近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞87个,影响到Oracle产品的其他厂商漏洞180个。Oracle Mysql、Oracle Communications Order and Service Management、Oracle Java SE、Oracle PeopleSoft Enterprise PeopleTools等多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2025年1月21日,Oracle发布了2025年1月份安全更新,共267个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Communications Order and Service Management、Oracle Java SE、Oracle PeopleSoft Enterprise PeopleTools、Oracle MySQL、Oracle Hospitality Applications等。CNNVD对其危害等级进行了评价,其中超危漏洞16个,高危漏洞89个,中危漏洞151个,低危漏洞11个。
Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpujan2025.html
二、漏洞详情
此次更新共267个漏洞的补丁程序,包括84个新增漏洞的补丁程序、3个更新漏洞的补丁程序和180个影响Oracle产品的其他厂商漏洞的补丁程序。
此次更新共包括84个新增漏洞的补丁程序,其中超危漏洞4个,高危漏洞13个,中危漏洞65个,低危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle Agile PLM Framework 安全漏洞 | CNNVD-202501-2843 | CVE-2025-21556 | 超危 | https://www.oracle.com/security-alerts/cpujan2025.html |
2 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2898 | CVE-2025-21524 | 超危 | https://www.oracle.com/security-alerts/cpujan2025.html |
3 | Oracle Hospitality Applications 安全漏洞 | CNNVD-202501-2904 | CVE-2025-21547 | 超危 | https://www.oracle.com/security-alerts/cpujan2025.html |
4 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202501-2908 | CVE-2025-21535 | 超危 | https://www.oracle.com/security-alerts/cpujan2025.html |
5 | Oracle Virtualization 安全漏洞 | CNNVD-202501-2839 | CVE-2025-21571 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
6 | Oracle Supply Chain Products Suite 安全漏洞 | CNNVD-202501-2841 | CVE-2025-21565 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
7 | Oracle Supply Chain Products Suite 安全漏洞 | CNNVD-202501-2842 | CVE-2025-21564 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
8 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 | CNNVD-202501-2849 | CVE-2025-21545 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
9 | Oracle MySQL Server 安全漏洞 | CNNVD-202501-2894 | CVE-2025-21521 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
10 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2895 | CVE-2025-21511 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
11 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2896 | CVE-2025-21510 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
12 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2897 | CVE-2025-21515 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
13 | Oracle Java SE 安全漏洞 | CNNVD-202501-2900 | CVE-2025-0509 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
14 | Oracle Analytics 安全漏洞 | CNNVD-202501-2905 | CVE-2025-21532 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
15 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202501-2907 | CVE-2025-21549 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
16 | Oracle E-Business Suite 安全漏洞 | CNNVD-202501-2911 | CVE-2025-21506 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
17 | Oracle E-Business Suite 安全漏洞 | CNNVD-202501-2913 | CVE-2025-21516 | 高危 | https://www.oracle.com/security-alerts/cpujan2025.html |
18 | Oracle Virtualization 安全漏洞 | CNNVD-202501-2838 | CVE-2025-21533 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
19 | Oracle Solaris 安全漏洞 | CNNVD-202501-2840 | CVE-2025-21551 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
20 | Oracle Supply Chain Products Suite 安全漏洞 | CNNVD-202501-2844 | CVE-2025-21560 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
21 | Oracle PeopleSoft Enterprise CC Common Application Objects 安全漏洞 | CNNVD-202501-2845 | CVE-2025-21563 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
22 | Oracle PeopleSoft 安全漏洞 | CNNVD-202501-2846 | CVE-2025-21530 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
23 | Oracle PeopleSoft 安全漏洞 | CNNVD-202501-2847 | CVE-2025-21539 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
24 | Oracle PeopleSoft 安全漏洞 | CNNVD-202501-2848 | CVE-2025-21561 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
25 | Oracle PeopleSoft 安全漏洞 | CNNVD-202501-2850 | CVE-2025-21562 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
26 | Oracle PeopleSoft 安全漏洞 | CNNVD-202501-2851 | CVE-2025-21537 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
27 | Oracle MySQL 安全漏洞 | CNNVD-202501-2854 | CVE-2025-21519 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
28 | Oracle MySQL 安全漏洞 | CNNVD-202501-2855 | CVE-2025-21493 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
29 | Oracle MySQL 安全漏洞 | CNNVD-202501-2856 | CVE-2025-21534 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
