docker.io/trinodb/trino:435 linux/amd64

docker.io/trinodb/trino:435 - Trivy安全扫描结果 扫描时间: 2026-07-07 10:13
全部漏洞信息
低危漏洞:158 中危漏洞:422 高危漏洞:175 严重漏洞:33

系统OS: redhat 9.3 扫描引擎: Trivy 扫描时间: 2026-07-07 10:13

docker.io/trinodb/trino:435 (redhat 9.3) (redhat)
低危漏洞:140 中危漏洞:314 高危漏洞:53 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
expat CVE-2025-59375 高危 2.5.0-1.el9 2.5.0-5.el9_7.1 firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59375

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-09-15 03:15 修改: 2026-06-17 09:46

expat CVE-2026-45186 高危 2.5.0-1.el9 2.5.0-6.el9_8.1 libexpat: denial of service via crafted XML input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45186

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-05-10 07:16 修改: 2026-06-30 03:20

glib2 CVE-2026-58016 高危 2.68.4-11.el9 glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58016

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-30 13:19 修改: 2026-07-01 17:46

glibc CVE-2024-2961 高危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: Out of bounds write in iconv may lead to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-04-17 18:15 修改: 2026-06-17 07:25

glibc CVE-2024-33599 高危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: stack-based buffer overflow in netgroup cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

glibc-common CVE-2024-2961 高危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: Out of bounds write in iconv may lead to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-04-17 18:15 修改: 2026-06-17 07:25

glibc-common CVE-2024-33599 高危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: stack-based buffer overflow in netgroup cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

glibc-minimal-langpack CVE-2024-2961 高危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: Out of bounds write in iconv may lead to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-04-17 18:15 修改: 2026-06-17 07:25

glibc-minimal-langpack CVE-2024-33599 高危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: stack-based buffer overflow in netgroup cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

gnupg2 CVE-2025-68973 高危 2.3.3-4.el9 2.3.3-5.el9_7 GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68973

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-12-28 17:16 修改: 2026-06-17 09:59

gnutls CVE-2026-33845 高危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-30 18:16 修改: 2026-07-02 12:17

gnutls CVE-2026-33846 高危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-04 10:15 修改: 2026-07-02 12:17

gnutls CVE-2026-42009 高危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-18 13:16 修改: 2026-07-02 12:17

gnutls CVE-2026-42010 高危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: gnutls: Authentication Bypass via NUL Character in Username

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-07 12:16 修改: 2026-06-30 03:19

krb5-libs CVE-2024-3596 高危 1.21.1-1.el9 1.21.1-4.el9_5 freeradius: forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44

less CVE-2024-32487 高危 590-2.el9_2 590-4.el9_4 less: OS command injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32487

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-04-13 15:15 修改: 2026-06-17 07:29

libacl CVE-2026-54369 高危 2.3.1-3.el9 acl: Symlink traversal privilege escalation via libacl functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54369

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-29 14:16 修改: 2026-07-02 12:17

libarchive CVE-2025-5914 高危 3.5.3-4.el9 3.5.3-6.el9_6 libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5914

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-09 20:15 修改: 2026-06-30 11:16

libarchive CVE-2026-4111 高危 3.5.3-4.el9 3.5.3-7.el9_7 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4111

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-13 19:55 修改: 2026-06-30 03:20

libarchive CVE-2026-4424 高危 3.5.3-4.el9 3.5.3-9.el9_7 libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4424

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-19 15:16 修改: 2026-06-30 03:20

libcap CVE-2026-4878 高危 2.48-9.el9_2 2.48-10.el9_8.1 libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-09 16:16 修改: 2026-07-02 12:17

libnghttp2 CVE-2026-27135 高危 1.43.0-5.el9_3.1 1.43.0-6.el9_7.1 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-18 18:16 修改: 2026-06-30 03:17

libxml2 CVE-2024-56171 高危 2.9.13-5.el9_3 2.9.13-6.el9_5.2 libxml2: Use-After-Free in libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56171

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-02-18 22:15 修改: 2026-06-17 08:11

libxml2 CVE-2025-24928 高危 2.9.13-5.el9_3 2.9.13-6.el9_5.2 libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24928

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-02-18 23:15 修改: 2026-06-17 08:59

libxml2 CVE-2025-49794 高危 2.9.13-5.el9_3 2.9.13-10.el9_6 libxml: Heap use after free (UAF) leads to Denial of service (DoS)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49794

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-16 16:15 修改: 2026-06-29 21:16

libxml2 CVE-2025-49796 高危 2.9.13-5.el9_3 2.9.13-10.el9_6 libxml: Type confusion leads to Denial of service (DoS)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49796

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-16 16:15 修改: 2026-06-29 21:16

libxml2 CVE-2025-7425 高危 2.9.13-5.el9_3 2.9.13-11.el9_6 libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7425

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-07-10 14:15 修改: 2026-06-29 21:16

openssl-libs CVE-2024-12797 高危 1:3.0.7-24.el9 1:3.2.2-6.el9_5.1 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-02-11 16:15 修改: 2026-06-17 07:00

openssl-libs CVE-2025-15467 高危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

openssl-libs CVE-2026-45447 高危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-07-01 13:17

python-unversioned-command CVE-2023-6597 高危 3.9.18-1.el9_3 3.9.18-3.el9_4.1 python: Path traversal on tempfile.TemporaryDirectory

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-03-19 16:15 修改: 2026-06-17 06:51

python-unversioned-command CVE-2024-12718 高危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12718

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 07:00

python-unversioned-command CVE-2025-4138 高危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4138

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:32

python-unversioned-command CVE-2025-4517 高危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 python: cpython: Arbitrary writes via tarfile realpath overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4517

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:33

python-unversioned-command CVE-2026-4519 高危 3.9.18-1.el9_3 3.9.25-7.el9_8 python: Python: Command-line option injection in webbrowser.open() via crafted URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4519

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-20 15:16 修改: 2026-06-30 03:20

python-unversioned-command CVE-2026-4786 高危 3.9.18-1.el9_3 3.9.25-7.el9_8 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4786

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-13 22:16 修改: 2026-06-30 03:20

python-unversioned-command CVE-2026-6100 高危 3.9.18-1.el9_3 3.9.25-7.el9_8 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6100

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-13 18:16 修改: 2026-06-30 03:21

python3 CVE-2023-6597 高危 3.9.18-1.el9_3 3.9.18-3.el9_4.1 python: Path traversal on tempfile.TemporaryDirectory

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-03-19 16:15 修改: 2026-06-17 06:51

python3 CVE-2024-12718 高危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12718

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 07:00

python3 CVE-2025-4138 高危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4138

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:32

python3 CVE-2025-4517 高危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 python: cpython: Arbitrary writes via tarfile realpath overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4517

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:33

python3 CVE-2026-4519 高危 3.9.18-1.el9_3 3.9.25-7.el9_8 python: Python: Command-line option injection in webbrowser.open() via crafted URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4519

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-20 15:16 修改: 2026-06-30 03:20

python3 CVE-2026-4786 高危 3.9.18-1.el9_3 3.9.25-7.el9_8 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4786

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-13 22:16 修改: 2026-06-30 03:20

python3 CVE-2026-6100 高危 3.9.18-1.el9_3 3.9.25-7.el9_8 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6100

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-13 18:16 修改: 2026-06-30 03:21

python3-libs CVE-2023-6597 高危 3.9.18-1.el9_3 3.9.18-3.el9_4.1 python: Path traversal on tempfile.TemporaryDirectory

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-03-19 16:15 修改: 2026-06-17 06:51

python3-libs CVE-2024-12718 高危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12718

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 07:00

python3-libs CVE-2025-4138 高危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4138

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:32

python3-libs CVE-2025-4517 高危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 python: cpython: Arbitrary writes via tarfile realpath overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4517

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:33

python3-libs CVE-2026-4519 高危 3.9.18-1.el9_3 3.9.25-7.el9_8 python: Python: Command-line option injection in webbrowser.open() via crafted URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4519

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-20 15:16 修改: 2026-06-30 03:20

python3-libs CVE-2026-4786 高危 3.9.18-1.el9_3 3.9.25-7.el9_8 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4786

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-13 22:16 修改: 2026-06-30 03:20

python3-libs CVE-2026-6100 高危 3.9.18-1.el9_3 3.9.25-7.el9_8 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6100

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-13 18:16 修改: 2026-06-30 03:21

python3-setuptools-wheel CVE-2024-6345 高危 53.0.0-12.el9 53.0.0-12.el9_4.1 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-07-15 01:15 修改: 2026-06-17 08:17

sqlite-libs CVE-2025-6965 高危 3.34.1-6.el9_1 3.34.1-9.el9_7 sqlite: Integer Truncation in SQLite

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6965

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-07-15 14:15 修改: 2026-06-26 16:36

glibc CVE-2023-4806 中危 2.34-83.el9_3.7 2.34-100.el9 glibc: potential use-after-free in getaddrinfo()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-09-18 17:15 修改: 2026-06-17 06:38

glibc CVE-2023-4813 中危 2.34-83.el9_3.7 2.34-100.el9 glibc: potential use-after-free in gaih_inet()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-09-12 22:15 修改: 2026-06-17 06:38

glibc CVE-2024-33600 中危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: null pointer dereferences after failed netgroup cache insertion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

glibc CVE-2025-0395 中危 2.34-83.el9_3.7 2.34-125.el9_5.8 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26

glibc CVE-2025-4802 中危 2.34-83.el9_3.7 2.34-168.el9_6.19 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

glibc CVE-2025-5702 中危 2.34-83.el9_3.7 2.34-168.el9_6.20 glibc: Vector register overwrite bug in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5702

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-05 19:15 修改: 2026-06-17 09:48

glibc CVE-2025-8058 中危 2.34-83.el9_3.7 2.34-168.el9_6.23 glibc: Double free in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8058

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-07-23 20:15 修改: 2026-06-17 10:06

glibc CVE-2026-0915 中危 2.34-83.el9_3.7 2.34-231.el9_7.10 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-15 22:16 修改: 2026-06-17 10:11

glibc CVE-2026-4046 中危 2.34-83.el9_3.7 2.34-270.el9_8 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-30 18:16 修改: 2026-06-17 10:55

glibc CVE-2026-4437 中危 2.34-83.el9_3.7 2.34-270.el9_8 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56

glibc CVE-2026-5435 中危 2.34-83.el9_3.7 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-28 13:19 修改: 2026-06-17 10:59

glibc CVE-2026-5450 中危 2.34-83.el9_3.7 2.34-272.el9_8 glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5450

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-20 21:16 修改: 2026-06-17 10:59

glibc CVE-2026-5928 中危 2.34-83.el9_3.7 glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5928

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-20 21:16 修改: 2026-06-17 10:59

glibc CVE-2026-6238 中危 2.34-83.el9_3.7 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-28 19:37 修改: 2026-06-19 21:17

curl-minimal CVE-2025-13034 中危 7.76.1-26.el9_3.2 curl: Public key pinning bypass via QUIC and GnuTLS allows server impersonation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13034

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:33

curl-minimal CVE-2025-14017 中危 7.76.1-26.el9_3.2 curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14017

