docker.io/solr:8.11.2 linux/amd64

docker.io/solr:8.11.2 - Trivy安全扫描结果扫描时间: 2026-06-24 15:14

全部漏洞信息

低危漏洞:40

中危漏洞:163

高危漏洞:94

严重漏洞:36

系统OS: ubuntu 20.04 扫描引擎: Trivy 扫描时间: 2026-06-24 15:14

docker.io/solr:8.11.2 (ubuntu 20.04) (ubuntu)

低危漏洞:26

中危漏洞:78

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
bsdutils	CVE-2024-28085	中危	1:2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.6	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20
curl	CVE-2024-2398	中危	7.68.0-1ubuntu2.21	7.68.0-1ubuntu2.22	curl: HTTP/2 push headers memory-leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24
curl	CVE-2024-7264	中危	7.68.0-1ubuntu2.21	7.68.0-1ubuntu2.23	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-07-31 08:15 修改: 2026-06-17 08:19
curl	CVE-2024-8096	中危	7.68.0-1ubuntu2.21	7.68.0-1ubuntu2.24	curl: OCSP stapling bypass with GnuTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-09-11 10:15 修改: 2026-06-17 08:21
dirmngr	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:7cec6af2699592dbcbefc8ff74c19f07a453db55199f2cccd5e0b09c6544e6c3 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
fdisk	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.6	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20
gnupg	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:7cec6af2699592dbcbefc8ff74c19f07a453db55199f2cccd5e0b09c6544e6c3 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
gnupg-l10n	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:7cec6af2699592dbcbefc8ff74c19f07a453db55199f2cccd5e0b09c6544e6c3 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
gnupg-utils	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:7cec6af2699592dbcbefc8ff74c19f07a453db55199f2cccd5e0b09c6544e6c3 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
gpg	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:7cec6af2699592dbcbefc8ff74c19f07a453db55199f2cccd5e0b09c6544e6c3 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
gpg-agent	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:7cec6af2699592dbcbefc8ff74c19f07a453db55199f2cccd5e0b09c6544e6c3 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
gpg-wks-client	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:7cec6af2699592dbcbefc8ff74c19f07a453db55199f2cccd5e0b09c6544e6c3 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
gpg-wks-server	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:7cec6af2699592dbcbefc8ff74c19f07a453db55199f2cccd5e0b09c6544e6c3 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
gpgconf	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:7cec6af2699592dbcbefc8ff74c19f07a453db55199f2cccd5e0b09c6544e6c3 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
gpgsm	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:7cec6af2699592dbcbefc8ff74c19f07a453db55199f2cccd5e0b09c6544e6c3 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
gpgv	CVE-2025-30258	中危	2.2.19-3ubuntu2.2	2.2.19-3ubuntu2.4	gnupg: verification DoS due to a malicious subkey in the keyring 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08
libblkid1	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.6	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20
libc-bin	CVE-2024-2961	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.15	glibc: Out of bounds write in iconv may lead to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-04-17 18:15 修改: 2026-06-17 07:25
libc-bin	CVE-2024-33599	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
libc-bin	CVE-2024-33600	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
libc-bin	CVE-2024-33601	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
libc-bin	CVE-2024-33602	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
libc-bin	CVE-2025-0395	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.17	glibc: buffer overflow in the GNU C Library's assert() 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26
libc-bin	CVE-2025-4802	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.18	glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34
libc6	CVE-2024-2961	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.15	glibc: Out of bounds write in iconv may lead to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-04-17 18:15 修改: 2026-06-17 07:25
libc6	CVE-2024-33599	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
libc6	CVE-2024-33600	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
libc6	CVE-2024-33601	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
libc6	CVE-2024-33602	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
libc6	CVE-2025-0395	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.17	glibc: buffer overflow in the GNU C Library's assert() 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26
libc6	CVE-2025-4802	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.18	glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34
libcurl4	CVE-2024-2398	中危	7.68.0-1ubuntu2.21	7.68.0-1ubuntu2.22	curl: HTTP/2 push headers memory-leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24
libcurl4	CVE-2024-7264	中危	7.68.0-1ubuntu2.21	7.68.0-1ubuntu2.23	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-07-31 08:15 修改: 2026-06-17 08:19
libcurl4	CVE-2024-8096	中危	7.68.0-1ubuntu2.21	7.68.0-1ubuntu2.24	curl: OCSP stapling bypass with GnuTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-09-11 10:15 修改: 2026-06-17 08:21
libexpat1	CVE-2024-45490	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.7	libexpat: Negative Length Parsing Vulnerability in libexpat 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-08-30 03:15 修改: 2026-06-17 07:54
libexpat1	CVE-2024-45491	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.7	libexpat: Integer Overflow or Wraparound 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-08-30 03:15 修改: 2026-06-17 07:54
libexpat1	CVE-2024-45492	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.7	libexpat: integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-08-30 03:15 修改: 2026-06-17 07:54
libexpat1	CVE-2024-50602	中危	2.2.9-1ubuntu0.6	2.2.9-1ubuntu0.8	libexpat: expat: DoS via XML_ResumeParser 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-10-27 05:15 修改: 2026-06-17 08:04
libfdisk1	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.6	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20
libfreetype6	CVE-2025-27363	中危	2.10.1-2ubuntu0.3	2.10.1-2ubuntu0.4	freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27363 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2025-03-11 14:15 修改: 2026-06-17 09:03
libgnutls30	CVE-2024-12243	中危	3.6.13-2ubuntu1.10	3.6.13-2ubuntu1.12	gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12243 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2025-02-10 16:15 修改: 2026-06-17 06:59
libgnutls30	CVE-2024-28834	中危	3.6.13-2ubuntu1.10	3.6.13-2ubuntu1.11	gnutls: vulnerable to Minerva side-channel information leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28834 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-03-21 14:15 修改: 2026-06-17 07:21
libgssapi-krb5-2	CVE-2024-3596	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.8	freeradius: forgery attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44
libgssapi-krb5-2	CVE-2024-37370	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38
libgssapi-krb5-2	CVE-2024-37371	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38
libgssapi-krb5-2	CVE-2025-24528	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: overflow when calculating ulog block size 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59
libgssapi-krb5-2	CVE-2025-3576	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.11	krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2025-04-15 06:15 修改: 2026-06-17 09:20
libk5crypto3	CVE-2024-3596	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.8	freeradius: forgery attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44
libk5crypto3	CVE-2024-37370	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38