30 | Oracle MySQL Server 安全漏洞 | CNNVD-202501-2857 | CVE-2025-21494 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
31 | Oracle MySQL 安全漏洞 | CNNVD-202501-2858 | CVE-2025-21536 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
32 | Oracle MySQL Server 安全漏洞 | CNNVD-202501-2859 | CVE-2025-21504 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
33 | Oracle MySQL 安全漏洞 | CNNVD-202501-2860 | CVE-2025-21495 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
34 | Oracle MySQL 安全漏洞 | CNNVD-202501-2861 | CVE-2025-21492 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
35 | Oracle MySQL Server 安全漏洞 | CNNVD-202501-2862 | CVE-2025-21529 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
36 | Oracle MySQL Server 安全漏洞 | CNNVD-202501-2863 | CVE-2025-21567 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
37 | Oracle MySQL 安全漏洞 | CNNVD-202501-2864 | CVE-2025-21523 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
38 | Oracle MySQL 安全漏洞 | CNNVD-202501-2865 | CVE-2025-21503 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
39 | Oracle MySQL 安全漏洞 | CNNVD-202501-2866 | CVE-2025-21499 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
40 | Oracle MySQL 安全漏洞 | CNNVD-202501-2867 | CVE-2025-21505 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
41 | Oracle MySQL 安全漏洞 | CNNVD-202501-2868 | CVE-2025-21525 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
42 | Oracle MySQL 安全漏洞 | CNNVD-202501-2869 | CVE-2025-21543 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
43 | Oracle MySQL Server 安全漏洞 | CNNVD-202501-2870 | CVE-2025-21491 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
44 | Oracle MySQL Server 安全漏洞 | CNNVD-202501-2871 | CVE-2025-21490 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
45 | Oracle MySQL 安全漏洞 | CNNVD-202501-2872 | CVE-2025-21531 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
46 | Oracle MySQL 安全漏洞 | CNNVD-202501-2873 | CVE-2025-21540 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
47 | Oracle MySQL 安全漏洞 | CNNVD-202501-2874 | CVE-2025-21555 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
48 | Oracle MySQL 安全漏洞 | CNNVD-202501-2875 | CVE-2025-21548 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
49 | Oracle MySQL 安全漏洞 | CNNVD-202501-2876 | CVE-2025-21497 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
50 | Oracle MySQL 安全漏洞 | CNNVD-202501-2877 | CVE-2025-21559 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
51 | Oracle MySQL Server 安全漏洞 | CNNVD-202501-2878 | CVE-2025-21522 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
52 | Oracle MySQL 安全漏洞 | CNNVD-202501-2879 | CVE-2025-21500 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
53 | Oracle MySQL 安全漏洞 | CNNVD-202501-2880 | CVE-2025-21501 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
54 | Oracle MySQL 安全漏洞 | CNNVD-202501-2881 | CVE-2025-21518 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
55 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2882 | CVE-2025-21517 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
56 | Oracle MySQL 安全漏洞 | CNNVD-202501-2883 | CVE-2025-21566 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
57 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2884 | CVE-2025-21514 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
58 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2885 | CVE-2025-21507 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
59 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2886 | CVE-2024-21245 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
60 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2887 | CVE-2025-21538 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
61 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2888 | CVE-2025-21513 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
62 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2889 | CVE-2025-21512 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
63 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2890 | CVE-2025-21527 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
64 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2891 | CVE-2025-21509 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
65 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2892 | CVE-2025-21508 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
66 | Oracle JD Edwards Products 安全漏洞 | CNNVD-202501-2893 | CVE-2025-21552 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
