www.oracle.com/security-alerts/cpujul2024.html

35

Oracle MySQL 安全漏洞

CNNVD-202407-1701

CVE-2024-20996

中危

https://www.oracle.com/security-alerts/cpujul2024.html

36

Oracle MySQL 安全漏洞

CNNVD-202407-1703

CVE-2024-21157

中危

https://www.oracle.com/security-alerts/cpujul2024.html

37

Oracle MySQL 安全漏洞

CNNVD-202407-1705

CVE-2024-21125

中危

https://www.oracle.com/security-alerts/cpujul2024.html

38

Oracle MySQL 安全漏洞

CNNVD-202407-1708

CVE-2024-21176

中危

https://www.oracle.com/security-alerts/cpujul2024.html

39

Oracle MySQL 安全漏洞

CNNVD-202407-1710

CVE-2024-21166

中危

https://www.oracle.com/security-alerts/cpujul2024.html

40

Oracle MySQL 安全漏洞

CNNVD-202407-1713

CVE-2024-21170

中危

https://www.oracle.com/security-alerts/cpujul2024.html

41

Oracle MySQL 安全漏洞

CNNVD-202407-1714

CVE-2024-21171

中危

https://www.oracle.com/security-alerts/cpujul2024.html

42

Oracle MySQL 安全漏洞

CNNVD-202407-1717

CVE-2024-21163

中危

https://www.oracle.com/security-alerts/cpujul2024.html

43

Oracle MySQL 安全漏洞

CNNVD-202407-1718

CVE-2024-21177

中危

https://www.oracle.com/security-alerts/cpujul2024.html

44

Oracle JD Edwards Products 安全漏洞

CNNVD-202407-1724

CVE-2024-21168

中危

https://www.oracle.com/security-alerts/cpujul2024.html

45

Oracle JD Edwards Products 安全漏洞

CNNVD-202407-1726

CVE-2024-21150

中危

https://www.oracle.com/security-alerts/cpujul2024.html

46

Oracle Java SE 安全漏洞

CNNVD-202407-1735

CVE-2024-21140

中危

https://www.oracle.com/security-alerts/cpujul2024.html

47

Oracle Java SE 安全漏洞

CNNVD-202407-1737

CVE-2024-21145

中危

https://www.oracle.com/security-alerts/cpujul2024.html

48

Oracle Analytics 安全漏洞

CNNVD-202407-1747

CVE-2024-21139

中危

https://www.oracle.com/security-alerts/cpujul2024.html

49

Oracle Fusion Middleware 安全漏洞

CNNVD-202407-1758

CVE-2024-21133

中危

https://www.oracle.com/security-alerts/cpujul2024.html

50

Oracle Financial Services Applications 安全漏洞

CNNVD-202407-1764

CVE-2024-21188

中危

https://www.oracle.com/security-alerts/cpujul2024.html

51

Oracle E-Business Suite 安全漏洞

CNNVD-202407-1770

CVE-2024-21169

中危

https://www.oracle.com/security-alerts/cpujul2024.html

52

Oracle E-Business Suite 安全漏洞

CNNVD-202407-1773

CVE-2024-21143

中危

https://www.oracle.com/security-alerts/cpujul2024.html

53

Oracle E-Business Suite 安全漏洞

CNNVD-202407-1774

CVE-2024-21128

中危

https://www.oracle.com/security-alerts/cpujul2024.html

54

Oracle E-Business Suite 安全漏洞

CNNVD-202407-1775

CVE-2024-21132

中危

https://www.oracle.com/security-alerts/cpujul2024.html

55

Oracle E-Business Suite 安全漏洞

CNNVD-202407-1776

CVE-2024-21148

中危

https://www.oracle.com/security-alerts/cpujul2024.html

56

Oracle Database Server 安全漏洞

CNNVD-202407-1781

CVE-2024-21126

中危

https://www.oracle.com/security-alerts/cpujul2024.html

57

Oracle Virtualization 安全漏洞

CNNVD-202407-1639

CVE-2024-21164

低危

https://www.oracle.com/security-alerts/cpujul2024.html

58

Oracle Solaris 安全漏洞

CNNVD-202407-1645

CVE-2024-21151

低危

https://www.oracle.com/security-alerts/cpujul2024.html

59

Oracle Java SE 安全漏洞

CNNVD-202407-1729

CVE-2024-21138

低危

https://www.oracle.com/security-alerts/cpujul2024.html

60

Oracle Java SE 安全漏洞

CNNVD-202407-1732

CVE-2024-21144

低危

https://www.oracle.com/security-alerts/cpujul2024.html

61

Oracle Java SE 安全漏洞

CNNVD-202407-1734

CVE-2024-21131

低危

https://www.oracle.com/security-alerts/cpujul2024.html

62

Oracle Database Server 安全漏洞

CNNVD-202407-1771

CVE-2024-21174

低危

https://www.oracle.com/security-alerts/cpujul2024.html

63

Oracle Database Server 安全漏洞

CNNVD-202407-1794

CVE-2024-21123

低危

https://www.oracle.com/security-alerts/cpujul2024.html

此次更新共包括2个更新漏洞的补丁程序,其中中危漏洞1个,低危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle Java SE 安全漏洞

CNNVD-202310-1388

CVE-2023-22081

中危

https://www.oracle.com/security-alerts/cpuoct2023.html

2

Oracle Java SE 安全漏洞

CNNVD-202404-2253

CVE-2024-21098

低危

https://www.oracle.com/security-alerts/cpuapr2024.html

此次更新共包括170个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞23个,高危漏洞66个,中危漏洞76个,低危漏洞5个。