libk5crypto3	CVE-2024-37371	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38
libk5crypto3	CVE-2025-24528	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: overflow when calculating ulog block size 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59
libk5crypto3	CVE-2025-3576	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.11	krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2025-04-15 06:15 修改: 2026-06-17 09:20
libkrb5-3	CVE-2024-3596	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.8	freeradius: forgery attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44
libkrb5-3	CVE-2024-37370	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38
libkrb5-3	CVE-2024-37371	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38
libkrb5-3	CVE-2025-24528	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: overflow when calculating ulog block size 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59
libkrb5-3	CVE-2025-3576	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.11	krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2025-04-15 06:15 修改: 2026-06-17 09:20
libkrb5support0	CVE-2024-3596	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.8	freeradius: forgery attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44
libkrb5support0	CVE-2024-37370	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38
libkrb5support0	CVE-2024-37371	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38
libkrb5support0	CVE-2025-24528	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: overflow when calculating ulog block size 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59
libkrb5support0	CVE-2025-3576	中危	1.17-6ubuntu4.4	1.17-6ubuntu4.11	krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2025-04-15 06:15 修改: 2026-06-17 09:20
libmount1	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.6	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20
libnghttp2-14	CVE-2024-28182	中危	1.40.0-1ubuntu0.2	1.40.0-1ubuntu0.3	nghttp2: CONTINUATION frames DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28182 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-04-04 15:15 修改: 2026-06-17 07:21
libsmartcols1	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.6	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20
libsqlite3-0	CVE-2025-29088	中危	3.31.1-4ubuntu0.6	3.31.1-4ubuntu0.7	sqlite: Denial of Service in SQLite 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-29088 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2025-04-10 14:15 修改: 2026-06-17 09:05
libtasn1-6	CVE-2024-12133	中危	4.16.0-2	4.16.0-2ubuntu0.1	libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12133 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2025-02-10 16:15 修改: 2026-06-17 06:59
libuuid1	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.6	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20
locales	CVE-2024-2961	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.15	glibc: Out of bounds write in iconv may lead to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-04-17 18:15 修改: 2026-06-17 07:25
locales	CVE-2024-33599	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
locales	CVE-2024-33600	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
locales	CVE-2024-33601	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
locales	CVE-2024-33602	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32
locales	CVE-2025-0395	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.17	glibc: buffer overflow in the GNU C Library's assert() 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26
locales	CVE-2025-4802	中危	2.31-0ubuntu9.14	2.31-0ubuntu9.18	glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34
mount	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.6	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20
util-linux	CVE-2024-28085	中危	2.34-0.1ubuntu9.4	2.34-0.1ubuntu9.6	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20
wget	CVE-2024-38428	中危	1.20.3-1ubuntu2	1.20.3-1ubuntu2.1	wget: Misinterpretation of input may lead to improper behavior 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38428 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-16 03:15 修改: 2026-06-17 07:40
libssl1.1	CVE-2024-13176	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.24	openssl: Timing side-channel in ECDSA signature computation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01
libssl1.1	CVE-2024-2511	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.23	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24
libssl1.1	CVE-2024-4741	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.23	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02
libssl1.1	CVE-2024-5535	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.23	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16
libssl1.1	CVE-2024-9143	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.24	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24
curl	CVE-2024-11053	低危	7.68.0-1ubuntu2.21	7.68.0-1ubuntu2.25	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56
libgssapi-krb5-2	CVE-2024-26458	低危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17
libgssapi-krb5-2	CVE-2024-26461	低危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17
libcurl4	CVE-2024-11053	低危	7.68.0-1ubuntu2.21	7.68.0-1ubuntu2.25	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56
libkrb5support0	CVE-2024-26458	低危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17
libkrb5support0	CVE-2024-26461	低危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17
libk5crypto3	CVE-2024-26458	低危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17
libkrb5-3	CVE-2024-26458	低危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17
libkrb5-3	CVE-2024-26461	低危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17
login	CVE-2023-4641	低危	1:4.8.1-1ubuntu5.20.04.4	1:4.8.1-1ubuntu5.20.04.5	shadow-utils: possible password leak during passwd(1) change 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2023-12-27 16:15 修改: 2026-06-17 06:38
libk5crypto3	CVE-2024-26461	低危	1.17-6ubuntu4.4	1.17-6ubuntu4.9	krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17
openssl	CVE-2023-5678	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.21	openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49
openssl	CVE-2024-0727	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.21	openssl: denial of service via null dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-01-26 09:15 修改: 2026-06-17 06:54
openssl	CVE-2024-13176	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.24	openssl: Timing side-channel in ECDSA signature computation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01
openssl	CVE-2024-2511	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.23	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24
openssl	CVE-2024-4741	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.23	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02
openssl	CVE-2024-5535	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.23	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16
openssl	CVE-2024-9143	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.24	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24
passwd	CVE-2023-4641	低危	1:4.8.1-1ubuntu5.20.04.4	1:4.8.1-1ubuntu5.20.04.5	shadow-utils: possible password leak during passwd(1) change 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641 镜像层: sha256:28da0445c4497f3ecb56288bd74d91ed1ff6f86578d1d0f6f9cb2781915163b1 发布日期: 2023-12-27 16:15 修改: 2026-06-17 06:38
libssl1.1	CVE-2023-5678	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.21	openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49
libssl1.1	CVE-2024-0727	低危	1.1.1f-1ubuntu2.20	1.1.1f-1ubuntu2.21	openssl: denial of service via null dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727 镜像层: sha256:280a35f8a8e51d852025d3abcbe2f4c114cdac749182d5fef3fa1a4090c9651c 发布日期: 2024-01-26 09:15 修改: 2026-06-17 06:54

