近日,CNNVD通报Oracle多个安全漏洞,其中Oracle产品本身漏洞60个,影响到Oracle产品的其他厂商漏洞247个。包括Oracle Application Express 安全漏洞(CNNVD-202307-1575、CVE-2023-21975)、Oracle Application Express 安全漏洞(CNNVD-202307-1588、CVE-2023-21974)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年7月18日,Oracle发布了2023年7月份安全更新,共307个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Database Server、Oracle Solaris、Oracle Fusion Middleware、Oracle Essbase、Oracle Virtualization等。CNNVD对其危害等级进行了评价,其中超危漏洞52个,高危漏洞129个,中危漏洞111个,低危漏洞15个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpujul2023.html
二、漏洞详情
此次更新共包括56个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞6个,中危漏洞37个,低危漏洞11个。
序号
漏洞名称
CNNVD编号
CVE编号
危害等级
官方链接
1
Oracle Application Express 安全漏洞
CNNVD-202307-1575
CVE-2023-21975
超危
https://www.oracle.com/security-alerts/cpujul2023.html
2
Oracle Application Express 安全漏洞
CNNVD-202307-1588
CVE-2023-21974
超危
https://www.oracle.com/security-alerts/cpujul2023.html
3
Oracle Virtualization 安全漏洞
CNNVD-202307-1589
CVE-2023-22018
高危
https://www.oracle.com/security-alerts/cpujul2023.html
4
Oracle Solaris 安全漏洞
CNNVD-202307-1596
CVE-2023-22023
高危
https://www.oracle.com/security-alerts/cpujul2023.html
5
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞
CNNVD-202307-1602
CVE-2023-22014
高危
https://www.oracle.com/security-alerts/cpujul2023.html
6
Oracle PeopleSoft 安全漏洞
CNNVD-202307-1624
CVE-2023-22047
高危
https://www.oracle.com/security-alerts/cpujul2023.html
7
Oracle Hyperion 安全漏洞
CNNVD-202307-1631
CVE-2023-22060
高危
https://www.oracle.com/security-alerts/cpujul2023.html
8
Oracle Hyperion 安全漏洞
CNNVD-202307-1640
CVE-2023-22062
高危
https://www.oracle.com/security-alerts/cpujul2023.html
9
Oracle Essbase 安全漏洞
CNNVD-202307-1572
CVE-2023-21961
中危
https://www.oracle.com/security-alerts/cpujul2023.html
10
Oracle MySQL 安全漏洞
CNNVD-202307-1574
CVE-2023-21950
中危
https://www.oracle.com/security-alerts/cpujul2023.html
11
Oracle MySQL 安全漏洞
CNNVD-202307-1576
CVE-2023-22005
中危
https://www.oracle.com/security-alerts/cpujul2023.html
12
Oracle Fusion Middleware 安全漏洞
CNNVD-202307-1577
CVE-2023-21994
中危
https://www.oracle.com/security-alerts/cpujul2023.html
13
Oracle E-Business Suite 安全漏洞
CNNVD-202307-1578
CVE-2023-22004
中危
https://www.oracle.com/security-alerts/cpujul2023.html
14
Oracle MySQL 安全漏洞
CNNVD-202307-1579
CVE-2023-22008
中危
https://www.oracle.com/security-alerts/cpujul2023.html
15
Oracle MySQL 安全漏洞
CNNVD-202307-1581
CVE-2023-22007
中危
https://www.oracle.com/security-alerts/cpujul2023.html
16
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202307-1584
CVE-2023-22013
中危
https://www.oracle.com/security-alerts/cpujul2023.html
17
Oracle E-Business Suite 安全漏洞
CNNVD-202307-1585
CVE-2023-22009
中危
https://www.oracle.com/security-alerts/cpujul2023.html
18
Oracle Application Express 安全漏洞
CNNVD-202307-1586
CVE-2023-21983
中危
https://www.oracle.com/security-alerts/cpujul2023.html
19
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202307-1587
CVE-2023-22011
中危
https://www.oracle.com/security-alerts/cpujul2023.html
20
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202307-1590
CVE-2023-22020
中危
https://www.oracle.com/security-alerts/cpujul2023.html
21
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202307-1591
CVE-2023-22021
中危
https://www.oracle.com/security-alerts/cpujul2023.html
22
Oracle Health Sciences Applications 安全漏洞
CNNVD-202307-1592
CVE-2023-22022
中危
https://www.oracle.com/security-alerts/cpujul2023.html
23
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202307-1593
CVE-2023-22027
中危
https://www.oracle.com/security-alerts/cpujul2023.html
24
Oracle MySQL 安全漏洞
CNNVD-202307-1594
CVE-2023-22033
中危
https://www.oracle.com/security-alerts/cpujul2023.html
25
Oracle Virtualization 安全漏洞
CNNVD-202307-1595
CVE-2023-22017
中危
https://www.oracle.com/security-alerts/cpujul2023.html
26
Oracle Database Server 安全漏洞
CNNVD-202307-1597
CVE-2023-22034
中危
https://www.oracle.com/security-alerts/cpujul2023.html
27
Oracle Fusion Middleware 安全漏洞
CNNVD-202307-1598
CVE-2023-22031
中危
https://www.oracle.com/security-alerts/cpujul2023.html
28
Oracle E-Business Suite 安全漏洞
CNNVD-202307-1599
CVE-2023-22037
中危
https://www.oracle.com/security-alerts/cpujul2023.html
29
Oracle E-Business Suite 安全漏洞
CNNVD-202307-1600
CVE-2023-22035
中危
https://www.oracle.com/security-alerts/cpujul2023.html
30
Oracle Supply Chain Products Suite 安全漏洞
CNNVD-202307-1604
CVE-2023-22039
中危
https://www.oracle.com/security-alerts/cpujul2023.html
31
Oracle Java SE 安全漏洞
CNNVD-202307-1605
CVE-2023-22041
中危
