【漏洞通报】CNNVD关于Oracle多个安全漏洞的通报

发 布者:网络中心发布时间:2025-04-18浏览次数:10

近日,Oracle官方发布了多个安全漏洞的公告,其中Oracle产品本身漏洞74个,影响到Oracle产品的其他厂商漏洞200个。Oracle MysqlOracle JD Edwards EnterpriseOne ToolsOracle MySQL ServerOracle Java SE等多个产品和系统受漏洞影响。目前,Oracle官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2025415日,Oracle发布了20254月份安全更新,共274个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql  Mysql 组件、Oracle JD Edwards EnterpriseOne ToolsOracle MySQL ServerOracle Java SEOracle Secure BackupOracle MySQL等。CNNVD对其危害等级进行了评价,其中超危漏洞17个,高危漏洞87个,中危漏洞157个,低危漏洞13个。Oracle多个产品和系统版本受漏洞影响,具体影响范围可访问Oracle官方网站查询:

https://www.oracle.com/security-alerts/cpuapr2025.html

二、漏洞详情

此次更新共274个漏洞的补丁程序,包括73个新增漏洞的补丁程序、1个更新漏洞的补丁程序和200个影响Oracle产品的其他厂商漏洞的补丁程序。

此次更新共包括73个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞14个,中危漏洞54个,低危漏洞4个。

 