Java (jar)

低危漏洞:14

中危漏洞:85

高危漏洞:94

严重漏洞:36

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
com.fasterxml.jackson.core:jackson-databind	CVE-2017-15095	严重	2.4.0	2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2	jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:07
com.fasterxml.jackson.core:jackson-databind	CVE-2017-17485	严重	2.4.0	2.9.4, 2.8.11, 2.7.9.2	jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2018-01-10 18:29 修改: 2026-06-17 01:10
com.fasterxml.jackson.core:jackson-databind	CVE-2017-7525	严重	2.4.0	2.6.7.1, 2.7.9.1, 2.8.9	jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7525 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:24
com.fasterxml.jackson.core:jackson-databind	CVE-2018-11307	严重	2.4.0	2.7.9.4, 2.8.11.2, 2.9.6	jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-07-09 16:15 修改: 2026-06-17 01:35
com.fasterxml.jackson.core:jackson-databind	CVE-2018-14718	严重	2.4.0	2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3	jackson-databind: arbitrary code execution in slf4j-ext class 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41
com.fasterxml.jackson.core:jackson-databind	CVE-2018-14719	严重	2.4.0	2.9.7, 2.8.11.3, 2.7.9.5	jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41
com.fasterxml.jackson.core:jackson-databind	CVE-2018-19362	严重	2.4.0	2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3	jackson-databind: improper polymorphic deserialization in jboss-common-core class 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:49
com.fasterxml.jackson.core:jackson-databind	CVE-2018-7489	严重	2.4.0	2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5	jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2018-02-26 15:29 修改: 2026-06-17 02:03
com.fasterxml.jackson.core:jackson-databind	CVE-2019-14379	严重	2.4.0	2.9.9.2, 2.8.11.4, 2.7.9.6	jackson-databind: default typing mishandling leading to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-07-29 12:15 修改: 2026-06-17 02:18
com.fasterxml.jackson.core:jackson-databind	CVE-2019-14540	严重	2.4.0	2.9.10, 2.8.11.5, 2.6.7.3	jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:18
com.fasterxml.jackson.core:jackson-databind	CVE-2019-16335	严重	2.4.0	2.9.10, 2.8.11.5, 2.6.7.3	jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:22
com.fasterxml.jackson.core:jackson-databind	CVE-2019-16942	严重	2.4.0	2.9.10.1, 2.8.11.5, 2.6.7.3	jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23
com.fasterxml.jackson.core:jackson-databind	CVE-2019-16943	严重	2.4.0	2.9.10.1, 2.8.11.5, 2.6.7.3	jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23
com.fasterxml.jackson.core:jackson-databind	CVE-2019-17267	严重	2.4.0	2.9.10, 2.8.11.5	jackson-databind: Serialization gadgets in classes of the ehcache package 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-10-07 00:15 修改: 2026-06-17 02:23
com.fasterxml.jackson.core:jackson-databind	CVE-2019-17531	严重	2.4.0	2.9.10.1, 2.8.11.5, 2.6.7.3	jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-10-12 21:15 修改: 2026-06-17 02:24
com.fasterxml.jackson.core:jackson-databind	CVE-2019-20330	严重	2.4.0	2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2	jackson-databind: lacks certain net.sf.ehcache blocking 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-01-03 04:15 修改: 2026-06-17 02:30
com.fasterxml.jackson.core:jackson-databind	CVE-2020-8840	严重	2.4.0	2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3	jackson-databind: Lacks certain xbean-reflect/JNDI blocking 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-02-10 21:56 修改: 2026-06-17 03:27
com.fasterxml.jackson.core:jackson-databind	CVE-2020-9547	严重	2.4.0	2.9.10.4, 2.8.11.6, 2.7.9.7	jackson-databind: Serialization gadgets in ibatis-sqlmap 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
com.fasterxml.jackson.core:jackson-databind	CVE-2020-9548	严重	2.4.0	2.9.10.4, 2.8.11.6, 2.7.9.7	jackson-databind: Serialization gadgets in anteros-core 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
org.apache.calcite:calcite-core	CVE-2022-39135	严重	1.27.0	1.32.0	calcite: XXE via SQL operators 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-39135 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-09-11 12:15 修改: 2026-06-17 04:57
org.apache.commons:commons-text	CVE-2022-42889	严重	1.6	1.10.0	apache-commons-text: variable interpolation RCE 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42889 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-10-13 13:15 修改: 2026-06-17 05:05
org.apache.derby:derby	CVE-2015-1832	严重	10.9.1.0	10.12.1.1	Derby: XXE attack possible by using XmlVTI and the XML datatype 漏洞详情: https://avd.aquasec.com/nvd/cve-2015-1832 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2016-10-03 21:59 修改: 2026-05-06 22:30
org.apache.derby:derby	CVE-2022-46337	严重	10.9.1.0	10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0	A cleverly devised username might bypass LDAP authentication checks. I ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46337 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-11-20 09:15 修改: 2026-06-17 05:11
org.apache.hadoop:hadoop-common	CVE-2021-37404	严重	3.2.2	3.3.2, 3.2.3, 2.10.2	hadoop-hdfs: Heap buffer overflow in Apache Hadoop libhdfs 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37404 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-06-13 07:15 修改: 2026-06-17 04:00
org.apache.hadoop:hadoop-common	CVE-2022-25168	严重	3.2.2	2.10.2, 3.2.4, 3.3.3	hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25168 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-08-04 15:15 修改: 2026-06-17 04:33
org.apache.hadoop:hadoop-common	CVE-2022-26612	严重	3.2.2	3.2.3, 2.10.2, 3.3.3	hadoop: Arbitrary file write in FileUtil#unpackEntries on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-26612 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-04-07 19:15 修改: 2026-06-17 04:35
org.apache.opennlp:opennlp-tools	CVE-2026-40682	严重	1.9.2	2.5.9, 3.0.0-M3	org.apache.opennlp/opennlp-tools: Apache OpenNLP: XML External Entity (XXE) vulnerability via crafted dictionary parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40682 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-05-04 17:16 修改: 2026-06-17 10:45
org.apache.opennlp:opennlp-tools	CVE-2026-40682	严重	1.9.2	2.5.9, 3.0.0-M3	org.apache.opennlp/opennlp-tools: Apache OpenNLP: XML External Entity (XXE) vulnerability via crafted dictionary parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40682 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-05-04 17:16 修改: 2026-06-17 10:45
org.apache.opennlp:opennlp-tools	CVE-2026-42027	严重	1.9.2	2.5.9, 3.0.0-M3	Apache OpenNLP: Apache OpenNLP: Arbitrary Class Loading via Model Manifest 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42027 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-05-04 17:16 修改: 2026-06-17 10:47
org.apache.opennlp:opennlp-tools	CVE-2026-42027	严重	1.9.2	2.5.9, 3.0.0-M3	Apache OpenNLP: Apache OpenNLP: Arbitrary Class Loading via Model Manifest 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42027 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-05-04 17:16 修改: 2026-06-17 10:47
org.apache.tika:tika-core	CVE-2025-66516	严重	1.27	3.2.2	tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-12-04 17:15 修改: 2026-06-17 09:56
org.apache.tika:tika-parsers	CVE-2025-54988	严重	1.27	2.0.0-ALPHA	org.apache.tika/tika-parser-pdf-module: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54988 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-08-20 20:15 修改: 2026-06-17 09:41
org.apache.tika:tika-parsers	CVE-2025-66516	严重	1.27	2.0.0	tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-12-04 17:15 修改: 2026-06-17 09:56
org.apache.zookeeper:zookeeper	CVE-2023-44981	严重	3.6.2	3.7.2, 3.8.3, 3.9.1	zookeeper: Authorization Bypass in Apache ZooKeeper 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44981 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-10-11 12:15 修改: 2026-06-17 06:28
