近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞60个,影响到Oracle产品的其他厂商漏洞247个。包括Oracle Application Express 安全漏洞(CNNVD-202307-1575、CVE-2023-21975)、Oracle Application Express 安全漏洞(CNNVD-202307-1588、CVE-2023-21974)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。Oracle多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年7月18日,Oracle发布了2023年7月份安全更新,共307个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql 和 Mysql 组件、Oracle Database Server、Oracle Solaris、Oracle Fusion Middleware、Oracle Essbase、Oracle Virtualization等。CNNVD对其危害等级进行了评价,其中超危漏洞52个,高危漏洞129个,中危漏洞111个,低危漏洞15个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:
https://www.oracle.com/security-alerts/cpujul2023.html
二、漏洞详情
此次更新共包括56个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞6个,中危漏洞37个,低危漏洞11个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Oracle Application Express 安全漏洞 |
CNNVD-202307-1575 |
CVE-2023-21975 |
超危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
2 |
Oracle Application Express 安全漏洞 |
CNNVD-202307-1588 |
CVE-2023-21974 |
超危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
3 |
Oracle Virtualization 安全漏洞 |
CNNVD-202307-1589 |
CVE-2023-22018 |
高危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
4 |
Oracle Solaris 安全漏洞 |
CNNVD-202307-1596 |
CVE-2023-22023 |
高危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
5 |
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 |
CNNVD-202307-1602 |
CVE-2023-22014 |
高危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
6 |
Oracle PeopleSoft 安全漏洞 |
CNNVD-202307-1624 |
CVE-2023-22047 |
高危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
7 |
Oracle Hyperion 安全漏洞 |
CNNVD-202307-1631 |
CVE-2023-22060 |
高危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
8 |
Oracle Hyperion 安全漏洞 |
CNNVD-202307-1640 |
CVE-2023-22062 |
高危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
9 |
Oracle Essbase 安全漏洞 |
CNNVD-202307-1572 |
CVE-2023-21961 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
10 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1574 |
CVE-2023-21950 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
11 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1576 |
CVE-2023-22005 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
12 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202307-1577 |
CVE-2023-21994 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
13 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202307-1578 |
CVE-2023-22004 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
14 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1579 |
CVE-2023-22008 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
15 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1581 |
CVE-2023-22007 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
16 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202307-1584 |
CVE-2023-22013 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
17 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202307-1585 |
CVE-2023-22009 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
18 |
Oracle Application Express 安全漏洞 |
CNNVD-202307-1586 |
CVE-2023-21983 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
19 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202307-1587 |
CVE-2023-22011 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
20 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202307-1590 |
CVE-2023-22020 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
21 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202307-1591 |
CVE-2023-22021 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
22 |
Oracle Health Sciences Applications 安全漏洞 |
CNNVD-202307-1592 |
CVE-2023-22022 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
23 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202307-1593 |
CVE-2023-22027 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
24 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1594 |
CVE-2023-22033 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
25 |
Oracle Virtualization 安全漏洞 |
CNNVD-202307-1595 |
CVE-2023-22017 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
26 |
Oracle Database Server 安全漏洞 |
CNNVD-202307-1597 |
CVE-2023-22034 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
27 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202307-1598 |
CVE-2023-22031 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
28 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202307-1599 |
CVE-2023-22037 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
29 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202307-1600 |
CVE-2023-22035 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
30 |
Oracle Supply Chain Products Suite 安全漏洞 |
CNNVD-202307-1604 |
CVE-2023-22039 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
31 |
Oracle Java SE 安全漏洞 |
CNNVD-202307-1605 |
CVE-2023-22041 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
32 |
Oracle E-Business Suite 安全漏洞 |
CNNVD-202307-1606 |
CVE-2023-22042 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
33 |
Oracle Java SE 安全漏洞 |
CNNVD-202307-1608 |
CVE-2023-22043 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
