伟德国际·BETVLCTOR[中国]官方网站-Sports Platform

首页网络安全威胁情报正文

【漏洞通报】CNNVD关于Oracle多个安全漏洞的通报

时间：2023年04月20日 17:22 来源： CNNVD 点击数：

近日，Oracle官方发布了多个安全漏洞的公告，其中Oracle产品本身漏洞93个，影响到Oracle产品的其他厂商漏洞275个。包括Oracle Fusion Middleware 安全漏洞（CNNVD-202304-1464、CVE-2023-21996）、Oracle Virtualization 安全漏洞（CNNVD-202304-1468、CVE-2023-21990）等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据，提升权限等。Oracle多个产品和系统受漏洞影响。目前，Oracle官方已经发布了漏洞修复补丁，建议用户及时确认是否受到漏洞影响，尽快采取修补措施。

一、漏洞介绍

2023年4月18日，Oracle发布了2023年4月份安全更新，共368个漏洞的补丁程序，CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Hospitality Applications、Oracle Java SE、Oracle Solaris、Oracle E-Business Suite、Oracle Health Sciences Applications等。CNNVD对其危害等级进行了评价，其中超危漏洞54个，高危漏洞157个，中危漏洞145个，低危漏洞9个。Oracle多个产品和系统版本受漏洞影响，具体影响范围可访问Oracle官方网站查询：