org.apache.zookeeper:zookeeper	CVE-2023-44981	严重	3.6.2	3.7.2, 3.8.3, 3.9.1	zookeeper: Authorization Bypass in Apache ZooKeeper 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44981 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-10-11 12:15 修改: 2026-06-17 06:28
org.hsqldb:hsqldb	CVE-2022-41853	严重	2.4.0	2.7.1	hsqldb: Untrusted input may lead to RCE attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41853 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-10-06 18:17 修改: 2026-06-17 05:03
com.fasterxml.jackson.core:jackson-databind	CVE-2020-24750	高危	2.4.0	2.6.7.5, 2.9.10.6	jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-09-17 19:15 修改: 2026-06-17 03:06
com.fasterxml.jackson.core:jackson-databind	CVE-2020-35490	高危	2.4.0	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13
com.fasterxml.jackson.core:jackson-databind	CVE-2020-35491	高危	2.4.0	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13
com.fasterxml.jackson.core:jackson-databind	CVE-2020-35728	高危	2.4.0	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-12-27 05:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36179	高危	2.4.0	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36180	高危	2.4.0	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36181	高危	2.4.0	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36182	高危	2.4.0	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36183	高危	2.4.0	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36184	高危	2.4.0	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36185	高危	2.4.0	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36186	高危	2.4.0	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36187	高危	2.4.0	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36188	高危	2.4.0	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36189	高危	2.4.0	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36518	高危	2.4.0	2.13.2.1, 2.12.6.1	jackson-databind: denial of service via a large depth of nested objects 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-03-11 07:15 修改: 2026-06-17 03:15
com.fasterxml.jackson.core:jackson-databind	CVE-2021-20190	高危	2.4.0	2.9.10.7, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-01-19 17:15 修改: 2026-06-17 03:33
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42003	高危	2.4.0	2.12.7.1, 2.13.4.2	jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42004	高危	2.4.0	2.12.7.1, 2.13.4	jackson-databind: use of deeply nested arrays 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
com.google.code.gson:gson	CVE-2022-25647	高危	2.7	2.8.9	com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25647 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-05-01 16:15 修改: 2026-06-17 04:33
com.google.oauth-client:google-oauth-client	CVE-2021-22573	高危	1.32.1	1.33.3	google-oauth-client: Token signature not verified 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22573 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-05-03 16:15 修改: 2026-06-17 03:37
com.google.protobuf:protobuf-java	CVE-2021-22569	高危	3.11.0	3.16.1, 3.18.2, 3.19.2	protobuf-java: potential DoS in the parsing procedure for binary data 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-01-10 14:10 修改: 2026-06-17 03:37
com.google.protobuf:protobuf-java	CVE-2021-22569	高危	3.11.0	3.16.1, 3.18.2, 3.19.2	protobuf-java: potential DoS in the parsing procedure for binary data 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-01-10 14:10 修改: 2026-06-17 03:37
com.google.protobuf:protobuf-java	CVE-2022-3509	高危	3.11.0	3.16.3, 3.19.6, 3.20.3, 3.21.7	protobuf-java: Textformat parsing issue leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
com.google.protobuf:protobuf-java	CVE-2022-3509	高危	3.11.0	3.16.3, 3.19.6, 3.20.3, 3.21.7	protobuf-java: Textformat parsing issue leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
com.google.protobuf:protobuf-java	CVE-2022-3510	高危	3.11.0	3.16.3, 3.19.6, 3.20.3, 3.21.7	protobuf-java: Message-Type Extensions parsing issue leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
com.google.protobuf:protobuf-java	CVE-2022-3510	高危	3.11.0	3.16.3, 3.19.6, 3.20.3, 3.21.7	protobuf-java: Message-Type Extensions parsing issue leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
com.google.protobuf:protobuf-java	CVE-2024-7254	高危	3.11.0	3.25.5, 4.27.5, 4.28.2	protobuf: StackOverflow vulnerability in Protocol Buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
com.google.protobuf:protobuf-java	CVE-2024-7254	高危	3.11.0	3.25.5, 4.27.5, 4.28.2	protobuf: StackOverflow vulnerability in Protocol Buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
commons-io:commons-io	CVE-2024-47554	高危	2.8.0	2.14.0	apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
commons-io:commons-io	CVE-2024-47554	高危	2.8.0	2.14.0	apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
commons-io:commons-io	CVE-2024-47554	高危	2.8.0	2.14.0	apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
io.netty:netty-codec	CVE-2026-42583	高危	4.1.68.Final	4.1.133.Final	Netty is an asynchronous, event-driven network application framework. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
io.netty:netty-codec	CVE-2026-42583	高危	4.1.68.Final	4.1.133.Final	Netty is an asynchronous, event-driven network application framework. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
io.netty:netty-handler	CVE-2026-44249	高危	4.1.68.Final	4.2.15.Final, 4.1.135.Final	netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:50
io.netty:netty-handler	CVE-2026-44249	高危	4.1.68.Final	4.2.15.Final, 4.1.135.Final	netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:50
io.netty:netty-handler	CVE-2026-45416	高危	4.1.68.Final	4.2.15.Final, 4.1.135.Final	netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
io.netty:netty-handler	CVE-2026-45416	高危	4.1.68.Final	4.2.15.Final, 4.1.135.Final	netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
io.netty:netty-handler	CVE-2026-50010	高危	4.1.68.Final	4.2.15.Final, 4.1.135.Final	netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
io.netty:netty-handler	CVE-2026-50010	高危	4.1.68.Final	4.2.15.Final, 4.1.135.Final	netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
org.apache.ant:ant	CVE-2020-11979	高危	1.8.2	1.10.9	ant: insecure temporary file 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11979 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-10-01 20:15 修改: 2026-06-17 02:51
org.apache.calcite.avatica:avatica-core	CVE-2022-36364	高危	1.18.0	1.22.0	Apache Calcite Avatica JDBC driver arbitrary code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36364 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-07-28 09:15 修改: 2026-06-17 04:53
com.fasterxml.jackson.core:jackson-core	CVE-2025-52999	高危	2.13.3	2.15.0	com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
com.fasterxml.jackson.core:jackson-core	CVE-2025-52999	高危	2.13.3	2.15.0	com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
com.fasterxml.jackson.core:jackson-core	CVE-2025-52999	高危	2.13.3	2.15.0	com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
com.fasterxml.jackson.core:jackson-core	CVE-2025-52999	高危	2.4.0	2.15.0	com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42003	高危	2.13.3	2.12.7.1, 2.13.4.2	jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42003	高危	2.13.3	2.12.7.1, 2.13.4.2	jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42004	高危	2.13.3	2.12.7.1, 2.13.4	jackson-databind: use of deeply nested arrays 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42004	高危	2.13.3	2.12.7.1, 2.13.4	jackson-databind: use of deeply nested arrays 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