序号

漏洞

名称

CNNV

D编号

CVE编号

危害等级

厂商

官方

链接

1

Terracotta Quartz Scheduler 代码问题漏洞

CNNVD-201907-1383

CVE-2019-13990

超危

softwareag

http://www.quartz-scheduler.org/

2

FasterXML jackson-databind 代码问题漏洞

CNNVD-201910-227

CVE-2019-17267

超危

fasterxml

https://github.com/FasterXML/jackson-databind/issues/2460

3

Apache Xmlbeans 输入验证错误漏洞

CNNVD-202101-1146

CVE-2021-23926

超危

Apache基金会

https://issues.apache.org/jira/browse/XMLBEANS-517

4

Stanford CoreNlp 注入漏洞

CNNVD-202202-1877

CVE-2021-44550

超危

Stanford Nlp Group

https://github.com/stanfordnlp/CoreNLP/issues/1222

5

corenlp 代码问题漏洞

CNNVD-202201-1390

CVE-2022-0239

超危

Stanford Nlp Group团队

https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3

6

OpenSSL 操作系统命令注入漏洞

CNNVD-202205-1962

CVE-2022-1292

超危

Openssl团队

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2

7

joblib 安全漏洞

CNNVD-202209-2716

CVE-2022-21797

超危

joblib

https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059

8

Spring Framework 代码注入漏洞

CNNVD-202203-2514

CVE-2022-22965

超危

Spring团队

https://tanzu.vmware.com/security/cve-2022-22965

9

Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞

CNNVD-202302-1411

CVE-2022-25987

超危

Intel

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html

10

Dell BSAFE 安全漏洞

CNNVD-202402-197

CVE-2022-34381

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability

11

Scala 代码问题漏洞

CNNVD-202209-2463

CVE-2022-36944

超危

Scala

https://www.scala-lang.org/download/

12

zlib 缓冲区错误漏洞

CNNVD-202208-2276

CVE-2022-37434

超危

个人开发者

https://github.com/madler/zlib/

13

Apache SOAP 访问控制错误漏洞

CNNVD-202211-2683

CVE-2022-45378

超危

Apache

https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31

14

Apache Derby 注入漏洞

CNNVD-202311-1655

CVE-2022-46337

超危

Apache基金会

https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3

15

BusyBox 缓冲区错误漏洞

CNNVD-202208-4625

CVE-2022-48174

超危

个人开发者

https://bugs.busybox.net/show\_bug.cgi?id=15216

16

VMware Spring Security 安全漏洞

CNNVD-202307-1680

CVE-2023-34034

超危

VMware

https://spring.io/security/cve-2023-34034

17

Certifi 数据伪造问题漏洞

CNNVD-202307-2046

CVE-2023-37920

超危

Certifi

https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7

18

Node.js 路径遍历漏洞

CNNVD-202310-1126

CVE-2023-39332

超危

Nodejs

https://nodejs.org/en/blog/vulnerability/october-2023-security-releases

19

Apache Axis 输入验证错误漏洞

CNNVD-202309-348

CVE-2023-40743

超危

Apache基金会

https://lists.apache.org/thread/gs0qgk2mgss7zfhzdd6ftfjvm4kp7v82

20

zlib 输入验证错误漏洞

CNNVD-202310-1086

CVE-2023-45853

超危

个人开发者

https://github.com/madler/zlib/pull/843

21

Apache Arrow 代码问题漏洞

CNNVD-202311-735

CVE-2023-47248

超危

Apache基金会

https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n

22

Pillow 安全漏洞