67 | Oracle Java SE 安全漏洞 | CNNVD-202501-2899 | CVE-2025-21502 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
68 | Oracle Hyperion 安全漏洞 | CNNVD-202501-2901 | CVE-2025-21568 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
69 | Oracle Hyperion 安全漏洞 | CNNVD-202501-2902 | CVE-2025-21569 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
70 | Oracle Health Sciences Applications 安全漏洞 | CNNVD-202501-2903 | CVE-2025-21570 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
71 | Oracle Fusion Middleware 安全漏洞 | CNNVD-202501-2906 | CVE-2025-21498 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
72 | Oracle Financial Services Applications 安全漏洞 | CNNVD-202501-2909 | CVE-2025-21550 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
73 | Oracle E-Business Suite 安全漏洞 | CNNVD-202501-2910 | CVE-2025-21541 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
74 | Oracle E-Business Suite 安全漏洞 | CNNVD-202501-2912 | CVE-2025-21489 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
75 | Oracle Construction and Engineering Suite 安全漏洞 | CNNVD-202501-2914 | CVE-2025-21528 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
76 | Oracle Construction and Engineering Suite 安全漏洞 | CNNVD-202501-2915 | CVE-2025-21558 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
77 | Oracle Construction and Engineering Suite 安全漏洞 | CNNVD-202501-2916 | CVE-2025-21526 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
78 | Oracle Communications Order and Service Management 安全漏洞 | CNNVD-202501-3041 | CVE-2025-21554 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
79 | Oracle Communications Applications 安全漏洞 | CNNVD-202501-3053 | CVE-2025-21544 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
80 | Oracle Communications Order and Service Management 安全漏洞 | CNNVD-202501-3063 | CVE-2025-21542 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
81 | Oracle Database Server 安全漏洞 | CNNVD-202501-3080 | CVE-2025-21553 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
82 | Oracle Application Express 安全漏洞 | CNNVD-202501-3083 | CVE-2025-21557 | 中危 | https://www.oracle.com/security-alerts/cpujan2025.html |
83 | Oracle MySQL 安全漏洞 | CNNVD-202501-2852 | CVE-2025-21546 | 低危 | https://www.oracle.com/security-alerts/cpujan2025.html |
84 | Oracle MySQL Server 安全漏洞 | CNNVD-202501-2853 | CVE-2025-21520 | 低危 | https://www.oracle.com/security-alerts/cpujan2025.html |
此次更新共包括3个更新漏洞的补丁程序,其中高危漏洞2个,低危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Oracle E-Business Suite Depot Repair 安全漏洞 | CNNVD-202004-1051 | CVE-2020-2849 | 高危 | https://www.oracle.com/security-alerts/cpuapr2020.html |
2 | Oracle Agile PLM Framework 安全漏洞 | CNNVD-202411-2373 | CVE-2024-21287 | 高危 | https://www.oracle.com/security-alerts/alert-cve-2024-21287.html |
3 | Oracle Java SE 安全漏洞 | CNNVD-202410-1408 | CVE-2024-21211 | 低危 | https://www.oracle.com/security-alerts/cpuoct2024.html |
此次更新共包括180个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞12个,高危漏洞74个,中危漏洞86个,低危漏洞8个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Vmware Spring Framework 代码问题漏洞 | CNNVD-202001-046 | CVE-2016-1000027 | 超危 | Pivotal Software | https://pivotal.io/ |
2 | Gradle 信任管理问题漏洞 | CNNVD-201908-1076 | CVE-2019-15052 | 超危 | gradle | https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95 |
3 | Apache Xmlbeans 输入验证错误漏洞 | CNNVD-202101-1146 | CVE-2021-23926 | 超危 | Apache基金会 | https://issues.apache.org/jira/browse/XMLBEANS-517 |
4 | SciPy 资源管理错误漏洞 | CNNVD-202307-454 | CVE-2023-29824 | 超危 | Scipy社区 | https://github.com/scipy/scipy/pull/15013 |
5 | Terracotta Quartz Scheduler 代码注入漏洞 | CNNVD-202307-2214 | CVE-2023-39017 | 超危 | 个人开发者 | https://github.com/quartz-scheduler/quartz/issues/943 |
6 | Apache ActiveMQ 代码问题漏洞 | CNNVD-202310-2332 | CVE-2023-46604 | 超危 | Apache基金会 | https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt |
7 | curl 安全漏洞 | CNNVD-202412-1372 | CVE-2024-11053 | 超危 | cURL | https://curl.se/docs/CVE-2024-11053.html |
8 | Apache Xerces-C 资源管理错误漏洞 | CNNVD-202402-1469 | CVE-2024-23807 | 超危 | Apache | https://github.com/apache/xerces-c/pull/54 |
9 | RequireJS 安全漏洞 | CNNVD-202407-034 | CVE-2024-38999 | 超危 | RequireJS | https://github.com/requirejs/r.js |
10 | libexpat 安全漏洞 | CNNVD-202408-2839 | CVE-2024-45490 | 超危 | libexpat | https://github.com/libexpat/libexpat |
11 | Apache Struts 安全漏洞 | CNNVD-202412-1393 | CVE-2024-53677 | 超危 | Apache | https://struts.apache.org/core-developers/file-upload |