https://www.oracle.com/security-alerts/cpujul2023.html
32
Oracle E-Business Suite 安全漏洞
CNNVD-202307-1606
CVE-2023-22042
中危
https://www.oracle.com/security-alerts/cpujul2023.html
33
Oracle Java SE 安全漏洞
CNNVD-202307-1608
CVE-2023-22043
中危
https://www.oracle.com/security-alerts/cpujul2023.html
34
Oracle MySQL 安全漏洞
CNNVD-202307-1610
CVE-2023-22046
中危
https://www.oracle.com/security-alerts/cpujul2023.html
35
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202307-1612
CVE-2023-22012
中危
https://www.oracle.com/security-alerts/cpujul2023.html
36
Oracle Virtualization 安全漏洞
CNNVD-202307-1613
CVE-2023-22016
中危
https://www.oracle.com/security-alerts/cpujul2023.html
37
Oracle Fusion Middleware 安全漏洞
CNNVD-202307-1614
CVE-2023-22040
中危
https://www.oracle.com/security-alerts/cpujul2023.html
38
Oracle JD Edwards 安全漏洞
CNNVD-202307-1617
CVE-2023-22050
中危
https://www.oracle.com/security-alerts/cpujul2023.html
39
Oracle MySQL 安全漏洞
CNNVD-202307-1621
CVE-2023-22053
中危
https://www.oracle.com/security-alerts/cpujul2023.html
40
Oracle MySQL 安全漏洞
CNNVD-202307-1625
CVE-2023-22054
中危
https://www.oracle.com/security-alerts/cpujul2023.html
41
Oracle JD Edwards 安全漏洞
CNNVD-202307-1626
CVE-2023-22055
中危
https://www.oracle.com/security-alerts/cpujul2023.html
42
Oracle MySQL 安全漏洞
CNNVD-202307-1628
CVE-2023-22056
中危
https://www.oracle.com/security-alerts/cpujul2023.html
43
Oracle MySQL Server 安全漏洞
CNNVD-202307-1629
CVE-2023-22057
中危
https://www.oracle.com/security-alerts/cpujul2023.html
44
Oracle Business Intelligence Enterprise Edition 安全漏洞
CNNVD-202307-1634
CVE-2023-22061
中危
https://www.oracle.com/security-alerts/cpujul2023.html
45
Oracle MySQL Server 安全漏洞
CNNVD-202307-1636
CVE-2023-22058
中危
https://www.oracle.com/security-alerts/cpujul2023.html
46
Oracle Database Server 安全漏洞
CNNVD-202307-1573
CVE-2023-21949
低危
https://www.oracle.com/security-alerts/cpujul2023.html
47
Oracle Java SE 安全漏洞
CNNVD-202307-1580
CVE-2023-22006
低危
https://www.oracle.com/security-alerts/cpujul2023.html
48
Oracle Essbase 安全漏洞
CNNVD-202307-1582
CVE-2023-22010
低危
https://www.oracle.com/security-alerts/cpujul2023.html
49
Oracle MySQL 安全漏洞
CNNVD-202307-1601
CVE-2023-22038
低危
https://www.oracle.com/security-alerts/cpujul2023.html
50
Oracle Java SE 安全漏洞
CNNVD-202307-1603
CVE-2023-22036
低危
https://www.oracle.com/security-alerts/cpujul2023.html
51
Oracle Java SE 安全漏洞
CNNVD-202307-1611
CVE-2023-22044
低危
https://www.oracle.com/security-alerts/cpujul2023.html
52
Oracle MySQL 安全漏洞
CNNVD-202307-1615
CVE-2023-22048
低危
https://www.oracle.com/security-alerts/cpujul2023.html
53
Oracle Java SE 安全漏洞
CNNVD-202307-1616
CVE-2023-22045
低危
https://www.oracle.com/security-alerts/cpujul2023.html
54
Oracle Java SE 安全漏洞
CNNVD-202307-1619
CVE-2023-22049
低危
https://www.oracle.com/security-alerts/cpujul2023.html
55
Oracle Java SE 安全漏洞
CNNVD-202307-1620
CVE-2023-22051
低危
https://www.oracle.com/security-alerts/cpujul2023.html
56
Oracle Database Server 安全漏洞
CNNVD-202307-1623
CVE-2023-22052
低危
https://www.oracle.com/security-alerts/cpujul2023.html
此次更新共包括4个更新漏洞的补丁程序,其中中危漏洞3个,低危漏洞1个。
序号
漏洞名称
CNNVD编号
CVE编号
危害等级
官方链接
1
Oracle Java SE 安全漏洞
CNNVD-202301-1353
CVE-2023-21830
中危
https://www.oracle.com/security-alerts/cpujan2029.html
2
Oracle Java SE 安全漏洞
CNNVD-202301-1360
CVE-2023-21835
中危
https://www.oracle.com/security-alerts/cpujan2033.html
3
Oracle MySQL 安全漏洞
CNNVD-202304-1486
CVE-2023-21971
中危
https://www.oracle.com/security-alerts/cpuapr2023.html
4
Oracle Java SE 安全漏洞
CNNVD-202301-1370
CVE-2023-21843
低危
https://www.oracle.com/security-alerts/cpujan2041.html
此次更新共包括247个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞50个,高危漏洞123个,中危漏洞71个,低危漏洞3个。
序号
漏洞名称
CNNVD编号
CVE编号
危害等级
厂商
官方链接
1
Apache Hive JDBC驱动程序SQL注入漏洞
CNNVD-201804-274
CVE-2018-1282
超危
Apache基金会
https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E
2
Terracotta Quartz Scheduler 代码问题漏洞
CNNVD-201907-1383
CVE-2019-13990
超危
softwareag
http://www.quartz-scheduler.org/
3
Swagger UI 跨站请求伪造漏洞
CNNVD-201910-715
CVE-2019-17495
超危
个人开发者
https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11
4
FasterXML jackson-databind 代码问题漏洞
CNNVD-201910-774
CVE-2019-17531
超危
Fasterxml
https://github.com/FasterXML/jackson-databind/issues/2498
5
Apache Log4j 代码问题漏洞
CNNVD-201912-950
CVE-2019-17571
超危
Apache基金会
https://www.apache.org/
6
Apache ActiveMQ 代码注入漏洞
CNNVD-202009-680
CVE-2020-11998
超危
Apache基金会
http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
7
Apache Commons Configuration 输入验证错误漏洞
CNNVD-202003-821
CVE-2020-1953
超危
