新骗术,警惕!
一、骗术揭秘
“机票改签”诈骗常分三步走:
01
临行前一天收到“航班取消”短信
外省某地市民刘先生突然收到一条短信:“尊敬的某某旅客,您预定的某航班因故取消,如需办理退票、改签手续请联系客服电话4008771150”。刘先生一看,短信讲的航班正是自己在两天前网上订的。“原本是第二天的航班,现在一听航班取消,我立即和短信上的客服电话联系。”刘先生说。
02
交20元改签手续费是个“饵”
电话接通后,自称客服的人员告诉刘先生,由于天气原因,原定的航班取消了,如果还想走的话,可以办理改签,不过要交20元手续费。刘先生并未怀疑“改签交费”的规矩,当即要求办理。“客服人员”表示,交手续费需刘先生提供银行账号,由公司操作。刘先生急于改签没多想,竟将银行账号、密码都说了出来。
03
输入“验证码”,钱被转走了
几分钟后,刘先生再次接到“客服”电话,“我们帮您办好了改签,一会儿您的手机会收到一条验证信息,您将验证码告诉我,确认改签信息即可。”果然,不到一分钟刘先生就收到一串验证码,于是打电话告诉了“客服”。刘先生被告知改签手续已经办理成功。可刘先生等到半夜也没收到新的航班信息,再打“客服电话”已无人接听。刘先生一查卡上3万多元现金没了。
二、骗子如何“锁定”乘客?
01
网购订票信息,专挑登机前发短信
当地警方接报后立即侦查。民警发现,由于刘先生提供了银行账号和密码,骗子很快登陆了他的网银,随后所谓的输入验证码确认,实际是套取刘先生收到的转账验证码。恍然大悟的刘先生表示,当时急于改签,根本没意识到将这么重要的个人信息泄露了出去。
02
被骗者防范意识差
这种诈骗之所以成功,与刘先生防范意识弱有关。不过民警在串并案件后发现,被骗的不止刘先生一人。
巧的是,虽然受害人预定航班的时间不同,但基本都在登机前一日收到“航班取消”信息,随后被骗。
03
团伙分工作案,骗术升级
经过两个多月侦查,警方最终将以羊某为首的6人诈骗团伙抓获。原来,骗子们通过网上特殊渠道,以每条15元的价格获取大量的民航旅客订票信息,然后根据登机时间,进行分类,并择机群发“航班取消”短信。
04
订票信息泄露有两种可能
同时,办案民警发现,现在网上充斥着大量买卖个人信息的渠道。不法分子有的是自己有获取信息,然后出来贩卖;有的则是二道甚至三道贩子,通过网络获取相关信息,转手倒卖。网上泄露公民个人信息,内部人作案的可能性最大。
该案涉及的幕后黑手不外乎两种人:一是相关订票网站内部人员,通过自己的权限获取信息后在网上售卖;二是技术高超的“黑客”,通过攻击订票网站获取旅客订票信息,然后出售以牟利。目前,当地警方正在追查买卖个人信息的幕后黑手。
三、警方提示
01
请通过官方途径订购机票,通过其他途径有可能会造成个人航班信息泄露,甚至会遇到钓鱼网站,造成经济损失。
02
当接到航班取消需要改签或者退票的电话或者短信,一定要通过官方电话或者APP进行核实,不要相信对方短信中的链接或者联系方式。
03
正规平台办理退票不需要在退费前支付其他费用,退款一般返还至原支付渠道,如遇到索要费用、转账刷流水等情况时,请务必提高警惕。
04
如不慎被骗或遇可疑情形,请注意保护证据,立即拨打110报警。
PS:
最近,“机票退改签”的骗术又翻新了花样,骗子作案手段“与时俱进”:在飞机起飞前告知你准确的航班号和起飞时间,表示航班延误可以赔付,骗取信任后利用“屏幕共享”转走钱款……
【再提醒】
请通过正规渠道购票;接到机票退改签的信息不要轻易转账,首先通过官方渠道核实;如不慎被骗,保留好证据并及时拨打报警电话。
国家漏洞库CNNVD:关于Oracle多个安全漏洞的通报
近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞89个,影响到Oracle产品的其他厂商漏洞169个。包括Oracle Financial Services Applications 安全漏洞(CNNVD-202401-1551、CVE-2023-21901)、Oracle Enterprise Manager Base Platform 安全漏洞(CNNVD-202401-1567、CVE-2024-20916)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2024年1月17日,Oracle发布了2024年1月份安全更新,共258个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle ZFS Storage Appliance、Oracle Business Intelligence Enterprise Edition、Oracle Java SE和Oracle GraalVM、Oracle Audit Vault and Database Firewall等。CNNVD对其危害等级进行了评价,其中超危漏洞30个,高危漏洞94个,中危漏洞116个,低危漏洞18个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpujan2024.html
二、漏洞详情
此次更新共包括86个新增漏洞的补丁程序,其中高危漏洞12个,中危漏洞63个,低危漏洞11个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Oracle部分产品 安全漏洞 |
CNNVD-202401-1537 |
CVE-2024-20952 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
2 |
Oracle部分产品 安全漏洞 |
CNNVD-202401-1546 |
CVE-2024-20932 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
3 |
Oracle Audit Vault and Database Firewall 安全漏洞 |
CNNVD-202401-1549 |
CVE-2024-20924 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
4 |
Oracle Financial Services Applications 安全漏洞 |
CNNVD-202401-1551 |
CVE-2023-21901 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
5 |
Oracle部分产品 安全漏洞 |
CNNVD-202401-1563 |
CVE-2024-20918 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
6 |
Oracle Enterprise Manager Base Platform 安全漏洞 |
CNNVD-202401-1567 |
CVE-2024-20916 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
7 |
Oracle Supply Chain Products Suite 安全漏洞 |
CNNVD-202401-1659 |
CVE-2024-20956 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
8 |
Oracle Supply Chain Products Suite 安全漏洞 |
CNNVD-202401-1660 |
CVE-2024-20953 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
9 |
Oracle WebLogic Server 安全漏洞 |
CNNVD-202401-1680 |
CVE-2024-20931 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
10 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202401-1681 |
CVE-2024-20927 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
11 |
Oracle Enterprise Manager Base Platform 安全漏洞 |
CNNVD-202401-1682 |
CVE-2024-20917 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
12 |
Oracle Audit Vault and Database Firewall 安全漏洞 |
CNNVD-202401-1696 |
CVE-2024-20909 |
高危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
13 |
Oracle BI Publisher 安全漏洞 |
CNNVD-202401-1517 |
CVE-2024-20987 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
14 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1518 |
CVE-2024-20985 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
15 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1520 |
CVE-2024-20983 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
16 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1521 |
CVE-2024-20981 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
17 |
Oracle BI Publisher 安全漏洞 |
CNNVD-202401-1522 |
CVE-2024-20979 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
18 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1523 |
CVE-2024-20975 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