com.fasterxml.jackson.core:jackson-core	CVE-2025-52999	高危	2.12.3	2.15.0	com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
com.fasterxml.jackson.core:jackson-databind	CVE-2018-12022	高危	2.4.0	2.7.9.4, 2.8.11.2, 2.9.6	jackson-databind: improper polymorphic deserialization of types from Jodd-db library 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-03-21 16:00 修改: 2026-06-17 01:37
com.fasterxml.jackson.core:jackson-databind	CVE-2018-5968	高危	2.4.0	2.8.11.1, 2.9.4, 2.7.9.5	jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2018-01-22 04:29 修改: 2026-06-17 02:01
org.apache.opennlp:opennlp-tools	CVE-2026-42440	高危	1.9.2	2.5.9, 3.0.0-M3	org.apache.opennlp/opennlp-tools: Apache OpenNLP: Denial of Service via unbounded array allocation in crafted model files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42440 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-05-04 17:16 修改: 2026-06-17 10:47
org.apache.opennlp:opennlp-tools	CVE-2026-42440	高危	1.9.2	2.5.9, 3.0.0-M3	org.apache.opennlp/opennlp-tools: Apache OpenNLP: Denial of Service via unbounded array allocation in crafted model files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42440 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-05-04 17:16 修改: 2026-06-17 10:47
org.apache.solr:solr-core	CVE-2023-50291	高危	8.11.2	8.11.3, 9.3.0	solr: system property redaction logic inconsistency can lead to leaked passwords 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50291 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-09 18:15 修改: 2026-06-17 06:39
org.apache.solr:solr-core	CVE-2023-50291	高危	8.11.2	8.11.3, 9.3.0	solr: system property redaction logic inconsistency can lead to leaked passwords 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50291 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-09 18:15 修改: 2026-06-17 06:39
org.apache.solr:solr-core	CVE-2023-50386	高危	8.11.2	8.11.3, 9.4.1	solr: backup/restore APIs allow for deployment of executables in malicious ConfigSets 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50386 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-09 18:15 修改: 2026-06-17 06:39
org.apache.solr:solr-core	CVE-2023-50386	高危	8.11.2	8.11.3, 9.4.1	solr: backup/restore APIs allow for deployment of executables in malicious ConfigSets 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50386 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-09 18:15 修改: 2026-06-17 06:39
org.apache.solr:solr-core	CVE-2025-24814	高危	8.11.2	9.8.0	solr: org.apache.solr: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24814 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-01-27 09:15 修改: 2026-06-17 08:59
org.apache.solr:solr-core	CVE-2025-24814	高危	8.11.2	9.8.0	solr: org.apache.solr: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24814 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-01-27 09:15 修改: 2026-06-17 08:59
org.apache.solr:solr-core	CVE-2026-22022	高危	8.11.2	9.10.1	org.apache.solr/solr-core: Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22022 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-01-21 14:16 修改: 2026-06-17 10:19
org.apache.solr:solr-core	CVE-2026-22022	高危	8.11.2	9.10.1	org.apache.solr/solr-core: Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22022 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-01-21 14:16 修改: 2026-06-17 10:19
org.apache.solr:solr-core	CVE-2026-22444	高危	8.11.2	9.10.1	org.apache.solr/solr-core: Apache Solr: Insufficient file-access checking in standalone core-creation requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22444 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-01-21 14:16 修改: 2026-06-17 10:19
org.apache.solr:solr-core	CVE-2026-22444	高危	8.11.2	9.10.1	org.apache.solr/solr-core: Apache Solr: Insufficient file-access checking in standalone core-creation requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22444 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-01-21 14:16 修改: 2026-06-17 10:19
org.apache.thrift:libthrift	CVE-2026-43869	高危	0.14.1	0.23.0	Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43869 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-05-05 08:16 修改: 2026-06-17 10:50
com.fasterxml.jackson.core:jackson-databind	CVE-2019-12086	高危	2.4.0	2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3	jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-05-17 17:29 修改: 2026-06-17 02:14
com.fasterxml.jackson.core:jackson-databind	CVE-2019-14439	高危	2.4.0	2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3	jackson-databind: Polymorphic typing issue related to logback/JNDI 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-07-30 11:15 修改: 2026-06-17 02:18
com.fasterxml.jackson.core:jackson-databind	CVE-2019-14892	高危	2.4.0	2.6.7.3, 2.8.11.5, 2.9.10	jackson-databind: Serialization gadgets in classes of the commons-configuration package 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-03-02 17:15 修改: 2026-06-17 02:19
com.fasterxml.jackson.core:jackson-databind	CVE-2020-10650	高危	2.4.0	2.9.10.4	A deserialization flaw was discovered in jackson-databind through 2.9. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-12-26 20:15 修改: 2026-06-17 02:48
com.fasterxml.jackson.core:jackson-databind	CVE-2020-10673	高危	2.4.0	2.9.10.4, 2.6.7.4	jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-03-18 22:15 修改: 2026-06-17 02:48
org.bitbucket.b_c:jose4j	CVE-2023-31582	高危	0.6.5	0.9.3	jose4j: Insecure iteration count setting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31582 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-10-25 18:17 修改: 2026-06-17 05:57
org.bitbucket.b_c:jose4j	CVE-2024-29371	高危	0.6.5	0.9.6	jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29371 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-12-17 16:16 修改: 2026-06-17 07:22
org.eclipse.jetty.http2:http2-common	CVE-2024-22201	高危	9.4.44.v20210927	9.4.54, 10.0.20, 11.0.20	jetty: stop accepting new connections from valid clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22201 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-26 16:27 修改: 2026-06-17 07:10
org.eclipse.jetty.http2:http2-common	CVE-2024-22201	高危	9.4.44.v20210927	9.4.54, 10.0.20, 11.0.20	jetty: stop accepting new connections from valid clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22201 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-26 16:27 修改: 2026-06-17 07:10
org.eclipse.jetty.http2:http2-common	CVE-2024-22201	高危	9.4.44.v20210927	9.4.54, 10.0.20, 11.0.20	jetty: stop accepting new connections from valid clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22201 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-26 16:27 修改: 2026-06-17 07:10
org.eclipse.jetty.http2:http2-common	CVE-2025-5115	高危	9.4.44.v20210927	9.4.58, 10.0.26, 11.0.26	jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5115 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-08-20 20:15 修改: 2026-06-17 09:47
org.eclipse.jetty.http2:http2-common	CVE-2025-5115	高危	9.4.44.v20210927	9.4.58, 10.0.26, 11.0.26	jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5115 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-08-20 20:15 修改: 2026-06-17 09:47
org.eclipse.jetty.http2:http2-common	CVE-2025-5115	高危	9.4.44.v20210927	9.4.58, 10.0.26, 11.0.26	jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5115 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-08-20 20:15 修改: 2026-06-17 09:47
org.eclipse.jetty.http2:http2-hpack	CVE-2023-36478	高危	9.4.44.v20210927	10.0.16, 11.0.16, 9.4.53	jetty: hpack header values cause denial of service in http/2 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36478 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-10-10 17:15 修改: 2026-06-17 06:06
