学校首页
首页 网络安全 威胁情报 正文

【漏洞通报】CNNVD关于Oracle多个安全漏洞的通报

时间:2023年04月20日 17:22  来源: CNNVD   点击数:

近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞93个,影响到Oracle产品的其他厂商漏洞275个。包括Oracle Fusion Middleware 安全漏洞(CNNVD-202304-1464、CVE-2023-21996)、Oracle Virtualization 安全漏洞(CNNVD-202304-1468、CVE-2023-21990)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2023年4月18日,Oracle发布了2023年4月份安全更新,共368个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Hospitality Applications、Oracle Java SE、Oracle Solaris、Oracle E-Business Suite、Oracle Health Sciences Applications等。CNNVD对其危害等级进行了评价,其中超危漏洞54个,高危漏洞157个,中危漏洞145个,低危漏洞9个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpuapr2023.html

二、漏洞详情

此次更新共包括91个新增漏洞的补丁程序,其中高危漏洞14个,中危漏洞68个,低危漏洞9个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle Fusion Middleware 安全漏洞

CNNVD-202304-1464

CVE-2023-21996

高危

https://www.oracle.com/security-alerts/cpuapr2040.html

2

Oracle Virtualization 安全漏洞

CNNVD-202304-1468

CVE-2023-21990

高危

https://www.oracle.com/security-alerts/cpuapr2023.html

3

Oracle Virtualization 安全漏洞

CNNVD-202304-1471

CVE-2023-21987

高危

https://www.oracle.com/security-alerts/cpuapr2023.html

4

Oracle Solaris 安全漏洞

CNNVD-202304-1474

CVE-2023-21985

高危

https://www.oracle.com/security-alerts/cpuapr2032.html

5

Oracle MySQL 安全漏洞

CNNVD-202304-1478

CVE-2023-21980

高危

https://www.oracle.com/security-alerts/cpuapr2023.html

6

Oracle Fusion Middleware 安全漏洞

CNNVD-202304-1479

CVE-2023-21979

高危

https://www.oracle.com/security-alerts/cpuapr2037.html

7

Oracle Fusion Middleware 安全漏洞

CNNVD-202304-1492

CVE-2023-21964

高危

https://www.oracle.com/security-alerts/cpuapr2038.html

8

Oracle Solaris 安全漏洞

CNNVD-202304-1504

CVE-2023-21948

高危

https://www.oracle.com/security-alerts/cpuapr2028.html

9

Oracle Solaris 安全漏洞

CNNVD-202304-1512

CVE-2023-21896

高危

https://www.oracle.com/security-alerts/cpuapr2031.html

10

Oracle MySQL 安全漏洞

CNNVD-202304-1533

CVE-2023-21912

高危

https://www.oracle.com/security-alerts/cpuapr2023.html

11

Oracle Hospitality Applications 安全漏洞

CNNVD-202304-1537

CVE-2023-21932

高危

https://www.oracle.com/security-alerts/cpuapr2023.html

12

Oracle Fusion Middleware 安全漏洞

CNNVD-202304-1541

CVE-2023-21931

高危

https://www.oracle.com/security-alerts/cpuapr2036.html

13

Oracle Health Sciences Applications 安全漏洞

CNNVD-202304-1545

CVE-2023-21923

高危

https://www.oracle.com/security-alerts/cpuapr2023.html

14

Oracle Java SE 安全漏洞

CNNVD-202304-1547

CVE-2023-21930

高危

https://www.oracle.com/security-alerts/cpuapr2023.html

15

Oracle Virtualization 安全漏洞

CNNVD-202304-1458

CVE-2023-22002

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

16

Oracle Virtualization 安全漏洞

CNNVD-202304-1460

CVE-2023-22000

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

17

Oracle Virtualization 安全漏洞

CNNVD-202304-1461

CVE-2023-22001

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

18

Oracle Virtualization 安全漏洞

CNNVD-202304-1462

CVE-2023-21998

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

19

Oracle E-Business Suite 安全漏洞

CNNVD-202304-1463

CVE-2023-21997

中危

https://www.oracle.com/security-alerts/cpuapr2034.html

20

Oracle Health Sciences Applications 安全漏洞

CNNVD-202304-1465

CVE-2023-21993

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

21

Oracle PeopleSoft Products 安全漏洞

CNNVD-202304-1467

CVE-2023-21992

中危

https://www.oracle.com/security-alerts/cpuapr2041.html

22

Oracle Virtualization 安全漏洞

CNNVD-202304-1469

CVE-2023-21989

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

23

Oracle Java SE 安全漏洞

CNNVD-202304-1472

CVE-2023-21986

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

24

Oracle MySQL 安全漏洞

CNNVD-202304-1475

CVE-2023-21982

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

25

Oracle Solaris 安全漏洞

CNNVD-202304-1476

CVE-2023-21984

中危

https://www.oracle.com/security-alerts/cpuapr2030.html

26

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

CNNVD-202304-1477

CVE-2023-21981

中危

https://www.oracle.com/security-alerts/cpuapr2042.html

27

Oracle E-Business Suite 安全漏洞

CNNVD-202304-1480

CVE-2023-21978

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

28

Oracle MySQL 安全漏洞

CNNVD-202304-1481

CVE-2023-21977

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

29

Oracle MySQL 安全漏洞

CNNVD-202304-1482

CVE-2023-21976

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

30

Oracle E-Business Suite 安全漏洞

CNNVD-202304-1483

CVE-2023-21973

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

31

Oracle MySQL 安全漏洞

CNNVD-202304-1484

CVE-2023-21972

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

32

Oracle MySQL 安全漏洞

CNNVD-202304-1486

CVE-2023-21971

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

33

Oracle BI Publisher 安全漏洞

CNNVD-202304-1487

CVE-2023-21970

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

34

Oracle Java SE 安全漏洞

CNNVD-202304-1489

CVE-2023-21967

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

35

Oracle MySQL 安全漏洞

CNNVD-202304-1490

CVE-2023-21966

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

36

Oracle Business Intelligence Enterprise Edition 安全漏洞

CNNVD-202304-1491

CVE-2023-21965

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

37

Oracle SQL Developer 安全漏洞

CNNVD-202304-1493

CVE-2023-21969

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

38

Oracle MySQL 安全漏洞

CNNVD-202304-1495

CVE-2023-21962

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

39

Oracle Fusion Middleware 安全漏洞

CNNVD-202304-1496

CVE-2023-21960

中危

https://www.oracle.com/security-alerts/cpuapr2035.html

40

Oracle E-Business Suite 安全漏洞

CNNVD-202304-1497

CVE-2023-21959

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

41

Oracle Fusion Middleware 安全漏洞

CNNVD-202304-1498

CVE-2023-21956

中危

https://www.oracle.com/security-alerts/cpuapr2039.html

42

Oracle MySQL 安全漏洞

CNNVD-202304-1499

CVE-2023-21955

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

43

Oracle MySQL 安全漏洞

CNNVD-202304-1500

CVE-2023-21953

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

44

Oracle Java SE 安全漏洞

CNNVD-202304-1501

CVE-2023-21954

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

45

Oracle Business Intelligence Enterprise Edition 安全漏洞

CNNVD-202304-1502