19 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1524 |
CVE-2024-20977 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
20 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1525 |
CVE-2024-20973 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
21 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1526 |
CVE-2024-20967 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
22 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1527 |
CVE-2024-20969 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
23 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1528 |
CVE-2024-20971 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
24 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1529 |
CVE-2024-20965 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
25 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1530 |
CVE-2024-20963 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
26 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1531 |
CVE-2024-20961 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
27 |
Oracle ZFS Storage Appliance 安全漏洞 |
CNNVD-202401-1532 |
CVE-2024-20959 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
28 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1535 |
CVE-2024-20950 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
29 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1536 |
CVE-2024-20948 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
30 |
Oracle Solaris 安全漏洞 |
CNNVD-202401-1538 |
CVE-2024-20946 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
31 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1539 |
CVE-2024-20944 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
32 |
Oracle Supply Chain Products Suite 安全漏洞 |
CNNVD-202401-1540 |
CVE-2024-20942 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
33 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1541 |
CVE-2024-20940 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
34 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1542 |
CVE-2024-20938 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
35 |
Oracle Installed Base 安全漏洞 |
CNNVD-202401-1543 |
CVE-2024-20934 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
36 |
Oracle One-to-One Fulfillment 安全漏洞 |
CNNVD-202401-1544 |
CVE-2024-20936 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
37 |
Oracle Outside In Technology 安全漏洞 |
CNNVD-202401-1545 |
CVE-2024-20930 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
38 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202401-1547 |
CVE-2024-20928 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
39 |
Oracle Java SE和Oracle GraalVM 安全漏洞 |
CNNVD-202401-1548 |
CVE-2024-20926 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
40 |
Oracle Integrated Lights Out Manager 安全漏洞 |
CNNVD-202401-1564 |
CVE-2024-20906 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
41 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202401-1566 |
CVE-2024-20904 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
42 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202401-1568 |
CVE-2024-20908 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
43 |
Oracle Java SE 安全漏洞 |
CNNVD-202401-1582 |
CVE-2024-20919 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024verbose.html |
|
44 |
Oracle Java SE 安全漏洞 |
CNNVD-202401-1583 |
CVE-2024-20921 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024verbose.html |
|
45 |
Oracle Java SE 安全漏洞 |
CNNVD-202401-1584 |
CVE-2024-20945 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024verbose.html |
|
46 |
Oracle ZFS Storage Appliance 安全漏洞 |
CNNVD-202401-1658 |
CVE-2023-21833 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
47 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1661 |
CVE-2024-20984 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
48 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1662 |
CVE-2024-20982 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
49 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1663 |
CVE-2024-20968 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
50 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1664 |
CVE-2024-20978 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
51 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1665 |
CVE-2024-20976 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
52 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1666 |
CVE-2024-20974 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
53 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1667 |
