docker.io/bodsch/docker-jolokia:latest linux/amd64

docker.io/bodsch/docker-jolokia:latest - Trivy安全扫描结果 扫描时间: 2024-12-22 16:35
全部漏洞信息
低危漏洞:13 中危漏洞:52 高危漏洞:97 严重漏洞:31

系统OS: alpine 3.12.0 扫描引擎: Trivy 扫描时间: 2024-12-22 16:35

docker.io/bodsch/docker-jolokia:latest (alpine 3.12.0) (alpine)
低危漏洞:12 中危漏洞:38 高危漏洞:51 严重漏洞:7
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
apk-tools CVE-2021-36159 严重 2.10.5-r1 2.10.7-r0 libfetch: an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes leads to information leak or crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36159

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-08-03 14:15 修改: 2023-11-07 03:36
curl CVE-2021-22945 严重 7.69.1-r1 7.79.0-r0 curl: use-after-free and double-free in MQTT sending

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22945

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-09-23 13:15 修改: 2024-03-27 15:04
libcrypto1.1 CVE-2021-3711 严重 1.1.1g-r0 1.1.1l-r0 openssl: SM2 Decryption Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3711

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libcurl CVE-2021-22945 严重 7.69.1-r1 7.79.0-r0 curl: use-after-free and double-free in MQTT sending

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22945

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-09-23 13:15 修改: 2024-03-27 15:04
libssl1.1 CVE-2021-3711 严重 1.1.1g-r0 1.1.1l-r0 openssl: SM2 Decryption Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3711

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
nss CVE-2021-43527 严重 3.57-r0 3.60-r2 nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43527

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-12-08 22:15 修改: 2023-02-23 01:40
zlib CVE-2022-37434 严重 1.2.11-r3 1.2.12-r2 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37434

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2022-08-05 07:15 修改: 2023-07-19 00:56
busybox CVE-2021-42382 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42382

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2021-42383 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42383

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2021-42384 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42384

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2021-42385 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42385

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2021-42386 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42386

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2022-28391 高危 1.31.1-r19 1.31.1-r22 busybox: remote attackers may execute arbitrary code if netstat is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-04-03 21:15 修改: 2022-08-11 18:44
apk-tools CVE-2021-30139 高危 2.10.5-r1 2.10.6-r0

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-30139

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-04-21 16:15 修改: 2021-04-22 18:21
curl CVE-2020-8231 高危 7.69.1-r1 7.69.1-r2 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8231

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-14 20:15 修改: 2024-03-27 16:04
curl CVE-2020-8285 高危 7.69.1-r1 7.69.1-r3 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8285

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-14 20:15 修改: 2024-03-27 15:47
curl CVE-2020-8286 高危 7.69.1-r1 7.69.1-r3 curl: Inferior OCSP verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8286

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-14 20:15 修改: 2024-03-27 15:47
curl CVE-2021-22901 高危 7.69.1-r1 7.77.0-r0 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22901

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-06-11 16:15 修改: 2024-03-27 15:12
curl CVE-2021-22946 高危 7.69.1-r1 7.79.0-r0 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22946

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-09-29 20:15 修改: 2024-03-27 15:12
curl CVE-2022-22576 高危 7.69.1-r1 7.79.1-r1 curl: OAUTH2 bearer bypass in connection re-use

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22576

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-05-26 17:15 修改: 2024-03-27 15:02
curl CVE-2022-27775 高危 7.69.1-r1 7.79.1-r1 curl: bad local IPv6 connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27775

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
busybox CVE-2021-28831 高危 1.31.1-r19 1.31.1-r20 busybox: invalid free or segmentation fault via malformed gzip data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28831

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-03-19 05:15 修改: 2023-11-07 03:32
libcrypto1.1 CVE-2021-23840 高危 1.1.1g-r0 1.1.1j-r0 openssl: integer overflow in CipherUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23840

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2021-3450 高危 1.1.1g-r0 1.1.1k-r0 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3450

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-03-25 15:15 修改: 2023-11-07 03:38
libcrypto1.1 CVE-2021-3712 高危 1.1.1g-r0 1.1.1l-r0 openssl: Read buffer overruns processing ASN.1 strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3712