CNNVD-202401-1886

CVE-2023-50447

超危

个人开发者

https://github.com/python-pillow/Pillow/releases/tag/10.2

23

Jenkins 安全漏洞

CNNVD-202401-2204

CVE-2024-23897

超危

Jenkins

https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314

24

Apache Commons Beanutils 代码问题漏洞

CNNVD-201908-1140

CVE-2019-10086

高危

debian

https://issues.apache.org/jira/browse/BEANUTILS-520

25

Apache Batik 代码问题漏洞

CNNVD-202102-1586

CVE-2020-11987

高危

Apache基金会

https://xmlgraphics.apache.org/security.html

26

Microsoft .NET Core 安全漏洞

CNNVD-202102-681

CVE-2021-24112

高危

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112

27

Apache Commons Compress 安全漏洞

CNNVD-202107-899

CVE-2021-36090

高危

Apache基金会

https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E

28

Apache Xalan 输入验证错误漏洞

CNNVD-202207-1617

CVE-2022-34169

高危

Apache基金会

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

29

OpenSSL 安全漏洞

CNNVD-202210-2604

CVE-2022-3786

高危

OpenSSL团队

https://www.openssl.org/news/secadv/20221101.txt

30

Apache XML Graphics Batik代码问题漏洞

CNNVD-202209-2287

CVE-2022-40146

高危

Apache基金会

https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx

31

Jettison 缓冲区错误漏洞

CNNVD-202209-1235

CVE-2022-40149

高危

个人开发者

https://github.com/jettison-json/jettison/issues/45

32

Jettison 资源管理错误漏洞

CNNVD-202209-1233

CVE-2022-40150

高危

个人开发者

https://github.com/jettison-json/jettison/issues/45

33

XStream 缓冲区错误漏洞

CNNVD-202209-1230

CVE-2022-40152

高危

XStream

https://github.com/x-stream/xstream/issues/304

34

Apache XML Graphics Batik 代码问题漏洞

CNNVD-202210-1712

CVE-2022-41704

高危

Apache基金会

https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf

35

Netty 安全漏洞

CNNVD-202212-2914

CVE-2022-41881

高危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v

36

FasterXML jackson-databind 代码问题漏洞

CNNVD-202210-007

CVE-2022-42003

高危

FasterXML

https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33

37

Apache XML Graphics Batik 代码问题漏洞

CNNVD-202210-1707

CVE-2022-42890

高危

Apache基金会

https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly

38

Jettison 缓冲区错误漏洞

CNNVD-202212-3132

CVE-2022-45685

高危

个人开发者

https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3

39

Jettison 缓冲区错误漏洞

CNNVD-202212-3128

CVE-2022-45693

高危

个人开发者

https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3

40

netplex json-smart 安全漏洞

CNNVD-202303-1658

CVE-2023-1370

高危

netplex

https://netplex.github.io/json-smart/

41

Jettison 安全漏洞

CNNVD-202303-1656

CVE-2023-1436

高危

Jettison

https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/

42

Apache Commons FileUpload 安全漏洞

CNNVD-202302-1610

CVE-2023-24998

高危

Apache基金会

https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy

43

Apache Hadoop 代码问题漏洞

CNNVD-202311-1444