CVE-2024-20972 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
54 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1668 |
CVE-2024-20970 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
55 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1669 |
CVE-2024-20966 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
56 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1670 |
CVE-2024-20960 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
57 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1671 |
CVE-2024-20962 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
58 |
Oracle MySQL 安全漏洞 |
CNNVD-202401-1672 |
CVE-2024-20964 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
59 |
Oracle JD Edwards Products 安全漏洞 |
CNNVD-202401-1676 |
CVE-2024-20937 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
60 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202401-1677 |
CVE-2024-20913 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
61 |
Oracle BI Publisher 安全漏洞 |
CNNVD-202401-1678 |
CVE-2024-20980 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
62 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202401-1679 |
CVE-2024-20986 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
63 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1683 |
CVE-2024-20939 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
64 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1684 |
CVE-2024-20915 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
65 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1685 |
CVE-2024-20943 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
66 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1686 |
CVE-2024-20958 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
67 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1687 |
CVE-2024-20907 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
68 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1688 |
CVE-2024-20947 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
69 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1689 |
CVE-2024-20941 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
70 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1690 |
CVE-2024-20935 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
71 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1691 |
CVE-2024-20933 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
72 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1692 |
CVE-2024-20951 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
73 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1693 |
CVE-2024-20949 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
74 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202401-1694 |
CVE-2024-20929 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
75 |
Oracle Database Server 安全漏洞 |
CNNVD-202401-1697 |
CVE-2024-20903 |
中危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
76 |
Oracle JD Edwards Products 安全漏洞 |
CNNVD-202401-1533 |
CVE-2024-20957 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
77 |
Oracle部分产品 安全漏洞 |
CNNVD-202401-1534 |
CVE-2024-20955 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
78 |
Oracle部分产品 安全漏洞 |
CNNVD-202401-1556 |
CVE-2024-20922 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
79 |
Oracle Solaris 安全漏洞 |
CNNVD-202401-1557 |
CVE-2024-20920 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
80 |
Oracle ZFS Storage Appliance 安全漏洞 |
CNNVD-202401-1569 |
CVE-2024-20914 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
81 |
Oracle Audit Vault and Database Firewall 安全漏洞 |
CNNVD-202401-1571 |
CVE-2024-20912 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
82 |
Oracle Audit Vault and Database Firewall 安全漏洞 |
CNNVD-202401-1575 |
CVE-2024-20910 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
83 |
Oracle Java SE和Oracle GraalVM 安全漏洞 |
CNNVD-202401-1673 |
CVE-2024-20925 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
84 |
Oracle JD Edwards Products 安全漏洞 |
CNNVD-202401-1674 |
CVE-2024-20905 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
85 |
Oracle部分产品 安全漏洞 |
CNNVD-202401-1675 |
CVE-2024-20923 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
|
86 |
Oracle Audit Vault and Database Firewall 安全漏洞 |
CNNVD-202401-1695 |
CVE-2024-20911 |
低危 |
https://www.oracle.com/security-alerts/cpujan2024.html |
此次更新共包括3个更新漏洞的补丁程序,其中高危漏洞1个,低危漏洞2个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Oracle MySQL 安全漏洞 |
CNNVD-202310-1410 |
CVE-2023-22102 |
高危 |
https://www.oracle.com/security-alerts/cpuoct2023.html |
|
2 |