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2170

CVE-2025-30727

超危

https://www.oracle.com/security-alerts/cpuapr2025.html

2

Oracle VM VirtualBox 安全漏洞

CNNVD-202504-2108

CVE-2025-30712

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

3

Oracle Solaris 安全漏洞

CNNVD-202504-2110

CVE-2025-30690

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

4

Oracle PeopleSoft 安全漏洞

CNNVD-202504-2113

CVE-2025-30735

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

5

Oracle MySQL 安全漏洞

CNNVD-202504-2144

CVE-2025-30706

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

6

Oracle Java SE 安全漏洞

CNNVD-202504-2150

CVE-2025-21587

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

7

Oracle Analytics 安全漏洞

CNNVD-202504-2153

CVE-2025-30724

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

8

Oracle Food and Beverage Applications 安全漏洞

CNNVD-202504-2154

CVE-2025-30686

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

9

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2165

CVE-2025-30708

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

10

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2166

CVE-2025-30707

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

11

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2167

CVE-2025-30728

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

12

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2168

CVE-2025-30716

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

13

Oracle Application Object Library 安全漏洞

CNNVD-202504-2169

CVE-2025-30730

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

14

Oracle Database Server 安全漏洞

CNNVD-202504-2302

CVE-2025-30701

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

15

Oracle Database Server 安全漏洞

CNNVD-202504-2305

CVE-2025-30736

高危

https://www.oracle.com/security-alerts/cpuapr2025.html

16

Oracle Virtualization 安全漏洞

CNNVD-202504-2106

CVE-2025-30719

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

17

Oracle Virtualization 安全漏洞

CNNVD-202504-2107

CVE-2025-30725

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

18

Oracle PeopleSoft 安全漏洞

CNNVD-202504-2111

CVE-2025-30697

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

19

Oracle PeopleSoft 安全漏洞

CNNVD-202504-2112

CVE-2025-30713

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

20

Oracle MySQL Server 安全漏洞

CNNVD-202504-2116

CVE-2025-30721

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

21

Oracle MySQL 安全漏洞

CNNVD-202504-2117

CVE-2025-30704

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

22

Oracle MySQL 安全漏洞

CNNVD-202504-2118

CVE-2025-30714

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

23

Oracle MySQL 安全漏洞

CNNVD-202504-2119

CVE-2025-30699

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

24

Oracle MySQL Server 安全漏洞

CNNVD-202504-2120

CVE-2025-30685

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

25

Oracle MySQL 安全漏洞

CNNVD-202504-2121

CVE-2025-30684

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

26

Oracle MySQL 安全漏洞

CNNVD-202504-2122

CVE-2025-30683

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

27

Oracle MySQL 安全漏洞

CNNVD-202504-2123

CVE-2025-30705

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

28

Oracle MySQL 安全漏洞

CNNVD-202504-2124

CVE-2025-30696

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

29

Oracle MySQL Server 安全漏洞

CNNVD-202504-2125

CVE-2025-21579

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

30

Oracle MySQL 安全漏洞

CNNVD-202504-2126

CVE-2025-30689

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

31

Oracle MySQL Server 安全漏洞

CNNVD-202504-2127

CVE-2025-21585

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

32

Oracle MySQL 安全漏洞

CNNVD-202504-2128

CVE-2025-21581

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

33

Oracle MySQL 安全漏洞

CNNVD-202504-2129

CVE-2025-21588

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

34

Oracle MySQL 安全漏洞

CNNVD-202504-2130

CVE-2025-21580

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

35

Oracle MySQL 安全漏洞

CNNVD-202504-2131

CVE-2025-21584

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

36

Oracle MySQL 安全漏洞

CNNVD-202504-2132

CVE-2025-21583

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

37

Oracle MySQL 安全漏洞

CNNVD-202504-2133

CVE-2025-30715

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

38

Oracle MySQL 安全漏洞

CNNVD-202504-2134

CVE-2025-30710

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

39

Oracle MySQL 安全漏洞

CNNVD-202504-2135

CVE-2025-30695

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

40

Oracle MySQL Server 安全漏洞

CNNVD-202504-2136

CVE-2025-30693

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

41

Oracle MySQL Server 安全漏洞

CNNVD-202504-2137

CVE-2025-30688

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

42

Oracle MySQL 安全漏洞

CNNVD-202504-2138

CVE-2025-30722

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

43

Oracle MySQL 安全漏洞

CNNVD-202504-2139

CVE-2025-30687

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

44

Oracle MySQL 安全漏洞

CNNVD-202504-2140

CVE-2025-30682

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

45

Oracle MySQL 安全漏洞

CNNVD-202504-2141

CVE-2025-21577

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

46

Oracle MySQL Server 安全漏洞

CNNVD-202504-2142

CVE-2025-21574

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

47

Oracle MySQL 安全漏洞

CNNVD-202504-2143

CVE-2025-21575

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

48

Oracle JD Edwards Products 安全漏洞

CNNVD-202504-2145

CVE-2025-30709

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

49

Oracle JD Edwards EnterpriseOne Tools 安全漏洞

CNNVD-202504-2146

CVE-2025-21586

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

50

Oracle JD Edwards Products 安全漏洞

CNNVD-202504-2147

CVE-2025-30740

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

51

Oracle Java SE 安全漏洞

CNNVD-202504-2148

CVE-2025-30698

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

52

Oracle Java SE和Oracle GraalVM 安全漏洞

CNNVD-202504-2149

CVE-2025-30691

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

53

Oracle Smart View for Office 安全漏洞

CNNVD-202504-2151

CVE-2025-30737

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

54

Oracle Analytics 安全漏洞

CNNVD-202504-2152

CVE-2025-30723

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

55

Oracle Financial Services Applications 安全漏洞

CNNVD-202504-2155

CVE-2025-21573

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

56

Oracle Application Object Library 安全漏洞

CNNVD-202504-2157

CVE-2025-30726

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

57

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2158

CVE-2025-30718

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

58

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2159

CVE-2025-30711

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

59

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2160

CVE-2025-21582

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

60

Oracle Configurator 安全漏洞

CNNVD-202504-2161

CVE-2025-30720

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

61

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2162

CVE-2025-30732

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

62

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2163

CVE-2025-30717

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

63

Oracle iSupplier Portal 安全漏洞

CNNVD-202504-2164

CVE-2025-30692

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

64

Oracle Commerce 安全漏洞

CNNVD-202504-2290

CVE-2025-21576

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

65

Oracle Secure Backup 安全漏洞

CNNVD-202504-2291

CVE-2025-21578

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

66

Oracle Communications Applications 安全漏洞

CNNVD-202504-2292

CVE-2025-30729

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

67

Oracle Database Server 安全漏洞

CNNVD-202504-2301

CVE-2025-30694

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

68

Oracle Database Server 安全漏洞

CNNVD-202504-2303

CVE-2025-30702

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

69

Oracle Database Server 安全漏洞

CNNVD-202504-2304

CVE-2025-30733

中危

https://www.oracle.com/security-alerts/cpuapr2025.html

70

Oracle Solaris 安全漏洞

CNNVD-202504-2109

CVE-2025-30700

低危

https://www.oracle.com/security-alerts/cpuapr2025.html

71

Oracle MySQL Server 安全漏洞

CNNVD-202504-2114

CVE-2025-30681

低危

https://www.oracle.com/security-alerts/cpuapr2025.html

72

Oracle MySQL 安全漏洞

CNNVD-202504-2115

CVE-2025-30703

低危

https://www.oracle.com/security-alerts/cpuapr2025.html

73

Oracle E-Business Suite 安全漏洞

CNNVD-202504-2156

CVE-2025-30731

低危

https://www.oracle.com/security-alerts/cpuapr2025.html

  此次更新共包括1个更新漏洞的补丁程序,其中中危漏洞1个。

 

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Oracle Java SE 安全漏洞

CNNVD-202501-2899

CVE-2025-21502

中危

https://www.oracle.com/security-alerts/cpujan2025.html

  此次更新共包括200个影响Oracle产品的其他厂商漏洞的补丁程序,其中超危漏洞16个,高危漏洞73个,中危漏洞102个,低危漏洞9个。

 

