| com.amazon.redshift:redshift-jdbc42 |
CVE-2026-8178 |
严重 |
2.2.0 |
2.2.2 |
Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8178
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-08 19:16 修改: 2026-06-17 11:03
|
| org.apache.kafka:kafka-clients |
CVE-2026-33557 |
严重 |
4.1.0 |
4.1.2 |
kafka: Apache Kafka: Authentication bypass via improper JWT validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33557
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-04-20 14:16 修改: 2026-06-17 10:37
|
| org.apache.ranger:ranger-plugins-common |
CVE-2025-59059 |
严重 |
2.7.0 |
2.8.0 |
Apache Ranger has a Code Injection vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59059
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-03-03 11:16 修改: 2026-06-17 09:45
|
| org.postgresql:postgresql |
CVE-2024-1597 |
严重 |
42.7.0 |
42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 |
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1597
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2024-02-19 13:15 修改: 2026-06-17 07:04
|
| org.postgresql:postgresql |
CVE-2024-1597 |
严重 |
42.7.0 |
42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 |
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1597
镜像层: sha256:80ad8b00d84cc4c9d62207c3cafaf4e6c500c7c96759e2b91afa1b83a4a219e2
发布日期: 2024-02-19 13:15 修改: 2026-06-17 07:04
|
| io.grpc:grpc-netty-shaded |
CVE-2025-55163 |
高危 |
1.71.0 |
1.75.0 |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.netty:netty-codec-classes-quic |
CVE-2026-44894 |
高危 |
4.2.7.Final |
4.2.15.Final |
netty-codec-classes-quic: Netty: Denial of Service amplification via improper QUIC token validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44894
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:51
|
| io.netty:netty-codec-compression |
CVE-2026-42583 |
高危 |
4.2.7.Final |
4.2.13.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-dns |
CVE-2026-42579 |
高危 |
4.2.7.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-haproxy |
CVE-2026-44893 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44893
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:51
|
| io.netty:netty-codec-haproxy |
CVE-2026-48059 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48059
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.2.7.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-03-27 20:16 修改: 2026-06-17 10:38
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.2.7.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.2.7.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http2 |
CVE-2026-33871 |
高危 |
4.2.7.Final |
4.1.132.Final, 4.2.11.Final |
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-03-27 20:16 修改: 2026-06-17 10:38
|
| io.netty:netty-codec-http2 |
CVE-2026-42587 |
高危 |
4.2.7.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http3 |
CVE-2026-42582 |
高危 |
4.2.7.Final |
4.2.13.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42582
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http3 |
CVE-2026-44892 |
高危 |
4.2.7.Final |
4.2.15.Final |
Netty is a network application framework for development of protocol s ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44892
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 05:16 修改: 2026-06-17 10:51
|
| io.netty:netty-codec-http3 |
CVE-2026-48748 |
高危 |
4.2.7.Final |
4.2.15.Final |
netty: Netty: Denial of Service due to memory exhaustion in HTTP/3 codec
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48748
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:55
|
| io.netty:netty-codec-redis |
CVE-2026-44250 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44250
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:50
|
| io.netty:netty-codec-redis |
CVE-2026-44890 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44890
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:51
|
| io.netty:netty-codec-redis |
CVE-2026-48006 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48006
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-redis |
CVE-2026-50011 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: Netty: Denial of Service via malicious Redis array header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50011
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:50
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-resolver-dns |
CVE-2026-45674 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-resolver-dns |
CVE-2026-47691 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-transport-native-epoll |
CVE-2026-42577 |
高危 |
4.2.7.Final |
4.2.13.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42577
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-transport-native-epoll |
CVE-2026-42577 |
高危 |
4.2.7.Final |
4.2.13.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42577
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-transport-native-epoll |
CVE-2026-42577 |
高危 |
4.2.7.Final |
4.2.13.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42577
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-transport-sctp |
CVE-2026-46340 |
高危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46340