34 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1610 |
CVE-2023-22046 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
35 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202307-1612 |
CVE-2023-22012 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
36 |
Oracle Virtualization 安全漏洞 |
CNNVD-202307-1613 |
CVE-2023-22016 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
37 |
Oracle Fusion Middleware 安全漏洞 |
CNNVD-202307-1614 |
CVE-2023-22040 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
38 |
Oracle JD Edwards 安全漏洞 |
CNNVD-202307-1617 |
CVE-2023-22050 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
39 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1621 |
CVE-2023-22053 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
40 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1625 |
CVE-2023-22054 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
41 |
Oracle JD Edwards 安全漏洞 |
CNNVD-202307-1626 |
CVE-2023-22055 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
42 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1628 |
CVE-2023-22056 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
43 |
Oracle MySQL Server 安全漏洞 |
CNNVD-202307-1629 |
CVE-2023-22057 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
44 |
Oracle Business Intelligence Enterprise Edition 安全漏洞 |
CNNVD-202307-1634 |
CVE-2023-22061 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
45 |
Oracle MySQL Server 安全漏洞 |
CNNVD-202307-1636 |
CVE-2023-22058 |
中危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
46 |
Oracle Database Server 安全漏洞 |
CNNVD-202307-1573 |
CVE-2023-21949 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
47 |
Oracle Java SE 安全漏洞 |
CNNVD-202307-1580 |
CVE-2023-22006 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
48 |
Oracle Essbase 安全漏洞 |
CNNVD-202307-1582 |
CVE-2023-22010 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
49 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1601 |
CVE-2023-22038 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
50 |
Oracle Java SE 安全漏洞 |
CNNVD-202307-1603 |
CVE-2023-22036 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
51 |
Oracle Java SE 安全漏洞 |
CNNVD-202307-1611 |
CVE-2023-22044 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
52 |
Oracle MySQL 安全漏洞 |
CNNVD-202307-1615 |
CVE-2023-22048 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
53 |
Oracle Java SE 安全漏洞 |
CNNVD-202307-1616 |
CVE-2023-22045 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
54 |
Oracle Java SE 安全漏洞 |
CNNVD-202307-1619 |
CVE-2023-22049 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
55 |
Oracle Java SE 安全漏洞 |
CNNVD-202307-1620 |
CVE-2023-22051 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
|
56 |
Oracle Database Server 安全漏洞 |
CNNVD-202307-1623 |
CVE-2023-22052 |
低危 |
https://www.oracle.com/security-alerts/cpujul2023.html |
此次更新共包括4个更新漏洞的补丁程序,其中中危漏洞3个,低危漏洞1个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Oracle Java SE 安全漏洞 |
CNNVD-202301-1353 |
CVE-2023-21830 |
中危 |
https://www.oracle.com/security-alerts/cpujan2029.html |
|
2 |
Oracle Java SE 安全漏洞 |
CNNVD-202301-1360 |
CVE-2023-21835 |
中危 |
https://www.oracle.com/security-alerts/cpujan2033.html |
|
3 |
Oracle MySQL 安全漏洞 |
CNNVD-202304-1486 |
CVE-2023-21971 |
中危 |
https://www.oracle.com/security-alerts/cpuapr2023.html |
|
4 |
Oracle Java SE 安全漏洞 |
CNNVD-202301-1370 |
CVE-2023-21843 |
低危 |
https://www.oracle.com/security-alerts/cpujan2041.html |
此次更新共包括247个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞50个,高危漏洞123个,中危漏洞71个,低危漏洞3个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
|
1 |
Apache Hive JDBC驱动程序SQL注入漏洞 |
CNNVD-201804-274 |
CVE-2018-1282 |
超危 |
Apache基金会 |
https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E |
|
2 |
Terracotta Quartz Scheduler 代码问题漏洞 |
CNNVD-201907-1383 |
CVE-2019-13990 |
超危 |
softwareag |
http://www.quartz-scheduler.org/ |
|
3 |
Swagger UI 跨站请求伪造漏洞 |
CNNVD-201910-715 |
CVE-2019-17495 |
超危 |
个人开发者 |
https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11 |
|
4 |
FasterXML jackson-databind 代码问题漏洞 |
CNNVD-201910-774 |
CVE-2019-17531 |
超危 |
Fasterxml |
https://github.com/FasterXML/jackson-databind/issues/2498 |
|
5 |
Apache Log4j 代码问题漏洞 |
CNNVD-201912-950 |
CVE-2019-17571 |
超危 |
Apache基金会 |
https://www.apache.org/ |
|
6 |
Apache ActiveMQ 代码注入漏洞 |
CNNVD-202009-680 |
CVE-2020-11998 |
超危 |
Apache基金会 |
http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt |
|
7 |
Apache Commons Configuration 输入验证错误漏洞 |
CNNVD-202003-821 |
CVE-2020-1953 |
超危 |
Apache基金会 |
https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E |
|
8 |
Dell BSAFE Micro Edition Suite和Dell BSAFE 输入验证错误漏洞 |
CNNVD-202207-838 |
CVE-2020-29508 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
9 |
Dell BSAFE 安全特征问题漏洞 |
CNNVD-202207-834 |
CVE-2020-35163 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
10 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-832 |
CVE-2020-35166 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
11 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-831 |
CVE-2020-35167 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
12 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-828 |