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

厂商

官方链接

1

Vmware Spring Framework 代码问题漏洞

CNNVD-202001-046

CVE-2016-1000027

超危

Pivotal Software

https://pivotal.io/

2

Apache Tomcat 安全漏洞

CNNVD-202002-1052

CVE-2020-1938

超危

Apache基金会

http://tomcat.apache.org/

3

dojo 安全漏洞

CNNVD-202112-1483

CVE-2021-23450

超危

个人开发者

https://github.com/dojo/dojo

4

Sanitize 输入验证错误漏洞

CNNVD-202110-1259

CVE-2021-42575

超危

个人开发者

https://owasp.org/www-project-java-html-sanitizer/

5

Dell BSAFE 安全漏洞

CNNVD-202402-197

CVE-2022-34381

超危

Dell

https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability

6

Apache MINA 代码问题漏洞

CNNVD-202211-2918

CVE-2022-45047

超危

Apache基金会

https://www.mail-archive.com/dev@mina.apache.org/msg39312.html

7

Apache Axis 输入验证错误漏洞

CNNVD-202309-348

CVE-2023-40743

超危

Apache基金会

https://lists.apache.org/thread/gs0qgk2mgss7zfhzdd6ftfjvm4kp7v82

8

Apache Xerces-C 资源管理错误漏洞

CNNVD-202402-1469

CVE-2024-23807

超危

Apache

https://github.com/apache/xerces-c/pull/54

9

RequireJS 安全漏洞

CNNVD-202407-034

CVE-2024-38999

超危

RequireJS

https://github.com/requirejs/r.js

10

libxml2 代码问题漏洞

CNNVD-202407-3194

CVE-2024-40896

超危

GNOME

https://gitlab.gnome.org/GNOME/libxml2

11

Jenkins 安全漏洞

CNNVD-202408-533

CVE-2024-43044

超危

Jenkins

https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430

12

Apache MINA 安全漏洞

CNNVD-202412-2747

CVE-2024-52046

超危

Apache

https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8

13

Apache Tomcat 安全漏洞

CNNVD-202411-2306

CVE-2024-52316

超危

Apache

https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928

14

Apache Tomcat 安全漏洞

CNNVD-202412-2573

CVE-2024-56337

超危

Apache

https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp

15

Kubernetes ingress-nginx 安全漏洞

CNNVD-202503-2826

CVE-2025-1974

超危

Cloud Native Computing Foundation

https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1

16

Apache Tomcat 环境问题漏洞

CNNVD-202503-1068

CVE-2025-24813

超危

Apache

https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq

17

Apache Tomcat 资源管理错误漏洞

CNNVD-202006-1717

CVE-2020-11996

高危

Apache基金会

https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E

18

Apache Tomcat 安全漏洞

CNNVD-202007-571

CVE-2020-13935

高危

Apache基金会

https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E

19

Iteris Apache Velocity 安全漏洞

CNNVD-202103-758

CVE-2020-13936

高危

Iteris

https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E

20

Fasterxml Jackson 代码问题漏洞

CNNVD-202010-622

CVE-2020-25649

高危

Fasterxml

https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59

21

FasterXML jackson-databind 缓冲区错误漏洞

CNNVD-202203-1165

CVE-2020-36518

高危

个人开发者

https://github.com/FasterXML/jackson-databind/issues/2816

22

Apache Tomcat 代码问题漏洞

CNNVD-202005-1078

CVE-2020-9484

高危

Apache基金会

https://tomcat.apache.org/security.html

23

Apache Tomcat 信息泄露漏洞

CNNVD-202103-008

CVE-2021-25122

高危

Apache基金会

https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E

24

Apache Tomcat 安全漏洞

CNNVD-202103-006

CVE-2021-25329

高危

Apache基金会

https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E

25

Github json-smart-v1 缓冲区错误漏洞

CNNVD-202106-103

CVE-2021-31684

高危

个人开发者

https://github.com/netplex

26

Github jsoup 安全漏洞

CNNVD-202108-1636

CVE-2021-37714

高危

个人开发者

https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c

27

Apache Tomcat 输入验证错误漏洞

CNNVD-202109-1018

CVE-2021-41079

高危

Apache基金会

https://lists.apache.org/thread/p7fk5kk0662prhj71nyqhs1lhjs7fwbb

28

FasterXML jackson-databind 安全漏洞

CNNVD-202303-1466

CVE-2021-46877

高危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3328

29

Apache Tomcat 代码问题漏洞

CNNVD-202205-3290

CVE-2022-25762

高危

Apache基金会

https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c

30

Apache Xalan 输入验证错误漏洞

CNNVD-202207-1617

CVE-2022-34169

高危

Apache基金会

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

31

OpenSSL 安全漏洞

CNNVD-202210-2604

CVE-2022-3786

高危

OpenSSL团队

https://www.openssl.org/news/secadv/20221101.txt

32

FasterXML jackson-databind 代码问题漏洞

CNNVD-202210-007

CVE-2022-42003

高危

FasterXML

https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33

33

FasterXML jackson-databind 代码问题漏洞

CNNVD-202210-006

CVE-2022-42004

高危

FasterXML

https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88

34

Apache Tomcat 环境问题漏洞

CNNVD-202210-2602

CVE-2022-42252

高危

Apache基金会

https://tomcat.apache.org/security-8.html

35

netplex json-smart 安全漏洞

CNNVD-202303-1658

CVE-2023-1370

高危

netplex

https://netplex.github.io/json-smart/

36

Apache Commons FileUpload 安全漏洞

CNNVD-202302-1610

CVE-2023-24998

高危

Apache基金会

https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy

37

Apache Log4j 代码问题漏洞

CNNVD-202303-736

CVE-2023-26464

高危

Apache基金会

https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t

38

Spring Framework 安全漏洞

CNNVD-202311-2123

CVE-2023-34053

高危

Spring团队

https://github.com/spring-projects/spring-framework/releases/tag/v6.0.

