docker.io/starrocks/fe-ubuntu:3.2.15 linux/amd64

docker.io/starrocks/fe-ubuntu:3.2.15 - Trivy安全扫描结果 扫描时间: 2025-02-24 16:44
全部漏洞信息
低危漏洞:44 中危漏洞:70 高危漏洞:94 严重漏洞:45

系统OS: ubuntu 22.04 扫描引擎: Trivy 扫描时间: 2025-02-24 16:44

docker.io/starrocks/fe-ubuntu:3.2.15 (ubuntu 22.04) (ubuntu)
低危漏洞:39 中危漏洞:23 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
gcc-12-base CVE-2023-4039 中危 12.3.0-1ubuntu1~22.04 gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4039

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-09-13 09:15 修改: 2024-08-02 08:15
libavahi-client3 CVE-2024-52615 中危 0.8-5ubuntu5.2 avahi: Avahi Wide-Area DNS Uses Constant Source Port

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52615

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2024-11-21 21:15 修改: 2024-11-21 21:15
libavahi-client3 CVE-2024-52616 中危 0.8-5ubuntu5.2 avahi: Avahi Wide-Area DNS Predictable Transaction IDs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52616

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2024-11-21 21:15 修改: 2024-11-21 21:15
libavahi-common-data CVE-2024-52615 中危 0.8-5ubuntu5.2 avahi: Avahi Wide-Area DNS Uses Constant Source Port

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52615

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2024-11-21 21:15 修改: 2024-11-21 21:15
libavahi-common-data CVE-2024-52616 中危 0.8-5ubuntu5.2 avahi: Avahi Wide-Area DNS Predictable Transaction IDs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52616

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2024-11-21 21:15 修改: 2024-11-21 21:15
libavahi-common3 CVE-2024-52615 中危 0.8-5ubuntu5.2 avahi: Avahi Wide-Area DNS Uses Constant Source Port

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52615

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2024-11-21 21:15 修改: 2024-11-21 21:15
libavahi-common3 CVE-2024-52616 中危 0.8-5ubuntu5.2 avahi: Avahi Wide-Area DNS Predictable Transaction IDs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52616

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2024-11-21 21:15 修改: 2024-11-21 21:15
libfreetype6 CVE-2025-23022 中危 2.11.1+dfsg-1ubuntu0.2 freetype: signed integer overflow in cf2_doFlex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23022

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2025-01-10 15:15 修改: 2025-01-16 21:12
libgcc-s1 CVE-2023-4039 中危 12.3.0-1ubuntu1~22.04 gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4039

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-09-13 09:15 修改: 2024-08-02 08:15
libgssapi-krb5-2 CVE-2024-26462 中危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/kdc/ndr.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libk5crypto3 CVE-2024-26462 中危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/kdc/ndr.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libkrb5-3 CVE-2024-26462 中危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/kdc/ndr.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libkrb5support0 CVE-2024-26462 中危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/kdc/ndr.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libpam-modules CVE-2024-10041 中危 1.4.0-11ubuntu2.5 pam: libpam: Libpam vulnerable to read hashed password

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam-modules-bin CVE-2024-10041 中危 1.4.0-11ubuntu2.5 pam: libpam: Libpam vulnerable to read hashed password

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam-runtime CVE-2024-10041 中危 1.4.0-11ubuntu2.5 pam: libpam: Libpam vulnerable to read hashed password

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam0g CVE-2024-10041 中危 1.4.0-11ubuntu2.5 pam: libpam: Libpam vulnerable to read hashed password

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpython3.10 CVE-2024-11168 中危 3.10.12-1~22.04.8 python: Improper validation of IPv6 and IPvFuture addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
libpython3.10-minimal CVE-2024-11168 中危 3.10.12-1~22.04.8 python: Improper validation of IPv6 and IPvFuture addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
libpython3.10-stdlib CVE-2024-11168 中危 3.10.12-1~22.04.8 python: Improper validation of IPv6 and IPvFuture addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
libstdc++6 CVE-2023-4039 中危 12.3.0-1ubuntu1~22.04 gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4039