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2022-0778 高危 1.1.1g-r0 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
busybox CVE-2021-42378 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42378

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
libcurl CVE-2020-8231 高危 7.69.1-r1 7.69.1-r2 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8231

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-14 20:15 修改: 2024-03-27 16:04
libcurl CVE-2020-8285 高危 7.69.1-r1 7.69.1-r3 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8285

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-14 20:15 修改: 2024-03-27 15:47
libcurl CVE-2020-8286 高危 7.69.1-r1 7.69.1-r3 curl: Inferior OCSP verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8286

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-14 20:15 修改: 2024-03-27 15:47
libcurl CVE-2021-22901 高危 7.69.1-r1 7.77.0-r0 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22901

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-06-11 16:15 修改: 2024-03-27 15:12
libcurl CVE-2021-22946 高危 7.69.1-r1 7.79.0-r0 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22946

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-09-29 20:15 修改: 2024-03-27 15:12
libcurl CVE-2022-22576 高危 7.69.1-r1 7.79.1-r1 curl: OAUTH2 bearer bypass in connection re-use

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22576

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-05-26 17:15 修改: 2024-03-27 15:02
libcurl CVE-2022-27775 高危 7.69.1-r1 7.79.1-r1 curl: bad local IPv6 connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27775

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
busybox CVE-2021-42379 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42379

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
libssl1.1 CVE-2021-23840 高危 1.1.1g-r0 1.1.1j-r0 openssl: integer overflow in CipherUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23840

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-3450 高危 1.1.1g-r0 1.1.1k-r0 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3450

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-03-25 15:15 修改: 2023-11-07 03:38
libssl1.1 CVE-2021-3712 高危 1.1.1g-r0 1.1.1l-r0 openssl: Read buffer overruns processing ASN.1 strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3712

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2022-0778 高危 1.1.1g-r0 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
busybox CVE-2021-42380 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42380

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
nss CVE-2020-25648 高危 3.57-r0 3.58-r0 nss: TLS 1.3 CCS flood remote DoS Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25648

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-10-20 22:15 修改: 2023-11-07 03:20
p11-kit CVE-2020-29361 高危 0.23.20-r5 0.23.22-r0 p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-29361

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-16 14:15 修改: 2023-11-07 03:21
p11-kit CVE-2020-29363 高危 0.23.20-r5 0.23.22-r0 p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-29363

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-16 14:15 修改: 2022-05-12 14:47
p11-kit-trust CVE-2020-29361 高危 0.23.20-r5 0.23.22-r0 p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-29361

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-16 14:15 修改: 2023-11-07 03:21
p11-kit-trust CVE-2020-29363 高危 0.23.20-r5 0.23.22-r0 p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-29363

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-16 14:15 修改: 2022-05-12 14:47
ssl_client CVE-2021-28831 高危 1.31.1-r19 1.31.1-r20 busybox: invalid free or segmentation fault via malformed gzip data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28831

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-03-19 05:15 修改: 2023-11-07 03:32
ssl_client CVE-2021-42378 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42378

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42379 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42379

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42380 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42380

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42381 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42381

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42382 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42382

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42383 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42383

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42384 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42384

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42385 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42385

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42386 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42386

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2022-28391 高危 1.31.1-r19 1.31.1-r22 busybox: remote attackers may execute arbitrary code if netstat is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-04-03 21:15 修改: 2022-08-11 18:44
busybox CVE-2021-42381 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42381

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
zlib CVE-2018-25032 高危 1.2.11-r3 1.2.12-r0 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-25032

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2022-03-25 09:15 修改: 2023-11-07 02:56
libssl1.1 CVE-2021-23841 中危 1.1.1g-r0 1.1.1j-r0 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23841

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-3449 中危 1.1.1g-r0 1.1.1k-r0 openssl: NULL pointer dereference in signature_algorithms processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3449

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-03-25 15:15 修改: 2024-06-21 19:15
libuuid CVE-2021-3995 中危 2.35.2-r0 2.37.3-r0 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3995