https://www.oracle.com/security-alerts/cpuapr2023.html

二、漏洞详情

此次更新共包括91个新增漏洞的补丁程序，其中高危漏洞14个，中危漏洞68个，低危漏洞9个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle Fusion Middleware 安全漏洞	CNNVD-202304-1464	CVE-2023-21996	高危	https://www.oracle.com/security-alerts/cpuapr2040.html
2	Oracle Virtualization 安全漏洞	CNNVD-202304-1468	CVE-2023-21990	高危	https://www.oracle.com/security-alerts/cpuapr2023.html
3	Oracle Virtualization 安全漏洞	CNNVD-202304-1471	CVE-2023-21987	高危	https://www.oracle.com/security-alerts/cpuapr2023.html
4	Oracle Solaris 安全漏洞	CNNVD-202304-1474	CVE-2023-21985	高危	https://www.oracle.com/security-alerts/cpuapr2032.html
5	Oracle MySQL 安全漏洞	CNNVD-202304-1478	CVE-2023-21980	高危	https://www.oracle.com/security-alerts/cpuapr2023.html
6	Oracle Fusion Middleware 安全漏洞	CNNVD-202304-1479	CVE-2023-21979	高危	https://www.oracle.com/security-alerts/cpuapr2037.html
7	Oracle Fusion Middleware 安全漏洞	CNNVD-202304-1492	CVE-2023-21964	高危	https://www.oracle.com/security-alerts/cpuapr2038.html
8	Oracle Solaris 安全漏洞	CNNVD-202304-1504	CVE-2023-21948	高危	https://www.oracle.com/security-alerts/cpuapr2028.html
9	Oracle Solaris 安全漏洞	CNNVD-202304-1512	CVE-2023-21896	高危	https://www.oracle.com/security-alerts/cpuapr2031.html
10	Oracle MySQL 安全漏洞	CNNVD-202304-1533	CVE-2023-21912	高危	https://www.oracle.com/security-alerts/cpuapr2023.html
11	Oracle Hospitality Applications 安全漏洞	CNNVD-202304-1537	CVE-2023-21932	高危	https://www.oracle.com/security-alerts/cpuapr2023.html
12	Oracle Fusion Middleware 安全漏洞	CNNVD-202304-1541	CVE-2023-21931	高危	https://www.oracle.com/security-alerts/cpuapr2036.html
13	Oracle Health Sciences Applications 安全漏洞	CNNVD-202304-1545	CVE-2023-21923	高危	https://www.oracle.com/security-alerts/cpuapr2023.html
14	Oracle Java SE 安全漏洞	CNNVD-202304-1547	CVE-2023-21930	高危	https://www.oracle.com/security-alerts/cpuapr2023.html
15	Oracle Virtualization 安全漏洞	CNNVD-202304-1458	CVE-2023-22002	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
16	Oracle Virtualization 安全漏洞	CNNVD-202304-1460	CVE-2023-22000	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
17	Oracle Virtualization 安全漏洞	CNNVD-202304-1461	CVE-2023-22001	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
18	Oracle Virtualization 安全漏洞	CNNVD-202304-1462	CVE-2023-21998	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
19	Oracle E-Business Suite 安全漏洞	CNNVD-202304-1463	CVE-2023-21997	中危	https://www.oracle.com/security-alerts/cpuapr2034.html
20	Oracle Health Sciences Applications 安全漏洞	CNNVD-202304-1465	CVE-2023-21993	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
21	Oracle PeopleSoft Products 安全漏洞	CNNVD-202304-1467	CVE-2023-21992	中危	https://www.oracle.com/security-alerts/cpuapr2041.html
22	Oracle Virtualization 安全漏洞	CNNVD-202304-1469	CVE-2023-21989	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
23	Oracle Java SE 安全漏洞	CNNVD-202304-1472	CVE-2023-21986	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
24	Oracle MySQL 安全漏洞	CNNVD-202304-1475	CVE-2023-21982	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
25	Oracle Solaris 安全漏洞	CNNVD-202304-1476	CVE-2023-21984	中危	https://www.oracle.com/security-alerts/cpuapr2030.html
26	Oracle PeopleSoft Enterprise PeopleTools 安全漏洞	CNNVD-202304-1477	CVE-2023-21981	中危	https://www.oracle.com/security-alerts/cpuapr2042.html
27	Oracle E-Business Suite 安全漏洞	CNNVD-202304-1480	CVE-2023-21978	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
28	Oracle MySQL 安全漏洞	CNNVD-202304-1481	CVE-2023-21977	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
29	Oracle MySQL 安全漏洞	CNNVD-202304-1482	CVE-2023-21976	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
30	Oracle E-Business Suite 安全漏洞	CNNVD-202304-1483	CVE-2023-21973	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
31	Oracle MySQL 安全漏洞	CNNVD-202304-1484	CVE-2023-21972	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
32	Oracle MySQL 安全漏洞	CNNVD-202304-1486	CVE-2023-21971	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
33	Oracle BI Publisher 安全漏洞	CNNVD-202304-1487	CVE-2023-21970	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
34	Oracle Java SE 安全漏洞	CNNVD-202304-1489	CVE-2023-21967	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
35	Oracle MySQL 安全漏洞	CNNVD-202304-1490	CVE-2023-21966	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
36	Oracle Business Intelligence Enterprise Edition 安全漏洞	CNNVD-202304-1491	CVE-2023-21965	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
37	Oracle SQL Developer 安全漏洞	CNNVD-202304-1493	CVE-2023-21969	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
38	Oracle MySQL 安全漏洞	CNNVD-202304-1495	CVE-2023-21962	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
39	Oracle Fusion Middleware 安全漏洞	CNNVD-202304-1496	CVE-2023-21960	中危	https://www.oracle.com/security-alerts/cpuapr2035.html
40	Oracle E-Business Suite 安全漏洞	CNNVD-202304-1497	CVE-2023-21959	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
41	Oracle Fusion Middleware 安全漏洞	CNNVD-202304-1498	CVE-2023-21956	中危	https://www.oracle.com/security-alerts/cpuapr2039.html
42	Oracle MySQL 安全漏洞	CNNVD-202304-1499	CVE-2023-21955	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
43	Oracle MySQL 安全漏洞	CNNVD-202304-1500	CVE-2023-21953	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
44	Oracle Java SE 安全漏洞	CNNVD-202304-1501	CVE-2023-21954	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
45	Oracle Business Intelligence Enterprise Edition 安全漏洞	CNNVD-202304-1502	CVE-2023-21952	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
46	Oracle MySQL 安全漏洞	CNNVD-202304-1503	CVE-2023-21947	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
47	Oracle MySQL 安全漏洞	CNNVD-202304-1505	CVE-2023-21946	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
48	Oracle MySQL 安全漏洞	CNNVD-202304-1506	CVE-2023-21945	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
49	Oracle Essbase 安全漏洞	CNNVD-202304-1507	CVE-2023-21944	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
50	Oracle Essbase 安全漏洞	CNNVD-202304-1508	CVE-2023-21943	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
51	Oracle Essbase 安全漏洞	CNNVD-202304-1509	CVE-2023-21942	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
52	Oracle MySQL 安全漏洞	CNNVD-202304-1510	CVE-2023-21940	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
53	Oracle BI Publisher 安全漏洞	CNNVD-202304-1511	CVE-2023-21941	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
54	Oracle Java SE 安全漏洞	CNNVD-202304-1516	CVE-2023-21939	中危	https://www.oracle.com/security-alerts/cpuapr2027.html
55	Oracle Financial Services Applications 安全漏洞	CNNVD-202304-1517	CVE-2023-21902	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
56	Oracle Financial Services Applications 安全漏洞	CNNVD-202304-1519	CVE-2023-21904	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
57	Oracle Financial Services Applications 安全漏洞	CNNVD-202304-1521	CVE-2023-21903	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
58	Oracle JD Edwards Products 安全漏洞	CNNVD-202304-1522	CVE-2023-21936	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
59	Oracle Financial Services Applications 安全漏洞	CNNVD-202304-1523	CVE-2023-21905	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
60	Oracle Financial Services Applications 安全漏洞	CNNVD-202304-1524	CVE-2023-21907	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
61	Oracle Financial Services Applications 安全漏洞	CNNVD-202304-1525	CVE-2023-21906	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
62	Oracle MySQL 安全漏洞	CNNVD-202304-1526	CVE-2023-21935	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
63	Oracle Business Intelligence Enterprise Edition 安全漏洞	CNNVD-202304-1527	CVE-2023-21910	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
64	Oracle Financial Services Applications 安全漏洞	CNNVD-202304-1528	CVE-2023-21908	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
65	Oracle Siebel CRM 安全漏洞	CNNVD-202304-1529	CVE-2023-21909	中危	https://www.oracle.com/security-alerts/cpuapr2044.html
66	Oracle Database Server 安全漏洞	CNNVD-202304-1530	CVE-2023-21934	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
67	Oracle MySQL 安全漏洞	CNNVD-202304-1531	CVE-2023-21913	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
68	Oracle MySQL 安全漏洞	CNNVD-202304-1532	CVE-2023-21911	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
69	Oracle MySQL 安全漏洞	CNNVD-202304-1534	CVE-2023-21933	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
70	Oracle MySQL 安全漏洞	CNNVD-202304-1535	CVE-2023-21917	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
71	Oracle Financial Services Applications 安全漏洞	CNNVD-202304-1536	CVE-2023-21915	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
72	Oracle MySQL 安全漏洞	CNNVD-202304-1538	CVE-2023-21919	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
73	Oracle PeopleSoft Products 安全漏洞	CNNVD-202304-1539	CVE-2023-21916	中危	https://www.oracle.com/security-alerts/cpuapr2043.html
74	Oracle Database Server 安全漏洞	CNNVD-202304-1540	CVE-2023-21918	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
75	Oracle Health Sciences Applications 安全漏洞	CNNVD-202304-1542	CVE-2023-21921	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
76	Oracle Health Sciences Applications 安全漏洞	CNNVD-202304-1543	CVE-2023-21922	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
77	Oracle MySQL 安全漏洞	CNNVD-202304-1544	CVE-2023-21920	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
78	Oracle Health Sciences Applications 安全漏洞	CNNVD-202304-1546	CVE-2023-21925	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
79	Oracle MySQL 安全漏洞	CNNVD-202304-1548	CVE-2023-21929	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
80	Oracle Health Sciences Applications 安全漏洞	CNNVD-202304-1550	CVE-2023-21926	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
81	Oracle JD Edwards Products 安全漏洞	CNNVD-202304-1551	CVE-2023-21927	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
82	Oracle Health Sciences Applications 安全漏洞	CNNVD-202304-1552	CVE-2023-21924	中危	https://www.oracle.com/security-alerts/cpuapr2023.html
83	Oracle Solaris 安全漏洞	CNNVD-202304-1456	CVE-2023-22003	低危	https://www.oracle.com/security-alerts/cpuapr2033.html
84	Oracle Virtualization 安全漏洞	CNNVD-202304-1459	CVE-2023-21999	低危	https://www.oracle.com/security-alerts/cpuapr2023.html
85	Oracle Virtualization 安全漏洞	CNNVD-202304-1466	CVE-2023-21991	低危	https://www.oracle.com/security-alerts/cpuapr2023.html
86	Oracle Virtualization 安全漏洞	CNNVD-202304-1470	CVE-2023-21988	低危	https://www.oracle.com/security-alerts/cpuapr2023.html
87	Oracle Java SE 安全漏洞	CNNVD-202304-1488	CVE-2023-21968	低危	https://www.oracle.com/security-alerts/cpuapr2025.html
88	Oracle MySQL 安全漏洞	CNNVD-202304-1494	CVE-2023-21963	低危	https://www.oracle.com/security-alerts/cpuapr2023.html
89	Oracle Java SE 安全漏洞	CNNVD-202304-1514	CVE-2023-21938	低危	https://www.oracle.com/security-alerts/cpuapr2024.html
90	Oracle Java SE 安全漏洞	CNNVD-202304-1518	CVE-2023-21937	低危	https://www.oracle.com/security-alerts/cpuapr2026.html
91	Oracle Solaris 安全漏洞	CNNVD-202304-1549	CVE-2023-21928	低危	https://www.oracle.com/security-alerts/cpuapr2029.html

此次更新共包括2个更新漏洞的补丁程序，其中高危漏洞1个，中危漏洞1个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle Database Server 输入验证错误漏洞	CNNVD-202107-1424	CVE-2021-2351	高危	https://www.oracle.com/security-alerts/cpujul2021.html
2	Oracle Fusion Middleware 路径遍历漏洞	CNNVD-202001-687	CVE-2020-6950	中危	https://www.oracle.com/security-alerts/cpujan2020.html