org.eclipse.jetty.http2:http2-hpack	CVE-2023-36478	高危	9.4.44.v20210927	10.0.16, 11.0.16, 9.4.53	jetty: hpack header values cause denial of service in http/2 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36478 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-10-10 17:15 修改: 2026-06-17 06:06
org.eclipse.jetty.http2:http2-hpack	CVE-2023-36478	高危	9.4.44.v20210927	10.0.16, 11.0.16, 9.4.53	jetty: hpack header values cause denial of service in http/2 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36478 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-10-10 17:15 修改: 2026-06-17 06:06
org.eclipse.jetty.http2:http2-server	CVE-2022-2048	高危	9.4.44.v20210927	9.4.47, 10.0.10, 11.0.10	http2-server: Invalid HTTP/2 requests cause DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2048 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-07-07 21:15 修改: 2026-06-17 04:41
org.eclipse.jetty:jetty-http	CVE-2026-2332	高危	9.4.44.v20210927	12.1.7, 12.0.33	org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-04-14 12:16 修改: 2026-06-17 10:30
org.eclipse.jetty:jetty-http	CVE-2026-2332	高危	9.4.44.v20210927	12.1.7, 12.0.33	org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-04-14 12:16 修改: 2026-06-17 10:30
org.eclipse.jetty:jetty-http	CVE-2026-2332	高危	9.4.44.v20210927	12.1.7, 12.0.33	org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-04-14 12:16 修改: 2026-06-17 10:30
org.eclipse.jetty:jetty-server	CVE-2024-13009	高危	9.4.44.v20210927	9.4.57.v20241219	jetty-server: Jetty: Gzip Request Body Buffer Corruption 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13009 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-05-08 18:15 修改: 2026-06-17 07:00
com.fasterxml.jackson.core:jackson-databind	CVE-2020-24616	高危	2.4.0	2.9.10.6	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-08-25 18:15 修改: 2026-06-17 03:05
org.jdom:jdom2	CVE-2021-33813	高危	2.0.6	2.0.6.1	jdom: XXE allows attackers to cause a DoS via a crafted HTTP request 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33813 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-06-16 12:15 修改: 2026-06-17 03:55
org.xerial.snappy:snappy-java	CVE-2023-34455	高危	1.1.7.6	1.1.10.1	snappy-java: Unchecked chunk length leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34455 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-06-15 18:15 修改: 2026-06-17 06:03
org.xerial.snappy:snappy-java	CVE-2023-34455	高危	1.1.7.6	1.1.10.1	snappy-java: Unchecked chunk length leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34455 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-06-15 18:15 修改: 2026-06-17 06:03
org.xerial.snappy:snappy-java	CVE-2023-43642	高危	1.1.7.6	1.1.10.4	snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43642 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-09-25 20:15 修改: 2026-06-17 06:26
org.xerial.snappy:snappy-java	CVE-2023-43642	高危	1.1.7.6	1.1.10.4	snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43642 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-09-25 20:15 修改: 2026-06-17 06:26
software.amazon.ion:ion-java	CVE-2024-21634	高危	1.0.2	1.10.5	ion-java: ion-java: Ion Java StackOverflow vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21634 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-01-03 23:15 修改: 2026-06-17 07:09
org.apache.logging.log4j:log4j-core	CVE-2026-34480	中危	2.17.1	2.25.4	org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
org.apache.logging.log4j:log4j-layout-template-json	CVE-2026-34481	中危	2.17.1	2.25.4	org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34481 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
commons-lang:commons-lang	CVE-2025-48924	中危	2.6		commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
commons-lang:commons-lang	CVE-2025-48924	中危	2.6		commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
com.google.guava:guava	CVE-2023-2976	中危	25.0-jre	32.0.0-android	guava: insecure temporary directory creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
com.google.guava:guava	CVE-2023-2976	中危	25.1-jre	32.0.0-android	guava: insecure temporary directory creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
io.netty:netty-codec	CVE-2025-58057	中危	4.1.68.Final	4.1.125.Final	netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
io.netty:netty-codec	CVE-2025-58057	中危	4.1.68.Final	4.1.125.Final	netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
org.apache.poi:poi-ooxml	CVE-2025-31672	中危	4.1.2	5.4.0	org.apache.poi/poi-ooxml: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31672 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-04-09 12:15 修改: 2026-06-17 09:10
org.apache.poi:poi-scratchpad	CVE-2022-26336	中危	4.1.2	5.2.1	poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-26336 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-03-04 16:15 修改: 2026-06-17 04:35
io.netty:netty-common	CVE-2024-47535	中危	4.1.68.Final	4.1.115.Final	netty: Denial of Service attack on windows app using Netty 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
io.netty:netty-common	CVE-2024-47535	中危	4.1.68.Final	4.1.115.Final	netty: Denial of Service attack on windows app using Netty 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
io.netty:netty-common	CVE-2025-25193	中危	4.1.68.Final	4.1.118.Final	netty: Denial of Service attack on windows app using Netty 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
io.netty:netty-common	CVE-2025-25193	中危	4.1.68.Final	4.1.118.Final	netty: Denial of Service attack on windows app using Netty 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
com.fasterxml.jackson.core:jackson-core	GHSA-72hv-8253-57qq	中危	2.13.3	2.21.1, 2.18.6	jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
com.fasterxml.jackson.core:jackson-core	GHSA-72hv-8253-57qq	中危	2.13.3	2.21.1, 2.18.6	jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
com.fasterxml.jackson.core:jackson-core	GHSA-72hv-8253-57qq	中危	2.12.3	2.21.1, 2.18.6	jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
com.fasterxml.jackson.core:jackson-core	CVE-2025-49128	中危	2.4.0	2.13.0	com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-06-06 22:15 修改: 2026-06-17 09:30
com.fasterxml.jackson.core:jackson-core	GHSA-72hv-8253-57qq	中危	2.4.0	2.21.1, 2.18.6	jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
com.fasterxml.jackson.core:jackson-core	CVE-2025-49128	中危	2.12.3	2.13.0	com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-06-06 22:15 修改: 2026-06-17 09:30
org.apache.solr:solr-core	CVE-2024-52012	中危	8.11.2	9.8.0	Apache Solr Relative Path Traversal vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52012 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-01-27 09:15 修改: 2026-06-17 08:06
org.apache.solr:solr-core	CVE-2024-52012	中危	8.11.2	9.8.0	Apache Solr Relative Path Traversal vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52012 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-01-27 09:15 修改: 2026-06-17 08:06
org.apache.solr:solr-solrj	CVE-2023-50298	中危	8.11.2	9.4.1, 8.11.3	solr: possible exposure of ZooKeeper credentials via Streaming Expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50298 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-09 18:15 修改: 2026-06-17 06:39
org.apache.solr:solr-solrj	CVE-2023-50298	中危	8.11.2	9.4.1, 8.11.3	solr: possible exposure of ZooKeeper credentials via Streaming Expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50298 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-09 18:15 修改: 2026-06-17 06:39
io.netty:netty-handler	CVE-2023-34462	中危	4.1.68.Final	4.1.94.Final	netty: SniHandler 16MB allocation leads to OOM 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-06-22 23:15 修改: 2026-06-17 06:03
io.netty:netty-handler	CVE-2023-34462	中危	4.1.68.Final	4.1.94.Final	netty: SniHandler 16MB allocation leads to OOM 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-06-22 23:15 修改: 2026-06-17 06:03