CVE-2023-26031

高危

Apache基金会

https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r

44

Google Guava 安全漏洞

CNNVD-202306-1141

CVE-2023-2976

高危

Google

https://github.com/google/guava

45

Spring Framework 代码问题漏洞

CNNVD-202308-1998

CVE-2023-34040

高危

Spring

https://spring.io/security/cve-2023-34040

46

Eclipse Jetty 资源管理错误漏洞

CNNVD-202310-691

CVE-2023-36478

高危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r

47

HCL BigFix Platform 输入验证错误漏洞

CNNVD-202310-848

CVE-2023-37536

高危

HCL Technologies

https://support.hcltechsw.com/csm?id=kb\_article&sysparm\_article=KB0107791

48

Node.js 数据伪造问题漏洞

CNNVD-202310-1128

CVE-2023-38552

高危

Nodejs

https://nodejs.org/en/blog/vulnerability/october-2023-security-releases

49

Node.js 路径遍历漏洞

CNNVD-202310-1127

CVE-2023-39331

高危

Nodejs

https://nodejs.org/en/blog/vulnerability/october-2023-security-releases

50

Eclipse Parsson 安全漏洞

CNNVD-202311-268

CVE-2023-4043

高危

Eclipse基金会

https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31

51

Python 代码问题漏洞

CNNVD-202308-1930

CVE-2023-41105

高危

Python基金会

https://github.com/python/cpython/pull/107982

52

Apache HTTP/2 资源管理错误漏洞

CNNVD-202310-667

CVE-2023-44487

高危

Apache基金会

https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q

53

Apache Tomcat 环境问题漏洞

CNNVD-202311-2168

CVE-2023-46589

高危

Apache基金会

https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr

54

Eclipse JGit 安全漏洞

CNNVD-202309-850

CVE-2023-4759

高危

Eclipse基金会

https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11

55

aiohttp 安全漏洞

CNNVD-202311-1314

CVE-2023-47627

高危

个人开发者

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg

56

JSON-Java 安全漏洞

CNNVD-202310-951

CVE-2023-5072

高危

个人开发者

https://github.com/stleary/JSON-java/

57

jose4j 安全漏洞

CNNVD-202402-2688

CVE-2023-51775

高危

Bitbucket

https://bitbucket.org/b\_c/jose4j/downloads/

58

libexpat 安全漏洞

CNNVD-202402-245

CVE-2023-52425

高危

个人开发者

https://github.com/libexpat/libexpat/pull/789

59

Connect2id Nimbus JOSE+JWT 安全漏洞

CNNVD-202402-845

CVE-2023-52428

高危

Connect2id

https://connect2id.com/products/nimbus-jose-jwt

60

OpenSSL 安全漏洞

CNNVD-202310-1871

CVE-2023-5363

高危

OpenSSL团队

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d

61

Red Hat XNIO 资源管理错误漏洞

CNNVD-202403-455

CVE-2023-5685

高危

Red Hat

https://github.com/xnio/xnio/tags

62

Red Hat Ansible 安全漏洞

CNNVD-202311-262

CVE-2023-5764

高危

Red Hat

https://access.redhat.com/security/cve/cve-2023-5764

63

Python 安全漏洞

CNNVD-202403-1882

CVE-2023-6597

高危

Python

https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b

64

cpython 安全漏洞

CNNVD-202406-1925

CVE-2024-0397

高危

Python

https://github.com/gentoo/cpython/commit/a6a90cac7e1af91b032dcf0df13437857bc6c112

