docker.io/sonatype/nexus3:3.77.1 linux/amd64

docker.io/sonatype/nexus3:3.77.1 - Trivy安全扫描结果扫描时间: 2025-02-14 13:47

全部漏洞信息

低危漏洞:51

中危漏洞:29

高危漏洞:6

严重漏洞:0

系统OS: redhat 9.5 扫描引擎: Trivy 扫描时间: 2025-02-14 13:47

docker.io/sonatype/nexus3:3.77.1 (redhat 9.5) (redhat)

低危漏洞:50

中危漏洞:19

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	漏洞信息
avahi-libs	CVE-2021-36217	中危	0.8-21.el9	avahi: local DoS against avahi-daemon via D-Bus interface 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36217 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2021-07-07 18:15 修改: 2023-11-07 03:36
avahi-libs	CVE-2024-52615	中危	0.8-21.el9	avahi: Avahi Wide-Area DNS Uses Constant Source Port 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52615 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-11-21 21:15 修改: 2024-11-21 21:15
avahi-libs	CVE-2024-52616	中危	0.8-21.el9	avahi: Avahi Wide-Area DNS Predictable Transaction IDs 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52616 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-11-21 21:15 修改: 2024-11-21 21:15
bzip2-libs	CVE-2019-12900	中危	1.0.8-10.el9_5	bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail). 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12900 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2019-06-19 23:15 修改: 2023-11-07 03:03
cups-libs	CVE-2023-4504	中危	1:2.3.3op2-31.el9_5	libppd: Postscript Parsing Heap Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4504 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2023-09-21 23:15 修改: 2023-11-09 20:58
expat	CVE-2024-45491	中危	2.5.0-3.el9_5.1	libexpat: Integer Overflow or Wraparound 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
glib2	CVE-2024-52533	中危	2.68.4-14.el9_4.1	glib: buffer overflow in set_connect_msg() 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52533 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-11-11 23:15 修改: 2024-12-06 14:15
libarchive	CVE-2023-30571	中危	3.5.3-4.el9	libarchive: Race condition in multi-threaded use of archive_write_disk_header() on posix based systems 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-30571 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-05-29 20:15 修改: 2025-01-14 17:15
libyaml	CVE-2024-35325	中危	0.2.5-7.el9	libyaml: double-free in yaml_event_delete in /src/libyaml/src/api.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35325 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-06-13 17:15 修改: 2024-08-28 16:15
nspr	CVE-2024-6602	中危	4.35.0-17.el9_2	Mozilla: Memory corruption in NSS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
nss	CVE-2024-6602	中危	3.101.0-10.el9_2	Mozilla: Memory corruption in NSS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
nss-softokn	CVE-2024-6602	中危	3.101.0-10.el9_2	Mozilla: Memory corruption in NSS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
nss-softokn-freebl	CVE-2024-6602	中危	3.101.0-10.el9_2	Mozilla: Memory corruption in NSS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
nss-sysinit	CVE-2024-6602	中危	3.101.0-10.el9_2	Mozilla: Memory corruption in NSS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
nss-util	CVE-2024-6602	中危	3.101.0-10.el9_2	Mozilla: Memory corruption in NSS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
python3	CVE-2021-23336	中危	3.9.21-1.el9_5	python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23336 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2021-02-15 13:15 修改: 2023-11-07 03:30
python3-libs	CVE-2021-23336	中危	3.9.21-1.el9_5	python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23336 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2021-02-15 13:15 修改: 2023-11-07 03:30
systemd-libs	CVE-2021-3997	中危	252-46.el9_5.2	systemd: Uncontrolled recursion in systemd-tmpfiles when removing files 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3997 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2022-08-23 20:15 修改: 2023-05-03 12:15
tar	CVE-2005-2541	中危	2:1.34-7.el9	tar: does not properly warn the user when extracting setuid or setgid files 漏洞详情: https://avd.aquasec.com/nvd/cve-2005-2541 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2005-08-10 04:00 修改: 2023-11-07 01:57