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-09-13 09:15 修改: 2024-08-02 08:15
login CVE-2024-56433 中危 1:4.8.1-2ubuntu2.2 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-12-26 09:15 修改: 2024-12-26 09:15
passwd CVE-2024-56433 中危 1:4.8.1-2ubuntu2.2 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-12-26 09:15 修改: 2024-12-26 09:15
libk5crypto3 CVE-2024-26458 低危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libk5crypto3 CVE-2024-26461 低危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
libc6 CVE-2016-20013 低危 2.35-0ubuntu3.8

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
libkrb5-3 CVE-2024-26458 低危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libkrb5-3 CVE-2024-26461 低危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
libdbus-1-3 CVE-2023-34969 低危 1.12.20-2ubuntu4.1 dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34969

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2023-06-08 03:15 修改: 2023-12-27 16:36
libkrb5support0 CVE-2024-26458 低危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libkrb5support0 CVE-2024-26461 低危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
libncurses6 CVE-2023-45918 低危 6.3-2ubuntu0.1 ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncurses6 CVE-2023-50495 低危 6.3-2ubuntu0.1 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libncursesw6 CVE-2023-45918 低危 6.3-2ubuntu0.1 ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncursesw6 CVE-2023-50495 低危 6.3-2ubuntu0.1 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
coreutils CVE-2016-2781 低危 8.32-4.1ubuntu1.2 coreutils: Non-privileged session can escape to the parent session in chroot

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-2781

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2017-02-07 15:59 修改: 2023-11-07 02:32
gcc-12-base CVE-2022-27943 低危 12.3.0-1ubuntu1~22.04 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2022-03-26 13:15 修改: 2023-11-07 03:45
libgcc-s1 CVE-2022-27943 低危 12.3.0-1ubuntu1~22.04 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2022-03-26 13:15 修改: 2023-11-07 03:45
libgcrypt20 CVE-2024-2236 低危 1.9.4-3ubuntu3 libgcrypt: vulnerable to Marvin Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-03-06 22:15 修改: 2024-11-12 18:15
libpcre2-8-0 CVE-2022-41409 低危 10.39-3ubuntu0.1 pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-07-18 14:15 修改: 2023-07-27 03:46
libpcre3 CVE-2017-11164 低危 2:8.39-13ubuntu0.22.04.1 pcre: OP_KETRMAX feature in the match function in pcre_exec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-11164

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2017-07-11 03:29 修改: 2023-11-07 02:38
libgif7 CVE-2023-48161 低危 5.1.9-2ubuntu0.1 giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48161

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2023-11-22 06:15 修改: 2023-11-29 18:48
gpgv CVE-2022-3219 低危 2.2.27-3ubuntu2.1 gnupg: denial of service issue (resource consumption) using compressed packets

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libgssapi-krb5-2 CVE-2024-26458 低危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libssl3 CVE-2024-41996 低危 3.0.2-0ubuntu1.18 openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41996

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-08-26 06:15 修改: 2024-08-26 16:35
libgssapi-krb5-2 CVE-2024-26461 低危 1.19.2-2ubuntu0.4 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
libstdc++6 CVE-2022-27943 低危 12.3.0-1ubuntu1~22.04 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2022-03-26 13:15 修改: 2023-11-07 03:45
libsystemd0 CVE-2023-7008 低危 249.11-0ubuntu3.12 systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15
libtinfo6 CVE-2023-45918 低危 6.3-2ubuntu0.1 ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libtinfo6 CVE-2023-50495 低危 6.3-2ubuntu0.1 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libudev1 CVE-2023-7008 低危 249.11-0ubuntu3.12 systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15
libzstd1 CVE-2022-4899 低危 1.4.8+dfsg-3build1 zstd: mysql: buffer overrun in util.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4899

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-03-31 20:15 修改: 2023-11-07 03:59
locales CVE-2016-20013 低危 2.35-0ubuntu3.9

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
libharfbuzz0b CVE-2023-25193 低危 2.7.4-1ubuntu3.2 harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25193