CVE-2023-21952

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

46

Oracle MySQL 安全漏洞

CNNVD-202304-1503

CVE-2023-21947

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

47

Oracle MySQL 安全漏洞

CNNVD-202304-1505

CVE-2023-21946

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

48

Oracle MySQL 安全漏洞

CNNVD-202304-1506

CVE-2023-21945

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

49

Oracle Essbase 安全漏洞

CNNVD-202304-1507

CVE-2023-21944

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

50

Oracle Essbase 安全漏洞

CNNVD-202304-1508

CVE-2023-21943

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

51

Oracle Essbase 安全漏洞

CNNVD-202304-1509

CVE-2023-21942

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

52

Oracle MySQL 安全漏洞

CNNVD-202304-1510

CVE-2023-21940

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

53

Oracle BI Publisher 安全漏洞

CNNVD-202304-1511

CVE-2023-21941

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

54

Oracle Java SE 安全漏洞

CNNVD-202304-1516

CVE-2023-21939

中危

https://www.oracle.com/security-alerts/cpuapr2027.html

55

Oracle Financial Services Applications 安全漏洞

CNNVD-202304-1517

CVE-2023-21902

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

56

Oracle Financial Services Applications 安全漏洞

CNNVD-202304-1519

CVE-2023-21904

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

57

Oracle Financial Services Applications 安全漏洞

CNNVD-202304-1521

CVE-2023-21903

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

58

Oracle JD Edwards Products 安全漏洞

CNNVD-202304-1522

CVE-2023-21936

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

59

Oracle Financial Services Applications 安全漏洞

CNNVD-202304-1523

CVE-2023-21905

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

60

Oracle Financial Services Applications 安全漏洞

CNNVD-202304-1524

CVE-2023-21907

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

61

Oracle Financial Services Applications 安全漏洞

CNNVD-202304-1525

CVE-2023-21906

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

62

Oracle MySQL 安全漏洞

CNNVD-202304-1526

CVE-2023-21935

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

63

Oracle Business Intelligence Enterprise Edition 安全漏洞

CNNVD-202304-1527

CVE-2023-21910

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

64

Oracle Financial Services Applications 安全漏洞

CNNVD-202304-1528

CVE-2023-21908

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

65

Oracle Siebel CRM 安全漏洞

CNNVD-202304-1529

CVE-2023-21909

中危

https://www.oracle.com/security-alerts/cpuapr2044.html

66

Oracle Database Server 安全漏洞

CNNVD-202304-1530

CVE-2023-21934

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

67

Oracle MySQL 安全漏洞

CNNVD-202304-1531

CVE-2023-21913

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

68

Oracle MySQL 安全漏洞

CNNVD-202304-1532

CVE-2023-21911

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

69

Oracle MySQL 安全漏洞

CNNVD-202304-1534

CVE-2023-21933

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

70

Oracle MySQL 安全漏洞

CNNVD-202304-1535

CVE-2023-21917

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

71

Oracle Financial Services Applications 安全漏洞

CNNVD-202304-1536

CVE-2023-21915

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

72

Oracle MySQL 安全漏洞

CNNVD-202304-1538

CVE-2023-21919

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

73

Oracle PeopleSoft Products 安全漏洞

CNNVD-202304-1539

CVE-2023-21916

中危

https://www.oracle.com/security-alerts/cpuapr2043.html

74

Oracle Database Server 安全漏洞

CNNVD-202304-1540

CVE-2023-21918

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

75

Oracle Health Sciences Applications 安全漏洞

CNNVD-202304-1542

CVE-2023-21921

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

76

Oracle Health Sciences Applications 安全漏洞

CNNVD-202304-1543

CVE-2023-21922

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

77

Oracle MySQL 安全漏洞

CNNVD-202304-1544

CVE-2023-21920

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

78

Oracle Health Sciences Applications 安全漏洞

CNNVD-202304-1546

CVE-2023-21925

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

79

Oracle MySQL 安全漏洞

CNNVD-202304-1548

CVE-2023-21929

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

80

Oracle Health Sciences Applications 安全漏洞

CNNVD-202304-1550

CVE-2023-21926

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

81

Oracle JD Edwards Products 安全漏洞

CNNVD-202304-1551

CVE-2023-21927

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

82

Oracle Health Sciences Applications 安全漏洞

CNNVD-202304-1552

CVE-2023-21924

中危

https://www.oracle.com/security-alerts/cpuapr2023.html

83

Oracle Solaris 安全漏洞

CNNVD-202304-1456

CVE-2023-22003

低危

https://www.oracle.com/security-alerts/cpuapr2033.html

84

Oracle Virtualization 安全漏洞

CNNVD-202304-1459

CVE-2023-21999

低危

https://www.oracle.com/security-alerts/cpuapr2023.html

85

Oracle Virtualization 安全漏洞

CNNVD-202304-1466

CVE-2023-21991

低危

https://www.oracle.com/security-alerts/cpuapr2023.html

86

Oracle Virtualization 安全漏洞

CNNVD-202304-1470

CVE-2023-21988

低危

https://www.oracle.com/security-alerts/cpuapr2023.html

87

Oracle Java SE 安全漏洞

CNNVD-202304-1488

CVE-2023-21968

低危

https://www.oracle.com/security-alerts/cpuapr2025.html

88

Oracle MySQL 安全漏洞

CNNVD-202304-1494

CVE-2023-21963

低危

https://www.oracle.com/security-alerts/cpuapr2023.html

89

Oracle Java SE 安全漏洞

CNNVD-202304-1514

CVE-2023-21938

低危

https://www.oracle.com/security-alerts/cpuapr2024.html

90

Oracle Java SE 安全漏洞

CNNVD-202304-1518

CVE-2023-21937

低危

https://www.oracle.com/security-alerts/cpuapr2026.html

91

Oracle Solaris 安全漏洞

CNNVD-202304-1549

CVE-2023-21928

低危

https://www.oracle.com/security-alerts/cpuapr2029.html

此次更新共包括2个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle Database Server 输入验证错误漏洞

CNNVD-202107-1424

CVE-2021-2351

高危

https://www.oracle.com/security-alerts/cpujul2021.html

2

Oracle Fusion Middleware 路径遍历漏洞

CNNVD-202001-687

CVE-2020-6950

中危

https://www.oracle.com/security-alerts/cpujan2020.html

此次更新共包括275个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞54个,高危漏洞142个,中危漏洞76个,低危漏洞3个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