Oracle Database Server 安全漏洞 |
CNNVD-202207-1680 |
CVE-2022-21432 |
低危 |
https://www.oracle.com/security-alerts/cpujul2022.html |
|
3 |
Oracle Database Server 安全漏洞 |
CNNVD-202307-1573 |
CVE-2023-21949 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
此次更新共包括169个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞30个,高危漏洞81个,中危漏洞53个,低危漏洞5个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
|
1 |
Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 |
CNNVD-202207-838 |
CVE-2020-29508 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
2 |
Dell BSAFE 安全特征问题漏洞 |
CNNVD-202207-834 |
CVE-2020-35163 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
3 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-832 |
CVE-2020-35166 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
4 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-831 |
CVE-2020-35167 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
5 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-828 |
CVE-2020-35168 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
6 |
H2database代码问题漏洞 |
CNNVD-202201-572 |
CVE-2021-42392 |
超危 |
个人开发者 |
https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6 |
|
7 |
Sanitize 输入验证错误漏洞 |
CNNVD-202110-1259 |
CVE-2021-42575 |
超危 |
个人开发者 |
https://owasp.org/www-project-java-html-sanitizer/ |
|
8 |
Mozilla Network Security Services 缓冲区错误漏洞 |
CNNVD-202112-002 |
CVE-2021-43527 |
超危 |
Mozilla基金会 |
https://packetstormsecurity.com/files/165110/NSS-Signature-Validation-Memory-Corruption.html |
|
9 |
GNU Libtasn1 缓冲区错误漏洞 |
CNNVD-202210-1689 |
CVE-2021-46848 |
超危 |
GNU基金会 |
https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 |
|
10 |
SnakeYAML 代码问题漏洞 |
CNNVD-202212-1820 |
CVE-2022-1471 |
超危 |
个人开发者 |
https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 |
|
11 |
H2Console 参数注入漏洞 |
CNNVD-202201-1749 |
CVE-2022-23221 |
超危 |
个人开发者 |
https://github.com/h2database/h2database/releases/tag/version-2.1.210 |
|
12 |
OpenLDAP SQL注入漏洞 |
CNNVD-202205-2146 |
CVE-2022-29155 |
超危 |
Openldap基金会 |
https://bugs.openldap.org/show_bug.cgi?id=9815 |
|
13 |
VMware Spring Security 安全漏洞 |
CNNVD-202210-2599 |
CVE-2022-31692 |
超危 |
VMware |
https://tanzu.vmware.com/security/cve-2022-31692 |
|
14 |
Scala 代码问题漏洞 |
CNNVD-202209-2463 |
CVE-2022-36944 |
超危 |
Scala |
https://www.scala-lang.org/download/ |
|
15 |
zlib 缓冲区错误漏洞 |
CNNVD-202208-2276 |
CVE-2022-37434 |
超危 |
个人开发者 |
https://github.com/madler/zlib/ |
|
16 |
Apache Commons Text 代码注入漏洞 |
CNNVD-202210-790 |
CVE-2022-42889 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om |
|
17 |
Apache Commons BCEL 缓冲区错误漏洞 |
CNNVD-202211-2199 |
CVE-2022-42920 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4 |
|
18 |
Apache Derby 注入漏洞 |
CNNVD-202311-1655 |
CVE-2022-46337 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 |
|
19 |
BusyBox 缓冲区错误漏洞 |
CNNVD-202208-4625 |
CVE-2022-48174 |
超危 |
个人开发者 |
https://bugs.busybox.net/show_bug.cgi?id=15216 |
|
20 |
Node.js 安全漏洞 |
CNNVD-202308-1703 |
CVE-2023-32002 |
超危 |
个人开发者 |
https://nodejs.org/en |
|
21 |
SQLite 代码注入漏洞 |
CNNVD-202305-2084 |
CVE-2023-32697 |
超危 |
SQLite |
https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2 |
|
22 |
VMware Spring Security 安全漏洞 |
CNNVD-202307-1680 |
CVE-2023-34034 |
超危 |
VMware |
https://spring.io/security/cve-2023-34034 |
|
23 |
PHP 缓冲区错误漏洞 |
CNNVD-202308-1102 |
CVE-2023-3824 |
超危 |
PHP |
https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv |
|
24 |
curl 缓冲区错误漏洞 |
CNNVD-202310-917 |
CVE-2023-38545 |
超危 |
curl |
https://github.com/curl/curl/commit/fb4415d8aee6c1 |
|
25 |
Google Go 代码注入漏洞 |
CNNVD-202309-669 |
CVE-2023-39320 |
超危 |
|
https://github.com/golang/go/issues/62198 |
|
26 |
Apache ZooKeeper 安全漏洞 |
CNNVD-202310-856 |
CVE-2023-44981 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b |
|
27 |
Apache ActiveMQ 代码问题漏洞 |
CNNVD-202310-2332 |
CVE-2023-46604 |
超危 |
Apache基金会 |
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt |
|
28 |
Apache Arrow 代码问题漏洞 |
CNNVD-202311-735 |
CVE-2023-47248 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n |
|
29 |
HtmlUnit 安全漏洞 |
CNNVD-202312-267 |
CVE-2023-49093 |
超危 |
HtmlUnit |
https://www.htmlunit.org/changes-report.html#a3.9 |
|
30 |
Apache Struts 安全漏洞 |
CNNVD-202312-546 |
CVE-2023-50164 |
超危 |
Apache基金会 |
https://struts.apache.org/download.cgi#struts-ga |
|
31 |
Apache Commons Beanutils 代码问题漏洞 |
CNNVD-201908-1140 |
CVE-2019-10086 |
高危 |
debian |
https://issues.apache.org/jira/browse/BEANUTILS-520 |
|
32 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-833 |
CVE-2020-35164 |
高危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
33 |