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2023-02-04 20:15 修改: 2023-11-07 04:08
login CVE-2023-29383 低危 1:4.8.1-2ubuntu2.2 shadow: Improper input validation in shadow-utils package utility chfn

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-04-14 22:15 修改: 2023-04-24 18:05
ncurses-base CVE-2023-45918 低危 6.3-2ubuntu0.1 ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
ncurses-base CVE-2023-50495 低危 6.3-2ubuntu0.1 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
ncurses-bin CVE-2023-45918 低危 6.3-2ubuntu0.1 ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
ncurses-bin CVE-2023-50495 低危 6.3-2ubuntu0.1 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
openssl CVE-2024-41996 低危 3.0.2-0ubuntu1.18 openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41996

镜像层: sha256:c34d83dacb7eb6a071830ff92f2e685c8a2eaf06481dbd6888a9e5208b0902bb

发布日期: 2024-08-26 06:15 修改: 2024-08-26 16:35
libc-bin CVE-2016-20013 低危 2.35-0ubuntu3.8

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
passwd CVE-2023-29383 低危 1:4.8.1-2ubuntu2.2 shadow: Improper input validation in shadow-utils package utility chfn

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383

镜像层: sha256:270a1170e7e398434ff1b31e17e233f7d7b71aa99a40473615860068e86720af

发布日期: 2023-04-14 22:15 修改: 2023-04-24 18:05
Java (jar)
低危漏洞:5 中危漏洞:47 高危漏洞:94 严重漏洞:45
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
com.fasterxml.jackson.core:jackson-databind CVE-2017-15095 严重 2.4.0 2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-02-06 15:29 修改: 2023-11-07 02:39
com.fasterxml.jackson.core:jackson-databind CVE-2017-15095 严重 2.4.0 2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-02-06 15:29 修改: 2023-11-07 02:39
com.fasterxml.jackson.core:jackson-databind CVE-2017-17485 严重 2.4.0 2.9.4, 2.8.11, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-01-10 18:29 修改: 2023-06-08 18:00
com.fasterxml.jackson.core:jackson-databind CVE-2017-17485 严重 2.4.0 2.9.4, 2.8.11, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-01-10 18:29 修改: 2023-06-08 18:00
com.fasterxml.jackson.core:jackson-databind CVE-2017-7525 严重 2.4.0 2.6.7.1, 2.7.9.1, 2.8.9 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7525

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-02-06 15:29 修改: 2023-11-07 02:50
com.fasterxml.jackson.core:jackson-databind CVE-2017-7525 严重 2.4.0 2.6.7.1, 2.7.9.1, 2.8.9 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7525

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-02-06 15:29 修改: 2023-11-07 02:50
com.fasterxml.jackson.core:jackson-databind CVE-2018-11307 严重 2.4.0 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-07-09 16:15 修改: 2024-04-03 17:40
com.fasterxml.jackson.core:jackson-databind CVE-2018-11307 严重 2.4.0 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-07-09 16:15 修改: 2024-04-03 17:40
com.fasterxml.jackson.core:jackson-databind CVE-2018-14718 严重 2.4.0 2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: arbitrary code execution in slf4j-ext class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-14718 严重 2.4.0 2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: arbitrary code execution in slf4j-ext class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-14719 严重 2.4.0 2.9.7, 2.8.11.3, 2.7.9.5 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-14719 严重 2.4.0 2.9.7, 2.8.11.3, 2.7.9.5 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-19362 严重 2.4.0 2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: improper polymorphic deserialization in jboss-common-core class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind CVE-2018-19362 严重 2.4.0 2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: improper polymorphic deserialization in jboss-common-core class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind CVE-2018-7489 严重 2.4.0 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-02-26 15:29 修改: 2023-11-07 03:01
com.fasterxml.jackson.core:jackson-databind CVE-2018-7489 严重 2.4.0 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-02-26 15:29 修改: 2023-11-07 03:01
com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 严重 2.4.0 2.9.9.2, 2.8.11.4, 2.7.9.6 jackson-databind: default typing mishandling leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-07-29 12:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 严重 2.4.0 2.9.9.2, 2.8.11.4, 2.7.9.6 jackson-databind: default typing mishandling leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-07-29 12:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14540 严重 2.4.0 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14540 严重 2.4.0 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-16335 严重 2.4.0 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2019-16335 严重 2.4.0 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2019-16942 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-16942 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-16943 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-16943 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 严重 2.4.0 2.9.10, 2.8.11.5 jackson-databind: Serialization gadgets in classes of the ehcache package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-10-07 00:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 严重 2.4.0 2.9.10, 2.8.11.5 jackson-databind: Serialization gadgets in classes of the ehcache package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-10-07 00:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17531 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-10-12 21:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17531 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-10-12 21:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-20330 严重 2.4.0 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 jackson-databind: lacks certain net.sf.ehcache blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-01-03 04:15 修改: 2023-11-07 03:09
com.fasterxml.jackson.core:jackson-databind CVE-2019-20330 严重 2.4.0 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 jackson-databind: lacks certain net.sf.ehcache blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-01-03 04:15 修改: 2023-11-07 03:09
com.fasterxml.jackson.core:jackson-databind CVE-2020-8840 严重 2.4.0 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 jackson-databind: Lacks certain xbean-reflect/JNDI blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-02-10 21:56 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-8840 严重 2.4.0 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 jackson-databind: Lacks certain xbean-reflect/JNDI blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-02-10 21:56 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 严重 2.4.0 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in ibatis-sqlmap