65

Node.js 安全漏洞

CNNVD-202402-1466

CVE-2024-21892

高危

Node.js

https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high

66

Node.js 安全漏洞

CNNVD-202402-1467

CVE-2024-22019

高危

Node.js

https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high

67

Eclipse Jetty 安全漏洞

CNNVD-202402-2103

CVE-2024-22201

高危

Eclipse

https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98

68

Spring Framework 安全漏洞

CNNVD-202402-1929

CVE-2024-22243

高危

Spring

https://spring.io/projects/spring-framework#support

69

VMware Spring Security 安全漏洞

CNNVD-202403-1650

CVE-2024-22257

高危

VMware

https://spring.io/security/cve-2024-22257

70

Spring Framework 安全漏洞

CNNVD-202403-1543

CVE-2024-22259

高危

Spring

https://spring.io/security/cve-2024-22259

71

Spring Framework 安全漏洞

CNNVD-202404-2193

CVE-2024-22262

高危

Spring

https://spring.io/security/cve-2024-22262

72

Apache Tomcat 安全漏洞

CNNVD-202403-1180

CVE-2024-23672

高危

Apache

https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

73

Apache Xerces-C 资源管理错误漏洞

CNNVD-202402-1469

CVE-2024-23807

高危

Apache

https://github.com/apache/xerces-c/pull/54

74

Jenkins 安全漏洞

CNNVD-202401-2202

CVE-2024-23898

高危

Jenkins

https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315

75

Apache Tomcat 输入验证错误漏洞

CNNVD-202403-1179

CVE-2024-24549

高危

Apache

https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg

76

libxml2 安全漏洞

CNNVD-202402-242

CVE-2024-25062

高危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/-/tags

77

OpenSSL 安全漏洞

CNNVD-202404-941

CVE-2024-2511

高危

OpenSSL

https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce

78

python-cryptography 安全漏洞

CNNVD-202402-1783

CVE-2024-26130

高危

Cryptographic

https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55

79

Apache httpd 资源管理错误漏洞

CNNVD-202404-635

CVE-2024-27316

高危

Apache

https://httpd.apache.org/security/vulnerabilities\_24.html

80

Node.js 安全漏洞

CNNVD-202404-991

CVE-2024-27983

高危

Node.js

https://nodejs.org/en/blog/vulnerability/april-2024-security-releases

81

libexpat 安全漏洞

CNNVD-202403-795

CVE-2024-28757

高危

libexpat

https://github.com/libexpat/libexpat/pull/842

82

Apache Commons Configuration 缓冲区错误漏洞

CNNVD-202403-2143

CVE-2024-29131

高危

Apache

https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37

83

Apache Commons Configuration 缓冲区错误漏洞

CNNVD-202403-2142

CVE-2024-29133

高危

Apache

https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2

84

Bouncy Castle 安全漏洞

CNNVD-202405-2601

CVE-2024-29857

高危

Bouncy Castle

https://www.bouncycastle.org/latest\_releases.html

85

Apache ActiveMQ 安全漏洞

CNNVD-202405-256

CVE-2024-32114

高危

Apache

https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt

86

Pallets Werkzeug 安全漏洞

CNNVD-202405-1428

CVE-2024-34069

高危

Pallets

https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985

87

libxml2 安全漏洞

CNNVD-202405-2380

CVE-2024-34459

高危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8

88

OpenSSL 安全漏洞

CNNVD-202405-4739

CVE-2024-4741

高危

OpenSSL

https://github.com/openssl/openssl

89

Red Hat Undertow 资源管理错误漏洞

CNNVD-202406-2368

CVE-2024-6162

高危

Red Hat

https://bugzilla.redhat.com/show\_bug.cgi?id=2293069

90

Apache HttpClient 安全漏洞

CNNVD-202010-372

CVE-2020-13956

中危

Apache基金会

https://www.apache.org/

91

Apache Ant 信息泄露漏洞

CNNVD-202005-777

CVE-2020-1945