39

HCL BigFix Platform 输入验证错误漏洞

CNNVD-202310-848

CVE-2023-37536

高危

HCL Technologies

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791

40

Apache Avro 代码问题漏洞

CNNVD-202309-2636

CVE-2023-39410

高危

Apache基金会

https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds

41

Apache HTTP/2 资源管理错误漏洞

CNNVD-202310-667

CVE-2023-44487

高危

Apache基金会

https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q

42

Apache Tomcat 环境问题漏洞

CNNVD-202311-2168

CVE-2023-46589

高危

Apache基金会

https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr

43

Apache Axis 代码问题漏洞

CNNVD-202401-361

CVE-2023-51441

高危

Apache基金会

https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd

44

Connect2id Nimbus JOSE+JWT 安全漏洞

CNNVD-202402-845

CVE-2023-52428

高危

Connect2id

https://connect2id.com/products/nimbus-jose-jwt

45

Red Hat XNIO 资源管理错误漏洞

CNNVD-202403-455

CVE-2023-5685

高危

Red Hat

https://github.com/xnio/xnio/tags

46

Gunicorn 环境问题漏洞

CNNVD-202404-2065

CVE-2024-1135

高危

Gunicorn

https://github.com/benoitc/gunicorn

47

cross-spawn 安全漏洞

CNNVD-202411-830

CVE-2024-21538

高危

MOXY

https://github.com/moxystudio/node-cross-spawn

48

Spring Framework 安全漏洞

CNNVD-202402-1929

CVE-2024-22243

高危

Spring

https://spring.io/projects/spring-framework#support

49

Apache Tomcat 安全漏洞

CNNVD-202403-1180

CVE-2024-23672

高危

Apache

https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

50

Apache Tomcat 输入验证错误漏洞

CNNVD-202403-1179

CVE-2024-24549

高危

Apache

https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg

51

dnsjava 安全漏洞

CNNVD-202407-2260

CVE-2024-25638

高危

dnsjava

https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw

52

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202501-2261

CVE-2024-27856

高危

Apple

https://support.apple.com/en-us/120905

53

Apache XML Graphics FOP 代码问题漏洞

CNNVD-202410-904

CVE-2024-28168

高危

Apache

https://xmlgraphics.apache.org/security.html

54

Apache Commons Configuration 缓冲区错误漏洞

CNNVD-202403-2143

CVE-2024-29131

高危

Apache

https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37

55

Apache Commons Configuration 缓冲区错误漏洞

CNNVD-202403-2142

CVE-2024-29133

高危

Apache

https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2

56

Bouncy Castle 安全漏洞

CNNVD-202405-2601

CVE-2024-29857

高危

Bouncy Castle

https://www.bouncycastle.org/latest_releases.html

57

Bouncy Castle 安全漏洞

CNNVD-202405-2618

CVE-2024-30172

高危

Bouncy Castle

https://www.bouncycastle.org/latest_releases.html

58

Apache Kafka 安全漏洞

CNNVD-202411-2444

CVE-2024-31141

高危

Apache

https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv

59

Apache CXF 安全漏洞

CNNVD-202407-1957

CVE-2024-32007

高危

Apache

https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633

60

Aircompressor 安全漏洞

CNNVD-202405-4798

CVE-2024-36114

高危

airlift

https://github.com/airlift/aircompressor/releases/tag/0.27

61

Apache HTTP Server 安全漏洞

CNNVD-202407-094

CVE-2024-38474

高危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

62

VMware Spring Framework 安全漏洞

CNNVD-202409-1142

CVE-2024-38816

高危

VMware

https://spring.io/security/cve-2024-38816

63

VMware Spring Framework 安全漏洞

CNNVD-202410-3593

CVE-2024-38819

高危

VMware

https://docs.spring.io/spring-framework/reference/web/webmvc.html

64

Axios 安全漏洞

CNNVD-202408-799

CVE-2024-39338

高危

Axios

https://github.com/axios/axios/releases

65

Apache HTTP Server 安全漏洞

CNNVD-202407-339

CVE-2024-39884

高危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

66