12 | Apache Tomcat 安全漏洞 | CNNVD-202412-2573 | CVE-2024-56337 | 超危 | Apache | https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp |
13 | Apache Ant 安全漏洞 | CNNVD-202010-015 | CVE-2020-11979 | 高危 | Apache基金会 | https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E |
14 | libssh2 缓冲区错误漏洞 | CNNVD-202308-1862 | CVE-2020-22218 | 高危 | 个人开发者 | https://github.com/libssh2/libssh2/pull/476 |
15 | Libsvm 安全漏洞 | CNNVD-202011-1785 | CVE-2020-28975 | 高危 | Libsvm | https://github.com/scikit-learn/scikit-learn/issues/18891 |
16 | CodeMirror 资源管理错误漏洞 | CNNVD-202010-1679 | CVE-2020-7760 | 高危 | Codemirror | https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb |
17 | Gradle 安全漏洞 | CNNVD-202104-983 | CVE-2021-29428 | 高危 | Gradle | https://docs.gradle.org/7.0/release-notes.html#security-advisori |
18 | Gradle 操作系统命令注入漏洞 | CNNVD-202107-1554 | CVE-2021-32751 | 高危 | Gradle | https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 |
19 | JDOM 代码问题漏洞 | CNNVD-202106-1323 | CVE-2021-33813 | 高危 | 个人开发者 | https://github.com/hunterhacker/jdom。 |
20 | Intel OneApi Toolkits 代码问题漏洞 | CNNVD-202302-1402 | CVE-2022-26345 | 高危 | Intel | http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html |
21 | Apache Xalan 输入验证错误漏洞 | CNNVD-202207-1617 | CVE-2022-34169 | 高危 | Apache基金会 | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
22 | Jettison 资源管理错误漏洞 | CNNVD-202209-1233 | CVE-2022-40150 | 高危 | 个人开发者 | https://github.com/jettison-json/jettison/issues/45 |
23 | Apache Commons FileUpload 安全漏洞 | CNNVD-202302-1610 | CVE-2023-24998 | 高危 | Apache基金会 | https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy |
24 | Apache Hadoop 代码问题漏洞 | CNNVD-202311-1444 | CVE-2023-26031 | 高危 | Apache基金会 | https://lists.apache.org/thread/q9qpdlv952gb4kphpndd5phvl7fkh71r |
25 | Google Guava 安全漏洞 | CNNVD-202306-1141 | CVE-2023-2976 | 高危 | https://github.com/google/guava | |
26 | gRPC 安全漏洞 | CNNVD-202308-864 | CVE-2023-33953 | 高危 | gRPC | https://grpc.io/ |
27 | Gradle 路径遍历漏洞 | CNNVD-202306-2232 | CVE-2023-35947 | 高危 | Gradle | https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842 |
28 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202310-742 | CVE-2023-36730 | 高危 | Microsoft | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 |
29 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202310-743 | CVE-2023-36785 | 高危 | Microsoft | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785 |
30 | Node.js 数据伪造问题漏洞 | CNNVD-202310-1128 | CVE-2023-38552 | 高危 | Nodejs | https://nodejs.org/en/blog/vulnerability/october-2023-security-releases |
31 | Apache Avro 代码问题漏洞 | CNNVD-202309-2636 | CVE-2023-39410 | 高危 | Apache基金会 | https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds |
32 | Samba 安全漏洞 | CNNVD-202310-1009 | CVE-2023-4091 | 高危 | Samba | https://bugzilla.samba.org/show_bug.cgi?id=15439 |
33 | urllib3 信息泄露漏洞 | CNNVD-202310-281 | CVE-2023-43804 | 高危 | 个人开发者 | https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
34 | ISC BIND 安全漏洞 | CNNVD-202402-1015 | CVE-2023-4408 | 高危 | ISC | https://kb.isc.org/docs/cve-2023-4408 |
35 | Apache HTTP/2 资源管理错误漏洞 | CNNVD-202310-667 | CVE-2023-44487 | 高危 | Apache基金会 | https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
36 | HashiCorp Terraform 路径遍历漏洞 | CNNVD-202309-693 | CVE-2023-4782 | 高危 | HashiCorp | https://discuss.hashicorp.com/t/hcsec-2023-27-terraform-allows-arbitrary-file-write-during-init-operation/58082 |
37 | gRPC 安全漏洞 | CNNVD-202309-981 | CVE-2023-4785 | 高危 | gRPC | https://github.com/grpc/grpc/releases/tag/v1.58.1 |
38 | Knot Resolver 安全漏洞 | CNNVD-202402-1126 | CVE-2023-50868 | 高危 | 个人开发者 | https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 |
39 | jose4j 安全漏洞 | CNNVD-202402-2688 | CVE-2023-51775 | 高危 | Bitbucket | https://bitbucket.org/b_c/jose4j/downloads/ |
40 | JFreeChart 安全漏洞 | CNNVD-202404-1555 | CVE-2023-52070 | 高危 | 个人开发者 | https://www.jfree.org/jfreechart/ |
41 | Connect2id Nimbus JOSE+JWT 安全漏洞 | CNNVD-202402-845 | CVE-2023-52428 | 高危 | Connect2id | https://connect2id.com/products/nimbus-jose-jwt |
42 | Python 安全漏洞 | CNNVD-202403-1882 | CVE-2023-6597 | 高危 | Python | https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b |
43 | Eclipse Parsson 安全漏洞 | CNNVD-202407-1856 | CVE-2023-7272 | 高危 | Eclipse | https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/12 |
44 | cpython 安全漏洞 | CNNVD-202406-1925 | CVE-2024-0397 | 高危 | Python | https://github.com/gentoo/cpython/commit/a6a90cac7e1af91b032dcf0df13437857bc6c112 |