VMware Spring Cloud Config 路径遍历漏洞 |
CNNVD-202006-075 |
CVE-2020-5410 |
高危 |
Vmware |
https://tanzu.vmware.com/security/cve-2020-5410 |
|
34 |
CodeMirror 资源管理错误漏洞 |
CNNVD-202010-1679 |
CVE-2020-7760 |
高危 |
Codemirror |
https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb |
|
35 |
Google Android 信任管理问题漏洞 |
CNNVD-202102-128 |
CVE-2021-0341 |
高危 |
|
https://source.android.com/security/bulletin/2021-02-01 |
|
36 |
JDOM 代码问题漏洞 |
CNNVD-202106-1323 |
CVE-2021-33813 |
高危 |
个人开发者 |
https://github.com/hunterhacker/jdom。 |
|
37 |
Apache Commons Compress 安全漏洞 |
CNNVD-202107-896 |
CVE-2021-35515 |
高危 |
Apache基金会 |
https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E |
|
38 |
Apache Commons Compress 安全漏洞 |
CNNVD-202107-897 |
CVE-2021-35516 |
高危 |
Apache基金会 |
https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E |
|
39 |
Apache Commons Compress 安全漏洞 |
CNNVD-202107-898 |
CVE-2021-35517 |
高危 |
Apache基金会 |
https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E |
|
40 |
Apache Commons Compress 安全漏洞 |
CNNVD-202107-899 |
CVE-2021-36090 |
高危 |
Apache基金会 |
https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E |
|
41 |
Apache Log4j 代码问题漏洞 |
CNNVD-202112-1011 |
CVE-2021-4104 |
高危 |
Apache基金会 |
https://logging.apache.org/log4j/2.x/security.html |
|
42 |
npm jquery-validation 安全漏洞 |
CNNVD-202206-318 |
CVE-2021-43306 |
高危 |
个人开发者 |
https://www.npmjs.com/package/jquery-validation |
|
43 |
Spring Cloud 安全漏洞 |
CNNVD-202206-2126 |
CVE-2022-22979 |
高危 |
Spring |
https://tanzu.vmware.com/security/cve-2022-22979 |
|
44 |
nekohtml资源管理错误漏洞 |
CNNVD-202204-2918 |
CVE-2022-24839 |
高危 |
个人开发者 |
https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d |
|
45 |
gson 代码问题漏洞 |
CNNVD-202205-1791 |
CVE-2022-25647 |
高危 |
个人开发者 |
https://github.com/google/gson/pull/1991/files |
|
46 |
jquery-validation 安全漏洞 |
CNNVD-202207-1332 |
CVE-2022-31147 |
高危 |
个人开发者 |
https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3 |
|
47 |
VMware Spring Security 安全漏洞 |
CNNVD-202210-2598 |
CVE-2022-31690 |
高危 |
VMware |
https://tanzu.vmware.com/security/cve-2022-31690 |
|
48 |
Apache Xalan 输入验证错误漏洞 |
CNNVD-202207-1617 |
CVE-2022-34169 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
|
49 |
NSS 安全漏洞 |
CNNVD-202210-947 |
CVE-2022-3479 |
高危 |
Mozilla基金会 |
https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 |
|
50 |
Google protobuf 安全漏洞 |
CNNVD-202212-2865 |
CVE-2022-3510 |
高危 |
|
https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48 |
|
51 |
OpenSSL 缓冲区错误漏洞 |
CNNVD-202210-2605 |
CVE-2022-3602 |
高危 |
OpenSSL团队 |
https://www.openssl.org/news/secadv/20221101.txt |
|
52 |
OpenSSL 安全漏洞 |
CNNVD-202210-2604 |
CVE-2022-3786 |
高危 |
OpenSSL团队 |
https://www.openssl.org/news/secadv/20221101.txt |
|
53 |
XStream 缓冲区错误漏洞 |
CNNVD-202209-1230 |
CVE-2022-40152 |
高危 |
XStream |
https://github.com/x-stream/xstream/issues/304 |
|
54 |
PCRE2 输入验证错误漏洞 |
CNNVD-202307-1523 |
CVE-2022-41409 |
高危 |
PCRE2Project |
https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 |
|
55 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202210-1712 |
CVE-2022-41704 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf |
|
56 |
FasterXML jackson-databind 代码问题漏洞 |
CNNVD-202210-007 |
CVE-2022-42003 |
高危 |
FasterXML |
https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 |
|
57 |
FasterXML jackson-databind 代码问题漏洞 |
CNNVD-202210-006 |
CVE-2022-42004 |
高危 |
FasterXML |
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 |
|
58 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202210-1707 |
CVE-2022-42890 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly |
|
59 |
OpenSSL 资源管理错误漏洞 |
CNNVD-202302-510 |
CVE-2022-4450 |
高危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230207.txt |
|
60 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202308-1802 |
CVE-2022-44729 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2 |
|
61 |
H2database 安全漏洞 |
CNNVD-202211-3421 |
CVE-2022-45868 |
高危 |
个人开发者 |
https://github.com/h2database/h2database/ |
|
62 |
Apache Ivy 代码问题漏洞 |
CNNVD-202308-1684 |
CVE-2022-46751 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8 |
|
63 |
SQLite 安全漏洞 |
CNNVD-202212-2843 |
CVE-2022-46908 |
高危 |
个人开发者 |
https://sqlite.org/src/info/cefc032473ac5ad2 |
|
64 |
OpenSSL 信任管理问题漏洞 |
CNNVD-202303-1681 |
CVE-2023-0464 |
高危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230322.txt |
|
65 |
Red Hat JBoss Enterprise Application Platform 安全漏洞 |
CNNVD-202303-798 |
CVE-2023-1108 |
高危 |
Red Hat |
https://github.com/ICEPAY/REST-API-NET/commit/61f6b8758e5c971abff5f901cfa9f231052b775f |
|
66 |
netplex json-smart 安全漏洞 |
CNNVD-202303-1658 |