此次更新共包括275个影响Oracle产品的其他厂商漏洞的补丁程序，其中超危漏洞54个，高危漏洞142个，中危漏洞76个，低危漏洞3个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	厂商	官方链接
1	urllib3 信任管理问题漏洞	CNNVD-201812-491	CVE-2018-20060	超危	fedoraproject	https://github.com/urllib3/urllib3/blob/master/CHANGES.rst
2	Progress Telerik UI for ASP.NET AJAX 代码问题漏洞	CNNVD-201912-504	CVE-2019-18935	超危	个人开发者	https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization
3	PyYAML 输入验证错误漏洞	CNNVD-202102-918	CVE-2020-14343	超危	个人开发者	https://bugzilla.redhat.com/show_bug.cgi?id=1860466
4	Dell BSAFE 安全漏洞	CNNVD-202207-835	CVE-2020-29506	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
5	Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞	CNNVD-202207-837	CVE-2020-29507	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
6	Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞	CNNVD-202207-838	CVE-2020-29508	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
7	Dell BSAFE 安全特征问题漏洞	CNNVD-202207-834	CVE-2020-35163	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
8	Dell BSAFE 安全漏洞	CNNVD-202207-832	CVE-2020-35166	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
9	Dell BSAFE 安全漏洞	CNNVD-202207-831	CVE-2020-35167	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
10	Dell BSAFE 安全漏洞	CNNVD-202207-828	CVE-2020-35168	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
11	Dell BSAFE 输入验证错误漏洞	CNNVD-202207-830	CVE-2020-35169	超危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
12	Apache Xmlbeans 输入验证错误漏洞	CNNVD-202101-1146	CVE-2021-23926	超危	Apache基金会	https://issues.apache.org/jira/browse/XMLBEANS-517
13	Python 安全漏洞	CNNVD-202104-2308	CVE-2021-29921	超危	Python基金会	https://www.python.org/
14	json-schema 安全漏洞	CNNVD-202111-1201	CVE-2021-3918	超危	个人开发者	https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
15	Lapack 缓冲区错误漏洞	CNNVD-202112-725	CVE-2021-4048	超危	Lapack社区	https://bugzilla.redhat.com/show_bug.cgi?id=2024358
16	Sanitize 输入验证错误漏洞	CNNVD-202110-1259	CVE-2021-42575	超危	个人开发者	https://owasp.org/www-project-java-html-sanitizer/
17	GNU Libtasn1 缓冲区错误漏洞	CNNVD-202210-1689	CVE-2021-46848	超危	GNU基金会	https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5
18	OpenSSL 操作系统命令注入漏洞	CNNVD-202205-1962	CVE-2022-1292	超危	Openssl团队	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
19	SnakeYAML 代码问题漏洞	CNNVD-202212-1820	CVE-2022-1471	超危	个人开发者	https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
20	PCRE 缓冲区错误漏洞	CNNVD-202205-3348	CVE-2022-1586	超危	个人开发者	https://fossies.org/linux/pcre2/src/pcre2_jit_compile.c
21	PCRE 缓冲区错误漏洞	CNNVD-202205-3350	CVE-2022-1587	超危	个人开发者	https://fossies.org/linux/pcre2/src/pcre2_jit_compile.c
22	OpenSSL 操作系统命令注入漏洞	CNNVD-202206-2112	CVE-2022-2068	超危	OpenSSL	https://www.openssl.org/source/
23	OpenSSL 缓冲区错误漏洞	CNNVD-202207-242	CVE-2022-2274	超危	OpenSSL	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345
24	Spring Framework 代码注入漏洞	CNNVD-202203-2514	CVE-2022-22965	超危	Spring团队	https://tanzu.vmware.com/security/cve-2022-22965
25	VMware Spring Security 授权问题漏洞	CNNVD-202205-3584	CVE-2022-22978	超危	VMware	https://tanzu.vmware.com/security/cve-2022-22978
26	glibc 安全漏洞	CNNVD-202201-1163	CVE-2022-23218	超危	个人开发者	https://sourceware.org/bugzilla/show_bug.cgi?id=28768
27	glibc 安全漏洞	CNNVD-202201-1164	CVE-2022-23219	超危	个人开发者	https://sourceware.org/bugzilla/show_bug.cgi?id=22542
28	H2Console 代码注入漏洞	CNNVD-202201-1749	CVE-2022-23221	超危	个人开发者	https://github.com/h2database/h2database/releases/tag/version-2.1.210
29	Apache Log4j SQL注入漏洞	CNNVD-202201-1421	CVE-2022-23305	超危	Apache基金会	https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y
30	OWASP ESAPI 路径遍历漏洞	CNNVD-202204-4378	CVE-2022-23457	超危	个人开发者	https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2
31	Expat 代码注入漏洞	CNNVD-202202-1315	CVE-2022-25235	超危	个人开发者	https://github.com/libexpat/libexpa
32	Expat 输入验证错误漏洞	CNNVD-202202-1316	CVE-2022-25236	超危	个人开发者	https://github.com/libexpat/libexpa
33	Expat 输入验证错误漏洞	CNNVD-202202-1615	CVE-2022-25315	超危	个人开发者	https://github.com/libexpat/libexpat/pull/559
34	FreeType 缓冲区错误漏洞	CNNVD-202204-4272	CVE-2022-27404	超危	个人开发者	https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
35	Ruby 资源管理错误漏洞	CNNVD-202204-3370	CVE-2022-28738	超危	个人开发者	https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/
36	Github ejs 注入漏洞	CNNVD-202204-4327	CVE-2022-29078	超危	个人开发者	https://github.com/mde/ejs/releases
37	Apache Maven 命令注入漏洞	CNNVD-202204-4397	CVE-2022-29599	超危	Apache基金会	http://github.com/apache/maven-shared-utils/pull/40
38	VMware Spring Security 安全漏洞	CNNVD-202210-2599	CVE-2022-31692	超危	VMware	https://tanzu.vmware.com/security/cve-2022-31692
39	Apache Commons Configuration 代码注入漏洞	CNNVD-202207-428	CVE-2022-33980	超危	Apache基金会	https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s
40	Apache HTTP Server 环境问题漏洞	CNNVD-202301-1299	CVE-2022-36760	超危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
41	zlib 缓冲区错误漏洞	CNNVD-202208-2276	CVE-2022-37434	超危	个人开发者	https://github.com/madler/zlib/
42	XKCP 输入验证错误漏洞	CNNVD-202210-1541	CVE-2022-37454	超危	XKCP	https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
43	Apache Ivy 路径遍历漏洞	CNNVD-202211-2196	CVE-2022-37865	超危	Apache基金会	https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy
44	Apache Calcite 代码问题漏洞	CNNVD-202209-697	CVE-2022-39135	超危	Apache基金会	https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082
45	Apache Commons Text 代码注入漏洞	CNNVD-202210-790	CVE-2022-42889	超危	Apache基金会	https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
46	curl 资源管理错误漏洞	CNNVD-202210-2217	CVE-2022-42915	超危	curl	https://curl.se/docs/CVE-2022-42915.html