厂商

官方链接

1

urllib3 信任管理问题漏洞

CNNVD-201812-491

CVE-2018-20060

超危

fedoraproject

https://github.com/urllib3/urllib3/blob/master/CHANGES.rst

2

Progress Telerik UI for ASP.NET AJAX 代码问题漏洞

CNNVD-201912-504

CVE-2019-18935

超危

个人开发者

https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization

3

PyYAML 输入验证错误漏洞

CNNVD-202102-918

CVE-2020-14343

超危

个人开发者

https://bugzilla.redhat.com/show_bug.cgi?id=1860466

4

Dell BSAFE 安全漏洞

CNNVD-202207-835

CVE-2020-29506

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

5

Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞

CNNVD-202207-837

CVE-2020-29507

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

6

Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞

CNNVD-202207-838

CVE-2020-29508

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

7

Dell BSAFE 安全特征问题漏洞

CNNVD-202207-834

CVE-2020-35163

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

8

Dell BSAFE 安全漏洞

CNNVD-202207-832

CVE-2020-35166

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

9

Dell BSAFE 安全漏洞

CNNVD-202207-831

CVE-2020-35167

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

10

Dell BSAFE 安全漏洞

CNNVD-202207-828

CVE-2020-35168

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

11

Dell BSAFE 输入验证错误漏洞

CNNVD-202207-830

CVE-2020-35169

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

12

Apache Xmlbeans 输入验证错误漏洞

CNNVD-202101-1146

CVE-2021-23926

超危

Apache基金会

https://issues.apache.org/jira/browse/XMLBEANS-517

13

Python 安全漏洞

CNNVD-202104-2308

CVE-2021-29921

超危

Python基金会

https://www.python.org/

14

json-schema 安全漏洞

CNNVD-202111-1201

CVE-2021-3918

超危

个人开发者

https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9

15

Lapack 缓冲区错误漏洞

CNNVD-202112-725

CVE-2021-4048

超危

Lapack社区

https://bugzilla.redhat.com/show_bug.cgi?id=2024358

16

Sanitize 输入验证错误漏洞

CNNVD-202110-1259

CVE-2021-42575

超危

个人开发者

https://owasp.org/www-project-java-html-sanitizer/

17

GNU Libtasn1 缓冲区错误漏洞

CNNVD-202210-1689

CVE-2021-46848

超危

GNU基金会

https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5

18

OpenSSL 操作系统命令注入漏洞

CNNVD-202205-1962

CVE-2022-1292

超危

Openssl团队

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2

19

SnakeYAML 代码问题漏洞

CNNVD-202212-1820

CVE-2022-1471

超危

个人开发者

https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2

20

PCRE 缓冲区错误漏洞

CNNVD-202205-3348

CVE-2022-1586

超危

个人开发者

https://fossies.org/linux/pcre2/src/pcre2_jit_compile.c

21

PCRE 缓冲区错误漏洞

CNNVD-202205-3350

CVE-2022-1587

超危

个人开发者

https://fossies.org/linux/pcre2/src/pcre2_jit_compile.c

22

OpenSSL 操作系统命令注入漏洞

CNNVD-202206-2112

CVE-2022-2068

超危

OpenSSL

https://www.openssl.org/source/

23

OpenSSL 缓冲区错误漏洞

CNNVD-202207-242

CVE-2022-2274

超危

OpenSSL

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345

24

Spring Framework 代码注入漏洞

CNNVD-202203-2514

CVE-2022-22965

超危

Spring团队

https://tanzu.vmware.com/security/cve-2022-22965

25

VMware Spring Security 授权问题漏洞

CNNVD-202205-3584

CVE-2022-22978

超危

VMware

https://tanzu.vmware.com/security/cve-2022-22978

26

glibc 安全漏洞

CNNVD-202201-1163

CVE-2022-23218

超危

个人开发者

https://sourceware.org/bugzilla/show_bug.cgi?id=28768

27

glibc 安全漏洞

CNNVD-202201-1164

CVE-2022-23219

超危

个人开发者

https://sourceware.org/bugzilla/show_bug.cgi?id=22542

28

H2Console 代码注入漏洞

CNNVD-202201-1749

CVE-2022-23221

超危

个人开发者

https://github.com/h2database/h2database/releases/tag/version-2.1.210

29

Apache Log4j SQL注入漏洞

CNNVD-202201-1421

CVE-2022-23305

超危

Apache基金会

https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y

30

OWASP ESAPI 路径遍历漏洞

CNNVD-202204-4378

CVE-2022-23457

超危

个人开发者

https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2

31

Expat 代码注入漏洞

CNNVD-202202-1315

CVE-2022-25235

超危

个人开发者

https://github.com/libexpat/libexpa

32

Expat 输入验证错误漏洞

CNNVD-202202-1316

CVE-2022-25236

超危

个人开发者

https://github.com/libexpat/libexpa

33

Expat 输入验证错误漏洞

CNNVD-202202-1615

CVE-2022-25315

超危

个人开发者

https://github.com/libexpat/libexpat/pull/559

34

FreeType 缓冲区错误漏洞

CNNVD-202204-4272

CVE-2022-27404

超危

个人开发者

https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138

35

Ruby 资源管理错误漏洞

CNNVD-202204-3370

CVE-2022-28738

超危

个人开发者

https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/

36

Github ejs 注入漏洞

CNNVD-202204-4327

CVE-2022-29078

超危

个人开发者

https://github.com/mde/ejs/releases

37

Apache Maven 命令注入漏洞

CNNVD-202204-4397

CVE-2022-29599

超危

Apache基金会

http://github.com/apache/maven-shared-utils/pull/40

38

VMware Spring Security 安全漏洞

CNNVD-202210-2599

CVE-2022-31692

超危

VMware

https://tanzu.vmware.com/security/cve-2022-31692

39

Apache Commons Configuration 代码注入漏洞

CNNVD-202207-428

CVE-2022-33980

超危

Apache基金会

https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s

40

Apache HTTP Server 环境问题漏洞

CNNVD-202301-1299

CVE-2022-36760

超危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

41

zlib 缓冲区错误漏洞

CNNVD-202208-2276

CVE-2022-37434

超危

个人开发者

https://github.com/madler/zlib/

42

XKCP 输入验证错误漏洞

CNNVD-202210-1541

CVE-2022-37454

超危

XKCP

https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a

43

Apache Ivy 路径遍历漏洞

CNNVD-202211-2196

CVE-2022-37865

超危

Apache基金会

https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy

44

Apache Calcite 代码问题漏洞

CNNVD-202209-697

CVE-2022-39135

超危

Apache基金会

https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082

45

Apache Commons Text 代码注入漏洞

CNNVD-202210-790

CVE-2022-42889

超危

Apache基金会

https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

46

curl 资源管理错误漏洞

CNNVD-202210-2217

CVE-2022-42915

超危

curl

https://curl.se/docs/CVE-2022-42915.html

47

Jenkins Plugin Script Security 安全漏洞

CNNVD-202210-1411

CVE-2022-43401

超危

Jenkins

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)

48

Jenkins Plugin Pipeline: Groovy 安全漏洞

CNNVD-202210-1410

CVE-2022-43402

超危

Jenkins

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)