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:53
|
| io.trino:trino-iceberg |
CVE-2026-34214 |
高危 |
478 |
480 |
Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34214
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-03-31 15:16 修改: 2026-06-17 10:38
|
| mysql:mysql-connector-java |
CVE-2023-22102 |
高危 |
8.0.27 |
|
mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2023)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22102
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2023-10-17 22:15 修改: 2026-06-17 05:34
|
| mysql:mysql-connector-java |
CVE-2023-22102 |
高危 |
8.0.27 |
|
mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2023)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22102
镜像层: sha256:ac258a49218b14e00026cebf51a8601256a4f773de344a83dd629cdff52f12e8
发布日期: 2023-10-17 22:15 修改: 2026-06-17 05:34
|
| com.microsoft.sqlserver:mssql-jdbc |
CVE-2025-59250 |
高危 |
13.2.1 |
10.2.4.jre11, 11.2.4.jre11, 12.2.1.jre11, 12.6.5.jre11, 12.8.2.jre11, 12.10.2.jre11, 13.2.1.jre11 |
JDBC Driver for SQL Server has improper input validation issue
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59250
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-10-14 17:16 修改: 2026-06-17 09:45
|
| org.apache.kafka:kafka-clients |
CVE-2026-35554 |
高危 |
4.1.0 |
3.9.2, 4.0.2, 4.1.2 |
Apache Kafka Clients: Apache Kafka Clients: Information disclosure and data corruption due to race condition in producer buffer management
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35554
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-04-07 14:16 修改: 2026-06-17 10:40
|
| com.squareup.wire:wire-runtime-jvm |
CVE-2026-45799 |
高危 |
5.2.1 |
|
Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45799
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| org.apache.thrift:libthrift |
CVE-2026-43869 |
高危 |
0.22.0 |
0.23.0 |
Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43869
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-05 08:16 修改: 2026-06-17 10:50
|
| org.apache.zookeeper:zookeeper |
CVE-2026-24281 |
高危 |
3.9.4 |
3.8.6, 3.9.5 |
Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24281
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-03-07 09:16 修改: 2026-06-17 10:22
|
| org.apache.zookeeper:zookeeper |
CVE-2026-24308 |
高危 |
3.9.4 |
3.9.5, 3.8.6 |
Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24308
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-03-07 09:16 修改: 2026-06-17 10:22
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2026-5598 |
高危 |
1.82 |
1.84 |
bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5598
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-04-15 10:16 修改: 2026-06-17 10:59
|
| org.eclipse.jetty:jetty-http |
CVE-2026-2332 |
高危 |
12.1.3 |
12.1.7, 12.0.33 |
org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-04-14 12:16 修改: 2026-06-17 10:30
|
| org.eclipse.jetty:jetty-server |
CVE-2026-1605 |
高危 |
12.1.3 |
12.1.6, 12.0.32 |
org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1605
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-03-05 10:15 修改: 2026-06-17 10:16
|
| org.elasticsearch:elasticsearch |
CVE-2023-31418 |
高危 |
7.10.2 |
7.17.13, 8.9.0 |
elasticsearch: uncontrolled resource consumption
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31418
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2023-10-26 18:15 修改: 2026-06-17 05:56
|
| org.lz4:lz4-java |
CVE-2025-12183 |
高危 |
1.8.0 |
1.8.1 |
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12183
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-11-28 16:15 修改: 2026-06-17 08:31
|
| org.lz4:lz4-java |
CVE-2025-66566 |
高危 |
1.8.0 |
|
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66566
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-12-05 18:15 修改: 2026-06-17 09:57
|
| org.opensearch:opensearch-common |
CVE-2025-9624 |
高危 |
2.19.3 |
3.3.0, 2.19.4 |
OpenSearch is vulnerable to DoS via complex query_string inputs
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9624
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-11-25 20:16 修改: 2026-06-17 10:09
|
| io.airlift:aircompressor |
CVE-2025-67721 |
高危 |
2.0.2 |
2.0.3 |
aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67721
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-12-12 23:15 修改: 2026-06-17 09:58
|
| io.airlift:aircompressor-v3 |
CVE-2025-67721 |
高危 |
3.3 |
3.4 |
aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67721
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-12-12 23:15 修改: 2026-06-17 09:58
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.7.0 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2026-04-29 16:16 修改: 2026-06-17 10:47
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.7.0 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:80ad8b00d84cc4c9d62207c3cafaf4e6c500c7c96759e2b91afa1b83a4a219e2
发布日期: 2026-04-29 16:16 修改: 2026-06-17 10:47
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.7.8 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-04-29 16:16 修改: 2026-06-17 10:47
|
| io.netty:netty-transport-native-kqueue |
CVE-2026-45536 |
中危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-kqueue |
CVE-2026-45536 |