libcurl-minimal	CVE-2024-9681	低危	7.76.1-31.el9	curl: HSTS subdomain overwrites parent cache entry 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-11-06 08:15 修改: 2024-12-13 14:15
libgcc	CVE-2022-27943	低危	11.5.0-2.el9	binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2022-03-26 13:15 修改: 2023-11-07 03:45
libstdc++	CVE-2022-27943	低危	11.5.0-2.el9	binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2022-03-26 13:15 修改: 2023-11-07 03:45
libxml2	CVE-2023-45322	低危	2.9.13-6.el9_4	libxml2: use-after-free in xmlUnlinkNode() in tree.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45322 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-10-06 22:15 修改: 2024-08-02 21:15
libxml2	CVE-2024-34459	低危	2.9.13-6.el9_4	libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34459 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-05-14 15:39 修改: 2024-08-22 18:35
curl-minimal	CVE-2024-7264	低危	7.76.1-31.el9	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-07-31 08:15 修改: 2024-10-30 20:35
libzstd	CVE-2022-4899	低危	1.5.1-2.el9	zstd: mysql: buffer overrun in util.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4899 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-03-31 20:15 修改: 2023-11-07 03:59
ncurses-base	CVE-2022-29458	低危	6.2-10.20210508.el9	ncurses: segfaulting OOB read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
ncurses-base	CVE-2023-45918	低危	6.2-10.20210508.el9	ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
ncurses-base	CVE-2023-50495	低危	6.2-10.20210508.el9	ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
ncurses-libs	CVE-2022-29458	低危	6.2-10.20210508.el9	ncurses: segfaulting OOB read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
ncurses-libs	CVE-2023-45918	低危	6.2-10.20210508.el9	ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
ncurses-libs	CVE-2023-50495	低危	6.2-10.20210508.el9	ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
curl-minimal	CVE-2024-9681	低危	7.76.1-31.el9	curl: HSTS subdomain overwrites parent cache entry 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-11-06 08:15 修改: 2024-12-13 14:15
nspr	CVE-2020-12413	低危	4.35.0-17.el9_2	nss: Information exposure when DH secret are reused across multiple TLS connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nspr	CVE-2024-7531	低危	4.35.0-17.el9_2	mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
avahi-libs	CVE-2017-6519	低危	0.8-21.el9	avahi: Multicast DNS responds to unicast queries outside of local network 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-6519 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2017-05-01 01:59 修改: 2023-11-07 02:49
nss	CVE-2020-12413	低危	3.101.0-10.el9_2	nss: Information exposure when DH secret are reused across multiple TLS connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nss	CVE-2024-7531	低危	3.101.0-10.el9_2	mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
gawk	CVE-2023-4156	低危	5.1.0-6.el9	gawk: heap out of bound read in builtin.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4156 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-09-25 18:15 修改: 2023-11-07 04:22
nss-softokn	CVE-2020-12413	低危	3.101.0-10.el9_2	nss: Information exposure when DH secret are reused across multiple TLS connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nss-softokn	CVE-2024-7531	低危	3.101.0-10.el9_2	mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
cups-libs	CVE-2021-25317	低危	1:2.3.3op2-31.el9_5	cups: insecure permissions of /var/log/cups allows for symlink attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-25317 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2021-05-05 10:15 修改: 2023-11-07 03:31
nss-softokn-freebl	CVE-2020-12413	低危	3.101.0-10.el9_2	nss: Information exposure when DH secret are reused across multiple TLS connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nss-softokn-freebl	CVE-2024-7531	低危	3.101.0-10.el9_2	mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