中危

Apache基金会

https://ant.apache.org/security.html

92

netplex json-smart-v  代码问题漏洞

CNNVD-202102-1490

CVE-2021-27568

中危

个人开发者

https://github.com/netplex/json-smart-v2

93

Apache Commons IO 路径遍历漏洞

CNNVD-202104-702

CVE-2021-29425

中危

Apache基金会

https://issues.apache.org/jira/browse/IO-556

94

Highcharts JS 跨站脚本漏洞

CNNVD-202105-177

CVE-2021-29489

中危

个人开发者

https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95

95

Apache Ant 安全漏洞

CNNVD-202107-983

CVE-2021-36373

中危

Apache基金会

https://ant.apache.org/

96

Apache Ant 安全漏洞

CNNVD-202107-984

CVE-2021-36374

中危

Apache基金会

https://ant.apache.org/

97

Apache Commons Net 输入验证错误漏洞

CNNVD-202212-2188

CVE-2021-37533

中危

Apache基金会

https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7

98

jQuery 跨站脚本漏洞

CNNVD-202110-1843

CVE-2021-41182

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc

99

jQuery 跨站脚本漏洞

CNNVD-202110-1839

CVE-2021-41183

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4

100

Openjs Jquery Ui 跨站脚本漏洞

CNNVD-202110-1845

CVE-2021-41184

中危

Openjs基金会

https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327

101

Vmware Spring Framework 安全漏洞

CNNVD-202203-2333

CVE-2022-22950

中危

VMware

https://tanzu.vmware.com/security/cve-2022-22950

102

Vmware Spring Framework 安全特征问题漏洞

CNNVD-202204-3302

CVE-2022-22968

中危

VMware

https://tanzu.vmware.com/security/cve-2022-22968

103

Spring Framework 输入验证错误漏洞

CNNVD-202205-2988

CVE-2022-22970

中危

Spring团队

https://spring.io/projects/spring-framework

104

jQuery 跨站脚本漏洞

CNNVD-202207-2121

CVE-2022-31160

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9

105

jsoup 跨站脚本漏洞

CNNVD-202208-4329

CVE-2022-36033

中危

个人开发者

https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369

106

Apache XML Graphics Batik 代码问题漏洞

CNNVD-202209-2289

CVE-2022-38398

中危

Apache基金会

https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx

107

Apache XML Graphics Batik 代码问题漏洞

CNNVD-202209-2288

CVE-2022-38648

中危

Apache基金会

https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b

108

Netty 安全漏洞

CNNVD-202212-3060

CVE-2022-41915

中危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp

109

Spring Framework 安全漏洞

CNNVD-202303-1917

CVE-2023-20861

中危

Spring

https://spring.io/security/cve-2023-20861

110

Google Pixel 安全漏洞

CNNVD-202303-1998

CVE-2023-21036

中危

Google

https://source.android.com/security/bulletin/pixel/2023-03-01

111

Ruby 安全漏洞

CNNVD-202303-2412

CVE-2023-28755

中危

个人开发者

https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/

112

Ruby 安全漏洞

CNNVD-202303-2720

CVE-2023-28756

中危

个人开发者

https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/

113

Flexera InstallShield 安全漏洞

CNNVD-202401-2402

CVE-2023-29081

中危

Flexera

https://community.flexera.com/t5/Product-Downloads/ct-p/Downloads

114

OpenSSL 授权问题漏洞

CNNVD-202307-1295

CVE-2023-2975

中危

OpenSSL团队

https://www.openssl.org/news/secadv/20230714.txt

115

Bouncy Castle 信任管理问题漏洞

CNNVD-202307-168

CVE-2023-33201

中危

Bouncy Castle

https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc

116

Bouncy Castle 资源管理错误漏洞

CNNVD-202311-1981

CVE-2023-33202

中危

Bouncy Castle

https://www.bouncycastle.org/latest\_releases.html

117

VMware Spring Boot 安全漏洞

CNNVD-202311-2124

CVE-2023-34055

中危

VMware

https://github.com/spring-projects/spring-boot/releases/tag/v3.0.