45 | Gunicorn 环境问题漏洞 | CNNVD-202404-2065 | CVE-2024-1135 | 高危 | Gunicorn | https://github.com/benoitc/gunicorn |
46 | Node.js 安全漏洞 | CNNVD-202402-1467 | CVE-2024-22019 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high |
47 | Spring Framework 安全漏洞 | CNNVD-202404-2193 | CVE-2024-22262 | 高危 | Spring | https://spring.io/security/cve-2024-22262 |
48 | Apache Tomcat 安全漏洞 | CNNVD-202403-1180 | CVE-2024-23672 | 高危 | Apache | https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f |
49 | Apache Tomcat 输入验证错误漏洞 | CNNVD-202403-1179 | CVE-2024-24549 | 高危 | Apache | https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg |
50 | Google Go 安全漏洞 | CNNVD-202403-452 | CVE-2024-24786 | 高危 | https://go-review.googlesource.com/c/protobuf/+/569356 | |
51 | OpenSSL 安全漏洞 | CNNVD-202404-941 | CVE-2024-2511 | 高危 | OpenSSL | https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce |
52 | dnsjava 安全漏洞 | CNNVD-202407-2260 | CVE-2024-25638 | 高危 | dnsjava | https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw |
53 | python-cryptography 安全漏洞 | CNNVD-202402-1783 | CVE-2024-26130 | 高危 | Cryptographic | https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 |
54 | Apache Kafka 安全漏洞 | CNNVD-202404-1780 | CVE-2024-27309 | 高危 | Apache | https://lists.apache.org/thread/6536rmzyg076lzzdw2xdktvnz163mjpy |
55 | Node.js 安全漏洞 | CNNVD-202404-991 | CVE-2024-27983 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/april-2024-security-releases |
56 | libexpat 安全漏洞 | CNNVD-202403-795 | CVE-2024-28757 | 高危 | libexpat | https://github.com/libexpat/libexpat/pull/842 |
57 | Apache Commons Configuration 缓冲区错误漏洞 | CNNVD-202403-2143 | CVE-2024-29131 | 高危 | Apache | https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37 |
58 | Apache Commons Configuration 缓冲区错误漏洞 | CNNVD-202403-2142 | CVE-2024-29133 | 高危 | Apache | https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2 |
59 | Bouncy Castle 安全漏洞 | CNNVD-202405-2601 | CVE-2024-29857 | 高危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
60 | glibc 安全漏洞 | CNNVD-202405-1511 | CVE-2024-33599 | 高危 | GNU | https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005 |
61 | glibc 安全漏洞 | CNNVD-202404-3209 | CVE-2024-33602 | 高危 | GNU | https://sourceware.org/bugzilla/show_bug.cgi?id=31680 |
62 | Apache Tomcat 安全漏洞 | CNNVD-202407-326 | CVE-2024-34750 | 高危 | Apache | https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l |
63 | RADIUS Protocol under RFC 2865 安全漏洞 | CNNVD-202407-651 | CVE-2024-3596 | 高危 | RFC | https://www.rfc-editor.org/ |
64 | Aircompressor 安全漏洞 | CNNVD-202405-4798 | CVE-2024-36114 | 高危 | airlift | https://github.com/airlift/aircompressor/releases/tag/0.27 |
65 | Node.js 安全漏洞 | CNNVD-202409-508 | CVE-2024-36138 | 高危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
66 | MIT Kerberos 安全漏洞 | CNNVD-202406-3113 | CVE-2024-37370 | 高危 | MIT | https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef |
67 | Apache HTTP Server 安全漏洞 | CNNVD-202407-093 | CVE-2024-38475 | 高危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
68 | pdoc 安全漏洞 | CNNVD-202406-2849 | CVE-2024-38526 | 高危 | mitmproxy | https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62 |
69 | VMware Spring Framework 安全漏洞 | CNNVD-202409-1142 | CVE-2024-38816 | 高危 | VMware | https://spring.io/security/cve-2024-38816 |
70 | VMware Spring Framework 安全漏洞 | CNNVD-202410-3593 | CVE-2024-38819 | 高危 | VMware | https://docs.spring.io/spring-framework/reference/web/webmvc.html |
71 | Python 安全漏洞 | CNNVD-202405-1639 | CVE-2024-4030 | 高危 | Python | https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d |
72 | ImageMagick 安全漏洞 | CNNVD-202407-2766 | CVE-2024-41817 | 高危 | ImageMagick | https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.1-36 |
73 | libexpat 输入验证错误漏洞 | CNNVD-202408-2842 | CVE-2024-45491 | 高危 | libexpat | https://github.com/libexpat/libexpat |
74 | libexpat 输入验证错误漏洞 | CNNVD-202408-2841 | CVE-2024-45492 | 高危 | libexpat | https://github.com/libexpat/libexpat |
75 | Apache Lucene 代码问题漏洞 | CNNVD-202409-2528 | CVE-2024-45772 | 高危 | Apache | https://lists.apache.org/thread/3f3oph7bqnqspb9q5p0gm5mgc1b6thjo |
76 | DOMPurify 安全漏洞 | CNNVD-202409-1375 | CVE-2024-45801 | 高危 | 个人开发者 | https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674 |
77 | XStream 安全漏洞 | CNNVD-202411-823 | CVE-2024-47072 | 高危 | XStream | https://x-stream.github.io/CVE-2024-47072.html |
78 | OpenSSL 资源管理错误漏洞 | CNNVD-202405-4739 | CVE-2024-4741 | 高危 | OpenSSL | https://github.com/openssl/openssl |