49

Apache MINA 代码问题漏洞

CNNVD-202211-2918

CVE-2022-45047

超危

Apache基金会

https://www.mail-archive.com/dev@mina.apache.org/msg39312.html

50

Apache CXF 代码问题漏洞

CNNVD-202212-3143

CVE-2022-46364

超危

Apache基金会

https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c

51

libksba 输入验证错误漏洞

CNNVD-202212-3662

CVE-2022-47629

超危

个人开发者

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070

52

curl 安全漏洞

CNNVD-202302-1929

CVE-2023-23914

超危

个人开发者

https://github.com/curl/curl/releases/tag/curl-7_88_1

53

Apache Kerby 注入漏洞

CNNVD-202302-1606

CVE-2023-25613

超危

Apache基金会

https://lists.apache.org/thread/ynz3hhbbq6d980fzpncwbh5jd8mkyt5y

54

Apache HTTP Server 环境问题漏洞

CNNVD-202303-456

CVE-2023-25690

超危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

55

Pallets Project Flask 输入验证错误漏洞

CNNVD-201808-601

CVE-2018-1000656

高危

Palletsprojects

https://github.com/pallets/flask/releases/tag/0.12.3

56

Apache Xerces-C 资源管理错误漏洞

CNNVD-201912-755

CVE-2018-1311

高危

Apache基金会

https://xerces.apache.org

57

Eclipse Mojarra 路径遍历漏洞

CNNVD-201807-1528

CVE-2018-14371

高危

Eclipse

https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24

58

Python 信任管理问题漏洞

CNNVD-201810-457

CVE-2018-18074

高危

canonical

https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff

59

Pip 输入验证错误漏洞

CNNVD-202005-362

CVE-2018-20225

高危

Python软件基金会

https://pip.pypa.io/en/stable/news/

60

zlib 缓冲区错误漏洞

CNNVD-202203-2221

CVE-2018-25032

高危

个人开发者

https://z-lib.org/

61

Apache Commons Beanutils 代码问题漏洞

CNNVD-201908-1140

CVE-2019-10086

高危

debian

https://issues.apache.org/jira/browse/BEANUTILS-520

62

jackson-mapper-asl 代码问题漏洞

CNNVD-201911-1110

CVE-2019-10172

高危

个人开发者

https://mvnrepository.com/artifact/org.codehaus.jackson

63

Pivotal Software RabbitMQ 格式化字符串错误漏洞

CNNVD-201911-1307

CVE-2019-11287

高危

Pivotal Software

https://pivotal.io/security/cve-2019-11287

64

Apache Commons Compress 资源管理错误漏洞

CNNVD-201908-2148

CVE-2019-12402

高危

apache

https://commons.apache.org/proper/commons-compress/security-reports.html

65

libxml2 安全漏洞

CNNVD-202001-963

CVE-2019-20388

高危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68

66

Python 输入验证错误漏洞

CNNVD-202007-558

CVE-2019-20907

高危

Python软件基金会

https://bugs.python.org/issue39017

67

Python 路径遍历漏洞

CNNVD-202009-303

CVE-2019-20916

高危

Python软件基金会

https://github.com/pypa/pip/issues/6413

68

Python 代码问题漏洞

CNNVD-202209-155

CVE-2020-10735

高危

Python基金会

https://www.python.org/

69

Apache Ant 安全漏洞

CNNVD-202010-015

CVE-2020-11979

高危

Apache基金会

https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E

70

Apache Batik 代码问题漏洞

CNNVD-202102-1586

CVE-2020-11987

高危

Apache基金会

https://xmlgraphics.apache.org/security.html

71

Apache XmlGraphics Commons 代码问题漏洞

CNNVD-202102-1587

CVE-2020-11988

高危

Apache基金会

https://xmlgraphics.apache.org/security.html

72

Iteris Apache Velocity 安全漏洞

CNNVD-202103-758

CVE-2020-13936

高危

Iteris

https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E

73

Red Hat Hibernate ORM SQL注入漏洞

CNNVD-202011-1706

CVE-2020-25638

高危

Red Hat

https://hibernate.org/

74

Fasterxml Jackson 代码问题漏洞

CNNVD-202010-622

CVE-2020-25649

高危

Fasterxml

https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59

75

Bouncy Castle BC 安全漏洞

CNNVD-202012-1340

CVE-2020-28052

高危

Bouncy Castle

https://www.bouncycastle.org/releasenotes.html

76

Dell BSAFE 安全漏洞

CNNVD-202207-833

CVE-2020-35164

高危

Dell

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

77

FasterXML jackson-databind 代码问题漏洞

CNNVD-202012-1285

CVE-2020-35490

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2986

78

FasterXML jackson-databind 代码问题漏洞

CNNVD-202012-1270

CVE-2020-35491

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2986

79

FasterXML jackson-databind 代码问题漏洞

CNNVD-202012-1602

CVE-2020-35728

高危

个人开发者

https://github.com/FasterXML/jackson-databind/issues/2999

80

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-327

CVE-2020-36179

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3004

81

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-326

CVE-2020-36180

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3004

82

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-330

CVE-2020-36181

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3004

83

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-325

CVE-2020-36182

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3004

84

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-371

CVE-2020-36183

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3003

85

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-344

CVE-2020-36184

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2998

86

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-337

CVE-2020-36185

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2998

87

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-333

CVE-2020-36186

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2997

88

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-331

CVE-2020-36187

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2997

89

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-355

CVE-2020-36188

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2996

90

FasterXML jackson-databind 代码问题漏洞

CNNVD-202101-329

CVE-2020-36189

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/2996

91

FasterXML jackson-databind 缓冲区错误漏洞

CNNVD-202203-1165

CVE-2020-36518

高危

个人开发者

https://github.com/FasterXML/jackson-databind/issues/2816

92

Elasticsearch 安全漏洞

CNNVD-202003-1748

CVE-2020-7009

高危

Elasticsearch

https://www.elastic.co/cn/community/security/

93

libxml2 安全漏洞

CNNVD-202001-965

CVE-2020-7595

高危

Libxml2

https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076

94

joyent json 操作系统命令注入漏洞

CNNVD-202008-1430

CVE-2020-7712

高危

个人开发者

https://snyk.io/vuln/SNYK-JS-JSON-597481

95

F5 NGINX Controller 安全漏洞

CNNVD-202105-1581

CVE-2021-23017

高危

F5

https://www.nginx.com/blog/updating-nginx-dns-resolver-vulnerability-cve-2021-23017/