CVE-2023-1370 |
高危 |
netplex |
https://netplex.github.io/json-smart/ |
|
67 |
Jettison 安全漏洞 |
CNNVD-202303-1656 |
CVE-2023-1436 |
高危 |
Jettison |
https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ |
|
68 |
Spring Framework 资源管理错误漏洞 |
CNNVD-202305-2284 |
CVE-2023-20883 |
高危 |
Spring |
https://spring.io/security/cve-2023-20883 |
|
69 |
Apache Commons FileUpload 安全漏洞 |
CNNVD-202302-1610 |
CVE-2023-24998 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy |
|
70 |
Apache Kafka 代码问题漏洞 |
CNNVD-202302-515 |
CVE-2023-25194 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz |
|
71 |
OpenCV 代码问题漏洞 |
CNNVD-202305-852 |
CVE-2023-2617 |
高危 |
OpenCV |
https://github.com/opencv/opencv_contrib/pull/3480 |
|
72 |
OpenCV 安全漏洞 |
CNNVD-202305-851 |
CVE-2023-2618 |
高危 |
OpenCV |
https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
|
73 |
Intel oneAPI Toolkits 代码问题漏洞 |
CNNVD-202308-1031 |
CVE-2023-28823 |
高危 |
Intel |
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
|
74 |
Google Guava 安全漏洞 |
CNNVD-202306-1141 |
CVE-2023-2976 |
高危 |
|
https://github.com/google/guava |
|
75 |
Flask 安全漏洞 |
CNNVD-202305-091 |
CVE-2023-30861 |
高危 |
Pallets |
https://github.com/pallets/flask/releases/tag/2.3.2 |
|
76 |
Apache HTTP Server 缓冲区错误漏洞 |
CNNVD-202310-1640 |
CVE-2023-31122 |
高危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
77 |
Comprehensive Perl Archive Network 信任管理问题漏洞 |
CNNVD-202304-2326 |
CVE-2023-31484 |
高危 |
CPAN |
https://github.com/andk/cpanpm/releases/tag/2.35 |
|
78 |
HTTP::Tiny 信任管理问题漏洞 |
CNNVD-202304-2318 |
CVE-2023-31486 |
高危 |
Perldoc |
https://perldoc.perl.org/HTTP::Tiny |
|
79 |
jose4j 安全特征问题漏洞 |
CNNVD-202310-2110 |
CVE-2023-31582 |
高危 |
个人开发者 |
https://bitbucket.org/b_c/jose4j/commits/1929fe3 |
|
80 |
Node.js 安全漏洞 |
CNNVD-202308-1336 |
CVE-2023-32006 |
高危 |
Nodejs |
https://nodejs.org/en/blog/vulnerability/august-2023-security-releases |
|
81 |
Node.js 安全漏洞 |
CNNVD-202308-1984 |
CVE-2023-32559 |
高危 |
个人开发者 |
https://nodejs.org/en/blog/vulnerability/august-2023-security-releases |
|
82 |
Spring Framework 安全漏洞 |
CNNVD-202311-2123 |
CVE-2023-34053 |
高危 |
Spring团队 |
https://github.com/spring-projects/spring-framework/releases/tag/v6.0. |
|
83 |
snappy-java 输入验证错误漏洞 |
CNNVD-202306-1200 |
CVE-2023-34453 |
高危 |
个人开发者 |
https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf |
|
84 |
snappy-java 输入验证错误漏洞 |
CNNVD-202306-1198 |
CVE-2023-34454 |
高危 |
个人开发者 |
https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r |
|
85 |
Snappy 输入验证错误漏洞 |
CNNVD-202306-1248 |
CVE-2023-34455 |
高危 |
个人开发者 |
https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh |
|
86 |
htmlcleaner 缓冲区错误漏洞 |
CNNVD-202306-1106 |
CVE-2023-34624 |
高危 |
个人开发者 |
https://github.com/amplafi/htmlcleaner/issues/13 |
|
87 |
Apache Tomcat 安全漏洞 |
CNNVD-202306-1525 |
CVE-2023-34981 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz |
|
88 |
Jenkins 跨站请求伪造漏洞 |
CNNVD-202306-1089 |
CVE-2023-35141 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135 |
|
89 |
Okio 安全漏洞 |
CNNVD-202307-1161 |
CVE-2023-3635 |
高危 |
square |
https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b |
|
90 |
Eclipse Jetty 资源管理错误漏洞 |
CNNVD-202310-691 |
CVE-2023-36478 |
高危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r |
|
91 |
Python 安全漏洞 |
CNNVD-202306-1804 |
CVE-2023-36632 |
高危 |
Python基金会 |
https://docs.python.org/3/library/email.html |
|
92 |
HCL BigFix Platform 输入验证错误漏洞 |
CNNVD-202310-848 |
CVE-2023-37536 |
高危 |
HCL Technologies |
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 |
|
93 |
curl 安全漏洞 |
CNNVD-202309-1067 |
CVE-2023-38039 |
高危 |
curl |
https://github.com/curl/curl |
|
94 |
PHP 代码问题漏洞 |
CNNVD-202308-1104 |
CVE-2023-3823 |
高危 |
PHP |
https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr |
|
95 |
python-cryptography 信任管理问题漏洞 |
CNNVD-202307-1332 |
CVE-2023-38325 |
高危 |
Cryptographic团队 |
https://github.com/pyca/cryptography/issues/9207 |
|
96 |
Google Golang 安全漏洞 |
CNNVD-202309-663 |
CVE-2023-39321 |
高危 |
|
https://github.com/golang/go/issues/62266 |
|
97 |
Google Go 安全漏洞 |
CNNVD-202309-662 |
CVE-2023-39322 |
高危 |
|
https://github.com/golang/go/issues/62266 |
|
98 |
Apache Avro 代码问题漏洞 |
CNNVD-202309-2636 |
CVE-2023-39410 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds |
|
99 |
MIT Kerberos 资源管理错误漏洞 |
CNNVD-202308-1454 |
CVE-2023-39975 |
高危 |
MIT |
https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840 |
|
100 |
Eclipse Parsson 安全漏洞 |
CNNVD-202311-268 |
CVE-2023-4043 |
高危 |
Eclipse基金会 |
https://github.com/eclipse-ee4j/parsson/commit/9dd5ad5f871f7b93654073a3f8ce3e1d9b8d9b31 |
|
101 |
Python 代码问题漏洞 |
CNNVD-202308-1930 |