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:35

glibc-common CVE-2023-4806 中危 2.34-83.el9_3.7 2.34-100.el9 glibc: potential use-after-free in getaddrinfo()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-09-18 17:15 修改: 2026-06-17 06:38

glibc-common CVE-2023-4813 中危 2.34-83.el9_3.7 2.34-100.el9 glibc: potential use-after-free in gaih_inet()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-09-12 22:15 修改: 2026-06-17 06:38

glibc-common CVE-2024-33600 中危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: null pointer dereferences after failed netgroup cache insertion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

glibc-common CVE-2025-0395 中危 2.34-83.el9_3.7 2.34-125.el9_5.8 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26

glibc-common CVE-2025-4802 中危 2.34-83.el9_3.7 2.34-168.el9_6.19 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

glibc-common CVE-2025-5702 中危 2.34-83.el9_3.7 2.34-168.el9_6.20 glibc: Vector register overwrite bug in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5702

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-05 19:15 修改: 2026-06-17 09:48

glibc-common CVE-2025-8058 中危 2.34-83.el9_3.7 2.34-168.el9_6.23 glibc: Double free in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8058

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-07-23 20:15 修改: 2026-06-17 10:06

glibc-common CVE-2026-4046 中危 2.34-83.el9_3.7 2.34-270.el9_8 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-30 18:16 修改: 2026-06-17 10:55

glibc-common CVE-2026-4437 中危 2.34-83.el9_3.7 2.34-270.el9_8 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56

glibc-common CVE-2026-5435 中危 2.34-83.el9_3.7 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-28 13:19 修改: 2026-06-17 10:59

glibc-common CVE-2026-5450 中危 2.34-83.el9_3.7 2.34-272.el9_8 glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5450

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-20 21:16 修改: 2026-06-17 10:59

glibc-common CVE-2026-5928 中危 2.34-83.el9_3.7 glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5928

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-20 21:16 修改: 2026-06-17 10:59

glibc-common CVE-2026-6238 中危 2.34-83.el9_3.7 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-28 19:37 修改: 2026-06-19 21:17

curl-minimal CVE-2025-9086 中危 7.76.1-26.el9_3.2 7.76.1-35.el9_7.3 curl: libcurl: Curl out of bounds read for cookie path

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-09-12 06:15 修改: 2026-06-17 10:08

curl-minimal CVE-2026-1965 中危 7.76.1-26.el9_3.2 curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1965

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-11 11:15 修改: 2026-06-17 10:16

glibc-minimal-langpack CVE-2023-4806 中危 2.34-83.el9_3.7 2.34-100.el9 glibc: potential use-after-free in getaddrinfo()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-09-18 17:15 修改: 2026-06-17 06:38

glibc-minimal-langpack CVE-2023-4813 中危 2.34-83.el9_3.7 2.34-100.el9 glibc: potential use-after-free in gaih_inet()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-09-12 22:15 修改: 2026-06-17 06:38

glibc-minimal-langpack CVE-2024-33600 中危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: null pointer dereferences after failed netgroup cache insertion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

glibc-minimal-langpack CVE-2025-0395 中危 2.34-83.el9_3.7 2.34-125.el9_5.8 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26

glibc-minimal-langpack CVE-2025-4802 中危 2.34-83.el9_3.7 2.34-168.el9_6.19 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

glibc-minimal-langpack CVE-2025-5702 中危 2.34-83.el9_3.7 2.34-168.el9_6.20 glibc: Vector register overwrite bug in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5702

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-05 19:15 修改: 2026-06-17 09:48

glibc-minimal-langpack CVE-2025-8058 中危 2.34-83.el9_3.7 2.34-168.el9_6.23 glibc: Double free in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8058

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-07-23 20:15 修改: 2026-06-17 10:06

glibc-minimal-langpack CVE-2026-4046 中危 2.34-83.el9_3.7 2.34-270.el9_8 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-30 18:16 修改: 2026-06-17 10:55

glibc-minimal-langpack CVE-2026-4437 中危 2.34-83.el9_3.7 2.34-270.el9_8 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56

glibc-minimal-langpack CVE-2026-5435 中危 2.34-83.el9_3.7 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-28 13:19 修改: 2026-06-17 10:59

glibc-minimal-langpack CVE-2026-5450 中危 2.34-83.el9_3.7 2.34-272.el9_8 glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5450

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-20 21:16 修改: 2026-06-17 10:59

glibc-minimal-langpack CVE-2026-5928 中危 2.34-83.el9_3.7 glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5928

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-20 21:16 修改: 2026-06-17 10:59

glibc-minimal-langpack CVE-2026-6238 中危 2.34-83.el9_3.7 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-28 19:37 修改: 2026-06-19 21:17

curl-minimal CVE-2026-3783 中危 7.76.1-26.el9_3.2 curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3783

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44

gnupg2 CVE-2025-68972 中危 2.3.3-4.el9 gnupg: GnuPG: Signature bypass via form feed character in signed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68972

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-12-27 23:15 修改: 2026-06-17 09:59

curl-minimal CVE-2026-3784 中危 7.76.1-26.el9_3.2 curl: curl: Unauthorized access due to improper HTTP proxy connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3784

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44

curl-minimal CVE-2026-3805 中危 7.76.1-26.el9_3.2 curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3805

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44

curl-minimal CVE-2026-4873 中危 7.76.1-26.el9_3.2 curl: curl: Information disclosure due to incorrect TLS connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:57

curl-minimal CVE-2026-5545 中危 7.76.1-26.el9_3.2 curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59

gnutls CVE-2023-5981 中危 3.7.6-23.el9 3.7.6-23.el9_3.3 gnutls: timing side-channel in the RSA-PSK authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5981

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-11-28 12:15 修改: 2026-06-17 06:49

gnutls CVE-2024-0553 中危 3.7.6-23.el9 3.7.6-23.el9_3.3 gnutls: incomplete fix for CVE-2023-5981

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0553

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-01-16 12:15 修改: 2026-06-17 06:53

gnutls CVE-2024-0567 中危 3.7.6-23.el9 3.7.6-23.el9_3.3 gnutls: rejects certificate chain with distributed trust

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0567

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-01-16 14:15 修改: 2026-06-17 06:53

gnutls CVE-2024-12243 中危 3.7.6-23.el9 3.8.3-6.el9 gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12243

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-02-10 16:15 修改: 2026-06-17 06:59

gnutls CVE-2024-28834 中危 3.7.6-23.el9 3.8.3-4.el9_4 gnutls: vulnerable to Minerva side-channel information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28834

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-03-21 14:15 修改: 2026-06-17 07:21

gnutls CVE-2024-28835 中危 3.7.6-23.el9 3.8.3-4.el9_4 gnutls: potential crash during chain building/verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28835

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-03-21 06:15 修改: 2026-07-03 03:16

gnutls CVE-2025-14831 中危 3.7.6-23.el9 3.8.3-10.el9_7 gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14831

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-02-09 15:16 修改: 2026-06-30 00:16

gnutls CVE-2025-32988 中危 3.7.6-23.el9 3.8.3-6.el9_6.2 gnutls: Vulnerability in GnuTLS otherName SAN export

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32988

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-07-10 08:15 修改: 2026-06-30 01:16

gnutls CVE-2025-32989 中危 3.7.6-23.el9 3.8.3-6.el9_6.2 gnutls: Vulnerability in GnuTLS SCT extension parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32989

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-07-10 08:15 修改: 2026-06-30 01:16

gnutls CVE-2025-32990 中危 3.7.6-23.el9 3.8.3-6.el9_6.2 gnutls: Vulnerability in GnuTLS certtool template parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32990

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-07-10 10:15 修改: 2026-06-30 01:16

gnutls CVE-2025-6395 中危 3.7.6-23.el9 3.8.3-6.el9_6.2 gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6395

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-07-10 16:15 修改: 2026-06-30 02:16

gnutls CVE-2026-3833 中危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-30 18:16 修改: 2026-06-30 03:19

gnutls CVE-2026-42011 中危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: gnutls: Security bypass due to incorrect name constraint handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-07 15:16 修改: 2026-06-30 03:19

gnutls CVE-2026-42012 中危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-26 22:16 修改: 2026-06-30 03:19

gnutls CVE-2026-42013 中危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-26 22:16 修改: 2026-06-30 03:19

gnutls CVE-2026-42014 中危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-16 02:16 修改: 2026-06-30 03:19

gnutls CVE-2026-42015 中危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-26 22:16 修改: 2026-06-30 03:19

gnutls CVE-2026-5260 中危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-26 22:16 修改: 2026-06-30 03:21

curl-minimal CVE-2026-5773 中危 7.76.1-26.el9_3.2 curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59

krb5-libs CVE-2024-26462 中危 1.21.1-1.el9 1.21.1-3.el9 krb5: Memory leak at /krb5/src/kdc/ndr.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

krb5-libs CVE-2024-37370 中危 1.21.1-1.el9 1.21.1-2.el9_4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38

krb5-libs CVE-2024-37371 中危 1.21.1-1.el9 1.21.1-2.el9_4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38

krb5-libs CVE-2025-24528 中危 1.21.1-1.el9 1.21.1-6.el9 krb5: overflow when calculating ulog block size

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59

krb5-libs CVE-2025-3576 中危 1.21.1-1.el9 1.21.1-8.el9_6 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-04-15 06:15 修改: 2026-06-30 01:16

krb5-libs CVE-2026-11850 中危 1.21.1-1.el9 krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11850

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-11 10:16 修改: 2026-06-17 10:14

krb5-libs CVE-2026-40355 中危 1.21.1-1.el9 1.21.1-10.el9_8 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40355

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-28 06:16 修改: 2026-06-17 10:45

krb5-libs CVE-2026-40356 中危 1.21.1-1.el9 1.21.1-10.el9_8 krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40356

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-28 07:16 修改: 2026-06-17 10:45

curl-minimal CVE-2026-6253 中危 7.76.1-26.el9_3.2 curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00

less CVE-2022-48624 中危 590-2.el9_2 590-3.el9_3 less: missing quoting of shell metacharacters in LESSCLOSE handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-48624

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-02-19 01:15 修改: 2026-06-17 05:15

curl-minimal CVE-2026-6429 中危 7.76.1-26.el9_3.2 curl: libcurl: Credential leak via reused proxy connection during HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00

libacl CVE-2026-54370 中危 2.3.1-3.el9 acl: TOCTOU Symlink Traversal via getfacl/setfacl

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54370

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-29 14:16 修改: 2026-06-29 19:22

curl-minimal CVE-2026-7168 中危 7.76.1-26.el9_3.2 curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:01

bzip2-libs CVE-2019-12900 中危 1.0.8-8.el9 1.0.8-10.el9_5 bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12900

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2019-06-19 23:15 修改: 2026-06-17 02:15

bzip2-libs CVE-2026-42250 中危 1.0.8-8.el9 bzip2: bzip2: Denial of Service in bzip2recover via a specially crafted file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42250

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-28 14:16 修改: 2026-06-17 10:47

libarchive CVE-2023-30571 中危 3.5.3-4.el9 libarchive: Race condition in multi-threaded use of archive_write_disk_header() on posix based systems

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-30571

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-05-29 20:15 修改: 2026-06-17 05:55

libarchive CVE-2025-25724 中危 3.5.3-4.el9 3.5.3-5.el9_6 libarchive: Buffer Overflow vulnerability in libarchive