Apache基金会
https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E
8
Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞
CNNVD-202207-838
CVE-2020-29508
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
9
Dell BSAFE 安全特征问题漏洞
CNNVD-202207-834
CVE-2020-35163
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
10
Dell BSAFE 安全漏洞
CNNVD-202207-832
CVE-2020-35166
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
11
Dell BSAFE 安全漏洞
CNNVD-202207-831
CVE-2020-35167
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
12
Dell BSAFE 安全漏洞
CNNVD-202207-828
CVE-2020-35168
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
13
Dell BSAFE 输入验证错误漏洞
CNNVD-202207-830
CVE-2020-35169
超危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
14
Apache Chainsaw 代码问题漏洞
CNNVD-202106-1293
CVE-2020-9493
超危
Apache基金会
https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E
15
Apache Xmlbeans 输入验证错误漏洞
CNNVD-202101-1146
CVE-2021-23926
超危
Apache基金会
https://issues.apache.org/jira/browse/XMLBEANS-517
16
Microsoft .NET Core 安全漏洞
CNNVD-202102-681
CVE-2021-24112
超危
Microsoft
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112
17
LZ4 输入验证错误漏洞
CNNVD-202104-2105
CVE-2021-3520
超危
个人开发者
https://github.com/lz4/lz4/pull/972
18
Sanitize 输入验证错误漏洞
CNNVD-202110-1259
CVE-2021-42575
超危
个人开发者
https://owasp.org/www-project-java-html-sanitizer/
19
iText 命令注入漏洞
CNNVD-202112-1333
CVE-2021-43113
超危
个人开发者
https://github.com/itext/itext7/releases/tag/7.1.17
20
Apache Log4j 代码问题漏洞
CNNVD-202112-799
CVE-2021-44228
超危
Apache基金会
https://logging.apache.org/log4j/2.x/security.html
21
Apache Log4j 代码问题漏洞
CNNVD-202112-1065
CVE-2021-45046
超危
Apache基金会
https://logging.apache.org/log4j/2.x/security.html。
22
SnakeYAML 代码问题漏洞
CNNVD-202212-1820
CVE-2022-1471
超危
个人开发者
https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
23
Dexie 安全漏洞
CNNVD-202205-1809
CVE-2022-21189
超危
个人开发者
https://github.com/dexie/Dexie.js
24
Apache Log4j SQL注入漏洞
CNNVD-202201-1421
CVE-2022-23305
超危
Apache基金会
https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y
25
OWASP ESAPI 路径遍历漏洞
CNNVD-202204-4378
CVE-2022-23457
超危
个人开发者
https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2
26
Apache Hadoop 操作系统命令注入漏洞
CNNVD-202208-2167
CVE-2022-25168
超危
Apache基金会
https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130
27
Apache Hadoop 路径遍历漏洞
CNNVD-202204-2605
CVE-2022-26612
超危
Apache基金会
https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz
28
FreeType 缓冲区错误漏洞
CNNVD-202204-4272
CVE-2022-27404
超危
个人开发者
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
29
Pallets Werkzeug 环境问题漏洞
CNNVD-202205-4094
CVE-2022-29361
超危
个人开发者
https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85
30
VMware Spring Security 安全漏洞
CNNVD-202210-2599
CVE-2022-31692
超危
VMware
https://tanzu.vmware.com/security/cve-2022-31692
31
Apache Commons Configuration 代码注入漏洞
CNNVD-202207-428
CVE-2022-33980
超危
Apache基金会
https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s
32
Apache HTTP Server 环境问题漏洞
CNNVD-202301-1299
CVE-2022-36760
超危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
33
Scala 代码问题漏洞
CNNVD-202209-2463
CVE-2022-36944
超危
Scala
https://www.scala-lang.org/download/
34
zlib 缓冲区错误漏洞
CNNVD-202208-2276
CVE-2022-37434
超危
个人开发者
https://github.com/madler/zlib/
35
XKCP 输入验证错误漏洞
CNNVD-202210-1541
CVE-2022-37454
超危
XKCP
https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
36
Apache Ivy 路径遍历漏洞
CNNVD-202211-2196
CVE-2022-37865
超危
Apache基金会
https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy
37
Apache Calcite 代码问题漏洞
CNNVD-202209-697
CVE-2022-39135
超危
Apache基金会
https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082
38
HSQLDB 安全漏洞
CNNVD-202210-196
CVE-2022-41853
超危
The HSQL Development Group
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7
39
Apache Commons BCEL 缓冲区错误漏洞
CNNVD-202211-2199
CVE-2022-42920
超危
Apache基金会
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
40
Apache MINA 代码问题漏洞
CNNVD-202211-2918
CVE-2022-45047
超危
Apache基金会
https://www.mail-archive.com/dev@mina.apache.org/msg39312.html
41
Apache CXF 代码问题漏洞
CNNVD-202212-3143
CVE-2022-46364
超危
Apache基金会
https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
42
Spring Framework 安全漏洞
CNNVD-202304-1667
CVE-2023-20862
超危
Spring
https://spring.io/security/cve-2023-20862
43
Spring Framework 安全漏洞
CNNVD-202304-1732
CVE-2023-20873
超危
Spring
https://spring.io/security/cve-2023-20873
44
Apache Spark 安全漏洞
CNNVD-202304-1307
CVE-2023-22946
超危
Apache基金会
https://lists.apache.org/thread/yllfl25xh5tbotjmg93zrq4bzwhqc0gv