CVE-2023-41105 |
高危 |
Python基金会 |
https://github.com/python/cpython/pull/107982 |
|
102 |
Jenkins 安全漏洞 |
CNNVD-202309-1972 |
CVE-2023-43496 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072 |
|
103 |
Jenkins 代码问题漏洞 |
CNNVD-202309-1971 |
CVE-2023-43497 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 |
|
104 |
Jenkins 安全漏洞 |
CNNVD-202309-1970 |
CVE-2023-43498 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 |
|
105 |
Apache HTTP Server 资源管理错误漏洞 |
CNNVD-202310-1641 |
CVE-2023-43622 |
高危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
106 |
Snappy 安全漏洞 |
CNNVD-202309-2204 |
CVE-2023-43642 |
高危 |
个人开发者 |
https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv |
|
107 |
Apache HTTP/2 资源管理错误漏洞 |
CNNVD-202310-667 |
CVE-2023-44487 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
|
108 |
Apache Tomcat 环境问题漏洞 |
CNNVD-202311-2168 |
CVE-2023-46589 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr |
|
109 |
glibc 缓冲区错误漏洞 |
CNNVD-202310-197 |
CVE-2023-4911 |
高危 |
GNU社区 |
https://www.gnu.org/software/libc/ |
|
110 |
JSON-Java 安全漏洞 |
CNNVD-202310-951 |
CVE-2023-5072 |
高危 |
个人开发者 |
https://github.com/stleary/JSON-java/ |
|
111 |
OpenSSL 安全漏洞 |
CNNVD-202310-1871 |
CVE-2023-5363 |
高危 |
OpenSSL团队 |
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d |
|
112 |
Junit 信息泄露漏洞 |
CNNVD-202010-445 |
CVE-2020-15250 |
中危 |
个人开发者 |
https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md |
|
113 |
DOMPurify 跨站脚本漏洞 |
CNNVD-202010-199 |
CVE-2020-26870 |
中危 |
个人开发者 |
https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d |
|
114 |
Vmware Spring Framework 安全漏洞 |
CNNVD-202009-1050 |
CVE-2020-5421 |
中危 |
Vmware |
https://tanzu.vmware.com/security/cve-2020-5421 |
|
115 |
Apache Commons IO 路径遍历漏洞 |
CNNVD-202104-702 |
CVE-2021-29425 |
中危 |
Apache基金会 |
https://issues.apache.org/jira/browse/IO-556 |
|
116 |
Apache Commons Net 输入验证错误漏洞 |
CNNVD-202212-2188 |
CVE-2021-37533 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 |
|
117 |
jQuery 跨站脚本漏洞 |
CNNVD-202110-1843 |
CVE-2021-41182 |
中危 |
个人开发者 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
|
118 |
jQuery 跨站脚本漏洞 |
CNNVD-202110-1839 |
CVE-2021-41183 |
中危 |
个人开发者 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
|
119 |
Openjs Jquery Ui 跨站脚本漏洞 |
CNNVD-202110-1845 |
CVE-2021-41184 |
中危 |
Openjs基金会 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
|
120 |
Vmware Spring Framework 安全漏洞 |
CNNVD-202203-2333 |
CVE-2022-22950 |
中危 |
VMware |
https://tanzu.vmware.com/security/cve-2022-22950 |
|
121 |
Pivotal Spring Security OAuth 资源管理错误漏洞 |
CNNVD-202204-3951 |
CVE-2022-22969 |
中危 |
Pivotal |
https://tanzu.vmware.com/security/cve-2022-22969 |
|
122 |
Apache Portable Runtime 输入验证错误漏洞 |
CNNVD-202301-2414 |
CVE-2022-25147 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 |
|
123 |
jQuery 跨站脚本漏洞 |
CNNVD-202207-2121 |
CVE-2022-31160 |
中危 |
个人开发者 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
|
124 |
jsoup 跨站脚本漏洞 |
CNNVD-202208-4329 |
CVE-2022-36033 |
中危 |
个人开发者 |
https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
|
125 |
Matthäus G. Chajdas pygments 代码问题漏洞 |
CNNVD-202307-1683 |
CVE-2022-40896 |
中危 |
Matthäus G. Chajdas |
https://pypi.org/project/Pygments/ |
|
126 |
OpenSSL 安全漏洞 |
CNNVD-202302-514 |
CVE-2022-4304 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230207.txt |
|
127 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202308-1801 |
CVE-2022-44730 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0 |
|
128 |
OpenSSL 信任管理问题漏洞 |
CNNVD-202303-2432 |
CVE-2023-0465 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230328.txt |
|
129 |
OpenSSL 信任管理问题漏洞 |
CNNVD-202303-2431 |
CVE-2023-0466 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230328.txt |
|
130 |
Spring Framework 安全漏洞 |
CNNVD-202304-1094 |
CVE-2023-20863 |
中危 |
Spring |
https://spring.io/security/cve-2023-20863 |
|
131 |
libssh 授权问题漏洞 |
CNNVD-202305-2087 |
CVE-2023-2283 |
中危 |
libssh |
https://www.debian.org/security/2023/ |
|
132 |
cryptography 代码问题漏洞 |
CNNVD-202302-523 |
CVE-2023-23931 |
中危 |
Cryptographic |
https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r |
|
133 |
OpenSSL 安全漏洞 |
CNNVD-202305-2503 |
CVE-2023-2650 |
中危 |
OpenSSL |
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a |
|
134 |
Intel oneAPI Toolkits 安全漏洞 |
CNNVD-202308-1047 |
CVE-2023-27391 |
中危 |
Intel |
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html |
|
135 |
CKEditor 跨站脚本漏洞 |
CNNVD-202303-1790 |
CVE-2023-28439 |
中危 |
CKEditor |
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g |
|
136 |
libxml2 代码问题漏洞 |
CNNVD-202304-908 |
CVE-2023-28484 |
中危 |