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-08-23 20:15 修改: 2024-01-07 09:15
libuuid CVE-2021-3996 中危 2.35.2-r0 2.37.3-r0 util-linux: Unauthorized unmount of filesystems in libmount

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3996

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-08-23 20:15 修改: 2024-10-15 16:35
libuuid CVE-2022-0563 中危 2.35.2-r0 2.37.4-r0 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-02-21 19:15 修改: 2024-01-07 09:15
musl CVE-2020-28928 中危 1.1.24-r9 1.1.24-r10 In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28928

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-11-24 18:15 修改: 2023-11-07 03:21
musl-utils CVE-2020-28928 中危 1.1.24-r9 1.1.24-r10 In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28928

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-11-24 18:15 修改: 2023-11-07 03:21
curl CVE-2022-27776 中危 7.69.1-r1 7.79.1-r1 curl: auth/cookie leak on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27776

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
busybox CVE-2021-42374 中危 1.31.1-r19 1.31.1-r21 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42374

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
nss CVE-2022-1097 中危 3.57-r0 3.68.3-r0 Mozilla: Use-after-free in NSSToken objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1097

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-12-22 20:15 修改: 2022-12-29 17:52
openjdk11-jre-headless CVE-2020-14779 中危 11.0.8_p10-r0 11.0.9_p11-r0 OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14779

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-10-21 15:15 修改: 2023-11-07 03:17
openjdk11-jre-headless CVE-2020-14781 中危 11.0.8_p10-r0 11.0.9_p11-r0 OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14781

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-10-21 15:15 修改: 2022-05-13 14:57
openjdk11-jre-headless CVE-2020-14782 中危 11.0.8_p10-r0 11.0.9_p11-r0 OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14782

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-10-21 15:15 修改: 2022-05-13 14:57
openjdk11-jre-headless CVE-2020-14792 中危 11.0.8_p10-r0 11.0.9_p11-r0 OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14792

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-10-21 15:15 修改: 2022-05-13 14:57
openjdk11-jre-headless CVE-2020-14797 中危 11.0.8_p10-r0 11.0.9_p11-r0 OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14797

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-10-21 15:15 修改: 2022-05-13 14:57
openjdk11-jre-headless CVE-2020-14803 中危 11.0.8_p10-r0 11.0.9_p11-r0 OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14803

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-10-21 15:15 修改: 2021-02-24 21:42
curl CVE-2021-22876 中危 7.69.1-r1 7.76.0-r0 curl: Leak of authentication credentials in URL via automatic Referer

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22876

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-04-01 18:15 修改: 2024-03-27 15:47
curl CVE-2021-22922 中危 7.69.1-r1 7.78.0-r0 curl: Content not matching hash in Metalink is not being discarded

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22922

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:12
p11-kit CVE-2020-29362 中危 0.23.20-r5 0.23.22-r0 p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-29362

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-16 14:15 修改: 2021-01-11 16:50
curl CVE-2021-22923 中危 7.69.1-r1 7.78.0-r0 curl: Metalink download sends credentials

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22923

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:11
curl CVE-2021-22925 中危 7.69.1-r1 7.78.0-r0 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22925

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:11
p11-kit-trust CVE-2020-29362 中危 0.23.20-r5 0.23.22-r0 p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-29362

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-16 14:15 修改: 2021-01-11 16:50
sqlite-libs CVE-2020-15358 中危 3.32.1-r0 3.32.1-r1 sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15358

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-06-27 12:15 修改: 2022-05-12 15:01
sqlite-libs CVE-2021-20227 中危 3.32.1-r0 3.32.1-r1 sqlite: potential use-after-free bug when processing a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20227

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-03-23 17:15 修改: 2022-11-16 18:58
libcurl CVE-2021-22876 中危 7.69.1-r1 7.76.0-r0 curl: Leak of authentication credentials in URL via automatic Referer

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22876

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-04-01 18:15 修改: 2024-03-27 15:47
libcurl CVE-2021-22922 中危 7.69.1-r1 7.78.0-r0 curl: Content not matching hash in Metalink is not being discarded

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22922

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:12
libcurl CVE-2021-22923 中危 7.69.1-r1 7.78.0-r0 curl: Metalink download sends credentials