CVE-2020-35168 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
13 |
Dell BSAFE 输入验证错误漏洞 |
CNNVD-202207-830 |
CVE-2020-35169 |
超危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
14 |
Apache Chainsaw 代码问题漏洞 |
CNNVD-202106-1293 |
CVE-2020-9493 |
超危 |
Apache基金会 |
https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E |
|
15 |
Apache Xmlbeans 输入验证错误漏洞 |
CNNVD-202101-1146 |
CVE-2021-23926 |
超危 |
Apache基金会 |
https://issues.apache.org/jira/browse/XMLBEANS-517 |
|
16 |
Microsoft .NET Core 安全漏洞 |
CNNVD-202102-681 |
CVE-2021-24112 |
超危 |
Microsoft |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24112 |
|
17 |
LZ4 输入验证错误漏洞 |
CNNVD-202104-2105 |
CVE-2021-3520 |
超危 |
个人开发者 |
https://github.com/lz4/lz4/pull/972 |
|
18 |
Sanitize 输入验证错误漏洞 |
CNNVD-202110-1259 |
CVE-2021-42575 |
超危 |
个人开发者 |
https://owasp.org/www-project-java-html-sanitizer/ |
|
19 |
iText 命令注入漏洞 |
CNNVD-202112-1333 |
CVE-2021-43113 |
超危 |
个人开发者 |
https://github.com/itext/itext7/releases/tag/7.1.17 |
|
20 |
Apache Log4j 代码问题漏洞 |
CNNVD-202112-799 |
CVE-2021-44228 |
超危 |
Apache基金会 |
https://logging.apache.org/log4j/2.x/security.html |
|
21 |
Apache Log4j 代码问题漏洞 |
CNNVD-202112-1065 |
CVE-2021-45046 |
超危 |
Apache基金会 |
https://logging.apache.org/log4j/2.x/security.html。 |
|
22 |
SnakeYAML 代码问题漏洞 |
CNNVD-202212-1820 |
CVE-2022-1471 |
超危 |
个人开发者 |
https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 |
|
23 |
Dexie 安全漏洞 |
CNNVD-202205-1809 |
CVE-2022-21189 |
超危 |
个人开发者 |
https://github.com/dexie/Dexie.js |
|
24 |
Apache Log4j SQL注入漏洞 |
CNNVD-202201-1421 |
CVE-2022-23305 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y |
|
25 |
OWASP ESAPI 路径遍历漏洞 |
CNNVD-202204-4378 |
CVE-2022-23457 |
超危 |
个人开发者 |
https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 |
|
26 |
Apache Hadoop 操作系统命令注入漏洞 |
CNNVD-202208-2167 |
CVE-2022-25168 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130 |
|
27 |
Apache Hadoop 路径遍历漏洞 |
CNNVD-202204-2605 |
CVE-2022-26612 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz |
|
28 |
FreeType 缓冲区错误漏洞 |
CNNVD-202204-4272 |
CVE-2022-27404 |
超危 |
个人开发者 |
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 |
|
29 |
Pallets Werkzeug 环境问题漏洞 |
CNNVD-202205-4094 |
CVE-2022-29361 |
超危 |
个人开发者 |
https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85 |
|
30 |
VMware Spring Security 安全漏洞 |
CNNVD-202210-2599 |
CVE-2022-31692 |
超危 |
VMware |
https://tanzu.vmware.com/security/cve-2022-31692 |
|
31 |
Apache Commons Configuration 代码注入漏洞 |
CNNVD-202207-428 |
CVE-2022-33980 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s |
|
32 |
Apache HTTP Server 环境问题漏洞 |
CNNVD-202301-1299 |
CVE-2022-36760 |
超危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
33 |
Scala 代码问题漏洞 |
CNNVD-202209-2463 |
CVE-2022-36944 |
超危 |
Scala |
https://www.scala-lang.org/download/ |
|
34 |
zlib 缓冲区错误漏洞 |
CNNVD-202208-2276 |
CVE-2022-37434 |
超危 |
个人开发者 |
https://github.com/madler/zlib/ |
|
35 |
XKCP 输入验证错误漏洞 |
CNNVD-202210-1541 |
CVE-2022-37454 |
超危 |
XKCP |
https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a |
|
36 |
Apache Ivy 路径遍历漏洞 |
CNNVD-202211-2196 |
CVE-2022-37865 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy |
|
37 |
Apache Calcite 代码问题漏洞 |
CNNVD-202209-697 |
CVE-2022-39135 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082 |
|
38 |
HSQLDB 安全漏洞 |
CNNVD-202210-196 |
CVE-2022-41853 |
超危 |
The HSQL Development Group |
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7 |
|
39 |
Apache Commons BCEL 缓冲区错误漏洞 |
CNNVD-202211-2199 |
CVE-2022-42920 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4 |
|
40 |
Apache MINA 代码问题漏洞 |
CNNVD-202211-2918 |
CVE-2022-45047 |
超危 |
Apache基金会 |
https://www.mail-archive.com/dev@mina.apache.org/msg39312.html |
|
41 |
Apache CXF 代码问题漏洞 |
CNNVD-202212-3143 |
CVE-2022-46364 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c |
|
42 |
Spring Framework 安全漏洞 |
CNNVD-202304-1667 |
CVE-2023-20862 |
超危 |
Spring |
https://spring.io/security/cve-2023-20862 |
|
43 |
Spring Framework 安全漏洞 |
CNNVD-202304-1732 |
CVE-2023-20873 |
超危 |
Spring |
https://spring.io/security/cve-2023-20873 |
|
44 |
Apache Spark 安全漏洞 |
CNNVD-202304-1307 |
CVE-2023-22946 |
超危 |
Apache基金会 |
https://lists.apache.org/thread/yllfl25xh5tbotjmg93zrq4bzwhqc0gv |
|
45 |
curl 安全漏洞 |
CNNVD-202302-1929 |
CVE-2023-23914 |
超危 |
个人开发者 |
https://github.com/curl/curl/releases/tag/curl-7_88_1 |
|
46 |
Google TensorFlow 安全漏洞 |
CNNVD-202303-2124 |
CVE-2023-25664 |
超危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr |
|
47 |
Google TensorFlow 安全漏洞 |
CNNVD-202303-2120 |
CVE-2023-25668 |
超危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96 |
|
48 |
Apache HTTP Server 环境问题漏洞 |
CNNVD-202303-456 |
CVE-2023-25690 |
超危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
49 |
HtmlUnit 安全漏洞 |
CNNVD-202304-058 |
CVE-2023-26119 |
超危 |
个人开发者 |
https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b |
|
50 |
Jenkins 跨站脚本漏洞 |
CNNVD-202303-668 |
CVE-2023-27898 |
超危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-03-08/ |
|
51 |
Apache HTTP Server 缓冲区错误漏洞 |
CNNVD-202301-1294 |
CVE-2006-20001 |
高危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
52 |
zlib 缓冲区错误漏洞 |