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25724

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-03-02 02:15 修改: 2026-06-17 09:01

libarchive CVE-2025-60753 中危 3.5.3-4.el9 libarchive: bsdtar hangs and OOMs with zero-length pattern matches

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-60753

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-11-05 16:15 修改: 2026-06-17 09:50

libarchive CVE-2026-14164 中危 3.5.3-4.el9 libarchive: Double-Free Vulnerability in RAR5 Decompression Logic via dangling filtered_buf pointer in init_unpack()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-14164

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-30 07:16 修改: 2026-06-30 18:16

libarchive CVE-2026-4426 中危 3.5.3-4.el9 libarchive: libarchive: Denial of Service via malformed ISO file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4426

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-19 15:16 修改: 2026-06-17 10:56

libarchive CVE-2026-5121 中危 3.5.3-4.el9 3.5.3-9.el9_7 libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5121

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-30 08:16 修改: 2026-06-17 10:58

libarchive CVE-2026-5745 中危 3.5.3-4.el9 libarchive: A NULL pointer dereference vulnerability exists in the ACL parser of libarchive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5745

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-07 16:16 修改: 2026-06-17 10:59

libattr CVE-2026-54371 中危 2.5.1-3.el9 attr: Symlink Traversal Privilege Escalation via getfattr and setfattr

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54371

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-29 14:16 修改: 2026-07-03 13:17

libblkid CVE-2025-14104 中危 2.37.4-15.el9 2.37.4-21.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

libblkid CVE-2026-13595 中危 2.37.4-15.el9 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-29 09:16 修改: 2026-06-30 03:17

libblkid CVE-2026-27456 中危 2.37.4-15.el9 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

expat CVE-2023-52425 中危 2.5.0-1.el9 2.5.0-1.el9_3.1 expat: parsing large tokens can trigger a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52425

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-02-04 20:15 修改: 2026-06-17 06:42

libcurl-minimal CVE-2023-46218 中危 7.76.1-26.el9_3.2 7.76.1-26.el9_3.3 curl: information disclosure by exploiting a mixed case flaw

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46218

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-12-07 01:15 修改: 2026-06-17 06:30

libcurl-minimal CVE-2024-2398 中危 7.76.1-26.el9_3.2 7.76.1-29.el9_4.1 curl: HTTP/2 push headers memory-leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24

libcurl-minimal CVE-2025-13034 中危 7.76.1-26.el9_3.2 curl: Public key pinning bypass via QUIC and GnuTLS allows server impersonation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13034

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:33

libcurl-minimal CVE-2025-14017 中危 7.76.1-26.el9_3.2 curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14017

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:35

libcurl-minimal CVE-2025-9086 中危 7.76.1-26.el9_3.2 7.76.1-35.el9_7.3 curl: libcurl: Curl out of bounds read for cookie path

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-09-12 06:15 修改: 2026-06-17 10:08

libcurl-minimal CVE-2026-1965 中危 7.76.1-26.el9_3.2 curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1965

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-11 11:15 修改: 2026-06-17 10:16

libcurl-minimal CVE-2026-3783 中危 7.76.1-26.el9_3.2 curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3783

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44

libcurl-minimal CVE-2026-3784 中危 7.76.1-26.el9_3.2 curl: curl: Unauthorized access due to improper HTTP proxy connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3784

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44

libcurl-minimal CVE-2026-3805 中危 7.76.1-26.el9_3.2 curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3805

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44

libcurl-minimal CVE-2026-4873 中危 7.76.1-26.el9_3.2 curl: curl: Information disclosure due to incorrect TLS connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:57

libcurl-minimal CVE-2026-5545 中危 7.76.1-26.el9_3.2 curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59

libcurl-minimal CVE-2026-5773 中危 7.76.1-26.el9_3.2 curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59

libcurl-minimal CVE-2026-6253 中危 7.76.1-26.el9_3.2 curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00

libcurl-minimal CVE-2026-6429 中危 7.76.1-26.el9_3.2 curl: libcurl: Credential leak via reused proxy connection during HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00

libcurl-minimal CVE-2026-7168 中危 7.76.1-26.el9_3.2 curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:01

libgcc CVE-2020-11023 中危 11.4.1-2.1.el9 11.5.0-5.el9_5 jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11023

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2020-04-29 21:15 修改: 2026-06-17 02:48

libgcrypt CVE-2024-2236 中危 1.10.0-10.el9_2 1.10.0-11.el9 libgcrypt: vulnerable to Marvin Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-03-06 22:15 修改: 2026-06-17 07:24

libgcrypt CVE-2026-41989 中危 1.10.0-10.el9_2 Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41989

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-23 05:16 修改: 2026-06-17 10:47

libmount CVE-2025-14104 中危 2.37.4-15.el9 2.37.4-21.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

libmount CVE-2026-13595 中危 2.37.4-15.el9 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-29 09:16 修改: 2026-06-30 03:17

libmount CVE-2026-27456 中危 2.37.4-15.el9 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

expat CVE-2024-28757 中危 2.5.0-1.el9 2.5.0-2.el9_4 expat: XML Entity Expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28757

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-03-10 05:15 修改: 2026-06-17 07:21

libnghttp2 CVE-2024-28182 中危 1.43.0-5.el9_3.1 1.43.0-5.el9_4.3 nghttp2: CONTINUATION frames DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28182

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-04-04 15:15 修改: 2026-06-17 07:21

libsmartcols CVE-2025-14104 中危 2.37.4-15.el9 2.37.4-21.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

libsmartcols CVE-2026-13595 中危 2.37.4-15.el9 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-29 09:16 修改: 2026-06-30 03:17

libsmartcols CVE-2026-27456 中危 2.37.4-15.el9 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libsolv CVE-2026-48864 中危 0.7.24-2.el9 libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48864

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-26 17:16 修改: 2026-06-24 03:16

libsolv CVE-2026-9149 中危 0.7.24-2.el9 libsolv: Heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9149

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-21 00:16 修改: 2026-06-27 00:16

libsolv CVE-2026-9150 中危 0.7.24-2.el9 libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9150

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-20 23:16 修改: 2026-06-29 17:16

libstdc++ CVE-2020-11023 中危 11.4.1-2.1.el9 11.5.0-5.el9_5 jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11023

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2020-04-29 21:15 修改: 2026-06-17 02:48

libtasn1 CVE-2024-12133 中危 4.16.0-8.el9_1 4.16.0-9.el9 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12133

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-02-10 16:15 修改: 2026-06-30 03:16

libuuid CVE-2025-14104 中危 2.37.4-15.el9 2.37.4-21.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

libuuid CVE-2026-13595 中危 2.37.4-15.el9 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-29 09:16 修改: 2026-06-30 03:17

libuuid CVE-2026-27456 中危 2.37.4-15.el9 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

expat CVE-2024-45490 中危 2.5.0-1.el9 2.5.0-2.el9_4.1 libexpat: Negative Length Parsing Vulnerability in libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-30 03:15 修改: 2026-06-17 07:54

expat CVE-2024-45491 中危 2.5.0-1.el9 2.5.0-2.el9_4.1 libexpat: Integer Overflow or Wraparound

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-30 03:15 修改: 2026-06-17 07:54

expat CVE-2024-45492 中危 2.5.0-1.el9 2.5.0-2.el9_4.1 libexpat: integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-30 03:15 修改: 2026-06-17 07:54

expat CVE-2024-50602 中危 2.5.0-1.el9 2.5.0-3.el9_5.1 libexpat: expat: DoS via XML_ResumeParser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-10-27 05:15 修改: 2026-06-17 08:04

expat CVE-2024-8176 中危 2.5.0-1.el9 2.5.0-5.el9_6 libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8176

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-03-14 09:15 修改: 2026-06-30 00:16

libxml2 CVE-2022-49043 中危 2.9.13-5.el9_3 2.9.13-6.el9_5.1 libxml: use-after-free in xmlXIncludeAddNode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-49043

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-01-26 06:15 修改: 2026-06-17 05:16

libxml2 CVE-2024-25062 中危 2.9.13-5.el9_3 2.9.13-6.el9_4 libxml2: use-after-free in XMLReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25062

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-02-04 16:15 修改: 2026-06-17 07:15

libxml2 CVE-2025-32414 中危 2.9.13-5.el9_3 2.9.13-12.el9_6 libxml2: Out-of-Bounds Read in libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32414

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-04-08 03:15 修改: 2026-06-17 09:11

libxml2 CVE-2025-32415 中危 2.9.13-5.el9_3 2.9.13-12.el9_6 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32415

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-04-17 17:15 修改: 2026-06-17 09:11

libxml2 CVE-2025-6021 中危 2.9.13-5.el9_3 2.9.13-10.el9_6 libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6021

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-12 13:15 修改: 2026-06-30 11:16

libxml2 CVE-2025-9714 中危 2.9.13-5.el9_3 2.9.13-14.el9_7 libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9714

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-09-10 19:15 修改: 2026-06-17 10:09

libxml2 CVE-2026-0990 中危 2.9.13-5.el9_3 libxml2: libxml2: Denial of Service via uncontrolled recursion in XML catalog processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0990

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-15 15:15 修改: 2026-06-30 20:18

libxml2 CVE-2026-11979 中危 2.9.13-5.el9_3 libxml2: libxml2: Arbitrary code execution in xmlcatalog utility via buffer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11979

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-29 14:16 修改: 2026-06-30 20:22

libxml2 CVE-2026-1757 中危 2.9.13-5.el9_3 libxml2: Memory Leak Leading to Local Denial of Service in xmllint Interactive Shell

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1757

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-02-02 13:15 修改: 2026-06-17 10:16

libxml2 CVE-2026-6653 中危 2.9.13-5.el9_3 libxml2: mingw-libxml2: libxml2: Denial of Service via crafted XML input due to use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6653

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-22 14:17 修改: 2026-06-22 18:16

libxml2 CVE-2026-6732 中危 2.9.13-5.el9_3 libxml2: libxml2: Denial of Service via crafted XSD-validated document

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6732

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-23 23:16 修改: 2026-06-30 20:16

openldap CVE-2026-22185 中危 2.6.3-1.el9 OpenLDAP: OpenLDAP LMDB: Denial of Service and Information Disclosure via Heap Buffer Underflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22185

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-07 21:16 修改: 2026-06-17 10:19

expat CVE-2026-32776 中危 2.5.0-1.el9 libexpat: libexpat: Denial of Service due to NULL pointer dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32776

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-16 14:19 修改: 2026-06-17 10:36

expat CVE-2026-32777 中危 2.5.0-1.el9 libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32777

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-16 14:19 修改: 2026-06-17 10:36

expat CVE-2026-32778 中危 2.5.0-1.el9 libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32778

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-16 14:19 修改: 2026-06-17 10:36

openssl-libs CVE-2023-5363 中危 1:3.0.7-24.el9 1:3.0.7-25.el9_3 openssl: Incorrect cipher key and IV length processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5363

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-10-25 18:17 修改: 2026-06-17 06:48

openssl-libs CVE-2024-6119 中危 1:3.0.7-24.el9 1:3.0.7-28.el9_4 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

openssl-libs CVE-2025-11187 中危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11187

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:29

openssl-libs CVE-2025-69419 中危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl-libs CVE-2025-9230 中危 1:3.0.7-24.el9 1:3.5.1-4.el9_7 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

openssl-libs CVE-2026-2673 中危 1:3.0.7-24.el9 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-13 19:54 修改: 2026-06-17 10:31

openssl-libs CVE-2026-28390 中危 1:3.0.7-24.el9 1:3.5.5-3.el9_8 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl-libs CVE-2026-31790 中危 1:3.0.7-24.el9 1:3.5.5-2.el9_8 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

openssl-libs CVE-2026-34182 中危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

openssl-libs CVE-2026-34183 中危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

openssl-libs CVE-2026-42764 中危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl-libs CVE-2026-45445 中危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

p11-kit CVE-2026-13757 中危 0.24.1-2.el9 p11-kit: Stack exhaustion via unbounded recursion in RPC attribute parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13757

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-29 19:16 修改: 2026-07-01 15:16

p11-kit CVE-2026-2100 中危 0.24.1-2.el9 0.26.2-1.el9 p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2100

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-26 21:17 修改: 2026-06-22 20:16

p11-kit-trust CVE-2026-13757 中危 0.24.1-2.el9 p11-kit: Stack exhaustion via unbounded recursion in RPC attribute parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13757

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-29 19:16 修改: 2026-07-01 15:16

p11-kit-trust CVE-2026-2100 中危 0.24.1-2.el9 0.26.2-1.el9 p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2100

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-26 21:17 修改: 2026-06-22 20:16

expat CVE-2026-50219 中危 2.5.0-1.el9 expat: libexpat: Use-after-free vulnerability due to improper handler call depth tracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50219

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-04 06:16 修改: 2026-06-17 10:57

expat CVE-2026-56132 中危 2.5.0-1.el9 expat: libexpat: Arbitrary Code Execution via Heap-based Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56132

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

expat CVE-2026-56403 中危 2.5.0-1.el9 libexpat: libexpat: Arbitrary code execution due to integer overflow in storeAtts

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56403

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

expat CVE-2026-56405 中危 2.5.0-1.el9 libexpat: libexpat: Information disclosure and arbitrary code execution via integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56405

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:14

expat CVE-2026-56406 中危 2.5.0-1.el9 libexpat: libexpat: Arbitrary code execution via integer overflow in XML_ParseBuffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56406

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:29

expat CVE-2026-56412 中危 2.5.0-1.el9 libexpat: libexpat: Use-after-free vulnerability due to improper handling of XML CDATA sections

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56412

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-21 17:16 修改: 2026-06-23 15:31

coreutils-single CVE-2025-5278 中危 8.32-34.el9 8.32-41.el9_8 coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5278

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-05-27 21:15 修改: 2026-07-01 11:16

python-unversioned-command CVE-2023-27043 中危 3.9.18-1.el9_3 3.9.18-1.el9_3.1 python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2023-04-19 00:15 修改: 2026-06-17 05:44

python-unversioned-command CVE-2024-0450 中危 3.9.18-1.el9_3 3.9.18-3.el9_4.1 python: The zipfile module is vulnerable to zip-bombs leading to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-03-19 16:15 修改: 2026-06-17 06:53

python-unversioned-command CVE-2024-11168 中危 3.9.18-1.el9_3 3.9.21-1.el9_5 python: Improper validation of IPv6 and IPvFuture addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-11-12 22:15 修改: 2026-06-17 06:57

python-unversioned-command CVE-2024-6232 中危 3.9.18-1.el9_3 3.9.19-8.el9_5.1 python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-09-03 13:15 修改: 2026-06-17 08:17

python-unversioned-command CVE-2024-6923 中危 3.9.18-1.el9_3 3.9.18-3.el9_4.5 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-01 14:15 修改: 2026-06-17 08:18

python-unversioned-command CVE-2024-8088 中危 3.9.18-1.el9_3 3.9.19-8.el9 python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-22 19:15 修改: 2026-06-17 08:21

python-unversioned-command CVE-2024-9287 中危 3.9.18-1.el9_3 3.9.21-1.el9_5 python: Virtual environment (venv) activation scripts don't quote paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-10-22 17:15 修改: 2026-06-17 08:24

python-unversioned-command CVE-2025-0938 中危 3.9.18-1.el9_3 3.9.21-2.el9 python: cpython: URL parser allowed square brackets in domain names

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-01-31 18:15 修改: 2026-06-17 08:27

python-unversioned-command CVE-2025-11468 中危 3.9.18-1.el9_3 cpython: Missing character filtering in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11468

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:30

python-unversioned-command CVE-2025-12084 中危 3.9.18-1.el9_3 3.9.25-3.el9_7 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12084

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-12-03 19:15 修改: 2026-06-17 08:31

python-unversioned-command CVE-2025-12781 中危 3.9.18-1.el9_3 cpython: base64.b64decode() always accepts "+/" characters, despite setting altchars

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12781

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-21 20:16 修改: 2026-06-17 08:32

python-unversioned-command CVE-2025-13837 中危 3.9.18-1.el9_3 cpython: Out-of-memory when loading Plist

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13837

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-12-01 18:16 修改: 2026-06-17 08:34

python-unversioned-command CVE-2025-15282 中危 3.9.18-1.el9_3 cpython: Header injection via newlines in data URL mediatype in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15282

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:37

python-unversioned-command CVE-2025-15366 中危 3.9.18-1.el9_3 3.9.25-3.el9_7.1 cpython: IMAP command injection in user-controlled commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15366

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:37

python-unversioned-command CVE-2025-15367 中危 3.9.18-1.el9_3 3.9.25-3.el9_7.1 cpython: POP3 command injection in user-controlled commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15367

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:37

python-unversioned-command CVE-2025-4330 中危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: python: Extraction filter bypass for linking outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4330

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:33

python-unversioned-command CVE-2025-4435 中危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: Tarfile extracts filtered members when errorlevel=0

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4435

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:33

python-unversioned-command CVE-2025-4516 中危 3.9.18-1.el9_3 cpython: python: CPython DecodeError Handling Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4516

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-05-15 14:15 修改: 2026-06-17 09:33

python-unversioned-command CVE-2025-6069 中危 3.9.18-1.el9_3 3.9.25-2.el9_7 cpython: Python HTMLParser quadratic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6069

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-17 14:15 修改: 2026-06-17 10:01

python-unversioned-command CVE-2025-8194 中危 3.9.18-1.el9_3 3.9.21-2.el9_6.2 cpython: Cpython infinite loop when parsing a tarfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8194

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-07-28 19:15 修改: 2026-06-17 10:06

python-unversioned-command CVE-2025-8291 中危 3.9.18-1.el9_3 3.9.25-2.el9_7 cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8291

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-10-07 18:16 修改: 2026-06-17 10:06

python-unversioned-command CVE-2026-0672 中危 3.9.18-1.el9_3 cpython: Header injection in http.cookies.Morsel in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0672

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 10:11

python-unversioned-command CVE-2026-0865 中危 3.9.18-1.el9_3 3.9.25-5.el9_8 cpython: wsgiref.headers.Headers allows header newline injection in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0865

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 10:11

python-unversioned-command CVE-2026-11972 中危 3.9.18-1.el9_3 python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11972

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-23 23:16 修改: 2026-06-30 16:16

python-unversioned-command CVE-2026-1299 中危 3.9.18-1.el9_3 3.9.25-3.el9_7.1 cpython: email header injection due to unquoted newlines

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1299

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-23 17:16 修改: 2026-06-17 10:15

python-unversioned-command CVE-2026-1502 中危 3.9.18-1.el9_3 python: Python: HTTP header injection via CR/LF in proxy tunnel headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1502

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-10 18:16 修改: 2026-06-30 16:16

python-unversioned-command CVE-2026-3276 中危 3.9.18-1.el9_3 python: Python unicodedata: Denial of Service due to excessive CPU consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3276

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-03 16:16 修改: 2026-06-17 10:43

python-unversioned-command CVE-2026-3644 中危 3.9.18-1.el9_3 cpython: Incomplete control character validation in http.cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3644

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-16 18:16 修改: 2026-06-30 16:16

python-unversioned-command CVE-2026-4224 中危 3.9.18-1.el9_3 cpython: Stack overflow parsing XML with deeply nested DTD content models

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4224

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-16 18:16 修改: 2026-06-17 10:56

python-unversioned-command CVE-2026-42308 中危 3.9.18-1.el9_3 Pillow: python: Pillow: Denial of Service via integer overflow in font processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42308

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-05-09 06:16 修改: 2026-06-17 10:47

python-unversioned-command CVE-2026-5713 中危 3.9.18-1.el9_3 python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5713

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-14 16:16 修改: 2026-06-17 10:59

python-unversioned-command CVE-2026-6019 中危 3.9.18-1.el9_3 python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6019

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-22 20:16 修改: 2026-06-17 11:00

python-unversioned-command CVE-2026-7210 中危 3.9.18-1.el9_3 python: expat: Python/Expat: Denial of Service via crafted XML document

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7210

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-05-11 18:16 修改: 2026-06-17 11:02

glib2 CVE-2024-34397 中危 2.68.4-11.el9 2.68.4-14.el9_4.1 glib2: Signal subscription vulnerabilities

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34397

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-07 18:15 修改: 2026-06-17 07:33

glib2 CVE-2024-52533 中危 2.68.4-11.el9 2.68.4-16.el9_6.2 glib: buffer overflow in set_connect_msg()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52533

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-11-11 23:15 修改: 2026-06-17 08:07

glib2 CVE-2025-13601 中危 2.68.4-11.el9 2.68.4-18.el9_7.1 glib: Integer overflow in in g_escape_uri_string()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13601

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-11-26 15:15 修改: 2026-06-30 00:16

glib2 CVE-2025-14087 中危 2.68.4-11.el9 2.68.4-19.el9_8.1 glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14087

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-12-10 09:15 修改: 2026-06-30 00:16

glib2 CVE-2025-14512 中危 2.68.4-11.el9 2.68.4-19.el9_8.1 glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14512

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-12-11 07:16 修改: 2026-06-30 00:16

glib2 CVE-2025-4373 中危 2.68.4-11.el9 2.68.4-16.el9_6.2 glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4373

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-05-06 15:16 修改: 2026-06-30 11:16

glib2 CVE-2026-1484 中危 2.68.4-11.el9 Glib: Integer Overflow Leading to Buffer Underflow and Out-of-Bounds Write in GLib g_base64_encode()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1484

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 14:15 修改: 2026-06-17 10:15

python3 CVE-2023-27043 中危 3.9.18-1.el9_3 3.9.18-1.el9_3.1 python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2023-04-19 00:15 修改: 2026-06-17 05:44

python3 CVE-2024-0450 中危 3.9.18-1.el9_3 3.9.18-3.el9_4.1 python: The zipfile module is vulnerable to zip-bombs leading to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-03-19 16:15 修改: 2026-06-17 06:53

python3 CVE-2024-11168 中危 3.9.18-1.el9_3 3.9.21-1.el9_5 python: Improper validation of IPv6 and IPvFuture addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-11-12 22:15 修改: 2026-06-17 06:57

python3 CVE-2024-6232 中危 3.9.18-1.el9_3 3.9.19-8.el9_5.1 python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-09-03 13:15 修改: 2026-06-17 08:17

python3 CVE-2024-6923 中危 3.9.18-1.el9_3 3.9.18-3.el9_4.5 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-01 14:15 修改: 2026-06-17 08:18

python3 CVE-2024-8088 中危 3.9.18-1.el9_3 3.9.19-8.el9 python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-22 19:15 修改: 2026-06-17 08:21

python3 CVE-2024-9287 中危 3.9.18-1.el9_3 3.9.21-1.el9_5 python: Virtual environment (venv) activation scripts don't quote paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-10-22 17:15 修改: 2026-06-17 08:24

python3 CVE-2025-0938 中危 3.9.18-1.el9_3 3.9.21-2.el9 python: cpython: URL parser allowed square brackets in domain names

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-01-31 18:15 修改: 2026-06-17 08:27

python3 CVE-2025-11468 中危 3.9.18-1.el9_3 cpython: Missing character filtering in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11468

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:30

python3 CVE-2025-12084 中危 3.9.18-1.el9_3 3.9.25-3.el9_7 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12084

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-12-03 19:15 修改: 2026-06-17 08:31

python3 CVE-2025-12781 中危 3.9.18-1.el9_3 cpython: base64.b64decode() always accepts "+/" characters, despite setting altchars

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12781

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-21 20:16 修改: 2026-06-17 08:32

python3 CVE-2025-13837 中危 3.9.18-1.el9_3 cpython: Out-of-memory when loading Plist

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13837

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-12-01 18:16 修改: 2026-06-17 08:34

python3 CVE-2025-15282 中危 3.9.18-1.el9_3 cpython: Header injection via newlines in data URL mediatype in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15282

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:37

python3 CVE-2025-15366 中危 3.9.18-1.el9_3 3.9.25-3.el9_7.1 cpython: IMAP command injection in user-controlled commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15366

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:37

python3 CVE-2025-15367 中危 3.9.18-1.el9_3 3.9.25-3.el9_7.1 cpython: POP3 command injection in user-controlled commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15367

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:37

python3 CVE-2025-4330 中危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: python: Extraction filter bypass for linking outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4330

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:33

python3 CVE-2025-4435 中危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: Tarfile extracts filtered members when errorlevel=0

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4435

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:33

python3 CVE-2025-4516 中危 3.9.18-1.el9_3 cpython: python: CPython DecodeError Handling Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4516

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-05-15 14:15 修改: 2026-06-17 09:33

python3 CVE-2025-6069 中危 3.9.18-1.el9_3 3.9.25-2.el9_7 cpython: Python HTMLParser quadratic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6069

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-17 14:15 修改: 2026-06-17 10:01

python3 CVE-2025-8194 中危 3.9.18-1.el9_3 3.9.21-2.el9_6.2 cpython: Cpython infinite loop when parsing a tarfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8194

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-07-28 19:15 修改: 2026-06-17 10:06

python3 CVE-2025-8291 中危 3.9.18-1.el9_3 3.9.25-2.el9_7 cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8291

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-10-07 18:16 修改: 2026-06-17 10:06

python3 CVE-2026-0672 中危 3.9.18-1.el9_3 cpython: Header injection in http.cookies.Morsel in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0672

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 10:11

python3 CVE-2026-0865 中危 3.9.18-1.el9_3 3.9.25-5.el9_8 cpython: wsgiref.headers.Headers allows header newline injection in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0865

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 10:11

python3 CVE-2026-11972 中危 3.9.18-1.el9_3 python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11972

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-23 23:16 修改: 2026-06-30 16:16

python3 CVE-2026-1299 中危 3.9.18-1.el9_3 3.9.25-3.el9_7.1 cpython: email header injection due to unquoted newlines

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1299

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-23 17:16 修改: 2026-06-17 10:15

python3 CVE-2026-1502 中危 3.9.18-1.el9_3 python: Python: HTTP header injection via CR/LF in proxy tunnel headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1502

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-10 18:16 修改: 2026-06-30 16:16

python3 CVE-2026-3276 中危 3.9.18-1.el9_3 python: Python unicodedata: Denial of Service due to excessive CPU consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3276

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-03 16:16 修改: 2026-06-17 10:43

python3 CVE-2026-3644 中危 3.9.18-1.el9_3 cpython: Incomplete control character validation in http.cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3644

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-16 18:16 修改: 2026-06-30 16:16

python3 CVE-2026-4224 中危 3.9.18-1.el9_3 cpython: Stack overflow parsing XML with deeply nested DTD content models

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4224

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-16 18:16 修改: 2026-06-17 10:56

python3 CVE-2026-42308 中危 3.9.18-1.el9_3 Pillow: python: Pillow: Denial of Service via integer overflow in font processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42308

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-05-09 06:16 修改: 2026-06-17 10:47

python3 CVE-2026-5713 中危 3.9.18-1.el9_3 python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5713

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-14 16:16 修改: 2026-06-17 10:59

python3 CVE-2026-6019 中危 3.9.18-1.el9_3 python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6019

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-22 20:16 修改: 2026-06-17 11:00

python3 CVE-2026-7210 中危 3.9.18-1.el9_3 python: expat: Python/Expat: Denial of Service via crafted XML document

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7210

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-05-11 18:16 修改: 2026-06-17 11:02

glib2 CVE-2026-1489 中危 2.68.4-11.el9 Glib: GLib: Memory corruption via integer overflow in Unicode case conversion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1489

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 15:15 修改: 2026-06-17 10:15

glib2 CVE-2026-58010 中危 2.68.4-11.el9 glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58010

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-30 13:19 修改: 2026-07-02 19:09

glib2 CVE-2026-58011 中危 2.68.4-11.el9 glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid GDateTime

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58011

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-30 13:19 修改: 2026-07-02 19:20

glib2 CVE-2026-58012 中危 2.68.4-11.el9 glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58012

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-30 13:19 修改: 2026-07-02 19:28

glib2 CVE-2026-58013 中危 2.68.4-11.el9 glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58013

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-30 13:19 修改: 2026-07-02 19:29

glib2 CVE-2026-58014 中危 2.68.4-11.el9 glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58014

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-30 13:19 修改: 2026-07-01 17:58

glib2 CVE-2026-58015 中危 2.68.4-11.el9 glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58015

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-30 13:19 修改: 2026-07-02 02:16

python3-libs CVE-2023-27043 中危 3.9.18-1.el9_3 3.9.18-1.el9_3.1 python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2023-04-19 00:15 修改: 2026-06-17 05:44

python3-libs CVE-2024-0450 中危 3.9.18-1.el9_3 3.9.18-3.el9_4.1 python: The zipfile module is vulnerable to zip-bombs leading to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-03-19 16:15 修改: 2026-06-17 06:53

python3-libs CVE-2024-11168 中危 3.9.18-1.el9_3 3.9.21-1.el9_5 python: Improper validation of IPv6 and IPvFuture addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-11-12 22:15 修改: 2026-06-17 06:57

python3-libs CVE-2024-6232 中危 3.9.18-1.el9_3 3.9.19-8.el9_5.1 python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-09-03 13:15 修改: 2026-06-17 08:17

python3-libs CVE-2024-6923 中危 3.9.18-1.el9_3 3.9.18-3.el9_4.5 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-01 14:15 修改: 2026-06-17 08:18

python3-libs CVE-2024-8088 中危 3.9.18-1.el9_3 3.9.19-8.el9 python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-22 19:15 修改: 2026-06-17 08:21

python3-libs CVE-2024-9287 中危 3.9.18-1.el9_3 3.9.21-1.el9_5 python: Virtual environment (venv) activation scripts don't quote paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-10-22 17:15 修改: 2026-06-17 08:24

python3-libs CVE-2025-0938 中危 3.9.18-1.el9_3 3.9.21-2.el9 python: cpython: URL parser allowed square brackets in domain names

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-01-31 18:15 修改: 2026-06-17 08:27

python3-libs CVE-2025-11468 中危 3.9.18-1.el9_3 cpython: Missing character filtering in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11468

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:30

python3-libs CVE-2025-12084 中危 3.9.18-1.el9_3 3.9.25-3.el9_7 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12084

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-12-03 19:15 修改: 2026-06-17 08:31

python3-libs CVE-2025-12781 中危 3.9.18-1.el9_3 cpython: base64.b64decode() always accepts "+/" characters, despite setting altchars

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12781

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-21 20:16 修改: 2026-06-17 08:32

python3-libs CVE-2025-13837 中危 3.9.18-1.el9_3 cpython: Out-of-memory when loading Plist

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13837

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-12-01 18:16 修改: 2026-06-17 08:34

python3-libs CVE-2025-15282 中危 3.9.18-1.el9_3 cpython: Header injection via newlines in data URL mediatype in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15282

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:37

python3-libs CVE-2025-15366 中危 3.9.18-1.el9_3 3.9.25-3.el9_7.1 cpython: IMAP command injection in user-controlled commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15366

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:37

python3-libs CVE-2025-15367 中危 3.9.18-1.el9_3 3.9.25-3.el9_7.1 cpython: POP3 command injection in user-controlled commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15367

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 08:37

python3-libs CVE-2025-4330 中危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: python: Extraction filter bypass for linking outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4330

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:33

python3-libs CVE-2025-4435 中危 3.9.18-1.el9_3 3.9.21-2.el9_6.1 cpython: Tarfile extracts filtered members when errorlevel=0

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4435

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-03 13:15 修改: 2026-06-17 09:33

python3-libs CVE-2025-4516 中危 3.9.18-1.el9_3 cpython: python: CPython DecodeError Handling Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4516

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-05-15 14:15 修改: 2026-06-17 09:33

python3-libs CVE-2025-6069 中危 3.9.18-1.el9_3 3.9.25-2.el9_7 cpython: Python HTMLParser quadratic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6069

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-17 14:15 修改: 2026-06-17 10:01

python3-libs CVE-2025-8194 中危 3.9.18-1.el9_3 3.9.21-2.el9_6.2 cpython: Cpython infinite loop when parsing a tarfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8194

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-07-28 19:15 修改: 2026-06-17 10:06

python3-libs CVE-2025-8291 中危 3.9.18-1.el9_3 3.9.25-2.el9_7 cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8291

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-10-07 18:16 修改: 2026-06-17 10:06

python3-libs CVE-2026-0672 中危 3.9.18-1.el9_3 cpython: Header injection in http.cookies.Morsel in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0672

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 10:11

python3-libs CVE-2026-0865 中危 3.9.18-1.el9_3 3.9.25-5.el9_8 cpython: wsgiref.headers.Headers allows header newline injection in Python

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0865

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-20 22:15 修改: 2026-06-17 10:11

python3-libs CVE-2026-11972 中危 3.9.18-1.el9_3 python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11972

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-23 23:16 修改: 2026-06-30 16:16

python3-libs CVE-2026-1299 中危 3.9.18-1.el9_3 3.9.25-3.el9_7.1 cpython: email header injection due to unquoted newlines

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1299

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-23 17:16 修改: 2026-06-17 10:15

python3-libs CVE-2026-1502 中危 3.9.18-1.el9_3 python: Python: HTTP header injection via CR/LF in proxy tunnel headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1502

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-10 18:16 修改: 2026-06-30 16:16

python3-libs CVE-2026-3276 中危 3.9.18-1.el9_3 python: Python unicodedata: Denial of Service due to excessive CPU consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3276

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-06-03 16:16 修改: 2026-06-17 10:43

python3-libs CVE-2026-3644 中危 3.9.18-1.el9_3 cpython: Incomplete control character validation in http.cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3644

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-16 18:16 修改: 2026-06-30 16:16

python3-libs CVE-2026-4224 中危 3.9.18-1.el9_3 cpython: Stack overflow parsing XML with deeply nested DTD content models

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4224

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-16 18:16 修改: 2026-06-17 10:56

python3-libs CVE-2026-42308 中危 3.9.18-1.el9_3 Pillow: python: Pillow: Denial of Service via integer overflow in font processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42308

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-05-09 06:16 修改: 2026-06-17 10:47

python3-libs CVE-2026-5713 中危 3.9.18-1.el9_3 python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5713

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-14 16:16 修改: 2026-06-17 10:59

python3-libs CVE-2026-6019 中危 3.9.18-1.el9_3 python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6019

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-22 20:16 修改: 2026-06-17 11:00

python3-libs CVE-2026-7210 中危 3.9.18-1.el9_3 python: expat: Python/Expat: Denial of Service via crafted XML document

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7210

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-05-11 18:16 修改: 2026-06-17 11:02

python3-pip-wheel CVE-2023-45803 中危 21.2.3-7.el9 urllib3: Request body not stripped after redirect from 303 status changes request method to GET

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45803

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2023-10-17 20:15 修改: 2026-06-17 06:29

python3-pip-wheel CVE-2025-50181 中危 21.2.3-7.el9 urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-19 01:15 修改: 2026-06-17 09:34

python3-pip-wheel CVE-2025-50182 中危 21.2.3-7.el9 urllib3: urllib3 does not control redirects in browsers and Node.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50182

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-06-19 02:15 修改: 2026-06-17 09:34

python3-pip-wheel CVE-2026-25645 中危 21.2.3-7.el9 requests: Requests: Security bypass due to predictable temporary file creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-25 17:16 修改: 2026-06-17 10:25

python3-pip-wheel CVE-2026-32284 中危 21.2.3-7.el9 github.com/shamaton/msgpack: msgpack: Denial of Service via truncated fixext data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32284

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:35

curl-minimal CVE-2023-46218 中危 7.76.1-26.el9_3.2 7.76.1-26.el9_3.3 curl: information disclosure by exploiting a mixed case flaw

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46218

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-12-07 01:15 修改: 2026-06-17 06:30

python3-setuptools-wheel CVE-2025-47273 中危 53.0.0-12.el9 53.0.0-13.el9_6.1 setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-05-17 16:15 修改: 2026-06-17 09:27

rpm CVE-2021-35937 中危 4.16.1.3-25.el9 4.16.1.3-27.el9_3 rpm: TOCTOU race in checks for unsafe symlinks

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35937

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-08-25 20:15 修改: 2026-06-17 03:57

rpm CVE-2021-35938 中危 4.16.1.3-25.el9 4.16.1.3-27.el9_3 rpm: races with chown/chmod/capabilities calls during installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35938

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-08-25 20:15 修改: 2026-06-17 03:57

rpm CVE-2021-35939 中危 4.16.1.3-25.el9 4.16.1.3-27.el9_3 rpm: checks for unsafe symlinks are not performed for intermediary directories

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35939

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-08-26 16:15 修改: 2026-06-17 03:57

rpm CVE-2026-44604 中危 4.16.1.3-25.el9 rpm: Command injection in rpmuncompress doUntar() via unescaped archive top-level directory name in popen() shell command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44604

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-28 08:16 修改: 2026-06-23 20:16

rpm-libs CVE-2021-35937 中危 4.16.1.3-25.el9 4.16.1.3-27.el9_3 rpm: TOCTOU race in checks for unsafe symlinks

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35937

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-08-25 20:15 修改: 2026-06-17 03:57

rpm-libs CVE-2021-35938 中危 4.16.1.3-25.el9 4.16.1.3-27.el9_3 rpm: races with chown/chmod/capabilities calls during installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35938

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-08-25 20:15 修改: 2026-06-17 03:57

rpm-libs CVE-2021-35939 中危 4.16.1.3-25.el9 4.16.1.3-27.el9_3 rpm: checks for unsafe symlinks are not performed for intermediary directories

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35939

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-08-26 16:15 修改: 2026-06-17 03:57

rpm-libs CVE-2026-44604 中危 4.16.1.3-25.el9 rpm: Command injection in rpmuncompress doUntar() via unescaped archive top-level directory name in popen() shell command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44604

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-28 08:16 修改: 2026-06-23 20:16

sed CVE-2026-5958 中危 4.8-9.el9 sed: GNU sed TOCTOU race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5958

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-20 12:16 修改: 2026-06-17 10:59

curl-minimal CVE-2024-2398 中危 7.76.1-26.el9_3.2 7.76.1-29.el9_4.1 curl: HTTP/2 push headers memory-leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24

sqlite-libs CVE-2023-7104 中危 3.34.1-6.el9_1 3.34.1-7.el9_3 sqlite: heap-buffer-overflow at sessionfuzz

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7104

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-12-29 10:15 修改: 2026-06-17 06:52

systemd-libs CVE-2023-7008 中危 252-18.el9 252-32.el9_4 systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-12-23 13:15 修改: 2026-06-17 06:51

systemd-libs CVE-2025-4598 中危 252-18.el9 252-55.el9_7.7 systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4598

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-05-30 14:15 修改: 2026-06-30 11:16

systemd-libs CVE-2026-29111 中危 252-18.el9 252-67.el9_8.2 systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-23 22:16 修改: 2026-06-17 10:29

systemd-libs CVE-2026-4105 中危 252-18.el9 systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4105

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-13 19:55 修改: 2026-06-17 10:55

tar CVE-2005-2541 中危 2:1.34-6.el9_1 tar: does not properly warn the user when extracting setuid or setgid files

漏洞详情: https://avd.aquasec.com/nvd/cve-2005-2541

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2005-08-10 04:00 修改: 2026-04-16 00:27

tar CVE-2025-45582 中危 2:1.34-6.el9_1 2:1.34-9.el9_7 tar: Tar path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-07-11 17:15 修改: 2026-06-17 09:25

tar CVE-2025-64118 中危 2:1.34-6.el9_1 node-tar: tar: node-tar: Information disclosure via reading a truncated tar file

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64118

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-10-30 18:15 修改: 2026-06-17 09:53

tar CVE-2026-33056 中危 2:1.34-6.el9_1 tar-rs: tar-rs: Arbitrary directory permission modification via crafted tar archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33056

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-20 08:16 修改: 2026-06-17 10:36

tar CVE-2026-5704 中危 2:1.34-6.el9_1 tar: tar: Hidden file injection via crafted archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-06 16:16 修改: 2026-06-17 10:59

xz-libs CVE-2026-34743 中危 5.2.5-8.el9_0 xz: XZ Utils: Denial of Service via buffer overflow in index decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-02 19:21 修改: 2026-06-17 10:39

python-unversioned-command CVE-2024-7592 低危 3.9.18-1.el9_3 3.9.21-1.el9_5 cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-19 19:15 修改: 2026-06-17 08:20

python-unversioned-command CVE-2025-13462 低危 3.9.18-1.el9_3 cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13462

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-12 18:16 修改: 2026-06-17 08:34

python-unversioned-command CVE-2025-1795 低危 3.9.18-1.el9_3 python: Mishandling of comma during folding and unicode-encoding of email headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1795

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-02-28 19:15 修改: 2026-06-17 08:39

python-unversioned-command CVE-2025-6075 低危 3.9.18-1.el9_3 3.9.25-2.el9_7 python: Quadratic complexity in os.path.expandvars() with user-controlled template

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6075

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-10-31 17:15 修改: 2026-06-17 10:01

python-unversioned-command CVE-2026-2297 低危 3.9.18-1.el9_3 cpython: CPython: Logging Bypass in Legacy .pyc File Handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2297

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-04 23:16 修改: 2026-06-17 10:30

python-unversioned-command CVE-2026-3479 低危 3.9.18-1.el9_3 python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3479

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-18 19:16 修改: 2026-06-17 10:43

libxml2 CVE-2026-0989 低危 2.9.13-5.el9_3 libxml2: Unbounded RelaxNG Include Recursion Leading to Stack Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0989

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-15 15:15 修改: 2026-06-30 20:20

libxml2 CVE-2026-0992 低危 2.9.13-5.el9_3 libxml2: libxml2: Denial of Service via crafted XML catalogs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0992

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-15 15:15 修改: 2026-06-30 20:17

ncurses-base CVE-2022-29458 低危 6.2-10.20210508.el9 6.2-10.20210508.el9_6.2 ncurses: segfaulting OOB read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-04-18 21:15 修改: 2026-06-17 04:40

ncurses-base CVE-2023-50495 低危 6.2-10.20210508.el9 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-12-12 15:15 修改: 2026-06-17 06:39

ncurses-libs CVE-2022-29458 低危 6.2-10.20210508.el9 6.2-10.20210508.el9_6.2 ncurses: segfaulting OOB read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-04-18 21:15 修改: 2026-06-17 04:40

ncurses-libs CVE-2023-50495 低危 6.2-10.20210508.el9 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-12-12 15:15 修改: 2026-06-17 06:39

gnutls CVE-2026-5419 低危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5419

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-01 21:16 修改: 2026-06-29 12:16

curl-minimal CVE-2026-6276 低危 7.76.1-26.el9_3.2 curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00

ca-certificates CVE-2023-37920 低危 2023.2.60_v7.0.306-90.1.el9_2 2024.2.69_v8.0.303-91.4.el9_4 python-certifi: Removal of e-Tugra root certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37920

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-07-25 21:15 修改: 2026-06-17 06:08

glibc-minimal-langpack CVE-2024-33601 低危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: netgroup cache may terminate daemon on memory allocation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

glibc-minimal-langpack CVE-2024-33602 低危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: netgroup cache assumes NSS callback uses in-buffer strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

glibc-minimal-langpack CVE-2026-4438 低危 2.34-83.el9_3.7 2.34-270.el9_8 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56

curl-minimal CVE-2024-11053 低危 7.76.1-26.el9_3.2 curl: curl netrc password leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56

expat CVE-2025-66382 低危 2.5.0-1.el9 libexpat: libexpat: Denial of service via crafted file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66382

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-11-28 07:15 修改: 2026-06-17 09:56

libcurl-minimal CVE-2024-11053 低危 7.76.1-26.el9_3.2 curl: curl netrc password leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56

libcurl-minimal CVE-2024-7264 低危 7.76.1-26.el9_3.2 curl: libcurl: ASN.1 date parser overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-07-31 08:15 修改: 2026-06-17 08:19

libcurl-minimal CVE-2024-9681 低危 7.76.1-26.el9_3.2 curl: HSTS subdomain overwrites parent cache entry

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-11-06 08:15 修改: 2026-06-17 08:25

libcurl-minimal CVE-2025-14524 低危 7.76.1-26.el9_3.2 curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14524

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36

libcurl-minimal CVE-2025-15079 低危 7.76.1-26.el9_3.2 curl: Host verification bypass during SSH transfers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15079

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37

libcurl-minimal CVE-2025-15224 低危 7.76.1-26.el9_3.2 curl: libssh key passphrase bypass without agent set

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15224

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37

libcurl-minimal CVE-2026-6276 低危 7.76.1-26.el9_3.2 curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00

gnupg2 CVE-2022-3219 低危 2.3.3-4.el9 gnupg: denial of service issue (resource consumption) using compressed packets

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-02-23 20:15 修改: 2026-06-17 04:59

openssl-libs CVE-2023-2975 低危 1:3.0.7-24.el9 1:3.0.7-27.el9 openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2975

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-07-14 12:15 修改: 2026-06-17 05:53

openssl-libs CVE-2023-3446 低危 1:3.0.7-24.el9 1:3.0.7-27.el9 openssl: Excessive time spent checking DH keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3446

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-07-19 12:15 修改: 2026-06-17 06:14

openssl-libs CVE-2023-3817 低危 1:3.0.7-24.el9 1:3.0.7-27.el9 OpenSSL: Excessive time spent checking DH q parameter value

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3817

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-07-31 16:15 修改: 2026-06-17 06:14

openssl-libs CVE-2023-5678 低危 1:3.0.7-24.el9 1:3.0.7-27.el9 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49

openssl-libs CVE-2023-6129 低危 1:3.0.7-24.el9 1:3.0.7-27.el9 openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6129

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-01-09 17:15 修改: 2026-06-17 06:50

openssl-libs CVE-2023-6237 低危 1:3.0.7-24.el9 1:3.0.7-27.el9 openssl: Excessive time spent checking invalid RSA public keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6237

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-04-25 07:15 修改: 2026-06-17 06:50

openssl-libs CVE-2024-0727 低危 1:3.0.7-24.el9 1:3.0.7-27.el9 openssl: denial of service via null dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-01-26 09:15 修改: 2026-06-17 06:54

openssl-libs CVE-2024-13176 低危 1:3.0.7-24.el9 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

openssl-libs CVE-2024-2511 低危 1:3.0.7-24.el9 1:3.2.2-6.el9_5 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

openssl-libs CVE-2024-41996 低危 1:3.0.7-24.el9 openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41996

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-08-26 06:15 修改: 2026-06-17 07:48

openssl-libs CVE-2024-4603 低危 1:3.0.7-24.el9 1:3.2.2-6.el9_5 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

openssl-libs CVE-2024-4741 低危 1:3.0.7-24.el9 1:3.2.2-6.el9_5 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

openssl-libs CVE-2024-5535 低危 1:3.0.7-24.el9 1:3.2.2-6.el9_5 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

openssl-libs CVE-2025-15468 低危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

openssl-libs CVE-2025-15469 低危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15469

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

openssl-libs CVE-2025-66199 低危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

openssl-libs CVE-2025-68160 低危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

openssl-libs CVE-2025-69418 低危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

python3 CVE-2024-0397 低危 3.9.18-1.el9_3 3.9.21-1.el9_5 cpython: python: Memory race condition in ssl.SSLContext certificate store methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-06-17 16:15 修改: 2026-06-17 06:53

python3 CVE-2024-4032 低危 3.9.18-1.el9_3 3.9.18-3.el9_4.3 python: incorrect IPv4 and IPv6 private ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-06-17 15:15 修改: 2026-06-17 08:00

python3 CVE-2024-5642 低危 3.9.18-1.el9_3 3.9.25-2.el9_7 python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5642

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-06-27 21:15 修改: 2026-06-17 08:16

python3 CVE-2024-7592 低危 3.9.18-1.el9_3 3.9.21-1.el9_5 cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-19 19:15 修改: 2026-06-17 08:20

python3 CVE-2025-13462 低危 3.9.18-1.el9_3 cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13462

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-12 18:16 修改: 2026-06-17 08:34

python3 CVE-2025-1795 低危 3.9.18-1.el9_3 python: Mishandling of comma during folding and unicode-encoding of email headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1795

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-02-28 19:15 修改: 2026-06-17 08:39

python3 CVE-2025-6075 低危 3.9.18-1.el9_3 3.9.25-2.el9_7 python: Quadratic complexity in os.path.expandvars() with user-controlled template

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6075

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-10-31 17:15 修改: 2026-06-17 10:01

python3 CVE-2026-2297 低危 3.9.18-1.el9_3 cpython: CPython: Logging Bypass in Legacy .pyc File Handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2297

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-04 23:16 修改: 2026-06-17 10:30

python3 CVE-2026-3479 低危 3.9.18-1.el9_3 python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3479

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-18 19:16 修改: 2026-06-17 10:43

openssl-libs CVE-2025-69420 低危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl-libs CVE-2025-69421 低危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl-libs CVE-2025-9232 低危 1:3.0.7-24.el9 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

openssl-libs CVE-2026-22795 低危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

openssl-libs CVE-2026-22796 低危 1:3.0.7-24.el9 1:3.5.1-7.el9_7 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

openssl-libs CVE-2026-28387 低危 1:3.0.7-24.el9 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl-libs CVE-2026-28388 低危 1:3.0.7-24.el9 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl-libs CVE-2026-28389 低危 1:3.0.7-24.el9 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl-libs CVE-2026-31789 低危 1:3.0.7-24.el9 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

openssl-libs CVE-2026-34180 低危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

openssl-libs CVE-2026-34181 低危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

openssl-libs CVE-2026-42766 低危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl-libs CVE-2026-42767 低危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl-libs CVE-2026-42768 低危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl-libs CVE-2026-42769 低危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl-libs CVE-2026-42770 低危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl-libs CVE-2026-45446 低危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

openssl-libs CVE-2026-7383 低危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

openssl-libs CVE-2026-9076 低危 1:3.0.7-24.el9 1:3.5.5-4.el9_8 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

libgcc CVE-2021-46195 低危 11.4.1-2.1.el9 gcc: uncontrolled recursion in libiberty/rust-demangle.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46195

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-01-14 20:15 修改: 2026-06-17 04:14

libgcc CVE-2022-27943 低危 11.4.1-2.1.el9 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-03-26 13:15 修改: 2026-06-17 04:37

gnupg2 CVE-2025-30258 低危 2.3.3-4.el9 gnupg: verification DoS due to a malicious subkey in the keyring

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08

krb5-libs CVE-2024-26458 低危 1.21.1-1.el9 1.21.1-3.el9 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

pcre2 CVE-2022-41409 低危 10.40-2.el9 pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-07-18 14:15 修改: 2026-06-17 05:03

pcre2-syntax CVE-2022-41409 低危 10.40-2.el9 pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-07-18 14:15 修改: 2026-06-17 05:03

libgcrypt CVE-2026-41990 低危 1.10.0-10.el9_2 Libgcrypt: Libgcrypt: Denial of Service or data integrity issues from missing bounds check during Dilithium signing.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41990

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-23 05:16 修改: 2026-06-17 10:47

krb5-libs CVE-2024-26461 低危 1.21.1-1.el9 1.21.1-3.el9 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

gnupg2 CVE-2026-24883 低危 2.3.3-4.el9 GnuPG: GnuPG: Denial of service due to specially crafted signature packet

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24883

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 19:16 修改: 2026-06-17 10:23

gnupg2 CVE-2026-57062 低危 2.3.3-4.el9 GnuPG: Incorrect cryptographic message parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-57062

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-06-23 18:18 修改: 2026-06-25 20:16

expat CVE-2026-24515 低危 2.5.0-1.el9 libexpat: libexpat null pointer dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24515

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-01-23 08:16 修改: 2026-06-17 10:23

expat CVE-2026-41080 低危 2.5.0-1.el9 libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41080

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-04-16 17:16 修改: 2026-06-17 10:46

file-libs CVE-2022-48554 低危 5.39-14.el9 5.39-16.el9 file: stack-based buffer over-read in file_copystr in funcs.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-48554

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-08-22 19:16 修改: 2026-06-17 05:15

gawk CVE-2023-4156 低危 5.1.0-6.el9 gawk: heap out of bound read in builtin.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4156

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-09-25 18:15 修改: 2026-06-17 06:37

curl-minimal CVE-2024-7264 低危 7.76.1-26.el9_3.2 curl: libcurl: ASN.1 date parser overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-07-31 08:15 修改: 2026-06-17 08:19

curl-minimal CVE-2024-9681 低危 7.76.1-26.el9_3.2 curl: HSTS subdomain overwrites parent cache entry

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-11-06 08:15 修改: 2026-06-17 08:25

glibc-common CVE-2024-33601 低危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: netgroup cache may terminate daemon on memory allocation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

glibc-common CVE-2024-33602 低危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: netgroup cache assumes NSS callback uses in-buffer strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

glibc-common CVE-2026-4438 低危 2.34-83.el9_3.7 2.34-270.el9_8 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56

libstdc++ CVE-2021-46195 低危 11.4.1-2.1.el9 gcc: uncontrolled recursion in libiberty/rust-demangle.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46195

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-01-14 20:15 修改: 2026-06-17 04:14

libstdc++ CVE-2022-27943 低危 11.4.1-2.1.el9 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2022-03-26 13:15 修改: 2026-06-17 04:37

python3-libs CVE-2024-0397 低危 3.9.18-1.el9_3 3.9.21-1.el9_5 cpython: python: Memory race condition in ssl.SSLContext certificate store methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-06-17 16:15 修改: 2026-06-17 06:53

python3-libs CVE-2024-4032 低危 3.9.18-1.el9_3 3.9.18-3.el9_4.3 python: incorrect IPv4 and IPv6 private ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-06-17 15:15 修改: 2026-06-17 08:00

python3-libs CVE-2024-5642 低危 3.9.18-1.el9_3 3.9.25-2.el9_7 python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5642

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-06-27 21:15 修改: 2026-06-17 08:16

python3-libs CVE-2024-7592 低危 3.9.18-1.el9_3 3.9.21-1.el9_5 cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-08-19 19:15 修改: 2026-06-17 08:20

python3-libs CVE-2025-13462 低危 3.9.18-1.el9_3 cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13462

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-12 18:16 修改: 2026-06-17 08:34

python3-libs CVE-2025-1795 低危 3.9.18-1.el9_3 python: Mishandling of comma during folding and unicode-encoding of email headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1795

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-02-28 19:15 修改: 2026-06-17 08:39

python3-libs CVE-2025-6075 低危 3.9.18-1.el9_3 3.9.25-2.el9_7 python: Quadratic complexity in os.path.expandvars() with user-controlled template

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6075

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2025-10-31 17:15 修改: 2026-06-17 10:01

python3-libs CVE-2026-2297 低危 3.9.18-1.el9_3 cpython: CPython: Logging Bypass in Legacy .pyc File Handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2297

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-04 23:16 修改: 2026-06-17 10:30

python3-libs CVE-2026-3479 低危 3.9.18-1.el9_3 python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3479

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2026-03-18 19:16 修改: 2026-06-17 10:43

glib2 CVE-2023-32636 低危 2.68.4-11.el9 glib: Timeout in fuzz_variant_text

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32636

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-09-14 20:15 修改: 2026-06-17 05:59

libtasn1 CVE-2025-13151 低危 4.16.0-8.el9_1 4.16.0-10.el9_8 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13151

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-07 22:15 修改: 2026-06-17 08:33

glib2 CVE-2025-3360 低危 2.68.4-11.el9 glibc: GLib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid ISO 8601 timestamp with g_date_time_new_from_iso8601().