96

lodash 代码注入漏洞

CNNVD-202102-1137

CVE-2021-23337

高危

个人开发者

https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932

97

Github json-smart-v1 缓冲区错误漏洞

CNNVD-202106-103

CVE-2021-31684

高危

个人开发者

https://github.com/netplex

98

Libgcrypt 安全漏洞

CNNVD-202106-573

CVE-2021-33560

高危

GNU计划

https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61

99

Apache HTTP Server 代码问题漏洞

CNNVD-202109-1109

CVE-2021-34798

高危

Apache基金会

http://httpd.apache.org/security/vulnerabilities_24.html

100

libxml2 缓冲区错误漏洞

CNNVD-202105-234

CVE-2021-3517

高危

个人开发者

https://bugzilla.redhat.com/show_bug.cgi?id=1954232

101

libxml2 资源管理错误漏洞

CNNVD-202105-238

CVE-2021-3518

高危

个人开发者

https://bugzilla.redhat.com/show_bug.cgi?id=1954242

102

Apache Commons Compress 安全漏洞

CNNVD-202107-896

CVE-2021-35515

高危

Apache基金会

https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E

103

Apache Commons Compress 安全漏洞

CNNVD-202107-897

CVE-2021-35516

高危

Apache基金会

https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E

104

Apache Commons Compress 安全漏洞

CNNVD-202107-898

CVE-2021-35517

高危

Apache基金会

https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E

105

Apache Commons Compress 安全漏洞

CNNVD-202107-899

CVE-2021-36090

高危

Apache基金会

https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E

106

OpenSSL 缓冲区错误漏洞

CNNVD-202108-1947

CVE-2021-3712

高危

Openssl团队

https://git.openssl.org/?p=openssl.git;a=summary

107

Netty 资源管理错误漏洞

CNNVD-202110-1442

CVE-2021-37136

高危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv

108

Netty 资源管理错误漏洞

CNNVD-202110-1441

CVE-2021-37137

高危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363

109

GNU C Library 代码问题漏洞

CNNVD-202108-1172

CVE-2021-38604

高危

个人开发者

https://sourceware.org/bugzilla/show_bug.cgi?id=28213

110

Apache Santuario 信息泄露漏洞

CNNVD-202109-1259

CVE-2021-40690

高危

Apache基金会

https://santuario.apache.org/javaindex.html

111

Apache Log4j 代码问题漏洞

CNNVD-202112-1011

CVE-2021-4104

高危

Apache基金会

https://logging.apache.org/log4j/2.x/security.html

112

GNU C Library 安全漏洞

CNNVD-202111-457

CVE-2021-43396

高危

个人开发者

https://sourceware.org/bugzilla/show_bug.cgi?id=28524

113

XStream 资源管理错误漏洞

CNNVD-202201-2709

CVE-2021-43859

高危

XStream

https://x-stream.github.io/CVE-2021-43859.html

114

nodejs 信任管理问题漏洞

CNNVD-202201-727

CVE-2021-44531

高危

个人开发者

https://nodejs.org/en/

115

Eclipse Jetty 资源管理错误漏洞

CNNVD-202207-594

CVE-2022-2048

高危

个人开发者

https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j

116

nodejs 代码注入漏洞

CNNVD-202201-726

CVE-2022-21824

高危

个人开发者

https://nodejs.org/en/

117

Eclipse Jetty 安全漏洞

CNNVD-202207-589

CVE-2022-2191

高危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28

118

Spring Cloud 安全漏洞

CNNVD-202206-2126

CVE-2022-22979

高危

Spring

https://tanzu.vmware.com/security/cve-2022-22979

119

Apache Tomcat 权限许可和访问控制问题漏洞

CNNVD-202201-2423

CVE-2022-23181

高危

Apache基金会

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.75

120

Apache Log4j 代码问题漏洞

CNNVD-202201-1420

CVE-2022-23302

高危

Apache基金会

https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w

121

Apache Log4j 代码问题漏洞

CNNVD-202201-1425

CVE-2022-23307

高危

Apache基金会

https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh

122

libxml2 资源管理错误漏洞

CNNVD-202202-1722

CVE-2022-23308

高危

个人开发者

https://vigilance.fr/vulnerability/libxml2-five-vulnerabilities-37614

123

Certifi 数据伪造问题漏洞

CNNVD-202212-2660

CVE-2022-23491

高危

Certifi

https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8

124

Google Go 安全漏洞

CNNVD-202204-3892

CVE-2022-24675

高危

Google

https://github.com/golang/go/issues/51853

125

CKEditor 资源管理错误漏洞

CNNVD-202203-1545

CVE-2022-24729

高危

个人开发者

https://ckeditor.com/cke4/release/CKEditor-4.18

126

nekohtml资源管理错误漏洞

CNNVD-202204-2918

CVE-2022-24839

高危

个人开发者

https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d

127

Expat 输入验证错误漏洞

CNNVD-202202-1606

CVE-2022-25314

高危

个人开发者

https://nvd.nist.gov/vuln/detail/CVE-2022-25314

128

gson 代码问题漏洞

CNNVD-202205-1791

CVE-2022-25647

高危

个人开发者

https://github.com/google/gson/pull/1991/files

129

SnakeYAML 资源管理错误漏洞

CNNVD-202208-4428

CVE-2022-25857

高危

个人开发者

https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174

130

FreeType 缓冲区错误漏洞

CNNVD-202204-4275

CVE-2022-27405

高危

个人开发者

https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139

131

FreeType 缓冲区错误漏洞

CNNVD-202204-4261

CVE-2022-27406

高危

个人开发者

http://freetype.com

132

curl 安全漏洞

CNNVD-202205-3032

CVE-2022-27778

高危

个人开发者

https://curl.se/docs/CVE-2022-27778.html

133

curl 代码问题漏洞

CNNVD-202205-2982

CVE-2022-27780

高危

个人开发者

https://curl.se/docs/CVE-2022-27780.html

134

curl 安全漏洞

CNNVD-202205-2986

CVE-2022-27781

高危

个人开发者

https://curl.se/docs/CVE-2022-27781.html

135

curl 信任管理问题漏洞

CNNVD-202205-2991

CVE-2022-27782

高危

个人开发者

https://curl.se/docs/CVE-2022-27782.html

136

Google Go 安全漏洞

CNNVD-202204-3890

CVE-2022-28327

高危

Google

https://go.dev/doc/devel/release#go1.18.minor

137

Ruby 缓冲区错误漏洞

CNNVD-202204-3369

CVE-2022-28739

高危

个人开发者

https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/

138

Google Golang 安全漏洞

CNNVD-202210-126

CVE-2022-2879

高危

Google

https://github.com/golang/go/issues/54853

139

Google Golang 环境问题漏洞

CNNVD-202210-124

CVE-2022-2880

高危

Google

https://github.com/golang/go/issues/54663

140

Grafana 数据伪造问题漏洞

CNNVD-202210-682

CVE-2022-31123

高危

Grafana实验室

https://grafana.com/

141

Moment.js 资源管理错误漏洞

CNNVD-202207-502

CVE-2022-31129

高危

个人开发者

https://github.com/moment/moment/pull/6015#issuecomment-1152961973

142

Grafana 信息泄露漏洞

CNNVD-202210-396

CVE-2022-31130

高危

Grafana实验室

https://grafana.com/

143

PHP 缓冲区错误漏洞

CNNVD-202210-2512

CVE-2022-31630

高危

PHP

https://www.php.net/ChangeLog-8.php#8.0.