CNNVD-202203-2221 |
CVE-2018-25032 |
高危 |
个人开发者 |
https://z-lib.org/ |
|
53 |
Apache Axis 代码问题漏洞 |
CNNVD-201904-472 |
CVE-2019-0227 |
高危 |
apache |
http://axis.apache.org/ |
|
54 |
Apache Commons Beanutils 代码问题漏洞 |
CNNVD-201908-1140 |
CVE-2019-10086 |
高危 |
debian |
https://issues.apache.org/jira/browse/BEANUTILS-520 |
|
55 |
Apache Commons Compress 资源管理错误漏洞 |
CNNVD-201908-2148 |
CVE-2019-12402 |
高危 |
apache |
https://commons.apache.org/proper/commons-compress/security-reports.html |
|
56 |
Python 代码问题漏洞 |
CNNVD-202209-155 |
CVE-2020-10735 |
高危 |
Python基金会 |
https://www.python.org/ |
|
57 |
Apache XmlGraphics Commons 代码问题漏洞 |
CNNVD-202102-1587 |
CVE-2020-11988 |
高危 |
Apache基金会 |
https://xmlgraphics.apache.org/security.html |
|
58 |
Iteris Apache Velocity 安全漏洞 |
CNNVD-202103-758 |
CVE-2020-13936 |
高危 |
Iteris |
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E |
|
59 |
Apache Thrift 资源管理错误漏洞 |
CNNVD-202102-1099 |
CVE-2020-13949 |
高危 |
Apache基金会 |
https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E |
|
60 |
Dell BSAFE 安全漏洞 |
CNNVD-202207-833 |
CVE-2020-35164 |
高危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities |
|
61 |
FasterXML jackson-databind 缓冲区错误漏洞 |
CNNVD-202203-1165 |
CVE-2020-36518 |
高危 |
个人开发者 |
https://github.com/FasterXML/jackson-databind/issues/2816 |
|
62 |
joyent json 操作系统命令注入漏洞 |
CNNVD-202008-1430 |
CVE-2020-7712 |
高危 |
个人开发者 |
https://snyk.io/vuln/SNYK-JS-JSON-597481 |
|
63 |
CodeMirror 资源管理错误漏洞 |
CNNVD-202010-1679 |
CVE-2020-7760 |
高危 |
Codemirror |
https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb |
|
64 |
Apache Hadoop 代码问题漏洞 |
CNNVD-202208-3967 |
CVE-2021-25642 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/g6vf2h4wdgzzdgk91mqozhs58wotq150 |
|
65 |
Apache ActiveMQ 授权问题漏洞 |
CNNVD-202101-2471 |
CVE-2021-26117 |
高危 |
Apache基金会 |
https://issues.apache.org/jira/browse/AMQ-8035 |
|
66 |
JDOM 代码问题漏洞 |
CNNVD-202106-1323 |
CVE-2021-33813 |
高危 |
个人开发者 |
https://github.com/hunterhacker/jdom。 |
|
67 |
Apache Hive 访问控制错误漏洞 |
CNNVD-202207-1393 |
CVE-2021-34538 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354 |
|
68 |
Apache Commons Compress 安全漏洞 |
CNNVD-202107-896 |
CVE-2021-35515 |
高危 |
Apache基金会 |
https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E |
|
69 |
Apache Commons Compress 安全漏洞 |
CNNVD-202107-897 |
CVE-2021-35516 |
高危 |
Apache基金会 |
https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E |
|
70 |
Apache Commons Compress 安全漏洞 |
CNNVD-202107-898 |
CVE-2021-35517 |
高危 |
Apache基金会 |
https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E |
|
71 |
Apache Commons Compress 安全漏洞 |
CNNVD-202107-899 |
CVE-2021-36090 |
高危 |
Apache基金会 |
https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E |
|
72 |
Apache Santuario 信息泄露漏洞 |
CNNVD-202109-1259 |
CVE-2021-40690 |
高危 |
Apache基金会 |
https://santuario.apache.org/javaindex.html |
|
73 |
Apache Log4j 代码问题漏洞 |
CNNVD-202112-1011 |
CVE-2021-4104 |
高危 |
Apache基金会 |
https://logging.apache.org/log4j/2.x/security.html |
|
74 |
XStream 资源管理错误漏洞 |
CNNVD-202201-2709 |
CVE-2021-43859 |
高危 |
XStream |
https://x-stream.github.io/CVE-2021-43859.html |
|
75 |
FasterXML jackson-databind 安全漏洞 |
CNNVD-202303-1466 |
CVE-2021-46877 |
高危 |
FasterXML |
https://github.com/FasterXML/jackson-databind/issues/3328 |
|
76 |
Eclipse Jetty 资源管理错误漏洞 |
CNNVD-202207-594 |
CVE-2022-2048 |
高危 |
个人开发者 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j |
|
77 |
Eclipse Jetty 安全漏洞 |
CNNVD-202207-589 |
CVE-2022-2191 |
高危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 |
|
78 |
Apache Log4j 代码问题漏洞 |
CNNVD-202201-1420 |
CVE-2022-23302 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w |
|
79 |
Apache Log4j 代码问题漏洞 |
CNNVD-202201-1425 |
CVE-2022-23307 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh |
|
80 |
Certifi 数据伪造问题漏洞 |
CNNVD-202212-2660 |
CVE-2022-23491 |
高危 |
Certifi |
https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 |
|
81 |
DELL BSAFE SSL-J 安全漏洞 |
CNNVD-202202-1801 |
CVE-2022-24409 |
高危 |
DELL |
https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel |
|
82 |
CKEditor 资源管理错误漏洞 |
CNNVD-202203-1545 |
CVE-2022-24729 |
高危 |
个人开发者 |
https://ckeditor.com/cke4/release/CKEditor-4.18 |
|
83 |
gson 代码问题漏洞 |
CNNVD-202205-1791 |
CVE-2022-25647 |
高危 |
个人开发者 |
https://github.com/google/gson/pull/1991/files |
|
84 |
FreeType 缓冲区错误漏洞 |
CNNVD-202204-4275 |
CVE-2022-27405 |
高危 |
个人开发者 |
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139 |
|
85 |
FreeType 缓冲区错误漏洞 |
CNNVD-202204-4261 |
CVE-2022-27406 |
高危 |
个人开发者 |
http://freetype.com |
|
86 |
HtmlUnit 安全漏洞 |
CNNVD-202204-4297 |
CVE-2022-29546 |
高危 |
个人开发者 |
https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg |
|
87 |
JasPer 安全漏洞 |
CNNVD-202210-1004 |
CVE-2022-2963 |
高危 |
个人开发者 |
https://github.com/jasper-software/jasper/commit/270000671d4f411fe7e65c7bc02fd6ff14dd6946 |
|
88 |
Moment.js 资源管理错误漏洞 |
CNNVD-202207-502 |
CVE-2022-31129 |
高危 |
个人开发者 |
https://github.com/moment/moment/pull/6015#issuecomment-1152961973 |
|
89 |
PostgreSQL JDBC Driver SQL注入漏洞 |
CNNVD-202208-2126 |
CVE-2022-31197 |
高危 |
PostgreSQL |
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2 |
|
90 |
PHP 缓冲区错误漏洞 |
CNNVD-202210-2512 |