glib2	CVE-2023-32636	低危	2.68.4-14.el9_4.1	glib: Timeout in fuzz_variant_text 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32636 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-09-14 20:15 修改: 2024-01-12 22:09
nss-sysinit	CVE-2020-12413	低危	3.101.0-10.el9_2	nss: Information exposure when DH secret are reused across multiple TLS connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nss-sysinit	CVE-2024-7531	低危	3.101.0-10.el9_2	mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
gnupg2	CVE-2022-3219	低危	2.3.3-4.el9	gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
nss-util	CVE-2020-12413	低危	3.101.0-10.el9_2	nss: Information exposure when DH secret are reused across multiple TLS connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nss-util	CVE-2024-7531	低危	3.101.0-10.el9_2	mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
openldap	CVE-2023-2953	低危	2.6.6-3.el9	openldap: null pointer dereference in ber_memalloc_x function 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2953 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-05-30 22:15 修改: 2025-01-10 22:15
openssl-libs	CVE-2024-2511	低危	1:3.2.2-6.el9_5	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15
openssl-libs	CVE-2024-41996	低危	1:3.2.2-6.el9_5	openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41996 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-08-26 06:15 修改: 2024-08-26 16:35
openssl-libs	CVE-2024-4741	低危	1:3.2.2-6.el9_5	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-11-13 11:15 修改: 2024-11-13 17:01
openssl-libs	CVE-2024-5535	低危	1:3.2.2-6.el9_5	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
pcre2	CVE-2022-41409	低危	10.40-6.el9	pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-07-18 14:15 修改: 2023-07-27 03:46
pcre2-syntax	CVE-2022-41409	低危	10.40-6.el9	pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-07-18 14:15 修改: 2023-07-27 03:46
java-17-openjdk-headless	CVE-2022-3857	低危	1:17.0.14.0.7-2.el9	libpng: Null pointer dereference leads to segmentation fault 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3857 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2023-03-06 23:15 修改: 2024-10-09 04:15
python3	CVE-2024-0397	低危	3.9.21-1.el9_5	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
python3	CVE-2024-7592	低危	3.9.21-1.el9_5	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
curl-minimal	CVE-2024-11053	低危	7.76.1-31.el9	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-12-11 08:15 修改: 2024-12-15 17:15
python3-libs	CVE-2024-0397	低危	3.9.21-1.el9_5	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
python3-libs	CVE-2024-7592	低危	3.9.21-1.el9_5	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
python3-pip-wheel	CVE-2021-3572	低危	21.3.1-1.el9	python-pip: Incorrect handling of unicode separators in git references 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3572 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2021-11-10 18:15 修改: 2024-06-21 19:15
sqlite-libs	CVE-2023-36191	低危	3.34.1-7.el9_3	sqlite: CLI fault on missing -nonce 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36191 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2023-06-23 02:15 修改: 2023-11-07 04:16
sqlite-libs	CVE-2024-0232	低危	3.34.1-7.el9_3	sqlite: use-after-free bug in jsonParseAddNodeArray 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0232 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-01-16 14:15 修改: 2024-09-28 04:15
libcurl-minimal	CVE-2024-11053	低危	7.76.1-31.el9	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-12-11 08:15 修改: 2024-12-15 17:15
libcurl-minimal	CVE-2024-7264	低危	7.76.1-31.el9	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:f78d563114cad564510fe57424fa8f01903eb28721f5dd564d2605650391372e 发布日期: 2024-07-31 08:15 修改: 2024-10-30 20:35
tar	CVE-2023-39804	低危	2:1.34-7.el9	tar: Incorrectly handled extension attributes in PAX archives can lead to a crash 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39804 镜像层: sha256:0ae1787fa1e24b5633e6bf6f6bb336144c17b38914d8c0c5a4afa18aa8d5c071 发布日期: 2024-03-27 04:15 修改: 2024-11-12 19:35