144

VMware Spring Security 安全漏洞

CNNVD-202210-2598

CVE-2022-31690

高危

VMware

https://tanzu.vmware.com/security/cve-2022-31690

145

Google protobuf 安全漏洞

CNNVD-202210-769

CVE-2022-3171

高危

Google

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2

146

Node.js 操作系统命令注入漏洞

CNNVD-202207-684

CVE-2022-32212

高危

Node.js

https://access.redhat.com/security/cve/cve-2022-32212

147

OpenSSL 代码问题漏洞

CNNVD-202210-400

CVE-2022-3358

高危

OpenSSL团队

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b

148

Apache Xalan 输入验证错误漏洞

CNNVD-202207-1617

CVE-2022-34169

高危

Apache基金会

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

149

NSS 安全漏洞

CNNVD-202210-947

CVE-2022-3479

高危

Mozilla基金会

https://bugzilla.mozilla.org/show_bug.cgi?id=1774654

150

Apache Kafka 安全漏洞

CNNVD-202209-1525

CVE-2022-34917

高危

Apache基金会

https://kafka.apache.org/

151

SQLite 输入验证错误漏洞

CNNVD-202207-2282

CVE-2022-35737

高危

SQLite

https://www.sqlite.org/cgi/docsrc/info/6c12812e54d369d5ba596fba91c29f08b325d237f69eace6e6eb6feed835c817