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 严重 2.4.0 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in ibatis-sqlmap

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 严重 2.4.0 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in anteros-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 严重 2.4.0 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in anteros-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
commons-collections:commons-collections CVE-2015-7501 严重 3.2.1 3.2.2 apache-commons-collections: InvokerTransformer code execution during deserialisation

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-7501

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2017-11-09 17:29 修改: 2024-02-16 13:15
commons-collections:commons-collections CVE-2015-7501 严重 3.2.1 3.2.2 apache-commons-collections: InvokerTransformer code execution during deserialisation

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-7501

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2017-11-09 17:29 修改: 2024-02-16 13:15
org.apache.avro:avro CVE-2024-47561 严重 1.11.1 1.11.4 apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-03 11:15 修改: 2024-10-21 09:15
org.apache.avro:avro CVE-2024-47561 严重 1.11.3 1.11.4 apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-03 11:15 修改: 2024-10-21 09:15
org.apache.avro:avro CVE-2024-47561 严重 1.9.2 1.11.4 apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-03 11:15 修改: 2024-10-21 09:15
org.apache.avro:avro CVE-2024-47561 严重 1.9.2 1.11.4 apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-03 11:15 修改: 2024-10-21 09:15
org.codehaus.jackson:jackson-mapper-asl CVE-2019-10202 严重 1.9.13 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10202

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-10-01 15:15 修改: 2023-02-12 23:33
com.fasterxml.jackson.core:jackson-databind CVE-2018-5968 高危 2.4.0 2.8.11.1, 2.9.4, 2.7.9.5 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-01-22 04:29 修改: 2023-09-13 14:19
com.fasterxml.jackson.core:jackson-databind CVE-2019-12086 高危 2.4.0 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-05-17 17:29 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind CVE-2019-12086 高危 2.4.0 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-05-17 17:29 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind CVE-2019-14439 高危 2.4.0 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: Polymorphic typing issue related to logback/JNDI

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-07-30 11:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14439 高危 2.4.0 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: Polymorphic typing issue related to logback/JNDI