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22923

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:11
libcurl CVE-2021-22925 中危 7.69.1-r1 7.78.0-r0 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22925

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:11
libcurl CVE-2021-22947 中危 7.69.1-r1 7.79.0-r0 curl: Server responses received before STARTTLS processed after TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22947

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-09-29 20:15 修改: 2024-03-27 15:03
libcurl CVE-2022-27774 中危 7.69.1-r1 7.79.1-r1 curl: credential leak on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27774

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
libcurl CVE-2022-27776 中危 7.69.1-r1 7.79.1-r1 curl: auth/cookie leak on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27776

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
libcrypto1.1 CVE-2020-1971 中危 1.1.1g-r0 1.1.1i-r0 openssl: EDIPARTYNAME NULL pointer de-reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1971

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2020-12-08 16:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2021-23841 中危 1.1.1g-r0 1.1.1j-r0 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23841

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2021-3449 中危 1.1.1g-r0 1.1.1k-r0 openssl: NULL pointer dereference in signature_algorithms processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3449

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-03-25 15:15 修改: 2024-06-21 19:15
curl CVE-2021-22947 中危 7.69.1-r1 7.79.0-r0 curl: Server responses received before STARTTLS processed after TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22947

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-09-29 20:15 修改: 2024-03-27 15:03
ssl_client CVE-2021-42374 中危 1.31.1-r19 1.31.1-r21 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42374

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
curl CVE-2022-27774 中危 7.69.1-r1 7.79.1-r1 curl: credential leak on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27774

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
libssl1.1 CVE-2020-1971 中危 1.1.1g-r0 1.1.1i-r0 openssl: EDIPARTYNAME NULL pointer de-reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1971

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2020-12-08 16:15 修改: 2024-06-21 19:15
openjdk11-jre-headless CVE-2020-14796 低危 11.0.8_p10-r0 11.0.9_p11-r0 OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14796

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-10-21 15:15 修改: 2022-05-13 14:57
openjdk11-jre-headless CVE-2020-14798 低危 11.0.8_p10-r0 11.0.9_p11-r0 OpenJDK: Missing maximum length check in WindowsNativeDispatcher.asNativeBuffer() (Libraries, 8242695)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14798

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-10-21 15:15 修改: 2022-05-13 14:57
curl CVE-2021-22924 低危 7.69.1-r1 7.78.0-r0 curl: Bad connection reuse due to flawed path name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22924

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:11
libcrypto1.1 CVE-2021-23839 低危 1.1.1g-r0 1.1.1j-r0 openssl: incorrect SSLv2 rollback protection

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23839

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcurl CVE-2020-8284 低危 7.69.1-r1 7.74.0-r0 curl: FTP PASV command response can cause curl to connect to arbitrary host

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8284

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-14 20:15 修改: 2024-04-08 22:50
libcurl CVE-2021-22890 低危 7.69.1-r1 7.76.0-r0 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22890

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-04-01 18:15 修改: 2024-03-27 15:47
libcurl CVE-2021-22898 低危 7.69.1-r1 7.77.0-r0 curl: TELNET stack contents disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22898

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-06-11 16:15 修改: 2024-03-27 15:47
libssl1.1 CVE-2021-23839 低危 1.1.1g-r0 1.1.1j-r0 openssl: incorrect SSLv2 rollback protection

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23839

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcurl CVE-2021-22924 低危 7.69.1-r1 7.78.0-r0 curl: Bad connection reuse due to flawed path name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22924

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:11
curl CVE-2020-8284 低危 7.69.1-r1 7.74.0-r0 curl: FTP PASV command response can cause curl to connect to arbitrary host

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8284

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-14 20:15 修改: 2024-04-08 22:50
curl CVE-2021-22890 低危 7.69.1-r1 7.76.0-r0 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22890

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-04-01 18:15 修改: 2024-03-27 15:47
curl CVE-2021-22898 低危 7.69.1-r1 7.77.0-r0 curl: TELNET stack contents disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22898