Java (jar)

低危漏洞:1

中危漏洞:10

高危漏洞:6

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
commons-io:commons-io	CVE-2024-47554	高危	2.11.0	2.14.0	apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2024-10-03 12:15 修改: 2024-12-04 15:15
commons-io:commons-io	CVE-2024-47554	高危	2.8.0	2.14.0	apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2024-10-03 12:15 修改: 2024-12-04 15:15
org.cyclonedx:cyclonedx-core-java	CVE-2024-38374	高危	7.3.2	9.0.4	cyclonedx-core-java: XML External Entity injection while evaluating XPath expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38374 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2024-06-28 18:15 修改: 2024-07-01 12:37
org.elasticsearch:elasticsearch	CVE-2019-7611	高危	2.4.3	5.6.15, 6.6.1	elasticsearch: Improper permission issue when attaching a new name to an index 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-7611 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2019-03-25 19:29 修改: 2020-10-19 18:10
org.elasticsearch:elasticsearch	CVE-2023-31418	高危	2.4.3	7.17.13, 8.9.0	elasticsearch: uncontrolled resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31418 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2023-10-26 18:15 修改: 2023-11-30 22:15
org.keycloak:keycloak-saml-core	CVE-2024-8698	高危	18.0.2	22.0.13, 24.0.8, 25.0.6	keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8698 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2024-09-19 16:15 修改: 2024-12-12 20:15
org.elasticsearch:elasticsearch	CVE-2018-3824	中危	2.4.3	5.6.9, 6.2.4	Elasticsearch subject to cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3824 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2018-09-19 19:29 修改: 2019-10-09 23:40
org.elasticsearch:elasticsearch	CVE-2019-7614	中危	2.4.3	6.8.2, 7.2.1	elasticsearch: Race condition in response headers on systems with multiple submitting requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-7614 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2019-07-30 22:15 修改: 2023-03-03 19:17
org.elasticsearch:elasticsearch	CVE-2020-7019	中危	2.4.3	7.9.0, 6.8.12	elasticsearch: scrolling search can leak fields that should be hidden allowing access restriction bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7019 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2020-08-18 17:15 修改: 2023-01-27 20:50
org.elasticsearch:elasticsearch	CVE-2020-7021	中危	2.4.3	6.8.14, 7.10.0	elasticsearch: Information disclosure via audit logging with emit_request_body option enabled 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7021 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2021-02-10 19:15 修改: 2021-03-26 12:49
org.elasticsearch:elasticsearch	CVE-2021-22135	中危	2.4.3	7.11.2, 6.8.15	elasticsearch: Document disclosure flaw in the Elasticsearch suggester 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22135 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2021-05-13 18:15 修改: 2021-09-07 22:06
org.elasticsearch:elasticsearch	CVE-2021-22137	中危	2.4.3	7.11.2, 6.8.15	elasticsearch: Document disclosure flaw when Document or Field Level Security is used 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22137 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2021-05-13 18:15 修改: 2022-11-04 18:30
org.elasticsearch:elasticsearch	CVE-2021-22144	中危	2.4.3	6.8.17, 7.13.3	elasticsearch: uncontrolled recursion in Grok parser 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22144 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2021-07-26 12:15 修改: 2022-05-10 18:02
org.elasticsearch:elasticsearch	CVE-2023-49921	中危	2.4.3	7.17.16, 8.11.2	elasticsearch: Insertion of Sensitive Information into Log File 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49921 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2024-07-26 05:15 修改: 2024-09-11 14:09
org.elasticsearch:elasticsearch	CVE-2024-23444	中危	2.4.3	8.13.0, 7.17.23	Elasticsearch stores private key on disk unencrypted 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23444 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2024-07-31 18:15 修改: 2024-08-01 12:42
org.eclipse.jetty:jetty-http	CVE-2024-6763	中危	9.4.56.v20240826	12.0.12	org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2024-10-14 16:15 修改: 2024-11-08 21:15
org.elasticsearch:elasticsearch	CVE-2020-7020	低危	2.4.3	6.8.13, 7.9.2	elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7020 镜像层: sha256:a9034b8942f1d54ed897a6c8f8fed3f735dff380f4e081ae2217feb57a17c9e4 发布日期: 2020-10-22 17:15 修改: 2022-06-03 18:56