47	Jenkins Plugin Script Security 安全漏洞	CNNVD-202210-1411	CVE-2022-43401	超危	Jenkins	https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)
48	Jenkins Plugin Pipeline: Groovy 安全漏洞	CNNVD-202210-1410	CVE-2022-43402	超危	Jenkins	https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)
49	Apache MINA 代码问题漏洞	CNNVD-202211-2918	CVE-2022-45047	超危	Apache基金会	https://www.mail-archive.com/dev@mina.apache.org/msg39312.html
50	Apache CXF 代码问题漏洞	CNNVD-202212-3143	CVE-2022-46364	超危	Apache基金会	https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
51	libksba 输入验证错误漏洞	CNNVD-202212-3662	CVE-2022-47629	超危	个人开发者	https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
52	curl 安全漏洞	CNNVD-202302-1929	CVE-2023-23914	超危	个人开发者	https://github.com/curl/curl/releases/tag/curl-7_88_1
53	Apache Kerby 注入漏洞	CNNVD-202302-1606	CVE-2023-25613	超危	Apache基金会	https://lists.apache.org/thread/ynz3hhbbq6d980fzpncwbh5jd8mkyt5y
54	Apache HTTP Server 环境问题漏洞	CNNVD-202303-456	CVE-2023-25690	超危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
55	Pallets Project Flask 输入验证错误漏洞	CNNVD-201808-601	CVE-2018-1000656	高危	Palletsprojects	https://github.com/pallets/flask/releases/tag/0.12.3
56	Apache Xerces-C 资源管理错误漏洞	CNNVD-201912-755	CVE-2018-1311	高危	Apache基金会	https://xerces.apache.org
57	Eclipse Mojarra 路径遍历漏洞	CNNVD-201807-1528	CVE-2018-14371	高危	Eclipse	https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
58	Python 信任管理问题漏洞	CNNVD-201810-457	CVE-2018-18074	高危	canonical	https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
59	Pip 输入验证错误漏洞	CNNVD-202005-362	CVE-2018-20225	高危	Python软件基金会	https://pip.pypa.io/en/stable/news/
60	zlib 缓冲区错误漏洞	CNNVD-202203-2221	CVE-2018-25032	高危	个人开发者	https://z-lib.org/
61	Apache Commons Beanutils 代码问题漏洞	CNNVD-201908-1140	CVE-2019-10086	高危	debian	https://issues.apache.org/jira/browse/BEANUTILS-520
62	jackson-mapper-asl 代码问题漏洞	CNNVD-201911-1110	CVE-2019-10172	高危	个人开发者	https://mvnrepository.com/artifact/org.codehaus.jackson
63	Pivotal Software RabbitMQ 格式化字符串错误漏洞	CNNVD-201911-1307	CVE-2019-11287	高危	Pivotal Software	https://pivotal.io/security/cve-2019-11287
64	Apache Commons Compress 资源管理错误漏洞	CNNVD-201908-2148	CVE-2019-12402	高危	apache	https://commons.apache.org/proper/commons-compress/security-reports.html
65	libxml2 安全漏洞	CNNVD-202001-963	CVE-2019-20388	高危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
66	Python 输入验证错误漏洞	CNNVD-202007-558	CVE-2019-20907	高危	Python软件基金会	https://bugs.python.org/issue39017
67	Python 路径遍历漏洞	CNNVD-202009-303	CVE-2019-20916	高危	Python软件基金会	https://github.com/pypa/pip/issues/6413
68	Python 代码问题漏洞	CNNVD-202209-155	CVE-2020-10735	高危	Python基金会	https://www.python.org/
69	Apache Ant 安全漏洞	CNNVD-202010-015	CVE-2020-11979	高危	Apache基金会	https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E
70	Apache Batik 代码问题漏洞	CNNVD-202102-1586	CVE-2020-11987	高危	Apache基金会	https://xmlgraphics.apache.org/security.html
71	Apache XmlGraphics Commons 代码问题漏洞	CNNVD-202102-1587	CVE-2020-11988	高危	Apache基金会	https://xmlgraphics.apache.org/security.html
72	Iteris Apache Velocity 安全漏洞	CNNVD-202103-758	CVE-2020-13936	高危	Iteris	https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E
73	Red Hat Hibernate ORM SQL注入漏洞	CNNVD-202011-1706	CVE-2020-25638	高危	Red Hat	https://hibernate.org/
74	Fasterxml Jackson 代码问题漏洞	CNNVD-202010-622	CVE-2020-25649	高危	Fasterxml	https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59
75	Bouncy Castle BC 安全漏洞	CNNVD-202012-1340	CVE-2020-28052	高危	Bouncy Castle	https://www.bouncycastle.org/releasenotes.html
76	Dell BSAFE 安全漏洞	CNNVD-202207-833	CVE-2020-35164	高危	Dell	https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities
77	FasterXML jackson-databind 代码问题漏洞	CNNVD-202012-1285	CVE-2020-35490	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/2986
78	FasterXML jackson-databind 代码问题漏洞	CNNVD-202012-1270	CVE-2020-35491	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/2986
79	FasterXML jackson-databind 代码问题漏洞	CNNVD-202012-1602	CVE-2020-35728	高危	个人开发者	https://github.com/FasterXML/jackson-databind/issues/2999
80	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-327	CVE-2020-36179	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/3004
81	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-326	CVE-2020-36180	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/3004
82	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-330	CVE-2020-36181	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/3004
83	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-325	CVE-2020-36182	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/3004
84	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-371	CVE-2020-36183	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/3003
85	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-344	CVE-2020-36184	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/2998
86	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-337	CVE-2020-36185	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/2998
87	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-333	CVE-2020-36186	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/2997
88	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-331	CVE-2020-36187	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/2997
89	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-355	CVE-2020-36188	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/2996
90	FasterXML jackson-databind 代码问题漏洞	CNNVD-202101-329	CVE-2020-36189	高危	FasterXML	https://github.com/FasterXML/jackson-databind/issues/2996