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-07-30 11:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14892 高危 2.4.0 2.6.7.3, 2.8.11.5, 2.9.10 jackson-databind: Serialization gadgets in classes of the commons-configuration package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-03-02 17:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2019-14892 高危 2.4.0 2.6.7.3, 2.8.11.5, 2.9.10 jackson-databind: Serialization gadgets in classes of the commons-configuration package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-03-02 17:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2020-10650 高危 2.4.0 2.9.10.4 A deserialization flaw was discovered in jackson-databind through 2.9. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-12-26 20:15 修改: 2023-08-18 14:15
com.fasterxml.jackson.core:jackson-databind CVE-2020-10650 高危 2.4.0 2.9.10.4 A deserialization flaw was discovered in jackson-databind through 2.9. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-12-26 20:15 修改: 2023-08-18 14:15
com.fasterxml.jackson.core:jackson-databind CVE-2020-10673 高危 2.4.0 2.9.10.4, 2.6.7.4 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-03-18 22:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-10673 高危 2.4.0 2.9.10.4, 2.6.7.4 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-03-18 22:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-24616 高危 2.4.0 2.9.10.6 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-08-25 18:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind CVE-2020-24616 高危 2.4.0 2.9.10.6 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-08-25 18:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind CVE-2020-24750 高危 2.4.0 2.6.7.5, 2.9.10.6 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-09-17 19:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-24750 高危 2.4.0 2.6.7.5, 2.9.10.6 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-09-17 19:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-35490 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind CVE-2020-35490 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind CVE-2020-35491 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind CVE-2020-35491 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind CVE-2020-35728 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-27 05:15 修改: 2023-11-07 03:22
com.fasterxml.jackson.core:jackson-databind CVE-2020-35728 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-27 05:15 修改: 2023-11-07 03:22
com.fasterxml.jackson.core:jackson-databind CVE-2020-36179 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36179 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36180 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36180 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36181 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36181 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36182 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36182 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36183 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-07 00:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-36183 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-07 00:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-36184 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36184 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36185 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36185 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36186 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36186 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36187 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36187 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36188 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36188 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36189 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36189 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.4.0 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-03-11 07:15 修改: 2022-11-29 22:12
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.4.0 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-03-11 07:15 修改: 2022-11-29 22:12
com.fasterxml.jackson.core:jackson-databind CVE-2021-20190 高危 2.4.0 2.9.10.7, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-19 17:15 修改: 2023-11-07 03:28
com.fasterxml.jackson.core:jackson-databind CVE-2021-20190 高危 2.4.0 2.9.10.7, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-01-19 17:15 修改: 2023-11-07 03:28
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.4.0 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-10-02 05:15 修改: 2023-12-20 10:15
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.4.0 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-10-02 05:15 修改: 2023-12-20 10:15
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.4.0 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-10-02 05:15 修改: 2022-12-02 15:10
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.4.0 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-10-02 05:15 修改: 2022-12-02 15:10
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor CVE-2020-28491 高危 2.10.4 2.11.4, 2.12.1 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28491

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-02-18 16:15 修改: 2022-12-06 21:44
com.google.code.gson:gson CVE-2022-25647 高危 2.8.6 2.8.9 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25647

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-05-01 16:15 修改: 2022-11-28 17:33
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.16.3 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.19.6 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.12 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.12 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.12 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.12 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.7 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.9 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
com.mysql:mysql-connector-j CVE-2023-22102 高危 8.0.31 8.2.0 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2023)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22102

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-10-17 22:15 修改: 2023-10-31 19:20
com.nimbusds:nimbus-jose-jwt CVE-2023-52428 高危 9.31 9.37.2 nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52428

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-11 05:15 修改: 2024-10-30 20:35
com.nimbusds:nimbus-jose-jwt CVE-2023-52428 高危 9.31 9.37.2 nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52428

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-11 05:15 修改: 2024-10-30 20:35
com.nimbusds:nimbus-jose-jwt CVE-2023-52428 高危 9.31 9.37.2 nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52428

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-11 05:15 修改: 2024-10-30 20:35
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.10.5.1 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-10-02 05:15 修改: 2023-12-20 10:15
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.10.5.1 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-10-02 05:15 修改: 2022-12-02 15:10
commons-collections:commons-collections CVE-2015-6420 高危 3.2.1 3.2.2 Insecure Deserialization in Apache Commons Collection

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-6420

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2015-12-15 05:59 修改: 2023-11-07 02:26
commons-collections:commons-collections CVE-2015-6420 高危 3.2.1 3.2.2 Insecure Deserialization in Apache Commons Collection