45
curl 安全漏洞
CNNVD-202302-1929
CVE-2023-23914
超危
个人开发者
https://github.com/curl/curl/releases/tag/curl-7_88_1
46
Google TensorFlow 安全漏洞
CNNVD-202303-2124
CVE-2023-25664
超危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr
47
Google TensorFlow 安全漏洞
CNNVD-202303-2120
CVE-2023-25668
超危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96
48
Apache HTTP Server 环境问题漏洞
CNNVD-202303-456
CVE-2023-25690
超危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
49
HtmlUnit 安全漏洞
CNNVD-202304-058
CVE-2023-26119
超危
个人开发者
https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b
50
Jenkins 跨站脚本漏洞
CNNVD-202303-668
CVE-2023-27898
超危
Jenkins
https://www.jenkins.io/security/advisory/2023-03-08/
51
Apache HTTP Server 缓冲区错误漏洞
CNNVD-202301-1294
CVE-2006-20001
高危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
52
zlib 缓冲区错误漏洞
CNNVD-202203-2221
CVE-2018-25032
高危
个人开发者
https://z-lib.org/
53
Apache Axis 代码问题漏洞
CNNVD-201904-472
CVE-2019-0227
高危
apache
http://axis.apache.org/
54
Apache Commons Beanutils 代码问题漏洞
CNNVD-201908-1140
CVE-2019-10086
高危
debian
https://issues.apache.org/jira/browse/BEANUTILS-520
55
Apache Commons Compress 资源管理错误漏洞
CNNVD-201908-2148
CVE-2019-12402
高危
apache
https://commons.apache.org/proper/commons-compress/security-reports.html
56
Python 代码问题漏洞
CNNVD-202209-155
CVE-2020-10735
高危
Python基金会
https://www.python.org/
57
Apache XmlGraphics Commons 代码问题漏洞
CNNVD-202102-1587
CVE-2020-11988
高危
Apache基金会
https://xmlgraphics.apache.org/security.html
58
Iteris Apache Velocity 安全漏洞
CNNVD-202103-758
CVE-2020-13936
高危
Iteris
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E
59
Apache Thrift 资源管理错误漏洞
CNNVD-202102-1099
CVE-2020-13949
高危
Apache基金会
https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E
60
Dell BSAFE 安全漏洞
CNNVD-202207-833
CVE-2020-35164
高危
Dell
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
61
FasterXML jackson-databind 缓冲区错误漏洞
CNNVD-202203-1165
CVE-2020-36518
高危
个人开发者
https://github.com/FasterXML/jackson-databind/issues/2816
62
joyent json 操作系统命令注入漏洞
CNNVD-202008-1430
CVE-2020-7712
高危
个人开发者
https://snyk.io/vuln/SNYK-JS-JSON-597481
63
CodeMirror 资源管理错误漏洞
CNNVD-202010-1679
CVE-2020-7760
高危
Codemirror
https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
64
Apache Hadoop 代码问题漏洞
CNNVD-202208-3967
CVE-2021-25642
高危
Apache基金会
https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150
65
Apache ActiveMQ 授权问题漏洞
CNNVD-202101-2471
CVE-2021-26117
高危
Apache基金会
https://issues.apache.org/jira/browse/AMQ-8035
66
JDOM 代码问题漏洞
CNNVD-202106-1323
CVE-2021-33813
高危
个人开发者
https://github.com/hunterhacker/jdom。
67
Apache Hive 访问控制错误漏洞
CNNVD-202207-1393
CVE-2021-34538
高危
Apache基金会
https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354
68
Apache Commons Compress 安全漏洞
CNNVD-202107-896
CVE-2021-35515
高危
Apache基金会
https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E
69
Apache Commons Compress 安全漏洞
CNNVD-202107-897
CVE-2021-35516
高危
Apache基金会
https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E
70
Apache Commons Compress 安全漏洞
CNNVD-202107-898
CVE-2021-35517
高危
Apache基金会
https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E
71
Apache Commons Compress 安全漏洞
CNNVD-202107-899
CVE-2021-36090
高危
Apache基金会
https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
72
Apache Santuario 信息泄露漏洞
CNNVD-202109-1259
CVE-2021-40690
高危
Apache基金会
https://santuario.apache.org/javaindex.html
73
Apache Log4j 代码问题漏洞
CNNVD-202112-1011
CVE-2021-4104
高危
Apache基金会
https://logging.apache.org/log4j/2.x/security.html
74
XStream 资源管理错误漏洞
CNNVD-202201-2709
CVE-2021-43859
高危
XStream
https://x-stream.github.io/CVE-2021-43859.html
75
FasterXML jackson-databind 安全漏洞
CNNVD-202303-1466
CVE-2021-46877
高危
FasterXML
https://github.com/FasterXML/jackson-databind/issues/3328
76
Eclipse Jetty 资源管理错误漏洞
CNNVD-202207-594
CVE-2022-2048
高危
个人开发者
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
77
Eclipse Jetty 安全漏洞
CNNVD-202207-589
CVE-2022-2191
高危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
78
Apache Log4j 代码问题漏洞
CNNVD-202201-1420
CVE-2022-23302
高危
Apache基金会
https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w
79
Apache Log4j 代码问题漏洞
CNNVD-202201-1425
CVE-2022-23307
高危
Apache基金会
https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
80
Certifi 数据伪造问题漏洞
CNNVD-202212-2660
CVE-2022-23491
高危
Certifi
https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
81
DELL BSAFE SSL-J 安全漏洞
CNNVD-202202-1801
CVE-2022-24409
高危
DELL
https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel
82
CKEditor 资源管理错误漏洞
CNNVD-202203-1545
CVE-2022-24729
高危
个人开发者
https://ckeditor.com/cke4/release/CKEditor-4.18
83
gson 代码问题漏洞
CNNVD-202205-1791
CVE-2022-25647
高危
个人开发者
https://github.com/google/gson/pull/1991/files
84
FreeType 缓冲区错误漏洞
CNNVD-202204-4275
CVE-2022-27405
高危
个人开发者
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
85
FreeType 缓冲区错误漏洞
CNNVD-202204-4261
CVE-2022-27406
高危
个人开发者
http://freetype.com
86
HtmlUnit 安全漏洞
CNNVD-202204-4297
CVE-2022-29546
高危
个人开发者
https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg
87
JasPer 安全漏洞
CNNVD-202210-1004
CVE-2022-2963
高危
个人开发者
https://github.com/jasper-software/jasper/commit/270000671d4f411fe7e65c7bc02fd6ff14dd6946
88
Moment.js 资源管理错误漏洞
CNNVD-202207-502
CVE-2022-31129
高危
个人开发者
https://github.com/moment/moment/pull/6015#issuecomment-1152961973
89
PostgreSQL JDBC Driver SQL注入漏洞
CNNVD-202208-2126
CVE-2022-31197
高危
PostgreSQL
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
90
PHP 缓冲区错误漏洞
CNNVD-202210-2512
CVE-2022-31630
高危
PHP
https://www.php.net/ChangeLog-8.php#8.0.
91
VMware Spring Security 安全漏洞
CNNVD-202210-2598
CVE-2022-31690
高危
VMware
https://tanzu.vmware.com/security/cve-2022-31690
92
Google protobuf 安全漏洞
CNNVD-202210-769
CVE-2022-3171
高危
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
93
NSS 安全漏洞
CNNVD-202210-947
CVE-2022-3479
高危
Mozilla基金会
https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
94
OpenSSL 安全漏洞
CNNVD-202210-2605
CVE-2022-3602
高危
OpenSSL团队
https://www.openssl.org/news/secadv/20221101.txt
95
OpenSSL 安全漏洞
CNNVD-202210-2604
CVE-2022-3786
高危
OpenSSL团队
https://www.openssl.org/news/secadv/20221101.txt
96
Apache Ivy 路径遍历漏洞
CNNVD-202211-2195
CVE-2022-37866
高危
Apache基金会
https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b
97
OpenSSL 安全漏洞
CNNVD-202212-2982
CVE-2022-3996
高危
OpenSSL
https://github.com/openssl/openssl/
98
Apache XML Graphics Batik代码问题漏洞
CNNVD-202209-2287
CVE-2022-40146
高危
Apache基金会
https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx
99
Jettison 缓冲区错误漏洞
CNNVD-202209-1235
CVE-2022-40149
高危
个人开发者
https://github.com/jettison-json/jettison/issues/45
100
Jettison 资源管理错误漏洞
CNNVD-202209-1233
CVE-2022-40150
高危
个人开发者
https://github.com/jettison-json/jettison/issues/45
101
XStream 缓冲区错误漏洞
CNNVD-202209-1234
CVE-2022-40151
高危
XStream
https://github.com/x-stream/xstream/issues/304
102
XStream 缓冲区错误漏洞
CNNVD-202209-1230
CVE-2022-40152
高危
XStream
https://github.com/x-stream/xstream/issues/304
103
Apache SOAP 代码问题漏洞
CNNVD-202209-2283
CVE-2022-40705
高危
Apache基金会
https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl
104
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202210-1712
CVE-2022-41704
高危
Apache基金会
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
105
Netty 安全漏洞
CNNVD-202212-2914
CVE-2022-41881
高危
Netty社区
https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
106
XStream 安全漏洞
CNNVD-202212-4034
CVE-2022-41966
高危
XStream
https://x-stream.github.io/CVE-2022-41966.html
107
FasterXML jackson-databind 代码问题漏洞
CNNVD-202210-007
CVE-2022-42003
高危
FasterXML
https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
108
FasterXML jackson-databind 代码问题漏洞
CNNVD-202210-006
CVE-2022-42004
高危
FasterXML
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
109
Apache Tomcat 环境问题漏洞
CNNVD-202210-2602
CVE-2022-42252
高危
Apache基金会
https://tomcat.apache.org/security-8.html
110
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202210-1707
CVE-2022-42890
高危
Apache基金会
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
111
MIT Kerberos 输入验证错误漏洞
CNNVD-202211-2910
CVE-2022-42898
高危
MIT
https://web.mit.edu/kerberos/
112
Python 安全漏洞
CNNVD-202210-2513
CVE-2022-42919
高危
Python基金会
https://github.com/python/cpython/issues/97514
113
Node.js 操作系统命令注入漏洞
CNNVD-202211-2070
CVE-2022-43548
高危
个人开发者
https://nodejs.org/en/
114
libexpat 资源管理错误漏洞
CNNVD-202210-1676
CVE-2022-43680
高危
个人开发者
https://github.com/libexpat/libexpat/issues/649
115
OpenSSL 资源管理错误漏洞
CNNVD-202302-510
CVE-2022-4450
高危
OpenSSL
https://www.openssl.org/news/secadv/20230207.txt
116
Python 资源管理错误漏洞
CNNVD-202211-2414
CVE-2022-45061
高危
Python基金会
https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html
117
Apache Tomcat 注入漏洞
CNNVD-202301-137
CVE-2022-45143
高危
Apache基金会
https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
118
Pillow 资源管理错误漏洞
CNNVD-202211-2677
CVE-2022-45199
高危
个人开发者
https://github.com/python-pillow/Pillow/releases/tag/9.3
119
Jettison 缓冲区错误漏洞
CNNVD-202212-3132
CVE-2022-45685
高危
个人开发者