中危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-codec-http2 |
CVE-2026-50560 |
中危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.opentelemetry:opentelemetry-api |
CVE-2026-45292 |
中危 |
1.55.0 |
1.62.0 |
opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:51
|
| io.opentelemetry:opentelemetry-api |
CVE-2026-45292 |
中危 |
1.55.0 |
1.62.0 |
opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:51
|
| io.opentelemetry:opentelemetry-extension-trace-propagators |
CVE-2026-45292 |
中危 |
1.55.0 |
1.62.0 |
opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:51
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.20.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.20.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
29.0-android |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| mysql:mysql-connector-java |
CVE-2022-21363 |
中危 |
8.0.27 |
8.0.28 |
mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21363
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2022-01-19 12:15 修改: 2026-06-17 04:26
|
| mysql:mysql-connector-java |
CVE-2022-21363 |
中危 |
8.0.27 |
8.0.28 |
mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21363
镜像层: sha256:ac258a49218b14e00026cebf51a8601256a4f773de344a83dd629cdff52f12e8
发布日期: 2022-01-19 12:15 修改: 2026-06-17 04:26
|
| org.apache.commons:commons-configuration2 |
CVE-2026-45205 |
中危 |
2.12.0 |
2.15.0 |
Uncontrolled Recursion vulnerability in Apache Commons. When processi ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45205
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-14 12:16 修改: 2026-06-17 10:51
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.14.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.14.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| io.netty:netty-codec-mqtt |
CVE-2026-44248 |
中危 |
4.2.7.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-mqtt: Netty: Denial of Service due to excessive resource consumption from crafted MQTT 5 header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44248
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:50
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.apache.logging.log4j:log4j-1.2-api |
CVE-2026-34479 |
中危 |
2.24.3 |
2.25.4 |
org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34479
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.24.3 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.24.3 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34478 |
中危 |
2.24.3 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.24.3 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-layout-template-json |
CVE-2026-34481 |
中危 |
2.24.3 |
2.25.4 |
org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34481
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| io.netty:netty-codec-classes-quic |
CVE-2026-50009 |
中危 |
4.2.7.Final |
4.2.15.Final |
Netty is a network application framework for development of protocol s ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50009
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.2.7.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.2.7.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| io.netty:netty-codec-redis |
CVE-2026-42586 |
中危 |
4.2.7.Final |
4.2.13.Final, 4.1.133.Final |
netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42586
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.2.7.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2026-0636 |
中危 |
1.82 |
1.84 |
bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-04-15 10:16 修改: 2026-06-17 10:11
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.2.7.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.2.7.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| org.elasticsearch.client:elasticsearch-rest-client |
CVE-2021-22145 |
中危 |
7.10.2 |
7.13.4 |
elasticsearch: memory disclosure in error reporting
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22145
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2021-07-21 15:15 修改: 2026-06-17 03:36
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| org.elasticsearch:elasticsearch |
CVE-2021-22134 |
中危 |
7.10.2 |
7.11.0 |
elasticsearch: requests do not properly apply security permissions when executing a query against a recently updated document
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22134
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2021-03-08 21:15 修改: 2026-06-17 03:36
|
| org.elasticsearch:elasticsearch |
CVE-2021-22135 |
中危 |
7.10.2 |
7.11.2, 6.8.15 |
elasticsearch: Document disclosure flaw in the Elasticsearch suggester
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22135
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2021-05-13 18:15 修改: 2026-06-17 03:36
|
| org.elasticsearch:elasticsearch |
CVE-2021-22144 |
中危 |
7.10.2 |
6.8.17, 7.13.3 |
elasticsearch: uncontrolled recursion in Grok parser
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22144
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2021-07-26 12:15 修改: 2026-06-17 03:36
|
| org.elasticsearch:elasticsearch |
CVE-2023-31417 |
中危 |
7.10.2 |
7.17.13, 8.9.2 |
elasticsearch: Sensitive information in audit logs