79 | Apache Commons IO 资源管理错误漏洞 | CNNVD-202410-209 | CVE-2024-47554 | 高危 | Apache | https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1 |
80 | Werkzeug 安全漏洞 | CNNVD-202410-2923 | CVE-2024-49767 | 高危 | Pallets | https://github.com/pallets/werkzeug/releases/tag/3.0 |
81 | Apache Tomcat 安全漏洞 | CNNVD-202412-2256 | CVE-2024-50379 | 高危 | Apache | https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r |
82 | Red Hat Undertow 资源管理错误漏洞 | CNNVD-202406-2368 | CVE-2024-6162 | 高危 | Red Hat | https://bugzilla.redhat.com/show_bug.cgi?id=2293069 |
83 | Protocol Buffers 安全漏洞 | CNNVD-202409-1841 | CVE-2024-7254 | 高危 | Protocol Buffers | http://protobuf.dev/ |
84 | Python 安全漏洞 | CNNVD-202408-1775 | CVE-2024-7592 | 高危 | Python | https://github.com/jeremyhylton/cpython/commit/1587608515127032778669c8232d46ec6d8f593c |
85 | Red Hat Undertow 竞争条件问题漏洞 | CNNVD-202408-2070 | CVE-2024-7885 | 高危 | Red Hat | https://undertow.io/ |
86 | PHP 安全漏洞 | CNNVD-202410-620 | CVE-2024-8927 | 高危 | PHP | https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp |
87 | Gradle 安全特征问题漏洞 | CNNVD-201904-522 | CVE-2019-11065 | 中危 | fedoraproject | https://github.com/gradle/gradle/pull/8927 |
88 | Apache POI 代码问题漏洞 | CNNVD-201910-1431 | CVE-2019-12415 | 中危 | Apache基金会 | https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@ |
89 | Gradle PGP签名插件输入验证错误漏洞 | CNNVD-201909-770 | CVE-2019-16370 | 中危 | gradle | https://github.com/gradle/gradle/pull/10543 |
90 | Apache HttpClient 安全漏洞 | CNNVD-202010-372 | CVE-2020-13956 | 中危 | Apache基金会 | https://www.apache.org/ |
91 | Gradle 安全漏洞 | CNNVD-202104-642 | CVE-2021-29429 | 中危 | Gradle | https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 |
92 | Memcached 缓冲区错误漏洞 | CNNVD-202302-239 | CVE-2021-37519 | 中危 | 个人开发者 | https://github.com/memcached/memcached/pull/806/commits/264722ae4e248b453be00e97197dadc685b60fd0 |
93 | Google Golang 资源管理错误漏洞 | CNNVD-202302-2315 | CVE-2022-41727 | 中危 | https://github.com/golang/go/issues/58003 | |
94 | SciPy 安全漏洞 | CNNVD-202307-200 | CVE-2023-25399 | 中危 | SciPy | https://github.com/scipy/scipy/issues/16235 |
95 | Python 输入验证错误漏洞 | CNNVD-202304-1553 | CVE-2023-27043 | 中危 | Python基金会 | https://www.python.org/ |
96 | Google Golang 安全漏洞 | CNNVD-202308-121 | CVE-2023-29407 | 中危 | https://pkg.go.dev/vuln/GO-2023-1990 | |
97 | Google Golang 安全漏洞 | CNNVD-202308-122 | CVE-2023-29408 | 中危 | https://pkg.go.dev/vuln/GO-2023-1989 | |
98 | gRPC 安全漏洞 | CNNVD-202306-707 | CVE-2023-32732 | 中危 | gRPC | https://github.com/grpc/grpc/pull/32309 |
99 | Bouncy Castle 信任管理问题漏洞 | CNNVD-202307-168 | CVE-2023-33201 | 中危 | Bouncy Castle | https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc |
100 | Bouncy Castle 资源管理错误漏洞 | CNNVD-202311-1981 | CVE-2023-33202 | 中危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
101 | Gradle 路径遍历漏洞 | CNNVD-202306-2235 | CVE-2023-35946 | 中危 | Gradle | https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v |
102 | Apache HTTP Server 安全漏洞 | CNNVD-202404-641 | CVE-2023-38709 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
103 | Samba 安全漏洞 | CNNVD-202311-300 | CVE-2023-3961 | 中危 | Samba | https://www.samba.org/samba/security/CVE-2023-3961.html |
104 | Alertmanager 跨站脚本漏洞 | CNNVD-202308-2049 | CVE-2023-40577 | 中危 | 个人开发者 | https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j |
105 | Gradle 代码问题漏洞 | CNNVD-202310-415 | CVE-2023-42445 | 中危 | Gradle | https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8 |
106 | Samba 安全漏洞 | CNNVD-202310-1008 | CVE-2023-42669 | 中危 | Samba | https://www.samba.org/samba/security/CVE-2023-42669.html |
107 | Gradle 安全漏洞 | CNNVD-202310-352 | CVE-2023-44387 | 中危 | Gradle | https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9 |
108 | Apache Santuario 日志信息泄露漏洞 | CNNVD-202310-1720 | CVE-2023-44483 | 中危 | Apache基金会 | https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 |
109 | urllib3 信息泄露漏洞 | CNNVD-202310-1359 | CVE-2023-45803 | 中危 | urllib3 | https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
110 | curl 安全漏洞 | CNNVD-202312-490 | CVE-2023-46218 | 中危 | curl | https://curl.se/docs/CVE-2023-46218.html |
111 | curl 安全漏洞 | CNNVD-202312-499 | CVE-2023-46219 | 中危 | curl | https://curl.se/docs/CVE-2023-46219.html |
112 | OpenSSH 安全漏洞 | CNNVD-202312-1668 | CVE-2023-48795 | 中危 | OpenBSD | https://www.openssh.com/openbsd.html |
113 | Apache Portable Runtime 安全漏洞 | CNNVD-202408-2479 | CVE-2023-49582 | 中危 | Apache | https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4 |