91	FasterXML jackson-databind 缓冲区错误漏洞	CNNVD-202203-1165	CVE-2020-36518	高危	个人开发者	https://github.com/FasterXML/jackson-databind/issues/2816
92	Elasticsearch 安全漏洞	CNNVD-202003-1748	CVE-2020-7009	高危	Elasticsearch	https://www.elastic.co/cn/community/security/
93	libxml2 安全漏洞	CNNVD-202001-965	CVE-2020-7595	高危	Libxml2	https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
94	joyent json 操作系统命令注入漏洞	CNNVD-202008-1430	CVE-2020-7712	高危	个人开发者	https://snyk.io/vuln/SNYK-JS-JSON-597481
95	F5 NGINX Controller 安全漏洞	CNNVD-202105-1581	CVE-2021-23017	高危	F5	https://www.nginx.com/blog/updating-nginx-dns-resolver-vulnerability-cve-2021-23017/
96	lodash 代码注入漏洞	CNNVD-202102-1137	CVE-2021-23337	高危	个人开发者	https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
97	Github json-smart-v1 缓冲区错误漏洞	CNNVD-202106-103	CVE-2021-31684	高危	个人开发者	https://github.com/netplex
98	Libgcrypt 安全漏洞	CNNVD-202106-573	CVE-2021-33560	高危	GNU计划	https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61
99	Apache HTTP Server 代码问题漏洞	CNNVD-202109-1109	CVE-2021-34798	高危	Apache基金会	http://httpd.apache.org/security/vulnerabilities_24.html
100	libxml2 缓冲区错误漏洞	CNNVD-202105-234	CVE-2021-3517	高危	个人开发者	https://bugzilla.redhat.com/show_bug.cgi?id=1954232
101	libxml2 资源管理错误漏洞	CNNVD-202105-238	CVE-2021-3518	高危	个人开发者	https://bugzilla.redhat.com/show_bug.cgi?id=1954242
102	Apache Commons Compress 安全漏洞	CNNVD-202107-896	CVE-2021-35515	高危	Apache基金会	https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E
103	Apache Commons Compress 安全漏洞	CNNVD-202107-897	CVE-2021-35516	高危	Apache基金会	https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E
104	Apache Commons Compress 安全漏洞	CNNVD-202107-898	CVE-2021-35517	高危	Apache基金会	https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E
105	Apache Commons Compress 安全漏洞	CNNVD-202107-899	CVE-2021-36090	高危	Apache基金会	https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
106	OpenSSL 缓冲区错误漏洞	CNNVD-202108-1947	CVE-2021-3712	高危	Openssl团队	https://git.openssl.org/?p=openssl.git;a=summary
107	Netty 资源管理错误漏洞	CNNVD-202110-1442	CVE-2021-37136	高危	Netty社区	https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
108	Netty 资源管理错误漏洞	CNNVD-202110-1441	CVE-2021-37137	高危	Netty社区	https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
109	GNU C Library 代码问题漏洞	CNNVD-202108-1172	CVE-2021-38604	高危	个人开发者	https://sourceware.org/bugzilla/show_bug.cgi?id=28213
110	Apache Santuario 信息泄露漏洞	CNNVD-202109-1259	CVE-2021-40690	高危	Apache基金会	https://santuario.apache.org/javaindex.html
111	Apache Log4j 代码问题漏洞	CNNVD-202112-1011	CVE-2021-4104	高危	Apache基金会	https://logging.apache.org/log4j/2.x/security.html
112	GNU C Library 安全漏洞	CNNVD-202111-457	CVE-2021-43396	高危	个人开发者	https://sourceware.org/bugzilla/show_bug.cgi?id=28524
113	XStream 资源管理错误漏洞	CNNVD-202201-2709	CVE-2021-43859	高危	XStream	https://x-stream.github.io/CVE-2021-43859.html
114	nodejs 信任管理问题漏洞	CNNVD-202201-727	CVE-2021-44531	高危	个人开发者	https://nodejs.org/en/
115	Eclipse Jetty 资源管理错误漏洞	CNNVD-202207-594	CVE-2022-2048	高危	个人开发者	https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
116	nodejs 代码注入漏洞	CNNVD-202201-726	CVE-2022-21824	高危	个人开发者	https://nodejs.org/en/
117	Eclipse Jetty 安全漏洞	CNNVD-202207-589	CVE-2022-2191	高危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
118	Spring Cloud 安全漏洞	CNNVD-202206-2126	CVE-2022-22979	高危	Spring	https://tanzu.vmware.com/security/cve-2022-22979
119	Apache Tomcat 权限许可和访问控制问题漏洞	CNNVD-202201-2423	CVE-2022-23181	高危	Apache基金会	https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.75
120	Apache Log4j 代码问题漏洞	CNNVD-202201-1420	CVE-2022-23302	高危	Apache基金会	https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w
121	Apache Log4j 代码问题漏洞	CNNVD-202201-1425	CVE-2022-23307	高危	Apache基金会	https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
122	libxml2 资源管理错误漏洞	CNNVD-202202-1722	CVE-2022-23308	高危	个人开发者	https://vigilance.fr/vulnerability/libxml2-five-vulnerabilities-37614
123	Certifi 数据伪造问题漏洞	CNNVD-202212-2660	CVE-2022-23491	高危	Certifi	https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
124	Google Go 安全漏洞	CNNVD-202204-3892	CVE-2022-24675	高危	Google	https://github.com/golang/go/issues/51853
125	CKEditor 资源管理错误漏洞	CNNVD-202203-1545	CVE-2022-24729	高危	个人开发者	https://ckeditor.com/cke4/release/CKEditor-4.18
126	nekohtml资源管理错误漏洞	CNNVD-202204-2918	CVE-2022-24839	高危	个人开发者	https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d
127	Expat 输入验证错误漏洞	CNNVD-202202-1606	CVE-2022-25314	高危	个人开发者	https://nvd.nist.gov/vuln/detail/CVE-2022-25314
128	gson 代码问题漏洞	CNNVD-202205-1791	CVE-2022-25647	高危	个人开发者	https://github.com/google/gson/pull/1991/files
129	SnakeYAML 资源管理错误漏洞	CNNVD-202208-4428	CVE-2022-25857	高危	个人开发者	https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174
130	FreeType 缓冲区错误漏洞	CNNVD-202204-4275	CVE-2022-27405	高危	个人开发者	https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
131	FreeType 缓冲区错误漏洞	CNNVD-202204-4261	CVE-2022-27406	高危	个人开发者	http://freetype.com
132	curl 安全漏洞	CNNVD-202205-3032	CVE-2022-27778	高危	个人开发者	https://curl.se/docs/CVE-2022-27778.html
133	curl 代码问题漏洞	CNNVD-202205-2982	CVE-2022-27780	高危	个人开发者	https://curl.se/docs/CVE-2022-27780.html
134	curl 安全漏洞	CNNVD-202205-2986	CVE-2022-27781	高危	个人开发者	https://curl.se/docs/CVE-2022-27781.html
135	curl 信任管理问题漏洞	CNNVD-202205-2991	CVE-2022-27782	高危	个人开发者	https://curl.se/docs/CVE-2022-27782.html
136	Google Go 安全漏洞	CNNVD-202204-3890	CVE-2022-28327	高危	Google	https://go.dev/doc/devel/release#go1.18.minor
137	Ruby 缓冲区错误漏洞	CNNVD-202204-3369	CVE-2022-28739	高危	个人开发者	https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/