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-6420

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2015-12-15 05:59 修改: 2023-11-07 02:26
commons-io:commons-io CVE-2024-47554 高危 2.7 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-03 12:15 修改: 2024-12-04 15:15
commons-io:commons-io CVE-2024-47554 高危 2.7 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-03 12:15 修改: 2024-12-04 15:15
commons-io:commons-io CVE-2024-47554 高危 2.7 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-03 12:15 修改: 2024-12-04 15:15
dnsjava:dnsjava CVE-2024-25638 高危 3.4.0 3.6.0 dnsjava: Improper response validation allowing DNSSEC bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25638

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-07-22 14:15 修改: 2024-09-04 15:15
dnsjava:dnsjava CVE-2024-25638 高危 3.4.0 3.6.0 dnsjava: Improper response validation allowing DNSSEC bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25638

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-07-22 14:15 修改: 2024-09-04 15:15
dnsjava:dnsjava CVE-2024-25638 高危 3.4.0 3.6.0 dnsjava: Improper response validation allowing DNSSEC bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25638

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-07-22 14:15 修改: 2024-09-04 15:15
io.airlift:aircompressor CVE-2024-36114 高危 0.10 0.27 Decompressors can crash the JVM and leak memory content in Aircompressor

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36114

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-05-29 21:15 修改: 2024-05-30 13:15
io.airlift:aircompressor CVE-2024-36114 高危 0.21 0.27 Decompressors can crash the JVM and leak memory content in Aircompressor

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36114

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-05-29 21:15 修改: 2024-05-30 13:15
io.airlift:aircompressor CVE-2024-36114 高危 0.25 0.27 Decompressors can crash the JVM and leak memory content in Aircompressor

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36114

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-05-29 21:15 修改: 2024-05-30 13:15
io.netty:netty-codec-http2 GHSA-xpw8-rcwv-8f8p 高危 4.1.97.Final 4.1.100.Final io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.10.5.1 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2022-03-11 07:15 修改: 2022-11-29 22:12
org.apache.avro:avro CVE-2023-39410 高危 1.11.1 1.11.3 apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39410

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-09-29 17:15 修改: 2024-06-21 19:15
com.fasterxml.jackson.core:jackson-databind CVE-2021-46877 高危 2.10.5.1 2.12.6, 2.13.1 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46877

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-03-18 22:15 修改: 2023-08-08 14:21
com.fasterxml.jackson.core:jackson-databind CVE-2018-12022 高危 2.4.0 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: improper polymorphic deserialization of types from Jodd-db library

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
com.fasterxml.jackson.core:jackson-databind CVE-2018-12022 高危 2.4.0 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: improper polymorphic deserialization of types from Jodd-db library

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
org.apache.avro:avro CVE-2023-39410 高危 1.9.2 1.11.3 apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39410

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-09-29 17:15 修改: 2024-06-21 19:15
org.apache.avro:avro CVE-2023-39410 高危 1.9.2 1.11.3 apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39410

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-09-29 17:15 修改: 2024-06-21 19:15
org.apache.commons:commons-compress CVE-2024-25710 高危 1.22 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
org.apache.commons:commons-compress CVE-2024-25710 高危 1.22 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
org.apache.commons:commons-compress CVE-2024-25710 高危 1.24.0 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
org.apache.commons:commons-compress CVE-2024-25710 高危 1.24.0 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
org.apache.thrift:libthrift CVE-2020-13949 高危 0.13.0 0.14.0 libthrift: potential DoS when processing untrusted payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13949

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-02-12 20:15 修改: 2023-11-07 03:17
com.fasterxml.jackson.core:jackson-databind CVE-2018-5968 高危 2.4.0 2.8.11.1, 2.9.4, 2.7.9.5 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-01-22 04:29 修改: 2023-09-13 14:19
org.codehaus.jackson:jackson-mapper-asl CVE-2019-10172 高危 1.9.13 jackson-mapper-asl: XML external entity similar to CVE-2016-3720

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10172

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-11-18 17:15 修改: 2023-02-12 23:33
org.jboss.xnio:xnio-api CVE-2023-5685 高危 3.8.10.Final 3.8.14.Final xnio: StackOverflowException when the chain of notifier states becomes problematically big