118

OpenSSL 安全漏洞

CNNVD-202307-1681

CVE-2023-3446

中危

OpenSSL团队

https://www.openssl.org/news/secadv/20230719.txt

119

FasterXML jackson-databind 代码问题漏洞

CNNVD-202306-1121

CVE-2023-35116

中危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3972

120

Apache MINA 路径遍历漏洞

CNNVD-202307-582

CVE-2023-35887

中危

Apache基金会

https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2

121

Eclipse Jetty 安全漏洞

CNNVD-202309-1093

CVE-2023-36479

中危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j

122

OpenSSL 安全漏洞

CNNVD-202307-2314

CVE-2023-3817

中危

OpenSSL团队

https://www.openssl.org/news/secadv/20230731.txt

123

Apache HTTP Server 安全漏洞

CNNVD-202404-641

CVE-2023-38709

中危

Apache

https://httpd.apache.org/security/vulnerabilities\_24.html

124

Eclipse Jetty 安全漏洞

CNNVD-202309-1102

CVE-2023-40167

中危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6

125

Eclipse Jetty 安全漏洞

CNNVD-202309-1113

CVE-2023-41900

中危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48

126

Apache Commons Compress 资源管理错误漏洞

CNNVD-202309-1000

CVE-2023-42503

中危

Apache基金会

https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c

127

Apache Santuario 日志信息泄露漏洞

CNNVD-202310-1720

CVE-2023-44483

中危

Apache基金会

https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55

128

curl 安全漏洞

CNNVD-202312-490

CVE-2023-46218

中危

curl

https://curl.se/docs/CVE-2023-46218.html

129

curl 安全漏洞

CNNVD-202312-499

CVE-2023-46219

中危

curl

https://curl.se/docs/CVE-2023-46219.html

130

Apache Shiro 输入验证错误漏洞

CNNVD-202312-1453

CVE-2023-46750

中危

Apache基金会

https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9

131

OpenSSH 安全漏洞

CNNVD-202312-1668

CVE-2023-48795

中危

OpenBSD

https://www.openssh.com/openbsd.html

132

aiohttp 安全漏洞

CNNVD-202311-2265

CVE-2023-49081

中危

个人开发者

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2

133

aiohttp 注入漏洞

CNNVD-202311-2232

CVE-2023-49082

中危

个人开发者

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx

134

Python cryptography 代码问题漏洞

CNNVD-202311-2230

CVE-2023-49083

中危

Python基金会

https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97

135

Jayway JsonPath 安全漏洞

CNNVD-202312-2349

CVE-2023-51074

中危

json-path

https://github.com/json-path/JsonPath/issues/973

136

libexpat 安全漏洞

CNNVD-202402-243

CVE-2023-52426

中危

个人开发者

https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404

137

OpenSSL 代码问题漏洞

CNNVD-202311-423

CVE-2023-5678

中危

OpenSSL

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017

138

GnuTLS 安全漏洞

CNNVD-202311-1944

CVE-2023-5981

中危

个人开发者

https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d

139

OpenSSL 安全漏洞

CNNVD-202401-736

CVE-2023-6129

中危

OpenSSL

https://www.openssl.org/news/secadv/20240109.txt

140

SQLite 安全漏洞

CNNVD-202401-1406

CVE-2024-0232

中危

个人开发者

https://sqlite.org/forum/forumpost/4aa381993a

141

Python 安全漏洞

CNNVD-202403-1880

CVE-2024-0450

中危

Python

https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85

142

curl 安全漏洞

CNNVD-202401-2732

CVE-2024-0853

中危

curl

https://curl.se/docs/CVE-2024-0853.html

143

Apache James MIME4J 输入验证错误漏洞

CNNVD-202402-2305

CVE-2024-21742

中危

Apache

https://james.apache.org/download.cgi#Apache\_Mime4J

144

Node.js 安全漏洞

CNNVD-202403-1801

CVE-2024-22025

中危

Node.js

https://nodejs.org/en/blog/vulnerability/february-2024-security-releases

145

VMware Spring Security 安全漏洞

CNNVD-202402-1592

CVE-2024-22234

中危

VMware