138	Google Golang 安全漏洞	CNNVD-202210-126	CVE-2022-2879	高危	Google	https://github.com/golang/go/issues/54853
139	Google Golang 环境问题漏洞	CNNVD-202210-124	CVE-2022-2880	高危	Google	https://github.com/golang/go/issues/54663
140	Grafana 数据伪造问题漏洞	CNNVD-202210-682	CVE-2022-31123	高危	Grafana实验室	https://grafana.com/
141	Moment.js 资源管理错误漏洞	CNNVD-202207-502	CVE-2022-31129	高危	个人开发者	https://github.com/moment/moment/pull/6015#issuecomment-1152961973
142	Grafana 信息泄露漏洞	CNNVD-202210-396	CVE-2022-31130	高危	Grafana实验室	https://grafana.com/
143	PHP 缓冲区错误漏洞	CNNVD-202210-2512	CVE-2022-31630	高危	PHP	https://www.php.net/ChangeLog-8.php#8.0.
144	VMware Spring Security 安全漏洞	CNNVD-202210-2598	CVE-2022-31690	高危	VMware	https://tanzu.vmware.com/security/cve-2022-31690
145	Google protobuf 安全漏洞	CNNVD-202210-769	CVE-2022-3171	高危	Google	https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
146	Node.js 操作系统命令注入漏洞	CNNVD-202207-684	CVE-2022-32212	高危	Node.js	https://access.redhat.com/security/cve/cve-2022-32212
147	OpenSSL 代码问题漏洞	CNNVD-202210-400	CVE-2022-3358	高危	OpenSSL团队	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b
148	Apache Xalan 输入验证错误漏洞	CNNVD-202207-1617	CVE-2022-34169	高危	Apache基金会	https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
149	NSS 安全漏洞	CNNVD-202210-947	CVE-2022-3479	高危	Mozilla基金会	https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
150	Apache Kafka 安全漏洞	CNNVD-202209-1525	CVE-2022-34917	高危	Apache基金会	https://kafka.apache.org/
151	SQLite 输入验证错误漏洞	CNNVD-202207-2282	CVE-2022-35737	高危	SQLite	https://www.sqlite.org/cgi/docsrc/info/6c12812e54d369d5ba596fba91c29f08b325d237f69eace6e6eb6feed835c817
152	OpenSSL 安全漏洞	CNNVD-202210-2605	CVE-2022-3602	高危	OpenSSL团队	https://www.openssl.org/news/secadv/20221101.txt
153	OpenSSL 安全漏洞	CNNVD-202210-2604	CVE-2022-3786	高危	OpenSSL团队	https://www.openssl.org/news/secadv/20221101.txt
154	Apache Ivy 路径遍历漏洞	CNNVD-202211-2195	CVE-2022-37866	高危	Apache基金会	https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b
155	Grafana 信息泄露漏洞	CNNVD-202210-863	CVE-2022-39201	高危	Grafana实验室	https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr
156	Containous Traefik 资源管理错误漏洞	CNNVD-202210-522	CVE-2022-39271	高危	Containous	https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr
157	Apache XML Graphics Batik代码问题漏洞	CNNVD-202209-2287	CVE-2022-40146	高危	Apache基金会	https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx
158	Jettison 缓冲区错误漏洞	CNNVD-202209-1235	CVE-2022-40149	高危	个人开发者	https://github.com/jettison-json/jettison/issues/45
159	Jettison 资源管理错误漏洞	CNNVD-202209-1233	CVE-2022-40150	高危	个人开发者	https://github.com/jettison-json/jettison/issues/45
160	XStream 缓冲区错误漏洞	CNNVD-202209-1234	CVE-2022-40151	高危	XStream	https://github.com/x-stream/xstream/issues/304
161	XStream 缓冲区错误漏洞	CNNVD-202209-1230	CVE-2022-40152	高危	XStream	https://github.com/x-stream/xstream/issues/304
162	libxml2 输入验证错误漏洞	CNNVD-202210-1031	CVE-2022-40303	高危	个人开发者	https://github.com/GNOME/libxml2
163	libxml2 代码问题漏洞	CNNVD-202210-1022	CVE-2022-40304	高危	个人开发者	https://github.com/GNOME/libxml2
164	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202210-1712	CVE-2022-41704	高危	Apache基金会	https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
165	Google Golang 安全漏洞	CNNVD-202210-125	CVE-2022-41715	高危	Google	https://github.com/golang/go/issues/55951
166	Netty 安全漏洞	CNNVD-202212-2914	CVE-2022-41881	高危	Netty社区	https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
167	XStream 安全漏洞	CNNVD-202212-4034	CVE-2022-41966	高危	XStream	https://x-stream.github.io/CVE-2022-41966.html
168	FasterXML jackson-databind 代码问题漏洞	CNNVD-202210-007	CVE-2022-42003	高危	FasterXML	https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
169	FasterXML jackson-databind 代码问题漏洞	CNNVD-202210-006	CVE-2022-42004	高危	FasterXML	https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
170	Apache Tomcat 环境问题漏洞	CNNVD-202210-2602	CVE-2022-42252	高危	Apache基金会	https://tomcat.apache.org/security-8.html
171	Apache XML Graphics Batik 代码问题漏洞	CNNVD-202210-1707	CVE-2022-42890	高危	Apache基金会	https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
172	MIT Kerberos 输入验证错误漏洞	CNNVD-202211-2910	CVE-2022-42898	高危	MIT	https://web.mit.edu/kerberos/
173	curl 安全漏洞	CNNVD-202210-2216	CVE-2022-42916	高危	curl	https://curl.se/docs/CVE-2022-42916.html
174	Python 安全漏洞	CNNVD-202210-2513	CVE-2022-42919	高危	Python基金会	https://github.com/python/cpython/issues/97514
175	Node.js 操作系统命令注入漏洞	CNNVD-202211-2070	CVE-2022-43548	高危	个人开发者	https://nodejs.org/en/
176	curl 安全漏洞	CNNVD-202212-3665	CVE-2022-43551	高危	个人开发者	https://curl.se/docs/CVE-2022-43551.html
177	libexpat 资源管理错误漏洞	CNNVD-202210-1676	CVE-2022-43680	高危	个人开发者	https://github.com/libexpat/libexpat/issues/649
178	OpenSSL 资源管理错误漏洞	CNNVD-202302-510	CVE-2022-4450	高危	OpenSSL	https://www.openssl.org/news/secadv/20230207.txt
179	Python 资源管理错误漏洞	CNNVD-202211-2414	CVE-2022-45061	高危	Python基金会	https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html
180	Apache Tomcat 注入漏洞	CNNVD-202301-137	CVE-2022-45143	高危	Apache基金会	https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
181	Jettison 缓冲区错误漏洞	CNNVD-202212-3132	CVE-2022-45685	高危	个人开发者	https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
182	Jettison 缓冲区错误漏洞	CNNVD-202212-3128	CVE-2022-45693	高危	个人开发者	https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3
183	Apache CXF 输入验证错误漏洞	CNNVD-202212-3125	CVE-2022-46363	高危	Apache基金会	https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
