| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.21.11 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.21.7 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
|
| com.thoughtworks.xstream:xstream |
CVE-2022-40151 |
高危 |
1.4.19 |
1.4.20 |
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40151
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2022-09-16 10:15 修改: 2022-09-20 18:11
|
| com.thoughtworks.xstream:xstream |
CVE-2022-41966 |
高危 |
1.4.19 |
1.4.20 |
xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41966
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2022-12-28 00:15 修改: 2023-06-27 14:04
|
| com.thoughtworks.xstream:xstream |
CVE-2024-47072 |
高危 |
1.4.19 |
1.4.21 |
com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47072
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-11-08 00:15 修改: 2024-11-08 19:01
|
| commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.11.0 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-10-03 12:15 修改: 2024-12-04 15:15
|
| io.netty:netty-codec-http2 |
GHSA-xpw8-rcwv-8f8p |
高危 |
4.1.79.Final |
4.1.100.Final |
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| org.apache.commons:commons-compress |
CVE-2024-25710 |
高危 |
1.22 |
1.26.0 |
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-50379 |
高危 |
10.1.25 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-12-17 13:15 修改: 2025-01-03 12:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-56337 |
高危 |
10.1.25 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56337
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-12-20 16:15 修改: 2025-01-03 12:15
|
| org.bitbucket.b_c:jose4j |
CVE-2023-31582 |
高危 |
0.9.2 |
0.9.3 |
jose4j: Insecure iteration count setting
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31582
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2023-10-25 18:17 修改: 2023-10-31 15:18
|
| org.springframework:spring-webmvc |
CVE-2024-38816 |
高危 |
6.1.10 |
6.1.13 |
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-09-13 06:15 修改: 2024-12-27 16:15
|
| org.springframework:spring-webmvc |
CVE-2024-38819 |
高危 |
6.1.10 |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-12-19 18:15 修改: 2025-01-10 13:15
|
| org.yaml:snakeyaml |
CVE-2022-1471 |
高危 |
1.33 |
2.0 |
SnakeYaml: Constructor Deserialization Remote Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2022-12-01 11:15 修改: 2024-06-21 19:15
|
| xerces:xercesImpl |
CVE-2012-0881 |
高危 |
2.11.0 |
2.12.0 |
xml: xerces-j2 hash table collisions CPU usage DoS (oCERT-2011-003)
漏洞详情: https://avd.aquasec.com/nvd/cve-2012-0881
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2017-10-30 16:29 修改: 2023-02-13 00:23
|
| xerces:xercesImpl |
CVE-2013-4002 |
高危 |
2.11.0 |
2.12.0 |
OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4002
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2013-07-23 11:03 修改: 2023-11-07 02:16
|
| org.apache.commons:commons-compress |
CVE-2023-42503 |
中危 |
1.22 |
1.24.0 |
apache-commons-compress: Denial of service via CPU consumption for malformed TAR file
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42503
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2023-09-14 08:15 修改: 2024-02-21 21:27
|
| org.apache.commons:commons-compress |
CVE-2024-26308 |
中危 |
1.22 |
1.26.0 |
commons-compress: OutOfMemoryError unpacking broken Pack200 file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-02-19 09:15 修改: 2024-03-21 19:54
|
| org.apache.httpcomponents:httpclient |
CVE-2020-13956 |
中危 |
4.5.3 |
4.5.13, 5.0.3 |
apache-httpclient: incorrect handling of malformed authority component in request URIs
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2020-12-02 17:15 修改: 2023-11-07 03:17
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
29.0-android |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
|
| com.squareup.okio:okio |
CVE-2023-3635 |
中危 |
1.17.5 |
3.4.0, 1.17.6 |
okio: GzipSource class improper exception handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2023-07-12 19:15 修改: 2023-10-25 15:17
|
| io.netty:netty-codec-http |
CVE-2024-29025 |
中危 |
4.1.79.Final |
4.1.108.Final |
netty-codec-http: Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-03-25 20:15 修改: 2024-06-21 22:15
|
| org.bitbucket.b_c:jose4j |
CVE-2023-51775 |
中危 |
0.9.2 |
0.9.4 |
jose4j: denial of service via specially crafted JWE
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51775
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-02-29 01:42 修改: 2024-08-14 19:35
|
| org.bitbucket.b_c:jose4j |
GHSA-jgvc-jfgh-rjvv |
中危 |
0.9.2 |
0.9.3 |
Chosen Ciphertext Attack in Jose4j
漏洞详情: https://github.com/advisories/GHSA-jgvc-jfgh-rjvv
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| org.bouncycastle:bcpkix-jdk18on |
CVE-2023-33202 |
中危 |
1.72 |
1.73 |
bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2023-11-23 16:15 修改: 2024-09-09 13:53
|
| org.springframework.ldap:spring-ldap-core |
CVE-2024-38829 |
中危 |
3.2.4 |
3.2.8, 2.4.4 |
spring-ldap: Spring LDAP sensitive data exposure for case-sensitive comparisons
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38829
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-12-04 21:15 修改: 2024-12-10 15:15
|
| org.springframework:spring-context |
CVE-2024-38820 |
中危 |
6.1.10 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-10-18 06:15 修改: 2024-11-29 12:15
|
| org.springframework:spring-web |
CVE-2024-38809 |
中危 |
6.1.10 |
5.3.38, 6.0.23, 6.1.12 |
org.springframework:spring-web: Spring Framework DoS via conditional HTTP request
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38809
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-09-27 17:15 修改: 2024-09-30 12:45
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
30.1-jre |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.111.Final |
4.1.115 |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-11-12 16:15 修改: 2024-11-13 17:01
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.79.Final |
4.1.115 |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-11-12 16:15 修改: 2024-11-13 17:01
|
| io.netty:netty-handler |
CVE-2023-34462 |
中危 |
4.1.79.Final |
4.1.94.Final |
netty: SniHandler 16MB allocation leads to OOM
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2023-06-22 23:15 修改: 2024-06-21 19:15
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.5.6 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-12-19 16:15 修改: 2025-01-03 14:15
|
| xerces:xercesImpl |
CVE-2020-14338 |
中危 |
2.11.0 |
2.12.0.sp3 |
wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14338
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2020-09-17 15:15 修改: 2023-11-07 03:17
|
| xerces:xercesImpl |
CVE-2022-23437 |
中危 |
2.11.0 |
2.12.2 |
xerces-j2: infinite loop when handling specially crafted XML document payloads
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23437
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2022-01-24 15:15 修改: 2023-08-08 14:22
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
30.1-jre |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
29.0-android |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.5.6 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:b782aea7133b8a373cdc3e4dc1c5fb42f2ef0b7397755507c09e0de8e95ec44b
发布日期: 2024-12-19 17:15 修改: 2025-01-03 14:15
|