https://spring.io/security/cve-2024-22234

146

OWASP AntiSamy 跨站脚本漏洞

CNNVD-202402-204

CVE-2024-23635

中危

OWASP

https://github.com/nahsra/antisamy/releases/tag/v1.7.5

147

Apache Zookeeper 信息泄露漏洞

CNNVD-202403-1401

CVE-2024-23944

中危

Apache

https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k

148

Apache HTTP Server 安全漏洞

CNNVD-202404-638

CVE-2024-24795

中危

Apache

https://httpd.apache.org/security/vulnerabilities\_24.html

149

CKEditor 跨站脚本漏洞

CNNVD-202402-598

CVE-2024-24815

中危

CKEditor

https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb

150

CKEditor 跨站脚本漏洞

CNNVD-202402-605

CVE-2024-24816

中危

CKEditor

https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb

151

Apache Commons Compress 安全漏洞

CNNVD-202402-1528

CVE-2024-25710

中危

Apache

https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf

152

Apache Commons Compress 安全漏洞

CNNVD-202402-1527

CVE-2024-26308

中危

Apache

https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg

153

Node.js 安全漏洞

CNNVD-202405-1613

CVE-2024-27982

中危

Node.js

https://nodejs.org/

154

Nghttp2 安全漏洞

CNNVD-202404-586

CVE-2024-28182

中危

Nghttp2

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q

155

Apache CXF 代码问题漏洞

CNNVD-202403-1399

CVE-2024-28752

中危

Apache

https://cxf.apache.org/

156

Follow Redirects 信息泄露漏洞

CNNVD-202403-1332

CVE-2024-28849

中危

个人开发者

https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp

157

Netty 安全漏洞

CNNVD-202403-2434

CVE-2024-29025

中危

Netty

https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c

158

Express.js 安全漏洞

CNNVD-202403-2433

CVE-2024-29041

中危

Express.js

https://github.com/expressjs/express/releases/tag/v5.0.0-beta

159

Tiny Technologies TinyMCE 安全漏洞

CNNVD-202403-2522

CVE-2024-29203

中危

Tiny Technologies

https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1

160

GNU C Library 安全漏洞

CNNVD-202404-2641

CVE-2024-2961

中危

GNU

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004

161

Tiny Technologies TinyMCE 安全漏洞

CNNVD-202403-2519

CVE-2024-29881

中危

Tiny Technologies

https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1

162

Bouncy Castle 安全漏洞

CNNVD-202405-2620

CVE-2024-30171

中危

Bouncy Castle

https://www.bouncycastle.org/latest\_releases.html

163

Bouncy Castle 安全漏洞

CNNVD-202405-2618

CVE-2024-30172

中危

Bouncy Castle

https://www.bouncycastle.org/latest\_releases.html

164

Pallets Jinja 安全漏洞

CNNVD-202405-1436

CVE-2024-34064

中危

Pallets

https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj

165

Bouncy Castle 安全漏洞

CNNVD-202405-1283

CVE-2024-34447

中危

Bouncy Castle

https://www.bouncycastle.org/latest\_releases.html

166

Apache Tika 安全漏洞

CNNVD-202206-2671

CVE-2022-33879

低危

Apache基金会

https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

167

libssh 安全漏洞

CNNVD-202312-1736

CVE-2023-6004

低危

libssh

https://www.libssh.org/files/0.10/

168

libssh 安全漏洞

CNNVD-202312-1734

CVE-2023-6918

低危

libssh

https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/

169

OpenSSL 安全漏洞

CNNVD-202401-2353

CVE-2024-0727

低危

OpenSSL

https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

170

OpenSSL 安全漏洞

CNNVD-202405-2902

CVE-2024-4603

低危

OpenSSL

https://www.openssl.org/news/secadv/20240516.txt

修复建议


目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:

https://www.oracle.com/security-alerts/cpujul2024.html

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2