CVE-2022-31630 |
高危 |
PHP |
https://www.php.net/ChangeLog-8.php#8.0. |
|
91 |
VMware Spring Security 安全漏洞 |
CNNVD-202210-2598 |
CVE-2022-31690 |
高危 |
VMware |
https://tanzu.vmware.com/security/cve-2022-31690 |
|
92 |
Google protobuf 安全漏洞 |
CNNVD-202210-769 |
CVE-2022-3171 |
高危 |
|
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 |
|
93 |
NSS 安全漏洞 |
CNNVD-202210-947 |
CVE-2022-3479 |
高危 |
Mozilla基金会 |
https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 |
|
94 |
OpenSSL 安全漏洞 |
CNNVD-202210-2605 |
CVE-2022-3602 |
高危 |
OpenSSL团队 |
https://www.openssl.org/news/secadv/20221101.txt |
|
95 |
OpenSSL 安全漏洞 |
CNNVD-202210-2604 |
CVE-2022-3786 |
高危 |
OpenSSL团队 |
https://www.openssl.org/news/secadv/20221101.txt |
|
96 |
Apache Ivy 路径遍历漏洞 |
CNNVD-202211-2195 |
CVE-2022-37866 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b |
|
97 |
OpenSSL 安全漏洞 |
CNNVD-202212-2982 |
CVE-2022-3996 |
高危 |
OpenSSL |
https://github.com/openssl/openssl/ |
|
98 |
Apache XML Graphics Batik代码问题漏洞 |
CNNVD-202209-2287 |
CVE-2022-40146 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx |
|
99 |
Jettison 缓冲区错误漏洞 |
CNNVD-202209-1235 |
CVE-2022-40149 |
高危 |
个人开发者 |
https://github.com/jettison-json/jettison/issues/45 |
|
100 |
Jettison 资源管理错误漏洞 |
CNNVD-202209-1233 |
CVE-2022-40150 |
高危 |
个人开发者 |
https://github.com/jettison-json/jettison/issues/45 |
|
101 |
XStream 缓冲区错误漏洞 |
CNNVD-202209-1234 |
CVE-2022-40151 |
高危 |
XStream |
https://github.com/x-stream/xstream/issues/304 |
|
102 |
XStream 缓冲区错误漏洞 |
CNNVD-202209-1230 |
CVE-2022-40152 |
高危 |
XStream |
https://github.com/x-stream/xstream/issues/304 |
|
103 |
Apache SOAP 代码问题漏洞 |
CNNVD-202209-2283 |
CVE-2022-40705 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl |
|
104 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202210-1712 |
CVE-2022-41704 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf |
|
105 |
Netty 安全漏洞 |
CNNVD-202212-2914 |
CVE-2022-41881 |
高危 |
Netty社区 |
https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v |
|
106 |
XStream 安全漏洞 |
CNNVD-202212-4034 |
CVE-2022-41966 |
高危 |
XStream |
https://x-stream.github.io/CVE-2022-41966.html |
|
107 |
FasterXML jackson-databind 代码问题漏洞 |
CNNVD-202210-007 |
CVE-2022-42003 |
高危 |
FasterXML |
https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 |
|
108 |
FasterXML jackson-databind 代码问题漏洞 |
CNNVD-202210-006 |
CVE-2022-42004 |
高危 |
FasterXML |
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 |
|
109 |
Apache Tomcat 环境问题漏洞 |
CNNVD-202210-2602 |
CVE-2022-42252 |
高危 |
Apache基金会 |
https://tomcat.apache.org/security-8.html |
|
110 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202210-1707 |
CVE-2022-42890 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly |
|
111 |
MIT Kerberos 输入验证错误漏洞 |
CNNVD-202211-2910 |
CVE-2022-42898 |
高危 |
MIT |
https://web.mit.edu/kerberos/ |
|
112 |
Python 安全漏洞 |
CNNVD-202210-2513 |
CVE-2022-42919 |
高危 |
Python基金会 |
https://github.com/python/cpython/issues/97514 |
|
113 |
Node.js 操作系统命令注入漏洞 |
CNNVD-202211-2070 |
CVE-2022-43548 |
高危 |
个人开发者 |
https://nodejs.org/en/ |
|
114 |
libexpat 资源管理错误漏洞 |
CNNVD-202210-1676 |
CVE-2022-43680 |
高危 |
个人开发者 |
https://github.com/libexpat/libexpat/issues/649 |
|
115 |
OpenSSL 资源管理错误漏洞 |
CNNVD-202302-510 |
CVE-2022-4450 |
高危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230207.txt |
|
116 |
Python 资源管理错误漏洞 |
CNNVD-202211-2414 |
CVE-2022-45061 |
高危 |
Python基金会 |
https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html |
|
117 |
Apache Tomcat 注入漏洞 |
CNNVD-202301-137 |
CVE-2022-45143 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj |
|
118 |
Pillow 资源管理错误漏洞 |
CNNVD-202211-2677 |
CVE-2022-45199 |
高危 |
个人开发者 |
https://github.com/python-pillow/Pillow/releases/tag/9.3 |
|
119 |
Jettison 缓冲区错误漏洞 |
CNNVD-202212-3132 |
CVE-2022-45685 |
高危 |
个人开发者 |
https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3 |
|
120 |
Hutool 缓冲区错误漏洞 |
CNNVD-202212-3131 |
CVE-2022-45688 |
高危 |
Dromara社区 |
https://github.com/dromara/hutool/issues/2748 |
|
121 |
Jettison 缓冲区错误漏洞 |
CNNVD-202212-3128 |
CVE-2022-45693 |
高危 |
个人开发者 |
https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.3 |
|
122 |
Apache CXF 输入验证错误漏洞 |
CNNVD-202212-3125 |
CVE-2022-46363 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c |
|
123 |
jszip 路径遍历漏洞 |
CNNVD-202301-2295 |
CVE-2022-48285 |
高危 |
个人开发者 |
https://github.com/Stuk/jszip/releases/tag/v3.10.1 |
|
124 |
Zstandard 资源管理错误漏洞 |
CNNVD-202303-2716 |
CVE-2022-4899 |
高危 |
|
https://github.com/facebook/zstd/pull/3220 |
|
125 |
OpenSSL 资源管理错误漏洞 |
CNNVD-202302-521 |
CVE-2023-0215 |
高危 |
OpenSSL |
https://ubuntu.com/security/notices/USN-5845-1 |
|
126 |
OpenSSL 代码问题漏洞 |
CNNVD-202302-512 |
CVE-2023-0216 |
高危 |
OpenSSL |
https://ubuntu.com/security/notices/USN-5844-1 |
|
127 |
OpenSSL 代码问题漏洞 |
CNNVD-202302-516 |
CVE-2023-0217 |
高危 |
OpenSSL |
https://ubuntu.com/security/notices/USN-5844-1 |
|
128 |
OpenSSL 安全漏洞 |
CNNVD-202302-524 |
CVE-2023-0286 |
高危 |
OpenSSL |
https://ubuntu.com/security/notices/USN-5845-1 |
|
129 |
GnuTLS 安全漏洞 |
CNNVD-202302-884 |
CVE-2023-0361 |
高危 |
个人开发者 |
https://gitlab.com/gnutls/gnutls/-/issues/1050 |
|
130 |
OpenSSL 代码问题漏洞 |
CNNVD-202302-518 |
CVE-2023-0401 |