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-06-11 16:15 修改: 2024-03-27 15:47
Java (jar)
低危漏洞:1 中危漏洞:14 高危漏洞:46 严重漏洞:24
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
com.fasterxml.jackson.core:jackson-databind CVE-2018-11307 严重 2.8.11 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-07-09 16:15 修改: 2024-04-03 17:40
com.fasterxml.jackson.core:jackson-databind CVE-2018-14718 严重 2.8.11 2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: arbitrary code execution in slf4j-ext class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-14719 严重 2.8.11 2.9.7, 2.8.11.3, 2.7.9.5 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-14720 严重 2.8.11 2.9.7, 2.8.11.3, 2.7.9.5 jackson-databind: exfiltration/XXE in some JDK classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14720

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-14721 严重 2.8.11 2.9.7, 2.8.11.3, 2.7.9.5 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14721

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-19360 严重 2.8.11 2.9.8, 2.8.11.3, 2.7.9.5 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19360

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind CVE-2018-19361 严重 2.8.11 2.7.9.5, 2.9.8, 2.8.11.3 jackson-databind: improper polymorphic deserialization in openjpa class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19361

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind CVE-2018-19362 严重 2.8.11 2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: improper polymorphic deserialization in jboss-common-core class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind CVE-2018-7489 严重 2.8.11 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2018-02-26 15:29 修改: 2023-11-07 03:01
com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 严重 2.8.11 2.9.9.2, 2.8.11.4, 2.7.9.6 jackson-databind: default typing mishandling leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-07-29 12:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14540 严重 2.8.11 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-16335 严重 2.8.11 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2019-16942 严重 2.8.11 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-16943 严重 2.8.11 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 严重 2.8.11 2.9.10, 2.8.11.5 jackson-databind: Serialization gadgets in classes of the ehcache package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-10-07 00:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17531 严重 2.8.11 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-10-12 21:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-20330 严重 2.8.11 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 jackson-databind: lacks certain net.sf.ehcache blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-01-03 04:15 修改: 2023-11-07 03:09
com.fasterxml.jackson.core:jackson-databind CVE-2020-8840 严重 2.8.11 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 jackson-databind: Lacks certain xbean-reflect/JNDI blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-02-10 21:56 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 严重 2.8.11 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in ibatis-sqlmap

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 严重 2.8.11 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in anteros-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
log4j:log4j CVE-2019-17571 严重 1.2.17 log4j: deserialization of untrusted data in SocketServer

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17571

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-12-20 17:15 修改: 2023-11-07 03:06
log4j:log4j CVE-2022-23305 严重 1.2.17 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23305

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:30
log4j:log4j CVE-2022-23307 严重 1.2.17 log4j: Unsafe deserialization flaw in Chainsaw log viewer

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23307

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:29
org.apache.tomcat:tomcat-catalina CVE-2024-52316 严重 9.0.16 9.0.96, 10.1.30, 11.0.1 tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52316

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2024-11-18 12:15 修改: 2024-11-18 17:11
com.fasterxml.jackson.core:jackson-databind CVE-2019-14439 高危 2.8.11 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: Polymorphic typing issue related to logback/JNDI

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-07-30 11:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14892 高危 2.8.11 2.6.7.3, 2.8.11.5, 2.9.10 jackson-databind: Serialization gadgets in classes of the commons-configuration package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-03-02 17:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2020-10650 高危 2.8.11 2.9.10.4 A deserialization flaw was discovered in jackson-databind through 2.9. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-12-26 20:15 修改: 2023-08-18 14:15
com.fasterxml.jackson.core:jackson-databind CVE-2020-10673 高危 2.8.11 2.9.10.4, 2.6.7.4 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-03-18 22:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-24616 高危 2.8.11 2.9.10.6 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-08-25 18:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind CVE-2020-24750 高危 2.8.11 2.6.7.5, 2.9.10.6 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-09-17 19:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-25649 高危 2.8.11 2.6.7.4, 2.9.10.7, 2.10.5.1 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25649

