docker.io/ochh/nacos-server:v2.3.0 linux/arm64

docker.io/ochh/nacos-server:v2.3.0 - Trivy安全扫描结果 扫描时间: 2024-11-07 14:10 温馨提示: 这是一个 linux/arm64 系统架构镜像
全部漏洞信息
低危漏洞:4 中危漏洞:52 高危漏洞:23 严重漏洞:5

系统OS: alpine 3.19.0 扫描引擎: Trivy 扫描时间: 2024-11-07 14:10

docker.io/ochh/nacos-server:v2.3.0 (alpine 3.19.0) (alpine)
低危漏洞:4 中危漏洞:41 高危漏洞:11 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libexpat CVE-2024-45491 严重 2.5.0-r2 2.6.3-r0 libexpat: Integer Overflow or Wraparound

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
libexpat CVE-2024-45492 严重 2.5.0-r2 2.6.3-r0 libexpat: integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
giflib CVE-2021-40633 高危 5.2.1-r5 5.2.2-r0 A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-40633

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2022-06-14 11:15 修改: 2022-06-23 14:20
giflib CVE-2023-48161 高危 5.2.1-r5 5.2.2-r0 giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48161

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-11-22 06:15 修改: 2023-11-29 18:48
libexpat CVE-2023-52425 高危 2.5.0-r2 2.6.0-r0 expat: parsing large tokens can trigger a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52425

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-04 20:15 修改: 2024-08-26 20:35
libexpat CVE-2024-28757 高危 2.5.0-r2 2.6.2-r0 expat: XML Entity Expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28757

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-03-10 05:15 修改: 2024-05-01 19:15
libexpat CVE-2024-45490 高危 2.5.0-r2 2.6.3-r0 libexpat: Negative Length Parsing Vulnerability in libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-08-30 03:15 修改: 2024-10-18 12:24
openjdk8-jre CVE-2024-20918 高危 8.392.08-r1 8.402.06-r0 OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20918

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-01-16 22:15 修改: 2024-02-15 03:18
openjdk8-jre CVE-2024-20952 高危 8.392.08-r1 8.402.06-r0 OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20952

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-01-16 22:15 修改: 2024-08-30 16:35
openjdk8-jre-base CVE-2024-20918 高危 8.392.08-r1 8.402.06-r0 OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20918

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-01-16 22:15 修改: 2024-02-15 03:18
openjdk8-jre-base CVE-2024-20952 高危 8.392.08-r1 8.402.06-r0 OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20952

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-01-16 22:15 修改: 2024-08-30 16:35
openjdk8-jre-lib CVE-2024-20918 高危 8.392.08-r1 8.402.06-r0 OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20918

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-01-16 22:15 修改: 2024-02-15 03:18
openjdk8-jre-lib CVE-2024-20952 高危 8.392.08-r1 8.402.06-r0 OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20952

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-01-16 22:15 修改: 2024-08-30 16:35
libcrypto3 CVE-2024-0727 中危 3.1.4-r2 3.1.4-r5 openssl: denial of service via null dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-01-26 09:15 修改: 2024-10-14 15:15
libcrypto3 CVE-2024-4603 中危 3.1.4-r2 3.1.5-r0 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-05-16 16:15 修改: 2024-10-14 15:15
libcrypto3 CVE-2024-4741 中危 3.1.4-r2 3.1.6-r0 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcrypto3 CVE-2024-5535 中危 3.1.4-r2 3.1.6-r0 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
libcrypto3 CVE-2024-6119 中危 3.1.4-r2 3.1.7-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-09-03 16:15 修改: 2024-09-03 21:35
busybox CVE-2023-42365 中危 1.36.1-r15 1.36.1-r19 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
busybox CVE-2023-42366 中危 1.36.1-r15 1.36.1-r16 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
busybox-binsh CVE-2023-42363 中危 1.36.1-r15 1.36.1-r17 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 22:15 修改: 2023-11-30 05:06
busybox-binsh CVE-2023-42364 中危 1.36.1-r15 1.36.1-r19 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 23:15 修改: 2024-10-11 21:36
busybox-binsh CVE-2023-42365 中危 1.36.1-r15 1.36.1-r19 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
libexpat CVE-2023-52426 中危 2.5.0-r2 2.6.0-r0 expat: recursive XML entity expansion vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52426