184	SQLite 安全漏洞	CNNVD-202212-2843	CVE-2022-46908	高危	个人开发者	https://sqlite.org/src/info/cefc032473ac5ad2
185	OpenSSL 资源管理错误漏洞	CNNVD-202302-521	CVE-2023-0215	高危	OpenSSL	https://ubuntu.com/security/notices/USN-5845-1
186	OpenSSL 安全漏洞	CNNVD-202302-524	CVE-2023-0286	高危	OpenSSL	https://ubuntu.com/security/notices/USN-5845-1
187	GnuTLS 安全漏洞	CNNVD-202302-884	CVE-2023-0361	高危	个人开发者	https://gitlab.com/gnutls/gnutls/-/issues/1050
188	PHP 安全漏洞	CNNVD-202302-1356	CVE-2023-0568	高危	PHP	https://bugs.php.net/bug.php?id=81746
189	PHP 资源管理错误漏洞	CNNVD-202302-1353	CVE-2023-0662	高危	PHP	https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv
190	netplex json-smart 安全漏洞	CNNVD-202303-1658	CVE-2023-1370	高危	netplex	https://netplex.github.io/json-smart/
191	Node.js 安全漏洞	CNNVD-202302-1960	CVE-2023-23918	高危	个人开发者	https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
192	Node.js 安全漏洞	CNNVD-202302-1945	CVE-2023-23919	高危	个人开发者	https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
193	Apache Commons FileUpload 安全漏洞	CNNVD-202302-1610	CVE-2023-24998	高危	Apache基金会	https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
194	Apache Kafka 代码问题漏洞	CNNVD-202302-515	CVE-2023-25194	高危	Apache基金会	https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
195	Pallets Werkzeug 安全漏洞	CNNVD-202302-1160	CVE-2023-25577	高危	个人开发者	https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
196	Apache HTTP Server 环境问题漏洞	CNNVD-202303-452	CVE-2023-27522	高危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
197	Apache POI 代码问题漏洞	CNNVD-201910-1431	CVE-2019-12415	中危	Apache基金会	https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@
198	Mojarra 跨站脚本漏洞	CNNVD-201910-136	CVE-2019-17091	中危	Eclipse	https://github.com/eclipse-ee4j/mojarra/pull/4567
199	Hibernate Validator 输入验证错误漏洞	CNNVD-202005-159	CVE-2020-10693	中危	个人开发者	https://hibernate.org/
200	Apache CXF 跨站脚本漏洞	CNNVD-202011-981	CVE-2020-13954	中危	Apache基金会	http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2
201	Junit 信息泄露漏洞	CNNVD-202010-445	CVE-2020-15250	中危	个人开发者	https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md
202	Bouncy Castle BC 竞争条件问题漏洞	CNNVD-202105-1290	CVE-2020-15522	中危	Bouncy Castle	https://github.com/LINBIT/csync2/commit/416f1de878ef97e27e27508914f7ba8599a0be22
203	Apache Groovy 安全漏洞	CNNVD-202012-422	CVE-2020-17521	中危	Apache基金会	https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
204	Apache Ant 信息泄露漏洞	CNNVD-202005-777	CVE-2020-1945	中危	Apache基金会	https://ant.apache.org/security.html
205	libxml2 缓冲区错误漏洞	CNNVD-202009-268	CVE-2020-24977	中危	Libxml2	https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
206	lodash 安全漏洞	CNNVD-202102-1168	CVE-2020-28500	中危	个人开发者	https://github.com/lodash/lodash/pull/5065
207	Google protobuf 安全漏洞	CNNVD-202201-628	CVE-2021-22569	中危	Google	https://cloud.google.com/support/bulletins#gcp-2022-001
208	jszip 安全漏洞	CNNVD-202107-1826	CVE-2021-23413	中危	个人开发者	https://github.com/Stuk/jszip/pull/766
209	netplex json-smart-v 代码问题漏洞	CNNVD-202102-1490	CVE-2021-27568	中危	个人开发者	https://github.com/netplex/json-smart-v2
210	Maxim Nesen jersey 安全漏洞	CNNVD-202104-1669	CVE-2021-28168	中危	Maxim Nesen	https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv
211	Apache Commons IO 路径遍历漏洞	CNNVD-202104-702	CVE-2021-29425	中危	Apache基金会	https://issues.apache.org/jira/browse/IO-556
212	Apache MINA 安全漏洞	CNNVD-202107-630	CVE-2021-30129	中危	Apache基金会	https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
213	CKEditor 跨站脚本漏洞	CNNVD-202108-1181	CVE-2021-32808	中危	个人开发者	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c
214	CKEditor 跨站脚本漏洞	CNNVD-202108-1175	CVE-2021-32809	中危	个人开发者	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg
215	OWASP AntiSamy 跨站脚本漏洞	CNNVD-202107-1281	CVE-2021-35043	中危	OWASP基金会	https://owasp.org/
216	libxml2 代码问题漏洞	CNNVD-202105-002	CVE-2021-3537	中危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61
217	Apache Ant 安全漏洞	CNNVD-202107-983	CVE-2021-36373	中危	Apache基金会	https://ant.apache.org/
218	Apache Ant 安全漏洞	CNNVD-202107-984	CVE-2021-36374	中危	Apache基金会	https://ant.apache.org/
219	Memcached 缓冲区错误漏洞	CNNVD-202302-239	CVE-2021-37519	中危	个人开发者	https://github.com/memcached/memcached/pull/806/commits/264722ae4e248b453be00e97197dadc685b60fd0
220	Apache Commons Net 输入验证错误漏洞	CNNVD-202212-2188	CVE-2021-37533	中危	Apache基金会	https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
221	CKEditor 跨站脚本漏洞	CNNVD-202108-1157	CVE-2021-37695	中危	个人开发者	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
222	Libgcrypt 加密问题漏洞	CNNVD-202109-275	CVE-2021-40528	中危	GNU社区	https://gnupg.org/index.html
223	jQuery 跨站脚本漏洞	CNNVD-202110-1843	CVE-2021-41182	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
224	jQuery 跨站脚本漏洞	CNNVD-202110-1839	CVE-2021-41183	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
225	Openjs Jquery Ui 跨站脚本漏洞	CNNVD-202110-1845	CVE-2021-41184	中危	Openjs基金会	https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
226	Apache MINA 安全漏洞	CNNVD-202111-238	CVE-2021-41973	中危	Apache基金会	https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
227	nodejs 信任管理问题漏洞	CNNVD-202201-728	CVE-2021-44532	中危	个人开发者	https://nodejs.org/en/
228	nodejs 信任管理问题漏洞	CNNVD-202201-725	CVE-2021-44533	中危	个人开发者	https://nodejs.org/en/
229	Apache Log4j 输入验证错误漏洞	CNNVD-202112-2743	CVE-2021-44832	中危	Apache基金会	https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf
230	OpenSSL 加密问题漏洞	CNNVD-202207-379	CVE-2022-2097	中危	OpenSSL	https://www.openssl.org/news/secadv/20220705.txt
231	Vmware Spring Framework 安全漏洞	CNNVD-202203-2333	CVE-2022-22950	中危	VMware	https://tanzu.vmware.com/security/cve-2022-22950