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-03 17:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind CVE-2020-35490 高危 2.8.11 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind CVE-2020-35491 高危 2.8.11 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind CVE-2020-35728 高危 2.8.11 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-27 05:15 修改: 2023-11-07 03:22
com.fasterxml.jackson.core:jackson-databind CVE-2020-36179 高危 2.8.11 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36180 高危 2.8.11 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36181 高危 2.8.11 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36182 高危 2.8.11 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36183 高危 2.8.11 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-07 00:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-36184 高危 2.8.11 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36185 高危 2.8.11 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36186 高危 2.8.11 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36187 高危 2.8.11 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36188 高危 2.8.11 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36189 高危 2.8.11 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.8.11 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-03-11 07:15 修改: 2022-11-29 22:12
com.fasterxml.jackson.core:jackson-databind CVE-2021-20190 高危 2.8.11 2.9.10.7, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-01-19 17:15 修改: 2023-11-07 03:28
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.8.11 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-10-02 05:15 修改: 2023-12-20 10:15
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.8.11 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-10-02 05:15 修改: 2022-12-02 15:10
commons-io:commons-io CVE-2024-47554 高危 2.2 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2024-10-03 12:15 修改: 2024-12-04 15:15
com.fasterxml.jackson.core:jackson-databind CVE-2018-12022 高危 2.8.11 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: improper polymorphic deserialization of types from Jodd-db library

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
com.fasterxml.jackson.core:jackson-databind CVE-2018-12023 高危 2.8.11 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12023

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
com.fasterxml.jackson.core:jackson-databind CVE-2018-5968 高危 2.8.11 2.8.11.1, 2.9.4, 2.7.9.5 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2018-01-22 04:29 修改: 2023-09-13 14:19
log4j:log4j CVE-2021-4104 高危 1.2.17 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4104

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-12-14 12:15 修改: 2023-12-22 09:15
log4j:log4j CVE-2022-23302 高危 1.2.17 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23302

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:30
com.fasterxml.jackson.core:jackson-databind CVE-2019-12086 高危 2.8.11 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-05-17 17:29 修改: 2023-11-07 03:03
org.apache.tomcat:tomcat-catalina CVE-2020-9484 高危 9.0.16 10.0.0-M5, 9.0.35, 8.5.55, 7.0.104 tomcat: deserialization flaw in session persistence storage leading to RCE

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9484

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-05-20 19:15 修改: 2023-11-07 03:26
org.apache.tomcat:tomcat-catalina CVE-2023-46589 高危 9.0.16 11.0.0-M11, 10.1.16, 9.0.83, 8.5.96 tomcat: HTTP request smuggling via malformed trailer headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46589

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2023-11-28 16:15 修改: 2024-07-12 16:11
org.apache.tomcat:tomcat-catalina CVE-2024-50379 高危 9.0.16 11.0.2, 10.1.34, 9.0.98 tomcat: RCE due to TOCTOU issue in JSP compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2024-12-17 13:15 修改: 2024-12-19 18:15
org.apache.tomcat:tomcat-catalina CVE-2024-56337 高危 9.0.16 11.0.2, 10.1.34, 9.0.98 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56337

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2024-12-20 16:15 修改: 2024-12-20 16:15
org.apache.tomcat:tomcat-coyote CVE-2020-17527 高危 9.0.16 10.0.0-M10, 9.0.40, 8.5.60 tomcat: HTTP/2 request header mix-up

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-17527

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-03 19:15 修改: 2023-11-07 03:19
org.apache.tomcat:tomcat-coyote CVE-2022-42252 高危 9.0.16 9.0.68, 10.0.27, 10.1.1 tomcat: request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42252

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-11-01 09:15 修改: 2023-05-30 06:15
org.apache.tomcat:tomcat-coyote CVE-2023-24998 高危 9.0.16 10.1.5, 11.0.0-M5, 8.5.88, 9.0.71 FileUpload: FileUpload DoS with excessive parts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24998

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2023-02-20 16:15 修改: 2024-02-16 19:11
org.apache.tomcat:tomcat-coyote CVE-2024-34750 高危 9.0.16 11.0.0-M21, 10.1.25, 9.0.90 tomcat: Improper Handling of Exceptional Conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2024-07-03 20:15 修改: 2024-07-09 16:22
org.apache.tomcat:tomcat-util CVE-2024-38286 高危 9.0.16 11.0.0-M21, 10.1.25, 9.0.90 tomcat: Denial of Service in Tomcat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38286

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2024-11-07 08:15 修改: 2024-11-08 19:01
org.jolokia:jolokia-core CVE-2018-10899 高危 1.6.0 1.6.1 jolokia: system-wide CSRF that could lead to Remote Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10899

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-08-01 14:15 修改: 2023-11-07 02:51
org.jolokia:jolokia-core CVE-2018-10899 高危 1.6.0 1.6.1 jolokia: system-wide CSRF that could lead to Remote Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10899

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-08-01 14:15 修改: 2023-11-07 02:51
org.jolokia:jolokia-core CVE-2018-10899 高危 1.6.0 1.6.1 jolokia: system-wide CSRF that could lead to Remote Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10899

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-08-01 14:15 修改: 2023-11-07 02:51
org.json:json CVE-2022-45688 高危 20171018 20230227 json stack overflow vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45688

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2022-12-13 15:15 修改: 2023-03-09 15:16
org.json:json CVE-2023-5072 高危 20171018 20231013 JSON-java: parser confusion leads to OOM

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5072

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2023-10-12 17:15 修改: 2024-06-21 19:15
org.apache.httpcomponents:httpclient CVE-2020-13956 中危 4.5.2 4.5.13, 5.0.3 apache-httpclient: incorrect handling of malformed authority component in request URIs

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-02 17:15 修改: 2023-11-07 03:17
commons-io:commons-io CVE-2021-29425 中危 2.2 2.7 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29425

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2021-04-13 07:15 修改: 2023-11-07 03:32
com.fasterxml.jackson.core:jackson-databind CVE-2019-12814 中危 2.8.11 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-06-19 14:15 修改: 2023-11-07 03:03
org.apache.tomcat:tomcat-coyote CVE-2020-13943 中危 9.0.16 10.0.0-M8, 9.0.38, 8.5.58 tomcat: Apache Tomcat HTTP/2 Request mix-up

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13943

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-10-12 14:15 修改: 2023-01-31 21:44
org.apache.tomcat:tomcat-coyote CVE-2023-44487 中危 9.0.16 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
org.apache.tomcat:tomcat-coyote CVE-2024-21733 中危 9.0.16 9.0.44 tomcat: Leaking of unrelated request bodies in default error page

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21733

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2024-01-19 11:15 修改: 2024-02-16 13:15
org.apache.tomcat:tomcat-coyote CVE-2024-24549 中危 9.0.16 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 Tomcat: HTTP/2 header handling DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24549

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2024-03-13 16:15 修改: 2024-11-04 22:35
com.google.guava:guava CVE-2018-10237 中危 21.0 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2018-04-26 21:29 修改: 2023-11-07 02:51
org.apache.tomcat:tomcat-websocket CVE-2024-23672 中危 9.0.16 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 Tomcat: WebSocket DoS with incomplete closing handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23672

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2024-03-13 16:15 修改: 2024-11-18 22:35
com.google.guava:guava CVE-2023-2976 中危 21.0 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
commons-httpclient:commons-httpclient CVE-2012-5783 中危 3.1 4.0 jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

漏洞详情: https://avd.aquasec.com/nvd/cve-2012-5783

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2012-11-04 22:55 修改: 2021-04-23 17:28
org.apache.tomcat:tomcat-catalina CVE-2023-28708 中危 9.0.16 11.0.0-M3, 10.1.6, 9.0.72, 8.5.86 tomcat: not including the secure attribute causes information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28708

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2023-03-22 11:15 修改: 2023-11-07 04:10
org.apache.tomcat:tomcat-catalina CVE-2024-54677 中危 9.0.16 11.0.2, 10.1.34, 9.0.98 tomcat: Apache Tomcat: DoS in examples web application

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-54677

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2024-12-17 13:15 修改: 2024-12-18 17:15
com.fasterxml.jackson.core:jackson-databind CVE-2019-12384 中危 2.8.11 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2019-06-24 16:15 修改: 2023-11-07 03:03
com.google.guava:guava CVE-2020-8908 低危 21.0 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:f788f99cb41577b676a214d69296d04a7d49cd656fcea1b9f92d2d9244c7b726

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30