Genivia gSOAP 安全漏洞

CNNVD-202501-2103

CVE-2024-4227

高危

Genivia

https://sourceforge.net/projects/gsoap2/

67

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202411-2775

CVE-2024-44308

高危

Apple

https://support.apple.com/en-us/121752

68

Golang Go crypto 安全漏洞

CNNVD-202412-1406

CVE-2024-45337

高危

Golang

https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909

69

XStream 安全漏洞

CNNVD-202411-823

CVE-2024-47072

高危

XStream

https://x-stream.github.io/CVE-2024-47072.html

70

Apache Maven Archetype Plugin 安全漏洞

CNNVD-202409-2227

CVE-2024-47197

高危

Apache

https://lists.apache.org/thread/ftg81np183wnyk0kg4ks95dvgxdrof96

71

GStreamer 输入验证错误漏洞

CNNVD-202412-1415

CVE-2024-47606

高危

GStreamer

https://gstreamer.freedesktop.org/download/

72

Werkzeug 安全漏洞

CNNVD-202410-2923

CVE-2024-49767

高危

Pallets

https://github.com/pallets/werkzeug/releases/tag/3.0

73

Apache Tomcat 安全漏洞

CNNVD-202412-2256

CVE-2024-50379

高危

Apache

https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r

74

aiohttp 安全漏洞

CNNVD-202411-2364

CVE-2024-52303

高危

aio-libs

https://github.com/aio-libs/aiohttp/releases/tag/v3.11.3

75

Apple iOS和iPadOS 安全漏洞

CNNVD-202412-1522

CVE-2024-54534

高危

Apple

https://support.apple.com/en-us/121837

76

Apple iOS和Apple iPadOS 缓冲区错误漏洞

CNNVD-202501-3836

CVE-2024-54543

高危

Apple

https://support.apple.com/en-us/121837

77

Jinja 安全漏洞

CNNVD-202412-2662

CVE-2024-56201

高危

Pallets

https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699

78

Jinja 安全漏洞

CNNVD-202412-2665

CVE-2024-56326

高危

Pallets

https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h

79

Netplex Json-smart 安全漏洞

CNNVD-202502-472

CVE-2024-57699

高危

Netplex

https://github.com/netplex/json-smart-v2

80

Protocol Buffers 安全漏洞

CNNVD-202409-1841

CVE-2024-7254

高危

Protocol Buffers

http://protobuf.dev/

81

curl 安全漏洞

CNNVD-202407-3105

CVE-2024-7264

高危

cURL

https://curl.se/docs/CVE-2024-7264.html

82

libexpat 安全漏洞

CNNVD-202503-1673

CVE-2024-8176

高危

libexpat

https://github.com/libexpat/libexpat

83

VMware Spring Security 安全漏洞

CNNVD-202503-2153

CVE-2025-22228

高危

VMware

https://spring.io/security/cve-2025-22228

84

Node.js 安全漏洞

CNNVD-202501-3127

CVE-2025-23083

高危

Node.js

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

85

Apple iOS 命令注入漏洞

CNNVD-202501-3887

CVE-2025-24150

高危

Apple

https://support.apple.com/en-us/122066

86

libxml2 安全漏洞

CNNVD-202502-1989

CVE-2025-24928

高危

GNOME

https://gitlab.gnome.org/GNOME/libxml2/-/tags

87

Netty 输入验证错误漏洞

CNNVD-202502-776

CVE-2025-24970

高危

Netty

https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw

88

FreeType 缓冲区错误漏洞

CNNVD-202503-1204

CVE-2025-27363

高危

FreeType

https://www.facebook.com/security/advisories/cve-2025-27363

89

Jinja 安全漏洞

CNNVD-202503-672

CVE-2025-27516

高危

Pallets

https://github.com/pallets/jinja/releases/tag/3.1.6

90

Apache Tomcat 安全漏洞

CNNVD-202010-415

CVE-2020-13943

中危

Apache基金会

https://github.com/apache/tomcat

91

Apache Tomcat 环境问题漏洞

CNNVD-202002-1130

CVE-2020-1935

中危

Apache基金会

https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E

92

EdDSA-Java 安全漏洞

CNNVD-202503-1554

CVE-2020-36843

中危

个人开发者

https://github.com/str4d/ed25519-java

93

Apache Tomcat  信息泄露漏洞

CNNVD-202101-1145

CVE-2021-24122

中危

Apache基金会

https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E

94

Jakarta Expression Language 输入验证错误漏洞

CNNVD-202105-1760

CVE-2021-28170

中危

Jakarta

https://jakarta.ee/specifications/expression-language/3.