高危 |
OpenSSL |
https://ubuntu.com/security/notices/USN-5844-1 |
|
131 |
OpenSSL 信任管理问题漏洞 |
CNNVD-202303-1681 |
CVE-2023-0464 |
高危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230322.txt |
|
132 |
Mozilla Firefox 安全漏洞 |
CNNVD-202302-1554 |
CVE-2023-0767 |
高危 |
Mozilla基金会 |
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-0767 |
|
133 |
netplex json-smart 安全漏洞 |
CNNVD-202303-1658 |
CVE-2023-1370 |
高危 |
netplex |
https://netplex.github.io/json-smart/ |
|
134 |
Jettison 安全漏洞 |
CNNVD-202303-1656 |
CVE-2023-1436 |
高危 |
Jettison |
https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ |
|
135 |
libwebp 资源管理错误漏洞 |
CNNVD-202305-177 |
CVE-2023-1999 |
高危 |
WebP项目 |
https://github.com/webmproject/libwebp |
|
136 |
Spring Framework 安全漏洞 |
CNNVD-202303-2401 |
CVE-2023-20860 |
高危 |
Spring |
https://spring.io/security/cve-2023-20860 |
|
137 |
Sudo 安全漏洞 |
CNNVD-202301-1468 |
CVE-2023-22809 |
高危 |
个人开发者 |
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf |
|
138 |
Apache Commons FileUpload 安全漏洞 |
CNNVD-202302-1610 |
CVE-2023-24998 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy |
|
139 |
HarfBuzz 安全漏洞 |
CNNVD-202302-331 |
CVE-2023-25193 |
高危 |
个人开发者 |
https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc |
|
140 |
Apache Kafka 代码问题漏洞 |
CNNVD-202302-515 |
CVE-2023-25194 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz |
|
141 |
Git 路径遍历漏洞 |
CNNVD-202304-2045 |
CVE-2023-25652 |
高危 |
github |
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx |
|
142 |
Google TensorFlow 缓冲区错误漏洞 |
CNNVD-202303-2129 |
CVE-2023-25658 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6 |
|
143 |
Google TensorFlow 缓冲区错误漏洞 |
CNNVD-202303-2128 |
CVE-2023-25659 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p |
|
144 |
Google TensorFlow 代码问题漏洞 |
CNNVD-202303-2127 |
CVE-2023-25660 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj |
|
145 |
Google TensorFlow 输入验证错误漏洞 |
CNNVD-202303-2126 |
CVE-2023-25662 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw |
|
146 |
Google TensorFlow 代码问题漏洞 |
CNNVD-202303-2125 |
CVE-2023-25663 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w |
|
147 |
Google TensorFlow 代码问题漏洞 |
CNNVD-202303-2123 |
CVE-2023-25665 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g |
|
148 |
Google TensorFlow 安全漏洞 |
CNNVD-202303-2122 |
CVE-2023-25666 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2 |
|
149 |
Google TensorFlow 输入验证错误漏洞 |
CNNVD-202303-2121 |
CVE-2023-25667 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68 |
|
150 |
Google TensorFlow 安全漏洞 |
CNNVD-202303-2119 |
CVE-2023-25669 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p |
|
151 |
Google TensorFlow 代码问题漏洞 |
CNNVD-202303-2118 |
CVE-2023-25670 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w |
|
152 |
Google TensorFlow 缓冲区错误漏洞 |
CNNVD-202303-2117 |
CVE-2023-25671 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6 |
|
153 |
Google TensorFlow 代码问题漏洞 |
CNNVD-202303-2114 |
CVE-2023-25672 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r |
|
154 |
Google TensorFlow 安全漏洞 |
CNNVD-202303-2116 |
CVE-2023-25673 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh |
|
155 |
Google TensorFlow 代码问题漏洞 |
CNNVD-202303-2115 |
CVE-2023-25674 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579 |
|
156 |
Google TensorFlow 安全漏洞 |
CNNVD-202303-2113 |
CVE-2023-25675 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj |
|
157 |
Google TensorFlow 代码问题漏洞 |
CNNVD-202303-2112 |
CVE-2023-25676 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq |
|
158 |
Google TensorFlow 资源管理错误漏洞 |
CNNVD-202303-2111 |
CVE-2023-25801 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q |
|
159 |
OpenSSL 安全漏洞 |
CNNVD-202305-2503 |
CVE-2023-2650 |
高危 |
OpenSSL |
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a |
|
160 |
Apache HTTP Server 环境问题漏洞 |
CNNVD-202303-452 |
CVE-2023-27522 |
高危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
161 |
curl 注入漏洞 |
CNNVD-202303-1551 |
CVE-2023-27533 |
高危 |
个人开发者 |
https://curl.se/download.html |
|
162 |
curl 路径遍历漏洞 |
CNNVD-202303-1547 |
CVE-2023-27534 |
高危 |
个人开发者 |
https://curl.se/download.html |
|
163 |
Google TensorFlow 安全漏洞 |
CNNVD-202303-2110 |
CVE-2023-27579 |
高危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8 |
|
164 |
Jenkins 安全漏洞 |
CNNVD-202303-670 |
CVE-2023-27899 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-03-08/ |
|
165 |
Jenkins 安全漏洞 |
CNNVD-202303-669 |
CVE-2023-27900 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-03-08/ |
|
166 |
Jenkins 安全漏洞 |
CNNVD-202303-671 |
CVE-2023-27901 |
高危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-03-08/ |
|
167 |
Apache Tomcat 安全漏洞 |
CNNVD-202305-1931 |
CVE-2023-28709 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j |
|
168 |
Git 注入漏洞 |
CNNVD-202304-2063 |
CVE-2023-29007 |
高危 |
github |
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 |
|
169 |
SheetJS 安全漏洞 |
CNNVD-202304-1870 |
CVE-2023-30533 |
高危 |
sheetjs |
https://cdn.sheetjs.com/advisories/CVE-2023-30533 |
|
170 |
Snowflake JDBC 命令注入漏洞 |
CNNVD-202304-1210 |
CVE-2023-30535 |
高危 |
Snowflake |
https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-4g3j-c4wg-6j7x |
|
171 |