https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
120
Hutool 缓冲区错误漏洞
CNNVD-202212-3131
CVE-2022-45688
高危
Dromara社区
https://github.com/dromara/hutool/issues/2748
121
Jettison 缓冲区错误漏洞
CNNVD-202212-3128
CVE-2022-45693
高危
个人开发者
https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
122
Apache CXF 输入验证错误漏洞
CNNVD-202212-3125
CVE-2022-46363
高危
Apache基金会
https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
123
jszip 路径遍历漏洞
CNNVD-202301-2295
CVE-2022-48285
高危
个人开发者
https://github.com/Stuk/jszip/releases/tag/v3.10.1
124
Zstandard 资源管理错误漏洞
CNNVD-202303-2716
CVE-2022-4899
高危
https://github.com/facebook/zstd/pull/3220
125
OpenSSL 资源管理错误漏洞
CNNVD-202302-521
CVE-2023-0215
高危
OpenSSL
https://ubuntu.com/security/notices/USN-5845-1
126
OpenSSL 代码问题漏洞
CNNVD-202302-512
CVE-2023-0216
高危
OpenSSL
https://ubuntu.com/security/notices/USN-5844-1
127
OpenSSL 代码问题漏洞
CNNVD-202302-516
CVE-2023-0217
高危
OpenSSL
https://ubuntu.com/security/notices/USN-5844-1
128
OpenSSL 安全漏洞
CNNVD-202302-524
CVE-2023-0286
高危
OpenSSL
https://ubuntu.com/security/notices/USN-5845-1
129
GnuTLS 安全漏洞
CNNVD-202302-884
CVE-2023-0361
高危
个人开发者
https://gitlab.com/gnutls/gnutls/-/issues/1050
130
OpenSSL 代码问题漏洞
CNNVD-202302-518
CVE-2023-0401
高危
OpenSSL
https://ubuntu.com/security/notices/USN-5844-1
131
OpenSSL 信任管理问题漏洞
CNNVD-202303-1681
CVE-2023-0464
高危
OpenSSL
https://www.openssl.org/news/secadv/20230322.txt
132
Mozilla Firefox 安全漏洞
CNNVD-202302-1554
CVE-2023-0767
高危
Mozilla基金会
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-0767
133
netplex json-smart 安全漏洞
CNNVD-202303-1658
CVE-2023-1370
高危
netplex
https://netplex.github.io/json-smart/
134
Jettison 安全漏洞
CNNVD-202303-1656
CVE-2023-1436
高危
Jettison
https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
135
libwebp 资源管理错误漏洞
CNNVD-202305-177
CVE-2023-1999
高危
WebP项目
https://github.com/webmproject/libwebp
136
Spring Framework 安全漏洞
CNNVD-202303-2401
CVE-2023-20860
高危
Spring
https://spring.io/security/cve-2023-20860
137
Sudo 安全漏洞
CNNVD-202301-1468
CVE-2023-22809
高危
个人开发者
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
138
Apache Commons FileUpload 安全漏洞
CNNVD-202302-1610
CVE-2023-24998
高危
Apache基金会
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
139
HarfBuzz 安全漏洞
CNNVD-202302-331
CVE-2023-25193
高危
个人开发者
https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
140
Apache Kafka 代码问题漏洞
CNNVD-202302-515
CVE-2023-25194
高危
Apache基金会
https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
141
Git 路径遍历漏洞
CNNVD-202304-2045
CVE-2023-25652
高危
github
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
142
Google TensorFlow 缓冲区错误漏洞
CNNVD-202303-2129
CVE-2023-25658
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6
143
Google TensorFlow 缓冲区错误漏洞
CNNVD-202303-2128
CVE-2023-25659
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p
144
Google TensorFlow 代码问题漏洞
CNNVD-202303-2127
CVE-2023-25660
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj
145
Google TensorFlow 输入验证错误漏洞
CNNVD-202303-2126
CVE-2023-25662
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw
146
Google TensorFlow 代码问题漏洞
CNNVD-202303-2125
CVE-2023-25663
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w
147
Google TensorFlow 代码问题漏洞
CNNVD-202303-2123
CVE-2023-25665
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g
148
Google TensorFlow 安全漏洞
CNNVD-202303-2122
CVE-2023-25666
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2
149
Google TensorFlow 输入验证错误漏洞
CNNVD-202303-2121
CVE-2023-25667
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68
150
Google TensorFlow 安全漏洞
CNNVD-202303-2119
CVE-2023-25669
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p
151
Google TensorFlow 代码问题漏洞
CNNVD-202303-2118
CVE-2023-25670
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w
152
Google TensorFlow 缓冲区错误漏洞
CNNVD-202303-2117
CVE-2023-25671
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6
153
Google TensorFlow 代码问题漏洞
CNNVD-202303-2114
CVE-2023-25672
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r
154
Google TensorFlow 安全漏洞
CNNVD-202303-2116
CVE-2023-25673
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh
155
Google TensorFlow 代码问题漏洞
CNNVD-202303-2115
CVE-2023-25674
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579
156
Google TensorFlow 安全漏洞
CNNVD-202303-2113
CVE-2023-25675
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj
157
Google TensorFlow 代码问题漏洞
CNNVD-202303-2112
CVE-2023-25676
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq
158
Google TensorFlow 资源管理错误漏洞
CNNVD-202303-2111
CVE-2023-25801