95

Apache Tomcat 授权问题漏洞

CNNVD-202107-684

CVE-2021-30640

中危

Apache基金会

https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E

96

Apache Tomcat 环境问题漏洞

CNNVD-202107-681

CVE-2021-33037

中危

Apache基金会

https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E

97

Openjs Jquery Ui 跨站脚本漏洞

CNNVD-202110-1845

CVE-2021-41184

中危

Openjs基金会

https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327

98

Apache MINA 安全漏洞

CNNVD-202111-238

CVE-2021-41973

中危

Apache基金会

https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E

99

jsoup 跨站脚本漏洞

CNNVD-202208-4329

CVE-2022-36033

中危

个人开发者

https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369

100

SciPy 安全漏洞

CNNVD-202307-200

CVE-2023-25399

中危

SciPy

https://github.com/scipy/scipy/issues/16235

101

Apache Tomcat 安全漏洞

CNNVD-202303-1662

CVE-2023-28708

中危

Apache基金会

https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67

102

FasterXML jackson-databind 代码问题漏洞

CNNVD-202306-1121

CVE-2023-35116

中危

FasterXML

https://github.com/FasterXML/jackson-databind/issues/3972

103

Apache MINA 路径遍历漏洞

CNNVD-202307-582

CVE-2023-35887

中危

Apache基金会

https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2

104

Eclipse Jetty 安全漏洞

CNNVD-202309-1093

CVE-2023-36479

中危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j

105

Eclipse Jetty 安全漏洞

CNNVD-202309-1102

CVE-2023-40167

中危

Eclipse基金会

https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6

106

Apache Tomcat 输入验证错误漏洞

CNNVD-202308-2096

CVE-2023-41080

中危

Apache基金会

https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f

107

Apache Tomcat 安全漏洞

CNNVD-202310-716

CVE-2023-42795

中危

Apache基金会

https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw

108

Apache Tomcat 输入验证错误漏洞

CNNVD-202310-712

CVE-2023-45648

中危

Apache基金会

https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp

109

OpenSSH 安全漏洞

CNNVD-202312-1668

CVE-2023-48795

中危

OpenBSD

https://www.openssh.com/openbsd.html

110

Apache Portable Runtime 安全漏洞

CNNVD-202408-2479

CVE-2023-49582

中危

Apache

https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4

111

Jayway JsonPath 安全漏洞

CNNVD-202312-2349

CVE-2023-51074

中危

json-path

https://github.com/json-path/JsonPath/issues/973

112

Mozilla NSS 安全漏洞

CNNVD-202310-1005

CVE-2023-5388

中危

Mozilla基金会

https://bugzilla.redhat.com/show_bug.cgi?id=2243644

113

PHP 安全漏洞

CNNVD-202411-3461

CVE-2024-11233

中危

PHP

https://github.com/php/php-src/releases/tag/php-8.3.14

114

PHP 安全漏洞

CNNVD-202411-3460

CVE-2024-11234

中危

PHP

https://github.com/php/php-src/releases/tag/php-8.3.14

115

PHP 安全漏洞

CNNVD-202411-3464

CVE-2024-11236

中危

PHP

https://github.com/php/php-src/releases/tag/php-8.3.14

116

7-Zip 安全漏洞

CNNVD-202411-3219

CVE-2024-11612

中危

7-Zip

https://www.7-zip.org/

117

OpenSSL 安全漏洞

CNNVD-202502-983

CVE-2024-12797

中危

OpenSSL

https://openssl-library.org/news/secadv/20250211.txt

118

logback 安全漏洞

CNNVD-202412-2461

CVE-2024-12798

中危

QOS.CH

https://logback.qos.ch/

119

OpenSSL 安全漏洞

CNNVD-202501-2816

CVE-2024-13176

中危

OpenSSL

https://github.com/openssl/openssl/

120

Apache Commons Compress 安全漏洞

CNNVD-202402-1528

CVE-2024-25710

中危

Apache

https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf

121

Apache Commons Compress 安全漏洞

CNNVD-202402-1527

CVE-2024-26308

中危

Apache

https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg

122

Pillow 安全漏洞

CNNVD-202404-098

CVE-2024-28219

中危

Pillow

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.ht

123

GnuTLS 信息泄露漏洞

CNNVD-202403-2176

CVE-2024-28834

中危

GnuTLS

https://gnutls.org/download.html

124

GnuTLS 安全漏洞

CNNVD-202403-2145

CVE-2024-28835

中危

GnuTLS

https://gitlab.com/gnutls/gnutls/-/commit/4a4cefef6c194f8fbbffd7fb19651219421b085b