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31417
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2023-10-26 18:15 修改: 2026-06-17 05:56
|
| org.elasticsearch:elasticsearch |
CVE-2023-31419 |
中危 |
7.10.2 |
7.17.13, 8.9.1 |
elasticsearch: StackOverflow vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31419
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2023-10-26 18:15 修改: 2026-06-17 05:56
|
| org.elasticsearch:elasticsearch |
CVE-2023-46673 |
中危 |
7.10.2 |
7.17.14, 8.10.3 |
elasticsearch: Improper Handling of Exceptional Conditions
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46673
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2023-11-22 10:15 修改: 2026-06-17 06:31
|
| org.elasticsearch:elasticsearch |
CVE-2023-49921 |
中危 |
7.10.2 |
7.17.16, 8.11.2 |
elasticsearch: Insertion of Sensitive Information into Log File
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49921
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2024-07-26 05:15 修改: 2026-06-17 06:36
|
| org.elasticsearch:elasticsearch |
CVE-2024-23444 |
中危 |
7.10.2 |
8.13.0, 7.17.23 |
Elasticsearch stores private key on disk unencrypted
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23444
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2024-07-31 18:15 修改: 2026-06-17 07:12
|
| org.elasticsearch:elasticsearch |
CVE-2024-23450 |
中危 |
7.10.2 |
7.17.19, 8.13.0 |
elasticsearch: Possible denial of service when processing documents in a deeply nested pipeline
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23450
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2024-03-27 17:15 修改: 2026-06-17 07:12
|
| org.elasticsearch:elasticsearch |
CVE-2024-43709 |
中危 |
7.10.2 |
7.17.21, 8.13.3 |
elasticsearch: Elasticsearch allocation of resources without limits or throttling leads to crash
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43709
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-01-21 11:15 修改: 2026-06-17 07:51
|
| org.elasticsearch:elasticsearch |
CVE-2024-52979 |
中危 |
7.10.2 |
7.17.25, 8.16.0 |
elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52979
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-05-01 14:15 修改: 2026-06-17 08:07
|
| org.elasticsearch:elasticsearch |
CVE-2025-37727 |
中危 |
7.10.2 |
8.18.8, 8.19.5, 9.0.8, 9.1.5 |
org.elasticsearch/elasticsearch-core: Elasticsearch Insertion of sensitive information in log file
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-37727
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-10-10 10:15 修改: 2026-06-17 09:15
|
| org.elasticsearch:elasticsearch |
CVE-2025-37731 |
中危 |
7.10.2 |
8.19.8, 9.1.8, 9.2.2 |
elasticsearch: Elasticsearch: User impersonation due to improper authentication in Public Key Infrastructure (PKI) realm
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-37731
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-12-15 11:15 修改: 2026-06-17 09:15
|
| org.elasticsearch:elasticsearch |
CVE-2024-52980 |
中危 |
7.17.29 |
8.15.1 |
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52980
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-04-08 17:15 修改: 2026-06-17 08:07
|
| org.elasticsearch:elasticsearch |
CVE-2025-37727 |
中危 |
7.17.29 |
8.18.8, 8.19.5, 9.0.8, 9.1.5 |
org.elasticsearch/elasticsearch-core: Elasticsearch Insertion of sensitive information in log file
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-37727
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-10-10 10:15 修改: 2026-06-17 09:15
|
| org.elasticsearch:elasticsearch |
CVE-2025-37731 |
中危 |
7.17.29 |
8.19.8, 9.1.8, 9.2.2 |
elasticsearch: Elasticsearch: User impersonation due to improper authentication in Public Key Infrastructure (PKI) realm
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-37731
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-12-15 11:15 修改: 2026-06-17 09:15
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7144aa0a3cce16c37560cc8bc8980d51b31f80b72fccd99d09f02a39c54e6722
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| io.netty:netty-resolver-dns |
CVE-2026-45673 |
中危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| commons-lang:commons-lang |
CVE-2025-48924 |
中危 |
2.6 |
|
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| io.netty:netty-codec-http2 |
CVE-2026-47244 |
中危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-48043 |
中危 |
4.2.7.Final |
4.1.135.Final, 4.2.15.Final |
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.2.7.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.2.7.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.5.20 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
|
| org.eclipse.jetty:jetty-http |
CVE-2025-11143 |
低危 |
12.1.3 |
12.0.31, 12.1.5 |
org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
29.0-android |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| net.snowflake:snowflake-jdbc |
CVE-2026-3293 |
低危 |
3.27.0 |
|
snowflake-jdbc: snowflake-jdbc: Denial of Service via inefficient regular expression processing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3293
镜像层: sha256:34fc8294610b3ab91986a64bb8664c5609650da40c659ed8660a461e392f617e
发布日期: 2026-02-27 06:18 修改: 2026-06-17 10:43
|