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q
159
OpenSSL 安全漏洞
CNNVD-202305-2503
CVE-2023-2650
高危
OpenSSL
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
160
Apache HTTP Server 环境问题漏洞
CNNVD-202303-452
CVE-2023-27522
高危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
161
curl 注入漏洞
CNNVD-202303-1551
CVE-2023-27533
高危
个人开发者
https://curl.se/download.html
162
curl 路径遍历漏洞
CNNVD-202303-1547
CVE-2023-27534
高危
个人开发者
https://curl.se/download.html
163
Google TensorFlow 安全漏洞
CNNVD-202303-2110
CVE-2023-27579
高危
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
164
Jenkins 安全漏洞
CNNVD-202303-670
CVE-2023-27899
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-03-08/
165
Jenkins 安全漏洞
CNNVD-202303-669
CVE-2023-27900
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-03-08/
166
Jenkins 安全漏洞
CNNVD-202303-671
CVE-2023-27901
高危
Jenkins
https://www.jenkins.io/security/advisory/2023-03-08/
167
Apache Tomcat 安全漏洞
CNNVD-202305-1931
CVE-2023-28709
高危
Apache基金会
https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j
168
Git 注入漏洞
CNNVD-202304-2063
CVE-2023-29007
高危
github
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844
169
SheetJS 安全漏洞
CNNVD-202304-1870
CVE-2023-30533
高危
sheetjs
https://cdn.sheetjs.com/advisories/CVE-2023-30533
170
Snowflake JDBC 命令注入漏洞
CNNVD-202304-1210
CVE-2023-30535
高危
Snowflake
https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-4g3j-c4wg-6j7x
171
Flask 安全漏洞
CNNVD-202305-091
CVE-2023-30861
高危
Pallets
https://github.com/pallets/flask/releases/tag/2.3.2
172
illumos 缓冲区错误漏洞
CNNVD-202305-266
CVE-2023-31284
高危
个人开发者
https://illumos.topicbox.com/groups/developer/T13ef186a53edeb5c-M821cc18b5884e04e16daa8fd/cve-2023-31284-buffer-overflow-in-dev-net
173
Apache Tomcat 安全漏洞
CNNVD-202306-1525
CVE-2023-34981
高危
Apache基金会
https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
174
Apache Axis 跨站脚本漏洞
CNNVD-201808-082
CVE-2018-8032
中危
apache
https://issues.apache.org/jira/browse/AXIS-2924
175
Apache ActiveMQ 跨站脚本漏洞
CNNVD-202102-588
CVE-2020-13947
中危
Apache基金会
http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt
176
Apache HttpClient 安全漏洞
CNNVD-202010-372
CVE-2020-13956
中危
Apache基金会
https://www.apache.org/
177
Junit 信息泄露漏洞
CNNVD-202010-445
CVE-2020-15250
中危
个人开发者
https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md
178
Apache Groovy 安全漏洞
CNNVD-202012-422
CVE-2020-17521
中危
Apache基金会
https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
179
Apache Hive 信息泄露漏洞
CNNVD-202103-1010
CVE-2020-1926
中危
Apache基金会
https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E
180
Netty 环境问题漏洞
CNNVD-202103-713
CVE-2021-21295
中危
Netty社区
https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4
181
Google protobuf 安全漏洞
CNNVD-202201-628
CVE-2021-22569
中危
https://cloud.google.com/support/bulletins#gcp-2022-001
182
ISC BIND 环境问题漏洞
CNNVD-202203-1514
CVE-2021-25220
中危
ISC
https://vigilance.fr/vulnerability/ISC-BIND-spoofing-via-DNS-Forwarders-Cache-Poisoning-37754
183
Maxim Nesen jersey 安全漏洞
CNNVD-202104-1669
CVE-2021-28168
中危
Maxim Nesen
https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv
184
OpenJPEG 输入验证错误漏洞
CNNVD-202104-1124
CVE-2021-29338
中危
个人开发者
https://github.com/uclouvain/openjpeg
185
Apache Commons IO 路径遍历漏洞
CNNVD-202104-702
CVE-2021-29425
中危
Apache基金会
https://issues.apache.org/jira/browse/IO-556
186
Eclipse Jetty 安全漏洞
CNNVD-202107-1094
CVE-2021-34429
中危
Eclipse基金会
https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
187
Apache Ant 安全漏洞
CNNVD-202107-983
CVE-2021-36373
中危
Apache基金会
https://ant.apache.org/
188
Apache Ant 安全漏洞
CNNVD-202107-984
CVE-2021-36374
中危
Apache基金会
https://ant.apache.org/
189
Apache Commons Net 输入验证错误漏洞
CNNVD-202212-2188
CVE-2021-37533
中危
Apache基金会
https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
190
Libgcrypt 加密问题漏洞
CNNVD-202109-275
CVE-2021-40528
中危
GNU社区
https://gnupg.org/index.html
191
jQuery 跨站脚本漏洞
CNNVD-202110-1843
CVE-2021-41182
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
192
jQuery 跨站脚本漏洞
CNNVD-202110-1839
CVE-2021-41183
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
193
Openjs Jquery Ui 跨站脚本漏洞
CNNVD-202110-1845
CVE-2021-41184
中危
Openjs基金会
https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
194
Apache MINA 安全漏洞
CNNVD-202111-238
CVE-2021-41973
中危
Apache基金会
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
195
Apache Log4j 输入验证错误漏洞
CNNVD-202112-2743
CVE-2021-44832
中危
Apache基金会
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf
196
Apache Log4j 安全漏洞
CNNVD-202112-1493