125

Netty 安全漏洞

CNNVD-202403-2434

CVE-2024-29025

中危

Netty

https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c

126

Apache CXF 代码问题漏洞

CNNVD-202407-1958

CVE-2024-29736

中危

Apache

https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2

127

Pallets Jinja 安全漏洞

CNNVD-202405-1436

CVE-2024-34064

中危

Pallets

https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj

128

Requests 安全漏洞

CNNVD-202405-3594

CVE-2024-35195

中危

Python

https://github.com/psf/requests/releases/tag/v2.32

129

urllib3 安全漏洞

CNNVD-202406-1954

CVE-2024-37891

中危

urllib3

https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf

130

Tiny Technologies TinyMCE 安全漏洞

CNNVD-202406-2249

CVE-2024-38357

中危

Tiny Technologies

https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x

131

Apache HTTP Server 安全漏洞

CNNVD-202407-092

CVE-2024-38476

中危

Apache

https://lists.apache.org/thread/p2xfjsvpogyrg4hw9cjs2nrnqnl34qf0

132

VMware Spring Security 安全漏洞

CNNVD-202412-142

CVE-2024-38827

中危

VMware

https://spring.io/security/cve-2024-38827

133

VMware Spring Framework 安全漏洞

CNNVD-202411-2241

CVE-2024-38828

中危

VMware

https://spring.io/security/cve-2024-38828

134

Apache HTTP Server 输入验证错误漏洞

CNNVD-202407-086

CVE-2024-39573

中危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

135

Apache HTTP Server 安全漏洞

CNNVD-202407-1912

CVE-2024-40725

中危

Apache

https://httpd.apache.org/security/vulnerabilities_24.html

136

Apple macOS 安全漏洞

CNNVD-202409-1449

CVE-2024-40866

中危

Apple

https://support.apple.com/en-us/121238

137

aiohttp 安全漏洞

CNNVD-202408-764

CVE-2024-42367

中危

aio-libs

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj

138

Jenkins 安全漏洞

CNNVD-202408-532

CVE-2024-43045

中危

Jenkins

https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349

139

Elastic Elasticsearch 安全漏洞

CNNVD-202501-2929

CVE-2024-43709

中危

Elastic

https://discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442

140

Express.js 跨站脚本漏洞

CNNVD-202409-692

CVE-2024-43796

中危

expressjs

https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx

141

Apple iOS和iPadOS 安全漏洞

CNNVD-202410-2739

CVE-2024-44185

中危

Apple

https://support.apple.com/en-us/120909

142

Apple macOS 安全漏洞

CNNVD-202409-1409

CVE-2024-44187

中危

Apple

https://support.apple.com/en-us/121238

143

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202410-3162

CVE-2024-44244

中危

Apple

https://support.apple.com/en-us/121563

144

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202410-3192

CVE-2024-44296

中危

Apple

https://support.apple.com/en-us/121563

145

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202411-2776

CVE-2024-44309

中危

Apple

https://support.apple.com/en-us/121752

146

Google Go 安全漏洞

CNNVD-202412-2401

CVE-2024-45338

中危

Google

https://pkg.go.dev/vuln/GO-2024-3333

147

CKEditor 跨站脚本漏洞

CNNVD-202409-2152

CVE-2024-45613

中危

个人开发者

https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1

148

Netty 资源管理错误漏洞

CNNVD-202411-1363

CVE-2024-47535

中危

Netty

https://github.com/netty/netty/releases/tag/netty-4.1.115.Final

149

GStreamer 代码问题漏洞

CNNVD-202412-1416

CVE-2024-47544

中危

GStreamer

https://gstreamer.freedesktop.org/security/sa-2024-0011.html

150

GStreamer 数字错误漏洞

CNNVD-202412-1432

CVE-2024-47545

中危

GStreamer

https://gstreamer.freedesktop.org/security/sa-2024-0010.html

151

GStreamer 数字错误漏洞

CNNVD-202412-1408

CVE-2024-47546

中危

GStreamer

https://gstreamer.freedesktop.org/security/sa-2024-0013.html

152

Apache Commons IO 资源管理错误漏洞

CNNVD-202410-209

CVE-2024-47554

中危

Apache

https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1

153

GStreamer 缓冲区错误漏洞

CNNVD-202412-1428

CVE-2024-47596

中危

GStreamer

https://gstreamer.freedesktop.org/security/sa-2024-0015.html

154

GStreamer 缓冲区错误漏洞

CNNVD-202412-1429

CVE-2024-47597

中危

GStreamer

https://gstreamer.freedesktop.org/security/sa-2024-0012.html

155

GStreamer 缓冲区错误漏洞

CNNVD-202412-1420

CVE-2024-47775

中危

GStreamer

https://gstreamer.freedesktop.org/download/

156

GStreamer 缓冲区错误漏洞

CNNVD-202412-1422

CVE-2024-47776

中危

GStreamer

https://gstreamer.freedesktop.org/download/

157

GStreamer 缓冲区错误漏洞

CNNVD-202412-1423

CVE-2024-47777

中危

GStreamer

https://gstreamer.freedesktop.org/download/

158

GStreamer 缓冲区错误漏洞

CNNVD-202412-1418

CVE-2024-47778

中危

GStreamer

https://gstreamer.freedesktop.org/download/

159

MPXJ 路径遍历漏洞

CNNVD-202410-3082

CVE-2024-49771

中危

个人开发者

https://github.com/joniles/mpxj/releases/tag/v13.5.1

160

libexpat 安全漏洞

CNNVD-202410-2993

CVE-2024-50602

中危

libexpat

https://github.com/libexpat/libexpat

161

scikit-learn 安全漏洞

CNNVD-202406-475

CVE-2024-5206

中危

个人开发者

https://github.com/scikit-learn/scikit-learn/releases/tag/1.5

162

Apache Tomcat 安全漏洞

CNNVD-202411-2304

CVE-2024-52317

中危

Apache

https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs

163