114 | python-cryptography 安全漏洞 | CNNVD-202312-1318 | CVE-2023-50782 | 中危 | Cryptographic团队 | https://cryptography.io/en/latest/ |
115 | Jayway JsonPath 安全漏洞 | CNNVD-202312-2349 | CVE-2023-51074 | 中危 | json-path | https://github.com/json-path/JsonPath/issues/973 |
116 | OpenSSL 代码问题漏洞 | CNNVD-202311-423 | CVE-2023-5678 | 中危 | OpenSSL | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 |
117 | GnuTLS 安全漏洞 | CNNVD-202311-1944 | CVE-2023-5981 | 中危 | 个人开发者 | https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d |
118 | OpenSSL 安全漏洞 | CNNVD-202401-736 | CVE-2023-6129 | 中危 | OpenSSL | https://www.openssl.org/news/secadv/20240109.txt |
119 | libpcap 资源管理错误漏洞 | CNNVD-202408-2896 | CVE-2023-7256 | 中危 | Tcpdump | https://github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03 |
120 | SQLite 安全漏洞 | CNNVD-202401-1406 | CVE-2024-0232 | 中危 | 个人开发者 | https://sqlite.org/forum/forumpost/4aa381993a |
121 | Python 安全漏洞 | CNNVD-202403-1880 | CVE-2024-0450 | 中危 | Python | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
122 | Grafana 安全漏洞 | CNNVD-202403-664 | CVE-2024-1442 | 中危 | Grafana | https://grafana.com/grafana/download/10.3.4 |
123 | Node.js 安全漏洞 | CNNVD-202407-536 | CVE-2024-22020 | 中危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
124 | Jinja 跨站脚本漏洞 | CNNVD-202401-963 | CVE-2024-22195 | 中危 | 个人开发者 | https://github.com/pallets/jinja/releases/tag/3.1.3 |
125 | OWASP AntiSamy 跨站脚本漏洞 | CNNVD-202402-204 | CVE-2024-23635 | 中危 | OWASP | https://github.com/nahsra/antisamy/releases/tag/v1.7.5 |
126 | Google Go 安全漏洞 | CNNVD-202406-377 | CVE-2024-24789 | 中危 | https://go.dev/dl/ | |
127 | Google Go 安全漏洞 | CNNVD-202406-376 | CVE-2024-24790 | 中危 | https://go.dev/dl/ | |
128 | Google Golang 安全漏洞 | CNNVD-202407-266 | CVE-2024-24791 | 中危 | https://go.dev/issue/67555 | |
129 | Apache Commons Compress 安全漏洞 | CNNVD-202402-1528 | CVE-2024-25710 | 中危 | Apache | https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf |
130 | Apache Commons Compress 安全漏洞 | CNNVD-202402-1527 | CVE-2024-26308 | 中危 | Apache | https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg |
131 | StringIO 安全漏洞 | CNNVD-202403-2225 | CVE-2024-27280 | 中危 | The Ruby Programming Language | https://rubygems.org/gems/stringio/versions/3.0 |
132 | RDoc 安全漏洞 | CNNVD-202403-2218 | CVE-2024-27281 | 中危 | The Ruby Programming Language | https://rubygems.org/gems/rdoc/versions/6.3.4.1 |
133 | Ruby 安全漏洞 | CNNVD-202405-2558 | CVE-2024-27282 | 中危 | 个人开发者 | https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ |
134 | Pillow 安全漏洞 | CNNVD-202404-098 | CVE-2024-28219 | 中危 | Pillow | https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.ht |
135 | GnuTLS 信息泄露漏洞 | CNNVD-202403-2176 | CVE-2024-28834 | 中危 | GnuTLS | https://gnutls.org/download.html |
136 | GnuTLS 安全漏洞 | CNNVD-202403-2145 | CVE-2024-28835 | 中危 | GnuTLS | https://gitlab.com/gnutls/gnutls/-/commit/4a4cefef6c194f8fbbffd7fb19651219421b085b |
137 | Follow Redirects 信息泄露漏洞 | CNNVD-202403-1332 | CVE-2024-28849 | 中危 | 个人开发者 | https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp |
138 | Netty 安全漏洞 | CNNVD-202403-2434 | CVE-2024-29025 | 中危 | Netty | https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c |
139 | Express.js 安全漏洞 | CNNVD-202403-2433 | CVE-2024-29041 | 中危 | Express.js | https://github.com/expressjs/express/releases/tag/v5.0.0-beta |
140 | GNU C Library 安全漏洞 | CNNVD-202404-2641 | CVE-2024-2961 | 中危 | GNU | https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004 |
141 | Bouncy Castle 安全漏洞 | CNNVD-202405-2620 | CVE-2024-30171 | 中危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
142 | Bouncy Castle 安全漏洞 | CNNVD-202405-2618 | CVE-2024-30172 | 中危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
143 | glibc 安全漏洞 | CNNVD-202404-3208 | CVE-2024-33600 | 中危 | GNU | https://sourceware.org/bugzilla/show_bug.cgi?id=31678 |
144 | glibc 安全漏洞 | CNNVD-202404-3210 | CVE-2024-33601 | 中危 | GNU | https://sourceware.org/bugzilla/show_bug.cgi?id=31679 |
145 | Pallets Jinja 安全漏洞 | CNNVD-202405-1436 | CVE-2024-34064 | 中危 | Pallets | https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj |
146 | Bouncy Castle 安全漏洞 | CNNVD-202405-1283 | CVE-2024-34447 | 中危 | Bouncy Castle | https://www.bouncycastle.org/latest_releases.html |
147 | Requests 安全漏洞 | CNNVD-202405-3594 | CVE-2024-35195 | 中危 | Python | https://github.com/psf/requests/releases/tag/v2.32 |