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5685

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-03-22 19:15 修改: 2024-11-26 03:15
io.netty:netty-codec-http CVE-2024-29025 中危 4.1.97.Final 4.1.108.Final netty-codec-http: Allocation of Resources Without Limits or Throttling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-03-25 20:15 修改: 2024-06-21 22:15
com.squareup.okio:okio CVE-2023-3635 中危 1.15.0 3.4.0, 1.17.6 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-07-12 19:15 修改: 2023-10-25 15:17
io.netty:netty-common CVE-2024-47535 中危 4.1.100.Final 4.1.115 netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-11-12 16:15 修改: 2024-11-13 17:01
io.netty:netty-common CVE-2024-47535 中危 4.1.100.Final 4.1.115 netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-11-12 16:15 修改: 2024-11-13 17:01
io.netty:netty-common CVE-2024-47535 中危 4.1.114.Final 4.1.115 netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-11-12 16:15 修改: 2024-11-13 17:01
io.netty:netty-common CVE-2024-47535 中危 4.1.97.Final 4.1.115 netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-11-12 16:15 修改: 2024-11-13 17:01
com.squareup.okio:okio-jvm CVE-2023-3635 中危 3.0.0 3.4.0 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-07-12 19:15 修改: 2023-10-25 15:17
com.google.guava:guava CVE-2023-2976 中危 31.1-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
com.fasterxml.jackson.core:jackson-databind CVE-2019-12814 中危 2.4.0 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-06-19 14:15 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind CVE-2019-12814 中危 2.4.0 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-06-19 14:15 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind CVE-2019-12384 中危 2.4.0 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-06-24 16:15 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind CVE-2019-12384 中危 2.4.0 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2019-06-24 16:15 修改: 2023-11-07 03:03
com.google.guava:guava CVE-2018-10237 中危 11.0.2 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-04-26 21:29 修改: 2023-11-07 02:51
com.google.guava:guava CVE-2023-2976 中危 11.0.2 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
com.google.guava:guava CVE-2018-10237 中危 14.0.1 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-04-26 21:29 修改: 2023-11-07 02:51
org.apache.commons:commons-compress CVE-2023-42503 中危 1.22 1.24.0 apache-commons-compress: Denial of service via CPU consumption for malformed TAR file

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42503

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-09-14 08:15 修改: 2024-02-21 21:27
org.apache.commons:commons-compress CVE-2023-42503 中危 1.22 1.24.0 apache-commons-compress: Denial of service via CPU consumption for malformed TAR file

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42503

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-09-14 08:15 修改: 2024-02-21 21:27
org.apache.commons:commons-compress CVE-2024-26308 中危 1.22 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-19 09:15 修改: 2024-03-21 19:54
org.apache.commons:commons-compress CVE-2024-26308 中危 1.22 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-19 09:15 修改: 2024-03-21 19:54
com.google.guava:guava CVE-2023-2976 中危 14.0.1 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
com.google.guava:guava CVE-2018-10237 中危 17.0 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-04-26 21:29 修改: 2023-11-07 02:51
org.apache.commons:commons-compress CVE-2024-26308 中危 1.24.0 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-19 09:15 修改: 2024-03-21 19:54
org.apache.commons:commons-compress CVE-2024-26308 中危 1.24.0 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-02-19 09:15 修改: 2024-03-21 19:54
org.apache.commons:commons-configuration2 CVE-2024-29131 中危 2.8.0 2.10.1 commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29131

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-03-21 09:15 修改: 2024-12-13 14:15
org.apache.commons:commons-configuration2 CVE-2024-29131 中危 2.8.0 2.10.1 commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29131

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-03-21 09:15 修改: 2024-12-13 14:15
org.apache.commons:commons-configuration2 CVE-2024-29131 中危 2.8.0 2.10.1 commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29131

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-03-21 09:15 修改: 2024-12-13 14:15
org.apache.commons:commons-configuration2 CVE-2024-29133 中危 2.8.0 2.10.1 commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29133