152

OpenSSL 安全漏洞

CNNVD-202210-2605

CVE-2022-3602

高危

OpenSSL团队

https://www.openssl.org/news/secadv/20221101.txt

153

OpenSSL 安全漏洞

CNNVD-202210-2604

CVE-2022-3786

高危

OpenSSL团队

https://www.openssl.org/news/secadv/20221101.txt

154

Apache Ivy 路径遍历漏洞

CNNVD-202211-2195

CVE-2022-37866

高危

Apache基金会

https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b

155

Grafana 信息泄露漏洞

CNNVD-202210-863

CVE-2022-39201

高危

Grafana实验室

https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr

156

Containous Traefik 资源管理错误漏洞

CNNVD-202210-522

CVE-2022-39271

高危

Containous

https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr

157

Apache XML Graphics Batik代码问题漏洞

CNNVD-202209-2287

CVE-2022-40146

高危

Apache基金会

https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx

158

Jettison 缓冲区错误漏洞

CNNVD-202209-1235

CVE-2022-40149

高危

个人开发者

https://github.com/jettison-json/jettison/issues/45

159

Jettison 资源管理错误漏洞

CNNVD-202209-1233

CVE-2022-40150

高危

个人开发者

https://github.com/jettison-json/jettison/issues/45

160

XStream 缓冲区错误漏洞

CNNVD-202209-1234

CVE-2022-40151

高危

XStream

https://github.com/x-stream/xstream/issues/304

161

XStream 缓冲区错误漏洞

CNNVD-202209-1230

CVE-2022-40152

高危

XStream

https://github.com/x-stream/xstream/issues/304

162

libxml2 输入验证错误漏洞

CNNVD-202210-1031

CVE-2022-40303

高危

个人开发者

https://github.com/GNOME/libxml2

163

libxml2 代码问题漏洞

CNNVD-202210-1022

CVE-2022-40304

高危

个人开发者

https://github.com/GNOME/libxml2

164

Apache XML Graphics Batik 代码问题漏洞

CNNVD-202210-1712

CVE-2022-41704

高危

Apache基金会

https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf

165

Google Golang 安全漏洞

CNNVD-202210-125

CVE-2022-41715

高危

Google

https://github.com/golang/go/issues/55951

166

Netty 安全漏洞

CNNVD-202212-2914

CVE-2022-41881

高危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v

167

XStream 安全漏洞

CNNVD-202212-4034

CVE-2022-41966

高危

XStream

https://x-stream.github.io/CVE-2022-41966.html

168

FasterXML jackson-databind 代码问题漏洞

CNNVD-202210-007

CVE-2022-42003

高危

FasterXML

https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33

169

FasterXML jackson-databind 代码问题漏洞

CNNVD-202210-006

CVE-2022-42004

高危

FasterXML

https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88

170

Apache Tomcat 环境问题漏洞

CNNVD-202210-2602

CVE-2022-42252

高危

Apache基金会

https://tomcat.apache.org/security-8.html

171

Apache XML Graphics Batik 代码问题漏洞

CNNVD-202210-1707

CVE-2022-42890

高危

Apache基金会

https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly

172

MIT Kerberos 输入验证错误漏洞

CNNVD-202211-2910

CVE-2022-42898

高危

MIT

https://web.mit.edu/kerberos/

173

curl 安全漏洞

CNNVD-202210-2216

CVE-2022-42916

高危

curl

https://curl.se/docs/CVE-2022-42916.html

174

Python 安全漏洞

CNNVD-202210-2513

CVE-2022-42919

高危

Python基金会

https://github.com/python/cpython/issues/97514

175

Node.js 操作系统命令注入漏洞

CNNVD-202211-2070

CVE-2022-43548

高危

个人开发者

https://nodejs.org/en/

176

curl 安全漏洞

CNNVD-202212-3665

CVE-2022-43551

高危

个人开发者

https://curl.se/docs/CVE-2022-43551.html

177

libexpat 资源管理错误漏洞

CNNVD-202210-1676

CVE-2022-43680

高危

个人开发者

https://github.com/libexpat/libexpat/issues/649

178

OpenSSL 资源管理错误漏洞

CNNVD-202302-510

CVE-2022-4450

高危

OpenSSL

https://www.openssl.org/news/secadv/20230207.txt

179

Python 资源管理错误漏洞

CNNVD-202211-2414

CVE-2022-45061

高危

Python基金会

https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html

180

Apache Tomcat 注入漏洞

CNNVD-202301-137

CVE-2022-45143

高危

Apache基金会

https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj

181

Jettison 缓冲区错误漏洞

CNNVD-202212-3132

CVE-2022-45685

高危

个人开发者

https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3

182

Jettison 缓冲区错误漏洞

CNNVD-202212-3128

CVE-2022-45693

高危

个人开发者

https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3

183

Apache CXF 输入验证错误漏洞

CNNVD-202212-3125

CVE-2022-46363

高危

Apache基金会

https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c

184

SQLite 安全漏洞

CNNVD-202212-2843

CVE-2022-46908

高危

个人开发者

https://sqlite.org/src/info/cefc032473ac5ad2

185

OpenSSL 资源管理错误漏洞

CNNVD-202302-521

CVE-2023-0215

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5845-1

186

OpenSSL 安全漏洞

CNNVD-202302-524

CVE-2023-0286

高危

OpenSSL

https://ubuntu.com/security/notices/USN-5845-1

187

GnuTLS 安全漏洞

CNNVD-202302-884

CVE-2023-0361

高危

个人开发者

https://gitlab.com/gnutls/gnutls/-/issues/1050

188

PHP 安全漏洞

CNNVD-202302-1356

CVE-2023-0568

高危

PHP

https://bugs.php.net/bug.php?id=81746

189

PHP 资源管理错误漏洞

CNNVD-202302-1353

CVE-2023-0662

高危

PHP

https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv

190

netplex json-smart 安全漏洞

CNNVD-202303-1658

CVE-2023-1370

高危

netplex

https://netplex.github.io/json-smart/

191

Node.js 安全漏洞

CNNVD-202302-1960

CVE-2023-23918

高危

个人开发者

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

192

Node.js 安全漏洞

CNNVD-202302-1945

CVE-2023-23919

高危

个人开发者

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

193

Apache Commons FileUpload 安全漏洞

CNNVD-202302-1610

CVE-2023-24998

高危

Apache基金会

https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy

194

Apache Kafka 代码问题漏洞

CNNVD-202302-515

CVE-2023-25194

高危

Apache基金会

https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz

195

Pallets Werkzeug 安全漏洞

CNNVD-202302-1160

CVE-2023-25577

高危

个人开发者

https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323

196

Apache HTTP Server 环境问题漏洞

CNNVD-202303-452

CVE-2023-27522

高危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

197

Apache POI 代码问题漏洞

CNNVD-201910-1431

CVE-2019-12415

中危

Apache基金会

https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@

198

Mojarra 跨站脚本漏洞

CNNVD-201910-136

CVE-2019-17091

中危

Eclipse

https://github.com/eclipse-ee4j/mojarra/pull/4567

199

Hibernate Validator 输入验证错误漏洞

CNNVD-202005-159

CVE-2020-10693

中危

个人开发者

https://hibernate.org/

200

Apache CXF 跨站脚本漏洞

CNNVD-202011-981

CVE-2020-13954

中危

Apache基金会

http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2

201

Junit 信息泄露漏洞

CNNVD-202010-445

CVE-2020-15250

中危

个人开发者

https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md

202

Bouncy Castle BC 竞争条件问题漏洞

CNNVD-202105-1290

CVE-2020-15522

中危

Bouncy Castle

https://github.com/LINBIT/csync2/commit/416f1de878ef97e27e27508914f7ba8599a0be22

203

Apache Groovy 安全漏洞

CNNVD-202012-422

CVE-2020-17521

中危

Apache基金会

https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel

204

Apache Ant 信息泄露漏洞

CNNVD-202005-777

CVE-2020-1945

中危

Apache基金会

https://ant.apache.org/security.html

205

libxml2 缓冲区错误漏洞

CNNVD-202009-268

CVE-2020-24977

中危

Libxml2

https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

206

lodash 安全漏洞

CNNVD-202102-1168

CVE-2020-28500

中危

个人开发者

https://github.com/lodash/lodash/pull/5065

207

Google protobuf 安全漏洞

CNNVD-202201-628

CVE-2021-22569

中危

Google

https://cloud.google.com/support/bulletins#gcp-2022-001

208

jszip 安全漏洞

CNNVD-202107-1826

CVE-2021-23413

中危

个人开发者

https://github.com/Stuk/jszip/pull/766

209

netplex json-smart-v 代码问题漏洞

CNNVD-202102-1490

CVE-2021-27568

中危

个人开发者

https://github.com/netplex/json-smart-v2

210

Maxim Nesen jersey 安全漏洞

CNNVD-202104-1669

CVE-2021-28168

中危

Maxim Nesen

https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv

211

Apache Commons IO 路径遍历漏洞

CNNVD-202104-702

CVE-2021-29425

中危

Apache基金会

https://issues.apache.org/jira/browse/IO-556

212

Apache MINA 安全漏洞

CNNVD-202107-630

CVE-2021-30129

中危

Apache基金会

https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E

213

CKEditor 跨站脚本漏洞

CNNVD-202108-1181

CVE-2021-32808

中危

个人开发者

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c

214

CKEditor 跨站脚本漏洞

CNNVD-202108-1175

CVE-2021-32809

中危

个人开发者

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg

215

OWASP AntiSamy 跨站脚本漏洞

CNNVD-202107-1281

CVE-2021-35043

中危

OWASP基金会

https://owasp.org/

216

libxml2 代码问题漏洞

CNNVD-202105-002

CVE-2021-3537

中危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61

217

Apache Ant 安全漏洞

CNNVD-202107-983

CVE-2021-36373

中危

Apache基金会

https://ant.apache.org/

218

Apache Ant 安全漏洞

CNNVD-202107-984

CVE-2021-36374

中危

Apache基金会

https://ant.apache.org/

219

Memcached 缓冲区错误漏洞

CNNVD-202302-239

CVE-2021-37519

中危

个人开发者

https://github.com/memcached/memcached/pull/806/commits/264722ae4e248b453be00e97197dadc685b60fd0