232	Spring Framework 输入验证错误漏洞	CNNVD-202205-2988	CVE-2022-22970	中危	Spring团队	https://spring.io/projects/spring-framework
233	Spring Framework 输入验证错误漏洞	CNNVD-202205-2980	CVE-2022-22971	中危	Spring团队	https://spring.io/projects/spring-framework
234	Spring Framework 输入验证错误漏洞	CNNVD-202205-3586	CVE-2022-22976	中危	Spring团队	https://tanzu.vmware.com/security/cve-2022-22976
235	Xerces 安全漏洞	CNNVD-202201-2238	CVE-2022-23437	中危	Apache基金会	https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl
236	CKEditor 跨站脚本漏洞	CNNVD-202203-1546	CVE-2022-24728	中危	个人开发者	https://ckeditor.com/cke4/release/CKEditor-4.18
237	Netty 安全漏洞	CNNVD-202205-2566	CVE-2022-24823	中危	Netty社区	https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
238	OWASP ESAPI 跨站脚本漏洞	CNNVD-202204-4523	CVE-2022-24891	中危	个人开发者	https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q
239	Expat 资源管理错误漏洞	CNNVD-202202-1613	CVE-2022-25313	中危	个人开发者	https://github.com/libexpat/libexpat/pull/558
240	Apache POI 资源管理错误漏洞	CNNVD-202203-460	CVE-2022-26336	中危	Apache基金会	https://lists.apache.org/thread/sprg0kq986pc2271dc3v2oxb1f9qx09j
241	curl 信息泄露漏洞	CNNVD-202205-3033	CVE-2022-27779	中危	个人开发者	https://curl.se/docs/CVE-2022-27779.html
242	DPDK 输入验证错误漏洞	CNNVD-202208-4449	CVE-2022-28199	中危	个人开发者	https://git.dpdk.org/dpdk/commit/?id=60b254e3923d007bcadbb8d410f95ad89a2f13fa
243	Apache HTTP Server 输入验证错误漏洞	CNNVD-202206-847	CVE-2022-28614	中危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
244	OWASP AntiSamy 跨站脚本漏洞	CNNVD-202204-4024	CVE-2022-29577	中危	Owasp基金会	https://github.com/nahsra/antisamy/releases/tag/v1.6.7
245	libxslt和libxml2 输入验证错误漏洞	CNNVD-202205-1926	CVE-2022-29824	中危	个人开发者	https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
246	curl 安全漏洞	CNNVD-202205-3034	CVE-2022-30115	中危	个人开发者	https://curl.se/docs/CVE-2022-30115.html
247	HTTP::Daemon 环境问题漏洞	CNNVD-202206-2650	CVE-2022-31081	中危	个人开发者	https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf
248	jQuery 跨站脚本漏洞	CNNVD-202207-2121	CVE-2022-31160	中危	个人开发者	https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
249	Node.js 环境问题漏洞	CNNVD-202207-683	CVE-2022-32213	中危	Node.js	https://access.redhat.com/security/cve/cve-2022-32213
250	Node.js 环境问题漏洞	CNNVD-202207-678	CVE-2022-32215	中危	Node.js	https://access.redhat.com/security/cve/cve-2022-32215
251	Node.js 加密问题漏洞	CNNVD-202207-682	CVE-2022-32222	中危	Node.js	https://nodejs.org/zh-cn/
252	Apache Tomcat 跨站脚本漏洞	CNNVD-202206-2227	CVE-2022-34305	中危	Apache基金会	https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k
253	jsoup 跨站脚本漏洞	CNNVD-202208-4329	CVE-2022-36033	中危	个人开发者	https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
254	Apache HTTP Server 注入漏洞	CNNVD-202301-1298	CVE-2022-37436	中危	Apache基金会	https://httpd.apache.org/security/vulnerabilities_24.html
255	systemd 安全漏洞	CNNVD-202211-2364	CVE-2022-3821	中危	个人开发者	https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e
256	SnakeYAML 缓冲区错误漏洞	CNNVD-202209-183	CVE-2022-38749	中危	SnakeYAML	https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
257	SnakeYAML 缓冲区错误漏洞	CNNVD-202209-172	CVE-2022-38750	中危	snakeYAML	https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
258	SnakeYAML 缓冲区错误漏洞	CNNVD-202209-169	CVE-2022-38751	中危	SnakeYAML	https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
259	SnakeYAML 缓冲区错误漏洞	CNNVD-202209-171	CVE-2022-38752	中危	snakeYAML	https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
260	Grafana 授权问题漏洞	CNNVD-202210-762	CVE-2022-39229	中危	Grafana实验室	https://grafana.com/grafana/download/9.2?pg=blog&plcmt=body-txt
261	Netty 安全漏洞	CNNVD-202212-3060	CVE-2022-41915	中危	Netty社区	https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
262	OpenSSL 安全漏洞	CNNVD-202302-514	CVE-2022-4304	中危	OpenSSL	https://www.openssl.org/news/secadv/20230207.txt
263	systemd 信息泄露漏洞	CNNVD-202212-3721	CVE-2022-4415	中危	个人开发者	https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c
264	SUSE Linux Enterprise Server 安全漏洞	CNNVD-202302-1900	CVE-2023-0567	中危	SUSE	https://www.suse.com/support/update/announcement/2023/suse-su-20230476-1
265	Zip4j 访问控制错误漏洞	CNNVD-202301-648	CVE-2023-22899	中危	个人开发者	https://github.com/srikanth-lingala/zip4j/releases
266	curl 安全漏洞	CNNVD-202302-1928	CVE-2023-23915	中危	个人开发者	https://github.com/curl/curl/releases/tag/curl-7_88_1
267	curl 安全漏洞	CNNVD-202302-1927	CVE-2023-23916	中危	个人开发者	https://github.com/curl/curl/releases/tag/curl-7_88_1
268	Node.js 代码问题漏洞	CNNVD-202302-1924	CVE-2023-23920	中危	Node.js	https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
269	cryptography 代码问题漏洞	CNNVD-202302-523	CVE-2023-23931	中危	Cryptographic	https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
270	undici 注入漏洞	CNNVD-202302-1436	CVE-2023-23936	中危	个人开发者	https://github.com/nodejs/undici/releases/tag/v5.19.1
271	OpenSSH 资源管理错误漏洞	CNNVD-202302-205	CVE-2023-25136	中危	OpenBSD	https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig
272	Apache Tomcat 安全漏洞	CNNVD-202303-1662	CVE-2023-28708	中危	Apache基金会	https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
273	Google Guava 访问控制错误漏洞	CNNVD-202012-827	CVE-2020-8908	低危	Google	https://github.com/google/guava/issues/4011
274	Eclipse Jetty 输入验证错误漏洞	CNNVD-202207-599	CVE-2022-2047	低危	Eclipse基金会	https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
275	Pallets Werkzeug 安全漏洞	CNNVD-202302-1170	CVE-2023-23934	低危	个人开发者	https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028

三、修复建议

目前，Oracle官方已经发布补丁修复了上述漏洞，建议用户及时确认漏洞影响，尽快采取修补措施。Oracle官方补丁下载地址：

https://www.oracle.com/security-alerts/cpuapr2023.html

上一条：【漏洞通报】CNNVD关于微软多个安全漏洞的通报

下一条：Microsoft发布2023年4月安全更新