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-04 20:15 修改: 2024-03-07 17:15
libssl3 CVE-2023-6129 中危 3.1.4-r2 3.1.4-r3 mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6129

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-01-09 17:15 修改: 2024-10-14 15:15
libssl3 CVE-2023-6237 中危 3.1.4-r2 3.1.4-r4 openssl: Excessive time spent checking invalid RSA public keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6237

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-04-25 07:15 修改: 2024-11-01 15:35
libssl3 CVE-2024-0727 中危 3.1.4-r2 3.1.4-r5 openssl: denial of service via null dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-01-26 09:15 修改: 2024-10-14 15:15
libssl3 CVE-2024-4603 中危 3.1.4-r2 3.1.5-r0 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-05-16 16:15 修改: 2024-10-14 15:15
libssl3 CVE-2024-4741 中危 3.1.4-r2 3.1.6-r0 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libssl3 CVE-2024-5535 中危 3.1.4-r2 3.1.6-r0 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
libssl3 CVE-2024-6119 中危 3.1.4-r2 3.1.7-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-09-03 16:15 修改: 2024-09-03 21:35
nss CVE-2023-5388 中危 3.94-r0 3.98-r0 nss: timing attack against RSA decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5388

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-03-19 12:15 修改: 2024-03-25 17:15
busybox-binsh CVE-2023-42366 中危 1.36.1-r15 1.36.1-r16 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
busybox CVE-2023-42363 中危 1.36.1-r15 1.36.1-r17 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 22:15 修改: 2023-11-30 05:06
openjdk8-jre CVE-2024-20919 中危 8.392.08-r1 8.402.06-r0 OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20919

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-17 02:15 修改: 2024-02-20 19:51
openjdk8-jre CVE-2024-20921 中危 8.392.08-r1 8.402.06-r0 OpenJDK: range check loop optimization issue (8314307)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20921

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-17 02:15 修改: 2024-11-05 16:35
openjdk8-jre CVE-2024-20926 中危 8.392.08-r1 8.402.06-r0 OpenJDK: arbitrary Java code execution in Nashorn (8314284)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20926

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-01-16 22:15 修改: 2024-02-02 17:35
openjdk8-jre CVE-2024-20945 中危 8.392.08-r1 8.402.06-r0 OpenJDK: logging of digital signature private keys (8316976)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20945

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-17 02:15 修改: 2024-02-20 19:51
busybox CVE-2023-42364 中危 1.36.1-r15 1.36.1-r19 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 23:15 修改: 2024-10-11 21:36
giflib CVE-2023-39742 中危 5.2.1-r5 5.2.2-r0 giflib: segfault via getarg.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39742

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-08-25 14:15 修改: 2023-11-07 04:17
openjdk8-jre-base CVE-2024-20919 中危 8.392.08-r1 8.402.06-r0 OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20919

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-17 02:15 修改: 2024-02-20 19:51
openjdk8-jre-base CVE-2024-20921 中危 8.392.08-r1 8.402.06-r0 OpenJDK: range check loop optimization issue (8314307)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20921

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-17 02:15 修改: 2024-11-05 16:35
openjdk8-jre-base CVE-2024-20926 中危 8.392.08-r1 8.402.06-r0 OpenJDK: arbitrary Java code execution in Nashorn (8314284)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20926

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-01-16 22:15 修改: 2024-02-02 17:35
openjdk8-jre-base CVE-2024-20945 中危 8.392.08-r1 8.402.06-r0 OpenJDK: logging of digital signature private keys (8316976)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20945