220

Apache Commons Net 输入验证错误漏洞

CNNVD-202212-2188

CVE-2021-37533

中危

Apache基金会

https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7

221

CKEditor 跨站脚本漏洞

CNNVD-202108-1157

CVE-2021-37695

中危

个人开发者

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc

222

Libgcrypt 加密问题漏洞

CNNVD-202109-275

CVE-2021-40528

中危

GNU社区

https://gnupg.org/index.html

223

jQuery 跨站脚本漏洞

CNNVD-202110-1843

CVE-2021-41182

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc

224

jQuery 跨站脚本漏洞

CNNVD-202110-1839

CVE-2021-41183

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4

225

Openjs Jquery Ui 跨站脚本漏洞

CNNVD-202110-1845

CVE-2021-41184

中危

Openjs基金会

https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327

226

Apache MINA 安全漏洞

CNNVD-202111-238

CVE-2021-41973

中危

Apache基金会

https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E

227

nodejs 信任管理问题漏洞

CNNVD-202201-728

CVE-2021-44532

中危

个人开发者

https://nodejs.org/en/

228

nodejs 信任管理问题漏洞

CNNVD-202201-725

CVE-2021-44533

中危

个人开发者

https://nodejs.org/en/

229

Apache Log4j 输入验证错误漏洞

CNNVD-202112-2743

CVE-2021-44832

中危

Apache基金会

https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf

230

OpenSSL 加密问题漏洞

CNNVD-202207-379

CVE-2022-2097

中危

OpenSSL

https://www.openssl.org/news/secadv/20220705.txt

231

Vmware Spring Framework 安全漏洞

CNNVD-202203-2333

CVE-2022-22950

中危

VMware

https://tanzu.vmware.com/security/cve-2022-22950

232

Spring Framework 输入验证错误漏洞

CNNVD-202205-2988

CVE-2022-22970

中危

Spring团队

https://spring.io/projects/spring-framework

233

Spring Framework 输入验证错误漏洞

CNNVD-202205-2980

CVE-2022-22971

中危

Spring团队

https://spring.io/projects/spring-framework

234

Spring Framework 输入验证错误漏洞

CNNVD-202205-3586

CVE-2022-22976

中危

Spring团队

https://tanzu.vmware.com/security/cve-2022-22976

235

Xerces 安全漏洞

CNNVD-202201-2238

CVE-2022-23437

中危

Apache基金会

https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl

236

CKEditor 跨站脚本漏洞

CNNVD-202203-1546

CVE-2022-24728

中危

个人开发者

https://ckeditor.com/cke4/release/CKEditor-4.18

237

Netty 安全漏洞

CNNVD-202205-2566

CVE-2022-24823

中危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2

238

OWASP ESAPI 跨站脚本漏洞

CNNVD-202204-4523

CVE-2022-24891

中危

个人开发者

https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q

239

Expat 资源管理错误漏洞

CNNVD-202202-1613

CVE-2022-25313

中危

个人开发者

https://github.com/libexpat/libexpat/pull/558

240

Apache POI 资源管理错误漏洞

CNNVD-202203-460

CVE-2022-26336

中危

Apache基金会

https://lists.apache.org/thread/sprg0kq986pc2271dc3v2oxb1f9qx09j

241

curl 信息泄露漏洞

CNNVD-202205-3033

CVE-2022-27779

中危

个人开发者

https://curl.se/docs/CVE-2022-27779.html

242

DPDK 输入验证错误漏洞

CNNVD-202208-4449

CVE-2022-28199

中危

个人开发者

https://git.dpdk.org/dpdk/commit/?id=60b254e3923d007bcadbb8d410f95ad89a2f13fa

243

Apache HTTP Server 输入验证错误漏洞

CNNVD-202206-847

CVE-2022-28614

中危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

244

OWASP AntiSamy 跨站脚本漏洞

CNNVD-202204-4024

CVE-2022-29577

中危

Owasp基金会

https://github.com/nahsra/antisamy/releases/tag/v1.6.7

245

libxslt和libxml2 输入验证错误漏洞

CNNVD-202205-1926

CVE-2022-29824

中危

个人开发者

https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab

246

curl 安全漏洞

CNNVD-202205-3034

CVE-2022-30115

中危

个人开发者

https://curl.se/docs/CVE-2022-30115.html

247

HTTP::Daemon 环境问题漏洞

CNNVD-202206-2650

CVE-2022-31081

中危

个人开发者

https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf

248

jQuery 跨站脚本漏洞

CNNVD-202207-2121

CVE-2022-31160

中危

个人开发者

https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9

249

Node.js 环境问题漏洞

CNNVD-202207-683

CVE-2022-32213

中危

Node.js

https://access.redhat.com/security/cve/cve-2022-32213

250

Node.js 环境问题漏洞

CNNVD-202207-678

CVE-2022-32215

中危

Node.js

https://access.redhat.com/security/cve/cve-2022-32215

251

Node.js 加密问题漏洞

CNNVD-202207-682

CVE-2022-32222

中危

Node.js

https://nodejs.org/zh-cn/

252

Apache Tomcat 跨站脚本漏洞

CNNVD-202206-2227

CVE-2022-34305

中危

Apache基金会

https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k

253

jsoup 跨站脚本漏洞

CNNVD-202208-4329

CVE-2022-36033

中危

个人开发者

https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369

254

Apache HTTP Server 注入漏洞

CNNVD-202301-1298

CVE-2022-37436

中危

Apache基金会

https://httpd.apache.org/security/vulnerabilities_24.html

255

systemd 安全漏洞

CNNVD-202211-2364

CVE-2022-3821

中危

个人开发者

https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e

256

SnakeYAML 缓冲区错误漏洞

CNNVD-202209-183

CVE-2022-38749

中危

SnakeYAML

https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open

257

SnakeYAML 缓冲区错误漏洞

CNNVD-202209-172

CVE-2022-38750

中危

snakeYAML

https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open

258

SnakeYAML 缓冲区错误漏洞

CNNVD-202209-169

CVE-2022-38751

中危

SnakeYAML

https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open

259

SnakeYAML 缓冲区错误漏洞

CNNVD-202209-171

CVE-2022-38752

中危

snakeYAML

https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open

260

Grafana 授权问题漏洞

CNNVD-202210-762

CVE-2022-39229

中危

Grafana实验室

https://grafana.com/grafana/download/9.2?pg=blog&plcmt=body-txt

261

Netty 安全漏洞

CNNVD-202212-3060

CVE-2022-41915

中危

Netty社区

https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp

262

OpenSSL 安全漏洞

CNNVD-202302-514

CVE-2022-4304

中危

OpenSSL

https://www.openssl.org/news/secadv/20230207.txt

263

systemd 信息泄露漏洞

CNNVD-202212-3721

CVE-2022-4415

中危

个人开发者

https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c

264

SUSE Linux Enterprise Server 安全漏洞

CNNVD-202302-1900

CVE-2023-0567

中危

SUSE

https://www.suse.com/support/update/announcement/2023/suse-su-20230476-1

265

Zip4j 访问控制错误漏洞

CNNVD-202301-648

CVE-2023-22899

中危

个人开发者

https://github.com/srikanth-lingala/zip4j/releases

266

curl 安全漏洞

CNNVD-202302-1928

CVE-2023-23915

中危

个人开发者

https://github.com/curl/curl/releases/tag/curl-7_88_1

267

curl 安全漏洞

CNNVD-202302-1927

CVE-2023-23916

中危

个人开发者

https://github.com/curl/curl/releases/tag/curl-7_88_1

268

Node.js 代码问题漏洞

CNNVD-202302-1924

CVE-2023-23920

中危

Node.js

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

269

cryptography 代码问题漏洞

CNNVD-202302-523

CVE-2023-23931

中危

Cryptographic

https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r

270

undici 注入漏洞

CNNVD-202302-1436

CVE-2023-23936

中危

个人开发者

https://github.com/nodejs/undici/releases/tag/v5.19.1

271

OpenSSH 资源管理错误漏洞

CNNVD-202302-205

CVE-2023-25136

中危

OpenBSD

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig

272

Apache Tomcat 安全漏洞

CNNVD-202303-1662

CVE-2023-28708

中危

Apache基金会

https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67

273

Google Guava 访问控制错误漏洞

CNNVD-202012-827

CVE-2020-8908

低危

Google

https://github.com/google/guava/issues/4011

274

Eclipse Jetty 输入验证错误漏洞

CNNVD-202207-599

CVE-2022-2047

低危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q

275

Pallets Werkzeug 安全漏洞

CNNVD-202302-1170

CVE-2023-23934

低危

个人开发者

https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028

三、修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:

https://www.oracle.com/security-alerts/cpuapr2023.html

上一条:【漏洞通报】CNNVD关于微软多个安全漏洞的通报

下一条:Microsoft发布2023年4月安全更新

友情链接:

  • 网络服务电话:0451-87501278

  • 数据服务(一卡通服务、智慧校园服务)电话:0451-87501256

  • 个人信息投诉举报电话:0451-87501278

  • 地址:清华楼119室

手机版

Copyright © 2023 RAYBET在线登录平台现代教育技术中心 版权所有