org.apache.tika:tika-core	CVE-2022-30126	中危	1.27	1.28.2, 2.4.0	tika-core: Regular Expression Denial of Service in standards extractor 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30126 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-05-16 17:15 修改: 2026-06-17 04:43
org.apache.tika:tika-core	CVE-2022-30973	中危	1.27	1.28.3	tika-core: incomplete fix for CVE-2022-30126 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30973 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-05-31 14:15 修改: 2026-06-17 04:44
io.netty:netty-transport-native-epoll	CVE-2026-45536	中危	4.1.68.Final	4.2.15.Final, 4.1.135.Final	netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
io.netty:netty-transport-native-epoll	CVE-2026-45536	中危	4.1.68.Final	4.2.15.Final, 4.1.135.Final	netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
com.fasterxml.jackson.core:jackson-databind	CVE-2019-12384	中危	2.4.0	2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-06-24 16:15 修改: 2026-06-17 02:14
org.apache.ant:ant	CVE-2020-1945	中危	1.8.2	1.9.15, 1.10.8	ant: insecure temporary file vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1945 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-05-14 16:15 修改: 2026-06-17 03:02
org.apache.zookeeper:zookeeper	CVE-2024-23944	中危	3.6.2	3.8.4, 3.9.2	Apache-ZooKeeper: Apache ZooKeeper: Information disclosure in persistent watcher handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23944 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-03-15 11:15 修改: 2026-06-17 07:13
org.apache.zookeeper:zookeeper	CVE-2024-23944	中危	3.6.2	3.8.4, 3.9.2	Apache-ZooKeeper: Apache ZooKeeper: Information disclosure in persistent watcher handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23944 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-03-15 11:15 修改: 2026-06-17 07:13
org.apache.ant:ant	CVE-2021-36373	中危	1.8.2	1.9.16, 1.10.11	ant: excessive memory allocation when reading a specially crafted TAR archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36373 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2021-07-14 07:15 修改: 2026-06-17 03:58
com.fasterxml.jackson.core:jackson-databind	CVE-2019-12814	中危	2.4.0	2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2019-06-19 14:15 修改: 2026-06-17 02:15
org.bitbucket.b_c:jose4j	CVE-2023-51775	中危	0.6.5	0.9.4	jose4j: denial of service via specially crafted JWE 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51775 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-29 01:42 修改: 2026-06-17 06:41
org.bitbucket.b_c:jose4j	GHSA-jgvc-jfgh-rjvv	中危	0.6.5	0.9.3	Chosen Ciphertext Attack in Jose4j 漏洞详情: https://github.com/advisories/GHSA-jgvc-jfgh-rjvv 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-04-27 23:52 修改: 2023-04-27 23:52
org.bouncycastle:bcpkix-jdk15on	CVE-2025-8916	中危	1.69	1.79	org.bouncycastle: BouncyCastle denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8916 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-08-13 10:15 修改: 2026-06-17 10:07
org.bouncycastle:bcpkix-jdk15on	CVE-2026-5588	中危	1.69	1.84	bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-04-15 10:16 修改: 2026-06-17 10:59
org.bouncycastle:bcprov-jdk15on	CVE-2023-33201	中危	1.69		bouncycastle: potential blind LDAP injection attack using a self-signed certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-07-05 03:15 修改: 2026-06-17 06:01
org.bouncycastle:bcprov-jdk15on	CVE-2023-33202	中危	1.69	1.70	bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-11-23 16:15 修改: 2026-06-17 06:01
org.bouncycastle:bcprov-jdk15on	CVE-2024-29857	中危	1.69	1.78	org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-05-14 15:17 修改: 2026-06-17 07:23
org.bouncycastle:bcprov-jdk15on	CVE-2024-30171	中危	1.69	1.78	bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-05-14 15:21 修改: 2026-06-17 07:26
org.bouncycastle:bcprov-jdk15on	CVE-2024-34447	中危	1.69	1.78	org.bouncycastle: Use of Incorrectly-Resolved Name or Reference 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34447 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-05-03 16:15 修改: 2026-06-17 07:33
com.fasterxml.woodstox:woodstox-core	CVE-2022-40152	中危	6.2.4	6.4.0, 5.4.0	woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40152 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-09-16 10:15 修改: 2026-06-17 05:01
org.apache.commons:commons-compress	CVE-2024-25710	中危	1.21	1.26.0	commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16
org.apache.commons:commons-compress	CVE-2024-26308	中危	1.21	1.26.0	commons-compress: OutOfMemoryError unpacking broken Pack200 file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:17
org.apache.commons:commons-configuration2	CVE-2024-29131	中危	2.1.1	2.10.1	commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29131 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-03-21 09:15 修改: 2026-06-17 07:22
org.apache.commons:commons-configuration2	CVE-2024-29133	中危	2.1.1	2.10.1	commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29133 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-03-21 09:15 修改: 2026-06-17 07:22
org.apache.commons:commons-lang3	CVE-2025-48924	中危	3.10	3.18.0	commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
org.eclipse.jetty.http2:http2-common	CVE-2023-44487	中危	9.4.44.v20210927	9.4.53, 10.0.17, 11.0.17	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-10-10 14:15 修改: 2026-06-17 06:27
org.eclipse.jetty.http2:http2-common	CVE-2023-44487	中危	9.4.44.v20210927	9.4.53, 10.0.17, 11.0.17	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-10-10 14:15 修改: 2026-06-17 06:27
org.eclipse.jetty.http2:http2-common	CVE-2023-44487	中危	9.4.44.v20210927	9.4.53, 10.0.17, 11.0.17	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-10-10 14:15 修改: 2026-06-17 06:27
org.apache.commons:commons-lang3	CVE-2025-48924	中危	3.10	3.18.0	commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
com.google.protobuf:protobuf-java	CVE-2022-3171	中危	3.11.0	3.21.7, 3.20.3, 3.19.6, 3.16.3	protobuf-java: timeout in parser leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-10-12 23:15 修改: 2026-06-17 04:58
com.google.protobuf:protobuf-java	CVE-2022-3171	中危	3.11.0	3.21.7, 3.20.3, 3.19.6, 3.16.3	protobuf-java: timeout in parser leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-10-12 23:15 修改: 2026-06-17 04:58
com.jayway.jsonpath:json-path	CVE-2023-51074	中危	2.4.0	2.9.0	json-path: stack-based buffer overflow in Criteria.parse method 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51074 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-12-27 21:15 修改: 2026-06-17 06:40
org.eclipse.jetty.http2:http2-server	CVE-2023-44487	中危	9.4.44.v20210927	9.4.53, 10.0.17, 11.0.17	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-10-10 14:15 修改: 2026-06-17 06:27
org.apache.derby:derby	CVE-2018-1313	中危	10.9.1.0	10.14.2.0	derby: Externally-controlled input vulnerability allows remote attacker to boot a database under attacker's control 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1313 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2018-05-07 13:29 修改: 2026-06-17 01:50
com.fasterxml.woodstox:woodstox-core	CVE-2022-40152	中危	6.2.4	6.4.0, 5.4.0	woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40152 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-09-16 10:15 修改: 2026-06-17 05:01
com.fasterxml.woodstox:woodstox-core	CVE-2022-40152	中危	6.2.4	6.4.0, 5.4.0	woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40152 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-09-16 10:15 修改: 2026-06-17 05:01
org.eclipse.jetty:jetty-http	CVE-2023-40167	中危	9.4.44.v20210927	9.4.52, 10.0.16, 11.0.16, 12.0.1	jetty: Improper validation of HTTP/1 content-length 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40167 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-09-15 20:15 修改: 2026-06-17 06:16