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-17 02:15 修改: 2024-02-20 19:51
libcrypto3 CVE-2023-6129 中危 3.1.4-r2 3.1.4-r3 mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6129

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-01-09 17:15 修改: 2024-10-14 15:15
libcrypto3 CVE-2023-6237 中危 3.1.4-r2 3.1.4-r4 openssl: Excessive time spent checking invalid RSA public keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6237

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-04-25 07:15 修改: 2024-11-01 15:35
openjdk8-jre-lib CVE-2024-20919 中危 8.392.08-r1 8.402.06-r0 OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20919

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-17 02:15 修改: 2024-02-20 19:51
openjdk8-jre-lib CVE-2024-20921 中危 8.392.08-r1 8.402.06-r0 OpenJDK: range check loop optimization issue (8314307)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20921

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-17 02:15 修改: 2024-11-05 16:35
openjdk8-jre-lib CVE-2024-20926 中危 8.392.08-r1 8.402.06-r0 OpenJDK: arbitrary Java code execution in Nashorn (8314284)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20926

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-01-16 22:15 修改: 2024-02-02 17:35
openjdk8-jre-lib CVE-2024-20945 中危 8.392.08-r1 8.402.06-r0 OpenJDK: logging of digital signature private keys (8316976)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20945

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-17 02:15 修改: 2024-02-20 19:51
ssl_client CVE-2023-42363 中危 1.36.1-r15 1.36.1-r17 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 22:15 修改: 2023-11-30 05:06
ssl_client CVE-2023-42364 中危 1.36.1-r15 1.36.1-r19 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 23:15 修改: 2024-10-11 21:36
ssl_client CVE-2023-42365 中危 1.36.1-r15 1.36.1-r19 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
ssl_client CVE-2023-42366 中危 1.36.1-r15 1.36.1-r16 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2023-11-27 23:15 修改: 2023-11-30 05:08
libssl3 CVE-2024-9143 低危 3.1.4-r2 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53
libcrypto3 CVE-2024-9143 低危 3.1.4-r2 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53
libcrypto3 CVE-2024-2511 低危 3.1.4-r2 3.1.4-r6 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15
libssl3 CVE-2024-2511 低危 3.1.4-r2 3.1.4-r6 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:3ce819cc49704a39ce4614b73a325ad6efff50e1754005a2a8f17834071027dc

发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15
Java (jar)
低危漏洞:0 中危漏洞:11 高危漏洞:12 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.apache.derby:derby CVE-2022-46337 严重 10.14.2.0 10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0 A cleverly devised username might bypass LDAP authentication checks. I ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46337

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-11-20 09:15 修改: 2024-04-26 16:08
org.springframework.security:spring-security-web CVE-2024-38821 严重 5.7.10 5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4 Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38821

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-10-28 07:15 修改: 2024-10-28 13:58
org.springframework:spring-web CVE-2016-1000027 严重 5.3.29 6.0.0 spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000027

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2020-01-02 23:15 修改: 2023-04-20 09:15
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.22.1 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
commons-io:commons-io CVE-2024-47554 高危 2.7 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-10-03 12:15 修改: 2024-10-04 13:50
ch.qos.logback:logback-classic CVE-2023-6378 高危 1.2.9 1.3.12, 1.4.12, 1.2.13 logback: serialization vulnerability in logback receiver

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-11-29 12:15 修改: 2023-12-05 21:00
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-46589 高危 9.0.79 11.0.0-M11, 10.1.16, 9.0.83, 8.5.96 tomcat: HTTP request smuggling via malformed trailer headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46589

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-11-28 16:15 修改: 2024-07-12 16:11
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-34750 高危 9.0.79 11.0.0-M21, 10.1.25, 9.0.90 tomcat: Improper Handling of Exceptional Conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-07-03 20:15 修改: 2024-07-09 16:22
org.springframework.security:spring-security-core CVE-2024-22257 高危 5.7.10 5.7.12, 5.8.11, 6.1.8, 6.2.3 spring-security: Broken Access Control With Direct Use of AuthenticatedVoter