Flask 安全漏洞 |
CNNVD-202305-091 |
CVE-2023-30861 |
高危 |
Pallets |
https://github.com/pallets/flask/releases/tag/2.3.2 |
|
172 |
illumos 缓冲区错误漏洞 |
CNNVD-202305-266 |
CVE-2023-31284 |
高危 |
个人开发者 |
https://illumos.topicbox.com/groups/developer/T13ef186a53edeb5c-M821cc18b5884e04e16daa8fd/cve-2023-31284-buffer-overflow-in-dev-net |
|
173 |
Apache Tomcat 安全漏洞 |
CNNVD-202306-1525 |
CVE-2023-34981 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz |
|
174 |
Apache Axis 跨站脚本漏洞 |
CNNVD-201808-082 |
CVE-2018-8032 |
中危 |
apache |
https://issues.apache.org/jira/browse/AXIS-2924 |
|
175 |
Apache ActiveMQ 跨站脚本漏洞 |
CNNVD-202102-588 |
CVE-2020-13947 |
中危 |
Apache基金会 |
http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt |
|
176 |
Apache HttpClient 安全漏洞 |
CNNVD-202010-372 |
CVE-2020-13956 |
中危 |
Apache基金会 |
https://www.apache.org/ |
|
177 |
Junit 信息泄露漏洞 |
CNNVD-202010-445 |
CVE-2020-15250 |
中危 |
个人开发者 |
https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md |
|
178 |
Apache Groovy 安全漏洞 |
CNNVD-202012-422 |
CVE-2020-17521 |
中危 |
Apache基金会 |
https://issues.apache.org/jira/browse/GROOVY-9824?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel |
|
179 |
Apache Hive 信息泄露漏洞 |
CNNVD-202103-1010 |
CVE-2020-1926 |
中危 |
Apache基金会 |
https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E |
|
180 |
Netty 环境问题漏洞 |
CNNVD-202103-713 |
CVE-2021-21295 |
中危 |
Netty社区 |
https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4 |
|
181 |
Google protobuf 安全漏洞 |
CNNVD-202201-628 |
CVE-2021-22569 |
中危 |
|
https://cloud.google.com/support/bulletins#gcp-2022-001 |
|
182 |
ISC BIND 环境问题漏洞 |
CNNVD-202203-1514 |
CVE-2021-25220 |
中危 |
ISC |
https://vigilance.fr/vulnerability/ISC-BIND-spoofing-via-DNS-Forwarders-Cache-Poisoning-37754 |
|
183 |
Maxim Nesen jersey 安全漏洞 |
CNNVD-202104-1669 |
CVE-2021-28168 |
中危 |
Maxim Nesen |
https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv |
|
184 |
OpenJPEG 输入验证错误漏洞 |
CNNVD-202104-1124 |
CVE-2021-29338 |
中危 |
个人开发者 |
https://github.com/uclouvain/openjpeg |
|
185 |
Apache Commons IO 路径遍历漏洞 |
CNNVD-202104-702 |
CVE-2021-29425 |
中危 |
Apache基金会 |
https://issues.apache.org/jira/browse/IO-556 |
|
186 |
Eclipse Jetty 安全漏洞 |
CNNVD-202107-1094 |
CVE-2021-34429 |
中危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm |
|
187 |
Apache Ant 安全漏洞 |
CNNVD-202107-983 |
CVE-2021-36373 |
中危 |
Apache基金会 |
https://ant.apache.org/ |
|
188 |
Apache Ant 安全漏洞 |
CNNVD-202107-984 |
CVE-2021-36374 |
中危 |
Apache基金会 |
https://ant.apache.org/ |
|
189 |
Apache Commons Net 输入验证错误漏洞 |
CNNVD-202212-2188 |
CVE-2021-37533 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 |
|
190 |
Libgcrypt 加密问题漏洞 |
CNNVD-202109-275 |
CVE-2021-40528 |
中危 |
GNU社区 |
https://gnupg.org/index.html |
|
191 |
jQuery 跨站脚本漏洞 |
CNNVD-202110-1843 |
CVE-2021-41182 |
中危 |
个人开发者 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc |
|
192 |
jQuery 跨站脚本漏洞 |
CNNVD-202110-1839 |
CVE-2021-41183 |
中危 |
个人开发者 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 |
|
193 |
Openjs Jquery Ui 跨站脚本漏洞 |
CNNVD-202110-1845 |
CVE-2021-41184 |
中危 |
Openjs基金会 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 |
|
194 |
Apache MINA 安全漏洞 |
CNNVD-202111-238 |
CVE-2021-41973 |
中危 |
Apache基金会 |
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E |
|
195 |
Apache Log4j 输入验证错误漏洞 |
CNNVD-202112-2743 |
CVE-2021-44832 |
中危 |
Apache基金会 |
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf |
|
196 |
Apache Log4j 安全漏洞 |
CNNVD-202112-1493 |
CVE-2021-45105 |
中危 |
Apache基金会 |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd |
|
197 |
OpenJPEG 安全漏洞 |
CNNVD-202203-2498 |
CVE-2022-1122 |
中危 |
个人开发者 |
https://github.com/uclouvain/openjpeg/issues/1368 |
|
198 |
Vmware Spring Framework 安全漏洞 |
CNNVD-202203-2333 |
CVE-2022-22950 |
中危 |
VMware |
https://tanzu.vmware.com/security/cve-2022-22950 |
|
199 |
Spring Framework 输入验证错误漏洞 |
CNNVD-202205-2988 |
CVE-2022-22970 |
中危 |
Spring团队 |
https://spring.io/projects/spring-framework |
|
200 |
Spring Framework 输入验证错误漏洞 |
CNNVD-202205-2980 |
CVE-2022-22971 |
中危 |
Spring团队 |
https://spring.io/projects/spring-framework |
|
201 |
Xerces 安全漏洞 |
CNNVD-202201-2238 |
CVE-2022-23437 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl |
|
202 |
Containous Traefik 日志信息泄露漏洞 |
CNNVD-202212-2756 |
CVE-2022-23469 |
中危 |
Containous |
https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp |
|
203 |
CKEditor 跨站脚本漏洞 |
CNNVD-202203-1546 |
CVE-2022-24728 |
中危 |
个人开发者 |
https://ckeditor.com/cke4/release/CKEditor-4.18 |
|
204 |
OWASP ESAPI 安全漏洞 |
CNNVD-202204-4523 |
CVE-2022-24891 |
中危 |
个人开发者 |
https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q |
|
205 |
Apache Portable Runtime 输入验证错误漏洞 |
CNNVD-202301-2414 |
CVE-2022-25147 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 |
|
206 |
ISC BIND 资源管理错误漏洞 |
CNNVD-202209-1695 |
CVE-2022-2795 |
中危 |
ISC |
https://kb.isc.org/docs/cve-2022-2795 |
|
207 |
jQuery 跨站脚本漏洞 |
CNNVD-202207-2121 |
CVE-2022-31160 |
中危 |
个人开发者 |
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 |
|
208 |
Apache Spark 注入漏洞 |
CNNVD-202211-1852 |
CVE-2022-31777 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q |
|
209 |
Apache Tomcat 跨站脚本漏洞 |
CNNVD-202206-2227 |