个人开发者 |
https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f |
|
137 |
Ruby 安全漏洞 |
CNNVD-202303-2412 |
CVE-2023-28755 |
中危 |
个人开发者 |
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ |
|
138 |
Ruby 安全漏洞 |
CNNVD-202303-2720 |
CVE-2023-28756 |
中危 |
个人开发者 |
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ |
|
139 |
libxml2 资源管理错误漏洞 |
CNNVD-202304-907 |
CVE-2023-29469 |
中危 |
个人开发者 |
https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 |
|
140 |
OpenSSL 授权问题漏洞 |
CNNVD-202307-1295 |
CVE-2023-2975 |
中危 |
OpenSSL团队 |
https://www.openssl.org/news/secadv/20230714.txt |
|
141 |
Bouncy Castle 信任管理问题漏洞 |
CNNVD-202307-168 |
CVE-2023-33201 |
中危 |
Bouncy Castle |
https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc |
|
142 |
Spring Security 安全漏洞 |
CNNVD-202307-1539 |
CVE-2023-34035 |
中危 |
Spring |
https://spring.io/security/cve-2023-34035 |
|
143 |
VMware Spring Boot 安全漏洞 |
CNNVD-202311-2124 |
CVE-2023-34055 |
中危 |
VMware |
https://github.com/spring-projects/spring-boot/releases/tag/v3.0. |
|
144 |
OpenSSL 安全漏洞 |
CNNVD-202307-1681 |
CVE-2023-3446 |
中危 |
OpenSSL团队 |
https://www.openssl.org/news/secadv/20230719.txt |
|
145 |
Netty 资源管理错误漏洞 |
CNNVD-202306-1639 |
CVE-2023-34462 |
中危 |
Netty |
https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845 |
|
146 |
Apache MINA 路径遍历漏洞 |
CNNVD-202307-582 |
CVE-2023-35887 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2 |
|
147 |
MIT Kerberos 缓冲区错误漏洞 |
CNNVD-202308-488 |
CVE-2023-36054 |
中危 |
MIT |
https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd |
|
148 |
Eclipse Jetty 安全漏洞 |
CNNVD-202309-1093 |
CVE-2023-36479 |
中危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j |
|
149 |
OpenSSL 安全漏洞 |
CNNVD-202307-2314 |
CVE-2023-3817 |
中危 |
OpenSSL团队 |
https://www.openssl.org/news/secadv/20230731.txt |
|
150 |
Jenkins 跨站脚本漏洞 |
CNNVD-202307-2099 |
CVE-2023-39151 |
中危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188 |
|
151 |
Google Golang 跨站脚本漏洞 |
CNNVD-202309-671 |
CVE-2023-39318 |
中危 |
|
https://github.com/golang/go/issues/62196 |
|
152 |
Google Golang 跨站脚本漏洞 |
CNNVD-202309-667 |
CVE-2023-39319 |
中危 |
|
https://github.com/golang/go/issues/62197 |
|
153 |
Eclipse Jetty 安全漏洞 |
CNNVD-202309-1102 |
CVE-2023-40167 |
中危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 |
|
154 |
Eclipse Jetty 安全漏洞 |
CNNVD-202309-1113 |
CVE-2023-41900 |
中危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 |
|
155 |
Apache Commons Compress 资源管理错误漏洞 |
CNNVD-202309-1000 |
CVE-2023-42503 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c |
|
156 |
Apache Tomcat 安全漏洞 |
CNNVD-202310-717 |
CVE-2023-42794 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82 |
|
157 |
Apache Tomcat 安全漏洞 |
CNNVD-202310-716 |
CVE-2023-42795 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw |
|
158 |
Jenkins 安全漏洞 |
CNNVD-202309-1974 |
CVE-2023-43494 |
中危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261 |
|
159 |
Jenkins 跨站脚本漏洞 |
CNNVD-202309-1973 |
CVE-2023-43495 |
中危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245 |
|
160 |
OWASP AntiSamy 跨站脚本漏洞 |
CNNVD-202310-525 |
CVE-2023-43643 |
中危 |
OWASP基金会 |
https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2 |
|
161 |
Apache Santuario 日志信息泄露漏洞 |
CNNVD-202310-1720 |
CVE-2023-44483 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 |
|
162 |
Apache Tomcat 输入验证错误漏洞 |
CNNVD-202310-712 |
CVE-2023-45648 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp |
|
163 |
Apache HTTP Server 资源管理错误漏洞 |
CNNVD-202310-1636 |
CVE-2023-45802 |
中危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
164 |
OpenSSH 安全漏洞 |
CNNVD-202312-1668 |
CVE-2023-48795 |
中危 |
OpenBSD |
https://www.openssh.com/openbsd.html |
|
165 |
Apache Tika 安全漏洞 |
CNNVD-202206-2671 |
CVE-2022-33879 |
低危 |
Apache基金会 |
https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh |
|
166 |
curl 安全漏洞 |
CNNVD-202310-916 |
CVE-2023-38546 |
低危 |
curl |
https://github.com/curl/curl/releases |
|
167 |
Redis Labs Redis 安全漏洞 |
CNNVD-202309-560 |
CVE-2023-41053 |
低危 |
Redis Labs |
https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6 |
|
168 |
undici 信息泄露漏洞 |
CNNVD-202310-953 |
CVE-2023-45143 |
低危 |
nodejs |
https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76 |
|
169 |
Redis Labs Redis 安全漏洞 |
CNNVD-202310-1522 |
CVE-2023-45145 |
低危 |
Redis Labs |
https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:https://www.oracle.com/security-alerts/cpujan2024.htmlCNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。
文章来源 :济南公安
精彩推荐
乘风破浪|华盟信安线下网络安全就业班招生中!
web渗透入门基础篇|充电
始于猎艳,终于诈骗!带你了解“约炮”APP
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论