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-03-21 09:15 修改: 2024-11-04 17:35
org.apache.commons:commons-configuration2 CVE-2024-29133 中危 2.8.0 2.10.1 commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29133

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-03-21 09:15 修改: 2024-11-04 17:35
org.apache.commons:commons-configuration2 CVE-2024-29133 中危 2.8.0 2.10.1 commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29133

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-03-21 09:15 修改: 2024-11-04 17:35
org.apache.httpcomponents:httpclient CVE-2020-13956 中危 4.5.6 4.5.13, 5.0.3 apache-httpclient: incorrect handling of malformed authority component in request URIs

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-02 17:15 修改: 2023-11-07 03:17
org.apache.kafka:kafka-clients CVE-2024-31141 中危 3.4.0 3.7.1 kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-31141

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-11-19 09:15 修改: 2024-11-19 21:57
com.google.guava:guava CVE-2018-10237 中危 17.0 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2018-04-26 21:29 修改: 2023-11-07 02:51
org.bouncycastle:bcprov-jdk15on CVE-2023-33201 中危 1.70 bouncycastle: potential blind LDAP injection attack using a self-signed certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-07-05 03:15 修改: 2023-08-24 19:15
org.bouncycastle:bcprov-jdk15on CVE-2024-29857 中危 1.70 1.78 org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-05-14 15:17 修改: 2024-12-06 14:15
org.bouncycastle:bcprov-jdk15on CVE-2024-30171 中危 1.70 1.78 bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-05-14 15:21 修改: 2024-08-19 18:35
com.google.guava:guava CVE-2023-2976 中危 17.0 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
com.google.guava:guava CVE-2023-2976 中危 17.0 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
org.eclipse.jetty:jetty-http CVE-2024-6763 中危 9.4.52.v20230823 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-14 16:15 修改: 2024-11-08 21:15
org.eclipse.jetty:jetty-http CVE-2024-6763 中危 9.4.53.v20231009 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-14 16:15 修改: 2024-11-08 21:15
org.eclipse.jetty:jetty-http CVE-2024-6763 中危 9.4.53.v20231009 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-14 16:15 修改: 2024-11-08 21:15
org.eclipse.jetty:jetty-http CVE-2024-6763 中危 9.4.53.v20231009 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-14 16:15 修改: 2024-11-08 21:15
org.eclipse.jetty:jetty-http CVE-2024-6763 中危 9.4.54.v20240208 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-14 16:15 修改: 2024-11-08 21:15
org.eclipse.jetty:jetty-server CVE-2024-8184 中危 9.4.52.v20230823 12.0.9, 10.0.24, 11.0.24, 9.4.56 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-14 16:15 修改: 2024-11-08 21:00
org.eclipse.jetty:jetty-server CVE-2024-8184 中危 9.4.53.v20231009 12.0.9, 10.0.24, 11.0.24, 9.4.56 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-14 16:15 修改: 2024-11-08 21:00
org.eclipse.jetty:jetty-server CVE-2024-8184 中危 9.4.54.v20240208 12.0.9, 10.0.24, 11.0.24, 9.4.56 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-10-14 16:15 修改: 2024-11-08 21:00
org.elasticsearch.client:elasticsearch-rest-client CVE-2021-22145 中危 7.10.2 7.13.4 elasticsearch: memory disclosure in error reporting

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22145

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2021-07-21 15:15 修改: 2022-05-10 15:25
io.netty:netty-codec-http CVE-2024-29025 中危 4.1.100.Final 4.1.108.Final netty-codec-http: Allocation of Resources Without Limits or Throttling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2024-03-25 20:15 修改: 2024-06-21 22:15
com.google.guava:guava CVE-2020-8908 低危 14.0.1 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
com.google.guava:guava CVE-2020-8908 低危 17.0 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
com.google.guava:guava CVE-2020-8908 低危 17.0 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
com.google.guava:guava CVE-2020-8908 低危 11.0.2 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
com.google.guava:guava CVE-2020-8908 低危 31.1-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:3fd44a6a585a30f09351673ce92213b10d1b2489778ca5a214eaa02fbe2fa93a

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30