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22257

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-03-18 15:15 修改: 2024-04-19 07:15
ch.qos.logback:logback-core CVE-2023-6378 高危 1.2.9 1.3.12, 1.4.12, 1.2.13 logback: serialization vulnerability in logback receiver

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-11-29 12:15 修改: 2023-12-05 21:00
com.alipay.sofa:hessian CVE-2024-46983 高危 3.3.6 3.5.5 SOFA Hessian Remote Command Execution (RCE) Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-46983

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-09-19 23:15 修改: 2024-09-25 17:46
org.springframework:spring-web CVE-2024-22243 高危 5.3.29 6.1.4, 6.0.17, 5.3.32 springframework: URL Parsing with Host Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22243

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-23 05:15 修改: 2024-08-22 15:35
org.springframework:spring-web CVE-2024-22259 高危 5.3.29 6.1.5, 6.0.18, 5.3.33 springframework: URL Parsing with Host Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22259

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-03-16 05:15 修改: 2024-07-03 01:47
org.springframework:spring-web CVE-2024-22262 高危 5.3.29 5.3.34, 6.0.19, 6.1.6 springframework: URL Parsing with Host Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22262

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-04-16 06:15 修改: 2024-08-27 14:35
org.springframework:spring-webmvc CVE-2024-38816 高危 5.3.29 6.1.13 spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-09-13 06:15 修改: 2024-09-13 14:06
org.springframework.security:spring-security-config CVE-2023-34042 中危 5.7.10 6.1.4, 6.0.7, 5.8.7, 5.7.11 spring-security-config: Incorrect Permission Assignment for spring-security.xsd

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34042

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-02-05 22:15 修改: 2024-02-12 20:45
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-41080 中危 9.0.79 8.5.93, 9.0.80, 10.1.13, 11.0.0-M11 tomcat: Open Redirect vulnerability in FORM authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-41080

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-08-25 21:15 修改: 2023-11-03 19:00
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-42795 中危 9.0.79 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 tomcat: improper cleaning of recycled objects could lead to information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42795

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-10-10 18:15 修改: 2023-11-04 06:15
org.springframework:spring-context CVE-2024-38820 中危 5.3.29 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-10-18 06:15 修改: 2024-11-05 21:35
org.springframework:spring-expression CVE-2024-38808 中危 5.3.29 5.3.39 spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38808

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-08-20 08:15 修改: 2024-10-30 19:35
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-44487 中危 9.0.79 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-10-10 14:15 修改: 2024-08-14 19:57
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-45648 中危 9.0.79 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 tomcat: incorrectly parsed http trailer headers can cause request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45648

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-10-10 19:15 修改: 2023-11-04 06:15
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-24549 中危 9.0.79 8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 Tomcat: HTTP/2 header handling DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24549

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-03-13 16:15 修改: 2024-11-04 22:35
org.apache.tomcat.embed:tomcat-embed-websocket CVE-2024-23672 中危 9.0.79 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 Tomcat: WebSocket DoS with incomplete closing handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23672

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-03-13 16:15 修改: 2024-06-23 09:15
org.springframework:spring-web CVE-2024-38809 中危 5.3.29 5.3.38, 6.0.23, 6.1.12 org.springframework:spring-web: Spring Framework DoS via conditional HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38809

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2024-09-27 17:15 修改: 2024-09-30 12:45
org.springframework.boot:spring-boot-actuator CVE-2023-34055 中危 2.7.15 2.7.18, 3.0.13, 3.1.6 spring-boot: org.springframework.boot: spring-boot-actuator class vulnerable to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34055

镜像层: sha256:607f3f1bbd5b91af0e57b89fa1d22194e0d87e3d11496eb224229ab661eeba30

发布日期: 2023-11-28 09:15 修改: 2023-12-21 22:15