org.eclipse.jetty:jetty-http	CVE-2023-40167	中危	9.4.44.v20210927	9.4.52, 10.0.16, 11.0.16, 12.0.1	jetty: Improper validation of HTTP/1 content-length 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40167 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-09-15 20:15 修改: 2026-06-17 06:16
org.eclipse.jetty:jetty-http	CVE-2023-40167	中危	9.4.44.v20210927	9.4.52, 10.0.16, 11.0.16, 12.0.1	jetty: Improper validation of HTTP/1 content-length 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40167 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-09-15 20:15 修改: 2026-06-17 06:16
org.eclipse.jetty:jetty-http	CVE-2024-6763	中危	9.4.44.v20210927	12.0.12	org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18
org.eclipse.jetty:jetty-http	CVE-2024-6763	中危	9.4.44.v20210927	12.0.12	org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18
org.eclipse.jetty:jetty-http	CVE-2024-6763	中危	9.4.44.v20210927	12.0.12	org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18
com.fasterxml.jackson.core:jackson-core	GHSA-72hv-8253-57qq	中危	2.13.3	2.21.1, 2.18.6	jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
org.eclipse.jetty:jetty-server	CVE-2023-26048	中危	9.4.44.v20210927	9.4.51.v20230217, 10.0.14, 11.0.14	jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26048 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-04-18 21:15 修改: 2026-06-17 05:42
org.eclipse.jetty:jetty-server	CVE-2024-8184	中危	9.4.44.v20210927	12.0.9, 10.0.24, 11.0.24, 9.4.56	org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:22
org.eclipse.jetty:jetty-servlets	CVE-2024-9823	中危	9.4.44.v20210927	9.4.54, 10.0.18, 11.0.18	org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9823 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-10-14 15:15 修改: 2026-06-17 08:25
org.apache.james:apache-mime4j-core	CVE-2024-21742	中危	0.8.3	0.8.10	Mime4J: Mime4J DOM header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21742 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-27 17:15 修改: 2026-06-17 07:10
org.apache.logging.log4j:log4j-1.2-api	CVE-2026-34479	中危	2.17.1	2.25.4	org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34479 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
org.apache.logging.log4j:log4j-core	CVE-2025-68161	中危	2.17.1	2.25.3	Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
org.apache.logging.log4j:log4j-core	CVE-2025-68161	中危	2.17.1	2.25.3	Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
org.apache.logging.log4j:log4j-core	CVE-2026-34477	中危	2.17.1	2.25.4	org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
org.apache.logging.log4j:log4j-core	CVE-2026-34477	中危	2.17.1	2.25.4	org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
org.xerial.snappy:snappy-java	CVE-2023-34453	中危	1.1.7.6	1.1.10.1	snappy-java: Integer overflow in shuffle leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34453 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-06-15 17:15 修改: 2026-06-17 06:03
org.xerial.snappy:snappy-java	CVE-2023-34453	中危	1.1.7.6	1.1.10.1	snappy-java: Integer overflow in shuffle leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34453 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-06-15 17:15 修改: 2026-06-17 06:03
org.xerial.snappy:snappy-java	CVE-2023-34454	中危	1.1.7.6	1.1.10.1	snappy-java: Integer overflow in compress leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34454 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-06-15 17:15 修改: 2026-06-17 06:03
org.xerial.snappy:snappy-java	CVE-2023-34454	中危	1.1.7.6	1.1.10.1	snappy-java: Integer overflow in compress leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34454 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-06-15 17:15 修改: 2026-06-17 06:03
org.apache.logging.log4j:log4j-core	CVE-2026-34480	中危	2.17.1	2.25.4	org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
xerces:xercesImpl	CVE-2020-14338	中危	2.12.0	2.12.0.sp3	wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14338 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-09-17 15:15 修改: 2026-06-17 02:54
xerces:xercesImpl	CVE-2022-23437	中危	2.12.0	2.12.2	xerces-j2: infinite loop when handling specially crafted XML document payloads 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23437 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-01-24 15:15 修改: 2026-06-17 04:30
org.eclipse.jetty:jetty-xml	GHSA-58qw-p7qm-5rvh	低危	9.4.44.v20210927	10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823	Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations 漏洞详情: https://github.com/advisories/GHSA-58qw-p7qm-5rvh 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-07-10 21:52 修改: 2026-02-10 20:06
org.apache.hadoop:hadoop-common	CVE-2024-23454	低危	3.2.2	3.4.0	Apache Hadoop: Temporary File Local Information Disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23454 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-09-25 08:15 修改: 2026-06-17 07:12
org.eclipse.jetty:jetty-http	CVE-2022-2047	低危	9.4.44.v20210927	9.4.47, 10.0.10, 11.0.10	jetty-http: improver hostname input handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2047 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-07-07 21:15 修改: 2026-06-17 04:41
org.eclipse.jetty:jetty-http	CVE-2022-2047	低危	9.4.44.v20210927	9.4.47, 10.0.10, 11.0.10	jetty-http: improver hostname input handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2047 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-07-07 21:15 修改: 2026-06-17 04:41
org.eclipse.jetty:jetty-http	CVE-2022-2047	低危	9.4.44.v20210927	9.4.47, 10.0.10, 11.0.10	jetty-http: improver hostname input handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2047 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2022-07-07 21:15 修改: 2026-06-17 04:41
org.eclipse.jetty:jetty-http	CVE-2025-11143	低危	9.4.44.v20210927	12.0.31, 12.1.5	org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
org.eclipse.jetty:jetty-http	CVE-2025-11143	低危	9.4.44.v20210927	12.0.31, 12.1.5	org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
org.eclipse.jetty:jetty-http	CVE-2025-11143	低危	9.4.44.v20210927	12.0.31, 12.1.5	org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
com.google.guava:guava	CVE-2020-8908	低危	25.1-jre	32.0.0-android	guava: local information disclosure via temporary directory created with unsafe permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
com.google.guava:guava	CVE-2020-8908	低危	25.0-jre	32.0.0-android	guava: local information disclosure via temporary directory created with unsafe permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
org.apache.solr:solr-core	CVE-2023-50292	低危	8.11.2	9.3.0, 8.11.3	Solr: Schema Designer trusts all configsets, possibly leading to RCE by unauthenticated users 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50292 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-09 18:15 修改: 2026-06-17 06:39
org.eclipse.jetty:jetty-server	CVE-2023-26049	低危	9.4.44.v20210927	9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0	jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26049 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-04-18 21:15 修改: 2026-06-17 05:42
org.apache.solr:solr-core	CVE-2023-50292	低危	8.11.2	9.3.0, 8.11.3	Solr: Schema Designer trusts all configsets, possibly leading to RCE by unauthenticated users 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50292 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2024-02-09 18:15 修改: 2026-06-17 06:39
org.eclipse.jetty:jetty-servlets	CVE-2023-36479	低危	9.4.44.v20210927	9.4.52, 10.0.16, 11.0.16	jetty: Improper addition of quotation marks to user inputs in CgiServlet 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36479 镜像层: sha256:1bac6302a39a1cc5dc212724616a120f18b552e5ec909608e9a91a79e9b73fe2 发布日期: 2023-09-15 19:15 修改: 2026-06-17 06:06