CVE-2021-45105
中危
Apache基金会
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
197
OpenJPEG 安全漏洞
CNNVD-202203-2498
CVE-2022-1122
中危
个人开发者
https://github.com/uclouvain/openjpeg/issues/1368
198
Vmware Spring Framework 安全漏洞
CNNVD-202203-2333
CVE-2022-22950
中危
VMware
https://tanzu.vmware.com/security/cve-2022-22950
199
Spring Framework 输入验证错误漏洞
CNNVD-202205-2988
CVE-2022-22970
中危
Spring团队
https://spring.io/projects/spring-framework
200
Spring Framework 输入验证错误漏洞
CNNVD-202205-2980
CVE-2022-22971
中危
Spring团队
https://spring.io/projects/spring-framework
201
Xerces 安全漏洞
CNNVD-202201-2238
CVE-2022-23437
中危
Apache基金会
https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl
202
Containous Traefik 日志信息泄露漏洞
CNNVD-202212-2756
CVE-2022-23469
中危
Containous
https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp
203
CKEditor 跨站脚本漏洞
CNNVD-202203-1546
CVE-2022-24728
中危
个人开发者
https://ckeditor.com/cke4/release/CKEditor-4.18
204
OWASP ESAPI 安全漏洞
CNNVD-202204-4523
CVE-2022-24891
中危
个人开发者
https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q
205
Apache Portable Runtime 输入验证错误漏洞
CNNVD-202301-2414
CVE-2022-25147
中危
Apache基金会
https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
206
ISC BIND 资源管理错误漏洞
CNNVD-202209-1695
CVE-2022-2795
中危
ISC
https://kb.isc.org/docs/cve-2022-2795
207
jQuery 跨站脚本漏洞
CNNVD-202207-2121
CVE-2022-31160
中危
个人开发者
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
208
Apache Spark 注入漏洞
CNNVD-202211-1852
CVE-2022-31777
中危
Apache基金会
https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q
209
Apache Tomcat 跨站脚本漏洞
CNNVD-202206-2227
CVE-2022-34305
中危
Apache基金会
https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k
210
Dell BSAFE 安全漏洞
CNNVD-202302-738
CVE-2022-34364
中危
Dell
https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability
211
jsoup 跨站脚本漏洞
CNNVD-202208-4329
CVE-2022-36033
中危
个人开发者
https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
212
Apache HTTP Server 注入漏洞
CNNVD-202301-1298
CVE-2022-37436
中危
Apache基金会
https://httpd.apache.org/security/vulnerabilities_24.html
213
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202209-2289
CVE-2022-38398
中危
Apache基金会
https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx
214
Apache XML Graphics Batik 代码问题漏洞
CNNVD-202209-2288
CVE-2022-38648
中危
Apache基金会
https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
215
SnakeYAML 缓冲区错误漏洞
CNNVD-202209-169
CVE-2022-38751
中危
SnakeYAML
https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
216
SnakeYAML 缓冲区错误漏洞
CNNVD-202209-171
CVE-2022-38752
中危
snakeYAML
https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
217
JasPer 安全漏洞
CNNVD-202209-1374
CVE-2022-40755
中危
个人开发者
https://github.com/jasper-software/jasper/issues/338
218
Python 安全漏洞
CNNVD-202212-3796
CVE-2022-40897
中危
Python基金会
https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
219
Netty 安全漏洞
CNNVD-202212-3060
CVE-2022-41915
中危
Netty社区
https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
220
OpenSSL 缓冲区错误漏洞
CNNVD-202302-506
CVE-2022-4203
中危
OpenSSL
https://www.openssl.org/news/secadv/20230207.txt
221
OpenSSL 安全漏洞
CNNVD-202302-514
CVE-2022-4304
中危
OpenSSL
https://www.openssl.org/news/secadv/20230207.txt
222
Apache James 信息泄露漏洞
CNNVD-202301-447
CVE-2022-45787
中危
Apache基金会
https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj
223
Containous Traefik 信任管理问题漏洞
CNNVD-202212-2752
CVE-2022-46153
中危
Containous
https://github.com/traefik/traefik/releases/tag/v2.9.6
224
OpenSSL 信任管理问题漏洞
CNNVD-202303-2432
CVE-2023-0465
中危
OpenSSL
https://www.openssl.org/news/secadv/20230328.txt
225
OpenSSL 信任管理问题漏洞
CNNVD-202303-2431
CVE-2023-0466
中危
OpenSSL
https://www.openssl.org/news/secadv/20230328.txt
226
OpenSSL 缓冲区错误漏洞
CNNVD-202304-1714
CVE-2023-1255
中危
OpenSSL
https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
227
Spring Framework 安全漏洞
CNNVD-202303-1917
CVE-2023-20861
中危
Spring
https://spring.io/security/cve-2023-20861
228
Spring Framework 安全漏洞
CNNVD-202304-1094
CVE-2023-20863
中危
Spring
https://spring.io/security/cve-2023-20863
229
Zip4j 访问控制错误漏洞
CNNVD-202301-648
CVE-2023-22899
中危
个人开发者
https://github.com/srikanth-lingala/zip4j/releases
230
curl 安全漏洞
CNNVD-202302-1928
CVE-2023-23915
中危
个人开发者
https://github.com/curl/curl/releases/tag/curl-7_88_1
231
curl 安全漏洞
CNNVD-202302-1927
CVE-2023-23916
中危
个人开发者
https://github.com/curl/curl/releases/tag/curl-7_88_1
232
cryptography 代码问题漏洞
CNNVD-202302-523
CVE-2023-23931
中危
Cryptographic
https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
233
热门跟贴