Linux kernel 安全漏洞

CNNVD-202412-085

CVE-2024-53122

中危

Linux

https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527

164

Prism 代码注入漏洞

CNNVD-202503-115

CVE-2024-53382

中危

个人开发者

https://prismjs.com/

165

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202412-1494

CVE-2024-54479

中危

Apple

https://support.apple.com/en-us/121837

166

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202412-1506

CVE-2024-54502

中危

Apple

https://support.apple.com/en-us/121837

167

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202412-1510

CVE-2024-54505

中危

Apple

https://support.apple.com/en-us/121837

168

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202412-1512

CVE-2024-54508

中危

Apple

https://support.apple.com/en-us/121837

169

Apache Tomcat 安全漏洞

CNNVD-202412-2255

CVE-2024-54677

中危

Apache

https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n

170

Apache Kafka 安全漏洞

CNNVD-202412-2358

CVE-2024-56128

中危

Apache

https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw

171

OpenSSL 安全漏洞

CNNVD-202409-141

CVE-2024-6119

中危

OpenSSL

https://openssl-library.org/news/secadv/20240903.txt

172

Eclipse Jetty 安全漏洞

CNNVD-202410-1360

CVE-2024-6763

中危

Eclipse

https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh

173

Eclipse Jetty 安全漏洞

CNNVD-202410-1329

CVE-2024-8184

中危

Eclipse

https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq

174

Red Hat Ansible 日志信息泄露漏洞

CNNVD-202409-1291

CVE-2024-8775

中危

Red Hat

https://www.ansible.com/

175

OpenSSL 缓冲区错误漏洞

CNNVD-202410-1698

CVE-2024-9143

中危

OpenSSL

https://openssl-library.org/news/secadv/20241016.txt

176

curl 安全漏洞

CNNVD-202411-649

CVE-2024-9681

中危

cURL

https://github.com/curl/curl/releases/tag/curl-8_11_0

177

Red Hat Ansible 安全漏洞

CNNVD-202411-657

CVE-2024-9902

中危

Red Hat

https://access.redhat.com/errata/RHSA-2024:8969

178

FreeType 安全漏洞

CNNVD-202501-1311

CVE-2025-23022

中危

FreeType

https://freetype.org/

179

Node.js 安全漏洞

CNNVD-202501-3939

CVE-2025-23084

中危

Node.js

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

180

Node.js 安全漏洞

CNNVD-202502-597

CVE-2025-23085

中危

Node.js

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

181

Apache CXF 资源管理错误漏洞

CNNVD-202501-2927

CVE-2025-23184

中危

Apache

https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122

182

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202501-3883

CVE-2025-24143

中危

Apple

https://support.apple.com/en-us/122066

183

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202501-3893

CVE-2025-24158

中危

Apple

https://support.apple.com/en-us/122066

184

Apple iOS和Apple iPadOS 安全漏洞

CNNVD-202501-3897

CVE-2025-24162

中危

Apple

https://support.apple.com/en-us/122066

185

Netty 资源管理错误漏洞

CNNVD-202502-786

CVE-2025-25193

中危

Netty

https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx

186

OpenSSH 安全漏洞

CNNVD-202502-1940

CVE-2025-26465

中危

OpenBSD

https://www.openssh.com/

187

OpenSSH 资源管理错误漏洞

CNNVD-202502-3772

CVE-2025-26466

中危

OpenBSD

https://www.openssh.com/security.html

188

DOMPurify 安全漏洞

CNNVD-202502-1648

CVE-2025-26791

中危

个人开发者

https://github.com/cure53/DOMPurify/releases/tag/3.2.4

189

Babel 安全漏洞

CNNVD-202503-1347

CVE-2025-27789

中危

Babel

https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8

190

Jenkins 安全漏洞

CNNVD-202504-496

CVE-2025-31720

中危

Jenkins

https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3512

191

Jenkins 安全漏洞

CNNVD-202504-497

CVE-2025-31721

中危

Jenkins

https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3513

192

Apache Tomcat 竞争条件问题漏洞

CNNVD-202209-2852

CVE-2021-43980

低危

Apache基金会

https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3

193

curl 安全漏洞

CNNVD-202310-916

CVE-2023-38546

低危

curl

https://github.com/curl/curl/releases

194

curl 安全漏洞

CNNVD-202412-1372

CVE-2024-11053

低危

cURL

https://curl.se/docs/CVE-2024-11053.html

195

logback 安全漏洞

CNNVD-202412-2466

CVE-2024-12801

低危

QOS.CH

https://logback.qos.ch/

196

VMware Spring Framework 安全漏洞

CNNVD-202410-1928

CVE-2024-38820

低危

VMware

https://spring.io/security/cve-2024-38820

197

Apache Avro 代码问题漏洞

CNNVD-202410-208

CVE-2024-47561

低危

Apache

https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x

198

OpenSSL 安全漏洞

CNNVD-202406-2936

CVE-2024-5535

低危

OpenSSL

https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87

199

libxml2 安全漏洞

CNNVD-202502-1973

CVE-2024-56171

低危

GNOME

https://gitlab.gnome.org/GNOME/libxml2/-/tags

200

libxml2 安全漏洞

CNNVD-202502-2003

CVE-2025-27113

低危

GNOME

https://gitlab.gnome.org/GNOME/libxml2/-/tags

三、修复建议

目前,Oracle官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。Oracle官方补丁下载地址:

https://www.oracle.com/security-alerts/cpuapr2025.html

  CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvd@itsec.gov.cn

(转自国家信息安全漏洞库)




一审:易四兰

二审:李振华

三审:汪绍荣