148 | MIT Kerberos 安全漏洞 | CNNVD-202406-3108 | CVE-2024-37371 | 中危 | MIT | https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef |
149 | urllib3 安全漏洞 | CNNVD-202406-1954 | CVE-2024-37891 | 中危 | urllib3 | https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf |
150 | Apache HTTP Server 安全漏洞 | CNNVD-202407-095 | CVE-2024-38473 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
151 | VMware Spring Boot 安全漏洞 | CNNVD-202408-2284 | CVE-2024-38807 | 中危 | VMware | https://spring.io/security/cve-2024-38807 |
152 | VMware Spring Framework 安全漏洞 | CNNVD-202409-2323 | CVE-2024-38809 | 中危 | VMware | https://spring.io/security/cve-2024-38809 |
153 | VMware Spring Security 安全漏洞 | CNNVD-202412-142 | CVE-2024-38827 | 中危 | VMware | https://spring.io/security/cve-2024-38827 |
154 | RequireJS 安全漏洞 | CNNVD-202407-032 | CVE-2024-38998 | 中危 | RequireJS | https://github.com/requirejs/r.js |
155 | cpython 安全漏洞 | CNNVD-202406-1905 | CVE-2024-4032 | 中危 | Python | https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3 |
156 | Apache HTTP Server 代码问题漏洞 | CNNVD-202407-1910 | CVE-2024-40898 | 中危 | Apache | https://httpd.apache.org/security/vulnerabilities_24.html |
157 | Snowflake JDBC 安全漏洞 | CNNVD-202410-3498 | CVE-2024-43382 | 中危 | Snowflake | https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-f686-hw9c-xw9c |
158 | Netty 资源管理错误漏洞 | CNNVD-202411-1363 | CVE-2024-47535 | 中危 | Netty | https://github.com/netty/netty/releases/tag/netty-4.1.115.Final |
159 | Apache Avro 代码问题漏洞 | CNNVD-202410-208 | CVE-2024-47561 | 中危 | Apache | https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x |
160 | Jenkins 安全漏洞 | CNNVD-202410-173 | CVE-2024-47803 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3451 |
161 | Jenkins 安全漏洞 | CNNVD-202410-172 | CVE-2024-47804 | 中危 | Jenkins | https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3448 |
162 | Werkzeug 路径遍历漏洞 | CNNVD-202410-2920 | CVE-2024-49766 | 中危 | Pallets | https://github.com/pallets/werkzeug/releases/tag/3.0 |
163 | libexpat 安全漏洞 | CNNVD-202410-2993 | CVE-2024-50602 | 中危 | libexpat | https://github.com/libexpat/libexpat |
164 | Apache Tomcat 安全漏洞 | CNNVD-202411-2306 | CVE-2024-52316 | 中危 | Apache | https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928 |
165 | Apache Tomcat 安全漏洞 | CNNVD-202412-2255 | CVE-2024-54677 | 中危 | Apache | https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n |
166 | OpenSSL 安全漏洞 | CNNVD-202409-141 | CVE-2024-6119 | 中危 | OpenSSL | https://openssl-library.org/news/secadv/20240903.txt |
167 | CPython 安全漏洞 | CNNVD-202409-120 | CVE-2024-6232 | 中危 | Python | https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf |
168 | Eclipse Jetty 安全漏洞 | CNNVD-202410-1360 | CVE-2024-6763 | 中危 | Eclipse | https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh |
169 | Python 安全漏洞 | CNNVD-202408-046 | CVE-2024-6923 | 中危 | Python | https://github.com/python/cpython |
170 | libpcap 代码问题漏洞 | CNNVD-202408-2898 | CVE-2024-8006 | 中危 | Tcpdump | https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6 |
171 | Python 安全漏洞 | CNNVD-202408-2250 | CVE-2024-8088 | 中危 | Python | https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ |
172 | curl 安全漏洞 | CNNVD-202409-868 | CVE-2024-8096 | 中危 | cURL | https://curl.se/docs/CVE-2024-8096.html |
173 | OpenSSL 安全漏洞 | CNNVD-202401-2353 | CVE-2024-0727 | 低危 | OpenSSL | https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 |
174 | Node.js 安全漏洞 | CNNVD-202407-1007 | CVE-2024-22018 | 低危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
175 | Node.js 安全漏洞 | CNNVD-202409-509 | CVE-2024-36137 | 低危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
176 | Node.js 安全漏洞 | CNNVD-202501-1044 | CVE-2024-37372 | 低危 | Node.js | https://nodejs.org/en/blog/vulnerability/july-2024-security-releases |
177 | VMware Spring Framework 安全漏洞 | CNNVD-202410-1928 | CVE-2024-38820 | 低危 | VMware | https://spring.io/security/cve-2024-38820 |
178 | OpenSSL 安全漏洞 | CNNVD-202405-2902 | CVE-2024-4603 | 低危 | OpenSSL | https://www.openssl.org/news/secadv/20240516.txt |
179 | OpenSSL 安全漏洞 | CNNVD-202406-2936 | CVE-2024-5535 | 低危 | OpenSSL | https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 |
180 | OpenSSL 缓冲区错误漏洞 | CNNVD-202410-1698 | CVE-2024-9143 | 低危 | OpenSSL | https://openssl-library.org/news/secadv/20241016.txt |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:
https://www.oracle.com/security-alerts/cpujan2025.html
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvd@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