CVE-2022-34305 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k |
|
210 |
Dell BSAFE 安全漏洞 |
CNNVD-202302-738 |
CVE-2022-34364 |
中危 |
Dell |
https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability |
|
211 |
jsoup 跨站脚本漏洞 |
CNNVD-202208-4329 |
CVE-2022-36033 |
中危 |
个人开发者 |
https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 |
|
212 |
Apache HTTP Server 注入漏洞 |
CNNVD-202301-1298 |
CVE-2022-37436 |
中危 |
Apache基金会 |
https://httpd.apache.org/security/vulnerabilities_24.html |
|
213 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202209-2289 |
CVE-2022-38398 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx |
|
214 |
Apache XML Graphics Batik 代码问题漏洞 |
CNNVD-202209-2288 |
CVE-2022-38648 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b |
|
215 |
SnakeYAML 缓冲区错误漏洞 |
CNNVD-202209-169 |
CVE-2022-38751 |
中危 |
SnakeYAML |
https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
|
216 |
SnakeYAML 缓冲区错误漏洞 |
CNNVD-202209-171 |
CVE-2022-38752 |
中危 |
snakeYAML |
https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open |
|
217 |
JasPer 安全漏洞 |
CNNVD-202209-1374 |
CVE-2022-40755 |
中危 |
个人开发者 |
https://github.com/jasper-software/jasper/issues/338 |
|
218 |
Python 安全漏洞 |
CNNVD-202212-3796 |
CVE-2022-40897 |
中危 |
Python基金会 |
https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be |
|
219 |
Netty 安全漏洞 |
CNNVD-202212-3060 |
CVE-2022-41915 |
中危 |
Netty社区 |
https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp |
|
220 |
OpenSSL 缓冲区错误漏洞 |
CNNVD-202302-506 |
CVE-2022-4203 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230207.txt |
|
221 |
OpenSSL 安全漏洞 |
CNNVD-202302-514 |
CVE-2022-4304 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230207.txt |
|
222 |
Apache James 信息泄露漏洞 |
CNNVD-202301-447 |
CVE-2022-45787 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj |
|
223 |
Containous Traefik 信任管理问题漏洞 |
CNNVD-202212-2752 |
CVE-2022-46153 |
中危 |
Containous |
https://github.com/traefik/traefik/releases/tag/v2.9.6 |
|
224 |
OpenSSL 信任管理问题漏洞 |
CNNVD-202303-2432 |
CVE-2023-0465 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230328.txt |
|
225 |
OpenSSL 信任管理问题漏洞 |
CNNVD-202303-2431 |
CVE-2023-0466 |
中危 |
OpenSSL |
https://www.openssl.org/news/secadv/20230328.txt |
|
226 |
OpenSSL 缓冲区错误漏洞 |
CNNVD-202304-1714 |
CVE-2023-1255 |
中危 |
OpenSSL |
https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 |
|
227 |
Spring Framework 安全漏洞 |
CNNVD-202303-1917 |
CVE-2023-20861 |
中危 |
Spring |
https://spring.io/security/cve-2023-20861 |
|
228 |
Spring Framework 安全漏洞 |
CNNVD-202304-1094 |
CVE-2023-20863 |
中危 |
Spring |
https://spring.io/security/cve-2023-20863 |
|
229 |
Zip4j 访问控制错误漏洞 |
CNNVD-202301-648 |
CVE-2023-22899 |
中危 |
个人开发者 |
https://github.com/srikanth-lingala/zip4j/releases |
|
230 |
curl 安全漏洞 |
CNNVD-202302-1928 |
CVE-2023-23915 |
中危 |
个人开发者 |
https://github.com/curl/curl/releases/tag/curl-7_88_1 |
|
231 |
curl 安全漏洞 |
CNNVD-202302-1927 |
CVE-2023-23916 |
中危 |
个人开发者 |
https://github.com/curl/curl/releases/tag/curl-7_88_1 |
|
232 |
cryptography 代码问题漏洞 |
CNNVD-202302-523 |
CVE-2023-23931 |
中危 |
Cryptographic |
https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r |
|
233 |
Google Golang 安全漏洞 |
CNNVD-202303-632 |
CVE-2023-24532 |
中危 |
|
https://github.com/golang/go/issues/58647 |
|
234 |
TensorFlow 输入验证错误漏洞 |
CNNVD-202303-2284 |
CVE-2023-25661 |
中危 |
|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq |
|
235 |
Eclipse Jetty 资源管理错误漏洞 |
CNNVD-202304-1443 |
CVE-2023-26048 |
中危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8 |
|
236 |
Eclipse Jetty 信息泄露漏洞 |
CNNVD-202304-1442 |
CVE-2023-26049 |
中危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c |
|
237 |
Jenkins 安全漏洞 |
CNNVD-202303-675 |
CVE-2023-27902 |
中危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-03-08/ |
|
238 |
Jenkins 安全漏洞 |
CNNVD-202303-674 |
CVE-2023-27903 |
中危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-03-08/ |
|
239 |
Jenkins 安全漏洞 |
CNNVD-202303-673 |
CVE-2023-27904 |
中危 |
Jenkins |
https://www.jenkins.io/security/advisory/2023-03-08/ |
|
240 |
CKEditor 跨站脚本漏洞 |
CNNVD-202303-1790 |
CVE-2023-28439 |
中危 |
CKEditor |
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g |
|
241 |
libxml2 代码问题漏洞 |
CNNVD-202304-908 |
CVE-2023-28484 |
中危 |
个人开发者 |
https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f |
|
242 |
Apache Tomcat 安全漏洞 |
CNNVD-202303-1662 |
CVE-2023-28708 |
中危 |
Apache基金会 |
https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 |
|
243 |
Redis 安全漏洞 |
CNNVD-202304-1384 |
CVE-2023-28856 |
中危 |
Redis Labs |
https://github.com/redis/redis/ |
|
244 |
libxml2 资源管理错误漏洞 |
CNNVD-202304-907 |
CVE-2023-29469 |
中危 |
个人开发者 |
https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 |
|
245 |
Google Guava 访问控制错误漏洞 |
CNNVD-202012-827 |
CVE-2020-8908 |
低危 |
|
https://github.com/google/guava/issues/4011 |
|
246 |
Eclipse Jetty 输入验证错误漏洞 |
CNNVD-202207-599 |
CVE-2022-2047 |
低危 |
Eclipse基金会 |
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q |
|
247 |
Apache Tika 安全漏洞 |
CNNVD-202206-2671 |
CVE-2022-33879 |
低危 |
Apache基金会 |
https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh |
三、修复建议
目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址: