docker.io/camunda/camunda-bpm-platform:tomcat-7.21.0 linux/amd64

docker.io/camunda/camunda-bpm-platform:tomcat-7.21.0 - Trivy安全扫描结果 扫描时间: 2026-07-09 15:21
全部漏洞信息
低危漏洞:34 中危漏洞:57 高危漏洞:48 严重漏洞:6

系统OS: alpine 3.18.6 扫描引擎: Trivy 扫描时间: 2026-07-09 15:21

docker.io/camunda/camunda-bpm-platform:tomcat-7.21.0 (alpine 3.18.6) (alpine)
低危漏洞:28 中危漏洞:34 高危漏洞:15 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libxml2 CVE-2024-56171 严重 2.11.7-r0 2.11.8-r1 libxml2: Use-After-Free in libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56171

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-02-18 22:15 修改: 2026-06-17 08:11

libcrypto3 CVE-2024-6119 高危 3.1.4-r5 3.1.7-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

libcurl CVE-2024-6197 高危 8.5.0-r0 8.9.0-r0 curl: freeing stack buffer in utf8asn1str

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6197

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-24 08:15 修改: 2026-06-17 08:17

libssl3 CVE-2024-6119 高危 3.1.4-r5 3.1.7-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

curl CVE-2024-6197 高危 8.5.0-r0 8.9.0-r0 curl: freeing stack buffer in utf8asn1str

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6197

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-24 08:15 修改: 2026-06-17 08:17

libxml2 CVE-2025-24928 高危 2.11.7-r0 2.11.8-r1 libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24928

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-02-18 23:15 修改: 2026-06-17 08:59

libxml2 CVE-2025-27113 高危 2.11.7-r0 2.11.8-r2 libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27113

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-02-18 23:15 修改: 2026-06-17 09:03

libxml2 CVE-2025-32414 高危 2.11.7-r0 2.11.8-r3 libxml2: Out-of-Bounds Read in libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32414

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-04-08 03:15 修改: 2026-06-17 09:11

libxml2 CVE-2025-32415 高危 2.11.7-r0 2.11.8-r3 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32415

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-04-17 17:15 修改: 2026-06-17 09:11

libxslt CVE-2024-55549 高危 1.1.38-r0 1.1.38-r1 libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-55549

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-03-14 02:15 修改: 2026-06-17 08:11

libxslt CVE-2025-24855 高危 1.1.38-r0 1.1.38-r1 libxslt: Use-After-Free in libxslt numbers.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24855

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-03-14 02:15 修改: 2026-06-17 08:59

musl CVE-2025-26519 高危 1.2.4-r2 1.2.4-r3 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

musl-utils CVE-2025-26519 高危 1.2.4-r2 1.2.4-r3 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

openjdk17-jre-headless CVE-2024-21147 高危 17.0.10_p7-r0 17.0.12_p7-r0 OpenJDK: RangeCheckElimination array index overflow (8323231)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21147

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-16 23:15 修改: 2026-06-17 07:08

openjdk17-jre-headless CVE-2024-21892 高危 17.0.10_p7-r0 17.0.11_p9-r0 nodejs: code injection and privilege escalation through Linux capabilities

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21892

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-02-20 02:15 修改: 2026-06-17 07:10

xz-libs CVE-2025-31115 高危 5.4.3-r0 5.4.3-r1 xz: XZ has a heap-use-after-free bug in threaded .xz decoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31115

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-04-03 17:15 修改: 2026-06-17 09:09

busybox CVE-2023-42364 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox CVE-2023-42365 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

libcurl CVE-2024-0853 中危 8.5.0-r0 8.6.0-r0 curl: OCSP verification bypass with TLS session reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0853

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-02-03 14:15 修改: 2026-06-17 06:54

libcurl CVE-2024-2398 中危 8.5.0-r0 8.7.1-r0 curl: HTTP/2 push headers memory-leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24

libcurl CVE-2024-2466 中危 8.5.0-r0 8.7.1-r0 curl: TLS certificate check bypass with mbedTLS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2466

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24

libcurl CVE-2024-6874 中危 8.5.0-r0 8.9.0-r0 curl: macidn punycode buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6874

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-24 08:15 修改: 2026-06-17 08:18

libcurl CVE-2024-7264 中危 8.5.0-r0 8.9.1-r0 curl: libcurl: ASN.1 date parser overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-31 08:15 修改: 2026-06-17 08:19

libcurl CVE-2024-8096 中危 8.5.0-r0 8.10.0-r0 curl: OCSP stapling bypass with GnuTLS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-09-11 10:15 修改: 2026-06-17 08:21

libcurl CVE-2024-9681 中危 8.5.0-r0 8.11.0-r0 curl: HSTS subdomain overwrites parent cache entry

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-11-06 08:15 修改: 2026-06-17 08:25

busybox CVE-2023-42366 中危 1.36.1-r5 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

libtasn1 CVE-2024-12133 中危 4.19.0-r1 4.20.0-r0 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12133

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-02-10 16:15 修改: 2026-06-30 03:16

busybox-binsh CVE-2023-42363 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2023-42364 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2023-42365 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2023-42366 中危 1.36.1-r5 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox CVE-2023-42363 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

curl CVE-2024-0853 中危 8.5.0-r0 8.6.0-r0 curl: OCSP verification bypass with TLS session reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0853

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-02-03 14:15 修改: 2026-06-17 06:54

curl CVE-2024-2398 中危 8.5.0-r0 8.7.1-r0 curl: HTTP/2 push headers memory-leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24

curl CVE-2024-2466 中危 8.5.0-r0 8.7.1-r0 curl: TLS certificate check bypass with mbedTLS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2466

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24

curl CVE-2024-6874 中危 8.5.0-r0 8.9.0-r0 curl: macidn punycode buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6874

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-24 08:15 修改: 2026-06-17 08:18

curl CVE-2024-7264 中危 8.5.0-r0 8.9.1-r0 curl: libcurl: ASN.1 date parser overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-31 08:15 修改: 2026-06-17 08:19

curl CVE-2024-8096 中危 8.5.0-r0 8.10.0-r0 curl: OCSP stapling bypass with GnuTLS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-09-11 10:15 修改: 2026-06-17 08:21

openjdk17-jre-headless CVE-2024-21011 中危 17.0.10_p7-r0 17.0.11_p9-r0 OpenJDK: long Exception message leading to crash (8319851)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21011

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-04-16 22:15 修改: 2026-06-17 07:08

openjdk17-jre-headless CVE-2024-21068 中危 17.0.10_p7-r0 17.0.11_p9-r0 OpenJDK: integer overflow in C1 compiler address generation (8322122)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21068

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-04-16 22:15 修改: 2026-06-17 07:08

openjdk17-jre-headless CVE-2024-21094 中危 17.0.10_p7-r0 17.0.11_p9-r0 OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21094

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-04-16 22:15 修改: 2026-06-17 07:08

openjdk17-jre-headless CVE-2024-21131 中危 17.0.10_p7-r0 17.0.12_p7-r0 OpenJDK: potential UTF8 size overflow (8314794)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21131

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-16 23:15 修改: 2026-06-17 07:08

openjdk17-jre-headless CVE-2024-21138 中危 17.0.10_p7-r0 17.0.12_p7-r0 OpenJDK: Excessive symbol length can lead to infinite loop (8319859)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21138

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-16 23:15 修改: 2026-06-17 07:08

openjdk17-jre-headless CVE-2024-21140 中危 17.0.10_p7-r0 17.0.12_p7-r0 OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21140

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-16 23:15 修改: 2026-06-17 07:08

openjdk17-jre-headless CVE-2024-21145 中危 17.0.10_p7-r0 17.0.12_p7-r0 OpenJDK: Out-of-bounds access in 2D image handling (8324559)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21145

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-07-16 23:15 修改: 2026-06-17 07:08

ssl_client CVE-2023-42363 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42364 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42365 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42366 中危 1.36.1-r5 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

curl CVE-2024-9681 中危 8.5.0-r0 8.11.0-r0 curl: HSTS subdomain overwrites parent cache entry

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-11-06 08:15 修改: 2026-06-17 08:25

libcrypto3 CVE-2024-4741 低危 3.1.4-r5 3.1.6-r0 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libcrypto3 CVE-2024-5535 低危 3.1.4-r5 3.1.6-r0 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libcrypto3 CVE-2024-9143 低危 3.1.4-r5 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

curl CVE-2024-2004 低危 8.5.0-r0 8.7.1-r0 curl: Usage of disabled protocol

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2004

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:23

curl CVE-2024-2379 低危 8.5.0-r0 8.7.1-r0 curl: QUIC certificate check bypass with wolfSSL

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2379

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24

curl CVE-2025-0167 低危 8.5.0-r0 8.12.0-r0 When asked to use a `.netrc` file for credentials **and** to follow HT ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:25

libxml2 CVE-2024-34459 低危 2.11.7-r0 2.11.8-r0 libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34459

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-05-14 15:39 修改: 2026-06-17 07:33

curl CVE-2025-0665 低危 8.5.0-r0 8.12.0-r0 libcurl: Double Close of Eventfd in libcurl

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0665

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:26

curl CVE-2025-0725 低危 8.5.0-r0 8.12.0-r0 libcurl: Buffer Overflow in libcurl via zlib Integer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0725

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:27

curl CVE-2024-11053 低危 8.5.0-r0 8.11.1-r0 curl: curl netrc password leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56

libcrypto3 CVE-2024-13176 低危 3.1.4-r5 3.1.8-r0 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libcrypto3 CVE-2024-2511 低危 3.1.4-r5 3.1.4-r6 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

libcurl CVE-2024-11053 低危 8.5.0-r0 8.11.1-r0 curl: curl netrc password leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56

libcurl CVE-2024-2004 低危 8.5.0-r0 8.7.1-r0 curl: Usage of disabled protocol

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2004

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:23

libcurl CVE-2024-2379 低危 8.5.0-r0 8.7.1-r0 curl: QUIC certificate check bypass with wolfSSL

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2379

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24

libcurl CVE-2025-0167 低危 8.5.0-r0 8.12.0-r0 When asked to use a `.netrc` file for credentials **and** to follow HT ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:25

libcurl CVE-2025-0665 低危 8.5.0-r0 8.12.0-r0 libcurl: Double Close of Eventfd in libcurl

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0665

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:26

libcurl CVE-2025-0725 低危 8.5.0-r0 8.12.0-r0 libcurl: Buffer Overflow in libcurl via zlib Integer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0725

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:27

libcrypto3 CVE-2024-4603 低危 3.1.4-r5 3.1.5-r0 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-13176 低危 3.1.4-r5 3.1.8-r0 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

openjdk17-jre-headless CVE-2024-20954 低危 17.0.10_p7-r0 17.0.11_p9-r0 graalvm: Unauthorized Read Access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20954

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-04-16 22:15 修改: 2026-06-17 07:08

openjdk17-jre-headless CVE-2024-21012 低危 17.0.10_p7-r0 17.0.11_p9-r0 OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21012

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-04-16 22:15 修改: 2026-06-17 07:08

openjdk17-jre-headless CVE-2024-21098 低危 17.0.10_p7-r0 17.0.11_p9-r0 graalvm: unauthorized ability to cause a partial denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21098

镜像层: sha256:8453b1821ff1e2515d33617d7cbb7d19afac90ffaf8f7378c56ab4245452e180

发布日期: 2024-04-16 22:15 修改: 2026-06-17 07:08

libssl3 CVE-2024-2511 低危 3.1.4-r5 3.1.4-r6 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

libssl3 CVE-2024-4603 低危 3.1.4-r5 3.1.5-r0 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-4741 低危 3.1.4-r5 3.1.6-r0 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-5535 低危 3.1.4-r5 3.1.6-r0 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libssl3 CVE-2024-9143 低危 3.1.4-r5 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

Java (jar)
低危漏洞:6 中危漏洞:23 高危漏洞:33 严重漏洞:5
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.apache.tomcat:tomcat-catalina CVE-2024-52316 严重 9.0.85 9.0.96, 10.1.30, 11.0.1 tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52316

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2024-11-18 12:15 修改: 2026-06-17 08:06

org.apache.tomcat:tomcat-catalina CVE-2025-24813 严重 9.0.85 11.0.3, 10.1.35, 9.0.99 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-03-10 17:15 修改: 2026-06-17 08:59

org.apache.tomcat:tomcat-catalina CVE-2026-41293 严重 9.0.85 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46

org.apache.tomcat:tomcat-catalina CVE-2026-43512 严重 9.0.85 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.apache.tomcat:tomcat-catalina CVE-2026-43515 严重 9.0.85 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: tomcat: Improper Authorization allows security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.15.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.h2database:h2 CVE-2022-45868 高危 2.1.214 2.2.220 The web-based admin console in H2 Database Engine before 2.2.220 can b ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45868

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2022-11-23 21:15 修改: 2026-06-17 05:10

com.mysql:mysql-connector-j CVE-2023-22102 高危 8.0.32 8.2.0 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2023)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22102

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2023-10-17 22:15 修改: 2026-06-17 05:34

commons-fileupload:commons-fileupload CVE-2025-48976 高危 1.5 1.6.0 apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48976

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

commons-fileupload:commons-fileupload CVE-2025-48976 高危 1.5 1.6.0 apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48976

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

commons-io:commons-io CVE-2024-47554 高危 2.8.0 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57

commons-io:commons-io CVE-2024-47554 高危 2.8.0 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57

net.minidev:json-smart CVE-2024-57699 高危 2.5.0 2.5.2 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-57699

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-02-05 22:15 修改: 2026-06-17 08:13

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.15.2 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.15.2 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.15.2 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.15.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.15.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

org.apache.tomcat:tomcat-catalina CVE-2024-50379 高危 9.0.85 11.0.2, 10.1.34, 9.0.98 tomcat: RCE due to TOCTOU issue in JSP compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2024-12-17 13:15 修改: 2026-06-17 08:04

org.apache.tomcat:tomcat-catalina CVE-2025-48988 高危 9.0.85 11.0.8, 10.1.42, 9.0.106 tomcat: Apache Tomcat DoS in multipart upload

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

org.apache.tomcat:tomcat-catalina CVE-2025-52520 高危 9.0.85 11.0.9, 10.1.43, 9.0.107 tomcat: Apache Tomcat denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-07-10 19:15 修改: 2026-06-17 09:36

org.apache.tomcat:tomcat-catalina CVE-2025-55752 高危 9.0.85 11.0.11, 10.1.45, 9.0.109 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42

org.apache.tomcat:tomcat-catalina CVE-2026-34483 高危 9.0.85 9.0.116, 10.1.54, 11.0.21 Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39

org.apache.tomcat:tomcat-catalina CVE-2026-41284 高危 9.0.85 9.0.118, 10.1.55, 11.0.22 Allocation of Resources Without Limits or Throttling vulnerability in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46

org.apache.tomcat:tomcat-catalina CVE-2026-42498 高危 9.0.85 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47

org.apache.tomcat:tomcat-catalina CVE-2026-43513 高危 9.0.85 9.0.118, 10.1.55, 11.0.22 tomcat-catalina: Apache Tomcat: Improper Handling of Case Sensitivity in LockOutRealm

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.apache.tomcat:tomcat-coyote CVE-2024-34750 高危 9.0.85 11.0.0-M21, 10.1.25, 9.0.90 tomcat: Improper Handling of Exceptional Conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2024-07-03 20:15 修改: 2026-06-17 07:34

org.apache.tomcat:tomcat-coyote CVE-2024-38286 高危 9.0.85 11.0.0-M21, 10.1.25, 9.0.90 tomcat: Denial of Service in Tomcat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38286

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2024-11-07 08:15 修改: 2026-06-17 07:39

org.apache.tomcat:tomcat-coyote CVE-2025-48989 高危 9.0.85 11.0.10, 10.1.44, 9.0.108 tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-08-13 13:15 修改: 2026-06-17 09:30

org.apache.tomcat:tomcat-coyote CVE-2025-53506 高危 9.0.85 11.0.9, 10.1.43, 9.0.107 tomcat: Apache Tomcat denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-07-10 20:15 修改: 2026-06-17 09:38

org.apache.tomcat:tomcat-coyote CVE-2026-24734 高危 9.0.85 11.0.18, 10.1.52, 9.0.115 tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24734

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-02-17 19:21 修改: 2026-06-30 03:17

org.apache.tomcat:tomcat-coyote CVE-2026-24880 高危 9.0.85 9.0.116, 10.1.52, 11.0.20 Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23

org.apache.tomcat:tomcat-tribes CVE-2026-29146 高危 9.0.85 9.0.116, 10.1.53, 11.0.20 Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29146

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-04-09 20:16 修改: 2026-06-30 03:18

org.apache.tomcat:tomcat-tribes CVE-2026-34487 高危 9.0.85 9.0.117, 10.1.54, 11.0.21 Apache Tomcat: Apache Tomcat: Information disclosure via sensitive data in log files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34487

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39

org.postgresql:postgresql CVE-2026-42198 高危 42.5.5 42.7.11 jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-04-29 16:16 修改: 2026-06-30 03:19

org.yaml:snakeyaml CVE-2017-18640 高危 1.16 1.26 snakeyaml: Billion laughs attack via alias feature

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-18640

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2019-12-12 03:15 修改: 2026-06-17 01:13

org.yaml:snakeyaml CVE-2022-1471 高危 1.16 2.0 SnakeYaml: Constructor Deserialization Remote Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2022-12-01 11:15 修改: 2026-06-17 04:22

org.yaml:snakeyaml CVE-2022-25857 高危 1.16 1.31 snakeyaml: Denial of Service due to missing nested depth limitation for collections

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2022-08-30 05:15 修改: 2026-06-17 04:34

org.apache.tomcat:tomcat-catalina CVE-2026-25854 中危 9.0.85 9.0.116, 10.1.53, 11.0.20 Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.15.2 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.15.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.15.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.15.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.15.2 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.15.2 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

org.apache.tomcat:tomcat-coyote CVE-2024-24549 中危 9.0.85 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 Tomcat: HTTP/2 header handling DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24549

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2024-03-13 16:15 修改: 2026-06-17 07:14

org.apache.tomcat:tomcat-coyote CVE-2025-31650 中危 9.0.85 9.0.104, 10.1.40, 11.0.6 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31650

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10

org.apache.tomcat:tomcat-coyote CVE-2025-52434 中危 9.0.85 9.0.107 tomcat: Apache Tomcat denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52434

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-07-10 19:15 修改: 2026-06-17 09:36

org.apache.tomcat:tomcat-coyote CVE-2025-66614 中危 9.0.85 11.0.15, 10.1.50, 9.0.113 tomcat: Client certificate verification bypass due to virtual host mapping

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.15.2 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.15.2 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.apache.tomcat:tomcat-websocket CVE-2024-23672 中危 9.0.85 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 Tomcat: WebSocket DoS with incomplete closing handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23672

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2024-03-13 16:15 修改: 2026-06-17 07:13

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.15.2 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.apache.tomcat:tomcat-catalina CVE-2025-49124 中危 9.0.85 11.0.8, 10.1.42, 9.0.106 Apache Tomcat installer for Windows has an untrusted search path vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49124

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

org.apache.tomcat:tomcat-catalina CVE-2025-49125 中危 9.0.85 11.0.8, 10.1.42, 9.0.106 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

org.apache.tomcat:tomcat-catalina CVE-2025-55668 中危 9.0.85 11.0.8, 10.1.42, 9.0.106 org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55668

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-08-13 14:15 修改: 2026-06-17 09:41

org.yaml:snakeyaml CVE-2022-38749 中危 1.16 1.31 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-38750 中危 1.16 1.31 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-38751 中危 1.16 1.31 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-38752 中危 1.16 1.32 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-41854 中危 1.16 1.32 dev-java/snakeyaml: DoS via stack overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2022-11-11 13:15 修改: 2026-06-17 05:03

org.apache.tomcat:tomcat-catalina CVE-2025-31651 低危 9.0.85 9.0.104, 10.1.40, 11.0.6 tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31651

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10

org.apache.tomcat:tomcat-catalina CVE-2025-46701 低危 9.0.85 9.0.105, 10.1.41, 11.0.7 tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-05-29 19:15 修改: 2026-06-17 09:26

org.apache.tomcat:tomcat-catalina CVE-2025-55754 低危 9.0.85 11.0.11, 10.1.45, 9.0.109 org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42

org.apache.tomcat:tomcat-catalina CVE-2025-61795 低危 9.0.85 11.0.12, 10.1.47, 9.0.110 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:50

org.apache.tomcat:tomcat-catalina CVE-2026-43514 低危 9.0.85 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.apache.tomcat:tomcat-coyote CVE-2026-24733 低危 9.0.85 11.0.15, 10.1.50, 9.0.113 tomcat: security constraint bypass with HTTP/0.9

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24733

镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3

发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×