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3360

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-04-07 13:15 修改: 2026-06-30 15:16

glib2 CVE-2025-7039 低危 2.68.4-11.el9 glib: Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7039

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-09-03 02:15 修改: 2026-06-17 10:04

libarchive CVE-2025-1632 低危 3.5.3-4.el9 libarchive: null pointer dereference in bsdunzip.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1632

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-02-24 14:15 修改: 2026-06-17 08:39

python3-pip-wheel CVE-2021-3572 低危 21.2.3-7.el9 python-pip: Incorrect handling of unicode separators in git references

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3572

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2021-11-10 18:15 修改: 2026-06-17 04:05

libarchive CVE-2025-5915 低危 3.5.3-4.el9 libarchive: Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5915

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-09 20:15 修改: 2026-06-30 11:16

libarchive CVE-2025-5916 低危 3.5.3-4.el9 libarchive: Integer overflow while reading warc files at archive_read_support_format_warc.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5916

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-09 20:15 修改: 2026-06-30 11:16

libarchive CVE-2025-5917 低危 3.5.3-4.el9 libarchive: Off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5917

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-09 20:15 修改: 2026-06-30 11:16

libarchive CVE-2025-5918 低危 3.5.3-4.el9 libarchive: Reading past EOF may be triggered for piped file streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5918

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-09 20:15 修改: 2026-06-30 11:16

glibc CVE-2024-33601 低危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: netgroup cache may terminate daemon on memory allocation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

glibc CVE-2024-33602 低危 2.34-83.el9_3.7 2.34-100.el9_4.2 glibc: netgroup cache assumes NSS callback uses in-buffer strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

rpm CVE-2026-44605 低危 4.16.1.3-25.el9 rpm: heap buffer overflow in NDB slot table parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44605

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

glibc CVE-2025-15281 低危 2.34-83.el9_3.7 2.34-231.el9_7.10 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-20 14:16 修改: 2026-06-17 08:37

glibc CVE-2026-0861 低危 2.34-83.el9_3.7 2.34-231.el9_7.10 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-14 21:15 修改: 2026-06-17 10:11

glibc CVE-2026-4438 低危 2.34-83.el9_3.7 2.34-270.el9_8 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56

glib2 CVE-2026-0988 低危 2.68.4-11.el9 glib: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0988

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-21 12:15 修改: 2026-06-17 10:11

rpm-libs CVE-2026-44605 低危 4.16.1.3-25.el9 rpm: heap buffer overflow in NDB slot table parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44605

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

glib2 CVE-2026-1485 低危 2.68.4-11.el9 Glib: Glib: Local denial of service via buffer underflow in content type parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1485

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-27 14:15 修改: 2026-06-17 10:15

shadow-utils CVE-2024-56433 低危 2:4.9-8.el9 2:4.9-15.el9 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12

curl-minimal CVE-2025-14524 低危 7.76.1-26.el9_3.2 curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14524

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36

curl-minimal CVE-2025-15079 低危 7.76.1-26.el9_3.2 curl: Host verification bypass during SSH transfers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15079

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37

sqlite-libs CVE-2024-0232 低危 3.34.1-6.el9_1 sqlite: use-after-free bug in jsonParseAddNodeArray

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0232

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-01-16 14:15 修改: 2026-06-17 06:53

sqlite-libs CVE-2025-70873 低危 3.34.1-6.el9_1 sqlite: SQLite: Information Disclosure via Crafted ZIP File

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-70873

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-03-12 19:16 修改: 2026-06-17 10:03

curl-minimal CVE-2025-15224 低危 7.76.1-26.el9_3.2 curl: libssh key passphrase bypass without agent set

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15224

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37

gnutls CVE-2025-9820 低危 3.7.6-23.el9 3.8.3-10.el9_7 gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9820

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-01-26 20:16 修改: 2026-06-30 09:16

gnutls CVE-2026-3832 低危 3.7.6-23.el9 3.8.10-4.el9_8 gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3832

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-04-30 18:16 修改: 2026-06-24 17:16

libxml2 CVE-2023-45322 低危 2.9.13-5.el9_3 libxml2: use-after-free in xmlUnlinkNode() in tree.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45322

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2023-10-06 22:15 修改: 2026-06-17 06:28

libxml2 CVE-2024-34459 低危 2.9.13-5.el9_3 2.9.13-14.el9_8.1 libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34459

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2024-05-14 15:39 修改: 2026-06-17 07:33

libxml2 CVE-2025-27113 低危 2.9.13-5.el9_3 libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27113

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-02-18 23:15 修改: 2026-06-17 09:03

libxml2 CVE-2025-6170 低危 2.9.13-5.el9_3 libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6170

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2025-06-16 16:15 修改: 2026-06-30 11:16

python-unversioned-command CVE-2024-0397 低危 3.9.18-1.el9_3 3.9.21-1.el9_5 cpython: python: Memory race condition in ssl.SSLContext certificate store methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-06-17 16:15 修改: 2026-06-17 06:53

python-unversioned-command CVE-2024-4032 低危 3.9.18-1.el9_3 3.9.18-3.el9_4.3 python: incorrect IPv4 and IPv6 private ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-06-17 15:15 修改: 2026-06-17 08:00

tar CVE-2023-39804 低危 2:1.34-6.el9_1 tar: Incorrectly handled extension attributes in PAX archives can lead to a crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39804

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-03-27 04:15 修改: 2026-06-17 06:12

python-unversioned-command CVE-2024-5642 低危 3.9.18-1.el9_3 3.9.25-2.el9_7 python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5642

镜像层: sha256:90d2a9702206fe596f9a7203116fc7198a1e0bb4eac2ab70140d6d2ec6c8331d

发布日期: 2024-06-27 21:15 修改: 2026-06-17 08:16

zlib CVE-2026-27171 低危 1.2.11-40.el9 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:064b40dd2dfb098da5b4d43876da5d481047121e1ed560129383b74d30b5fe99

发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

Java (jar)
低危漏洞:18 中危漏洞:108 高危漏洞:122 严重漏洞:33
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
com.amazon.redshift:redshift-jdbc42 CVE-2024-32888 严重 2.1.0.23 2.1.0.28 Amazon JDBC Driver for Redshift SQL Injection via line comment generation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32888

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-05-15 03:15 修改: 2026-06-17 07:30

com.amazon.redshift:redshift-jdbc42 CVE-2026-8178 严重 2.1.0.23 2.2.2 Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8178

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-08 19:16 修改: 2026-06-17 11:03

com.fasterxml.jackson.core:jackson-databind CVE-2017-15095 严重 2.4.0 2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:07

com.fasterxml.jackson.core:jackson-databind CVE-2017-17485 严重 2.4.0 2.9.4, 2.8.11, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2018-01-10 18:29 修改: 2026-06-17 01:10

com.fasterxml.jackson.core:jackson-databind CVE-2017-7525 严重 2.4.0 2.6.7.1, 2.7.9.1, 2.8.9 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7525

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:24

com.fasterxml.jackson.core:jackson-databind CVE-2018-11307 严重 2.4.0 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-07-09 16:15 修改: 2026-06-17 01:35

com.fasterxml.jackson.core:jackson-databind CVE-2018-14718 严重 2.4.0 2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: arbitrary code execution in slf4j-ext class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41

com.fasterxml.jackson.core:jackson-databind CVE-2018-14719 严重 2.4.0 2.9.7, 2.8.11.3, 2.7.9.5 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41

com.fasterxml.jackson.core:jackson-databind CVE-2018-19362 严重 2.4.0 2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: improper polymorphic deserialization in jboss-common-core class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:49

com.fasterxml.jackson.core:jackson-databind CVE-2018-7489 严重 2.4.0 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2018-02-26 15:29 修改: 2026-06-17 02:03

com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 严重 2.4.0 2.9.9.2, 2.8.11.4, 2.7.9.6 jackson-databind: default typing mishandling leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-07-29 12:15 修改: 2026-06-17 02:18

com.fasterxml.jackson.core:jackson-databind CVE-2019-14540 严重 2.4.0 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:18

com.fasterxml.jackson.core:jackson-databind CVE-2019-16335 严重 2.4.0 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:22

com.fasterxml.jackson.core:jackson-databind CVE-2019-16942 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23

com.fasterxml.jackson.core:jackson-databind CVE-2019-16943 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23

com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 严重 2.4.0 2.9.10, 2.8.11.5 jackson-databind: Serialization gadgets in classes of the ehcache package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-10-07 00:15 修改: 2026-06-17 02:23

com.fasterxml.jackson.core:jackson-databind CVE-2019-17531 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-10-12 21:15 修改: 2026-06-17 02:24

com.fasterxml.jackson.core:jackson-databind CVE-2019-20330 严重 2.4.0 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 jackson-databind: lacks certain net.sf.ehcache blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-01-03 04:15 修改: 2026-06-17 02:30

com.fasterxml.jackson.core:jackson-databind CVE-2020-8840 严重 2.4.0 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 jackson-databind: Lacks certain xbean-reflect/JNDI blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-02-10 21:56 修改: 2026-06-17 03:27

com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 严重 2.4.0 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in ibatis-sqlmap

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28

com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 严重 2.4.0 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in anteros-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28

com.nimbusds:nimbus-jose-jwt CVE-2019-17195 严重 4.41.1 7.9 nimbus-jose-jwt: Uncaught exceptions while parsing a JWT

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17195

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-10-15 14:15 修改: 2026-06-17 02:23

io.netty:netty CVE-2019-20444 严重 3.10.5.Final 4.0.0 netty: HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20444

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-01-29 21:15 修改: 2026-06-17 02:30

org.apache.avro:avro CVE-2024-47561 严重 1.11.3 1.11.4 apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-10-03 11:15 修改: 2026-06-17 07:57

org.apache.avro:avro CVE-2024-47561 严重 1.7.7 1.11.4 apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-10-03 11:15 修改: 2026-06-17 07:57

org.apache.hadoop:hadoop-common CVE-2021-37404 严重 3.1.3 3.3.2, 3.2.3, 2.10.2 hadoop-hdfs: Heap buffer overflow in Apache Hadoop libhdfs

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37404

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-06-13 07:15 修改: 2026-06-17 04:00

org.apache.hadoop:hadoop-common CVE-2022-25168 严重 3.1.3 2.10.2, 3.2.4, 3.3.3 hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25168

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-08-04 15:15 修改: 2026-06-17 04:33

org.apache.helix:helix-core CVE-2023-38647 严重 1.0.4 1.3.0 Deserialization vulnerability in Helix workflow and REST

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38647

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-07-26 08:15 修改: 2026-06-17 06:10

org.apache.ignite:ignite-core CVE-2024-52577 严重 2.15.0 2.17.0 org.apache.ignite:ignite-core: Apache Ignite: Possible RCE when deserializing incoming messages by the server node

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52577

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-02-14 10:15 修改: 2026-06-17 08:07

org.apache.parquet:parquet-avro CVE-2025-30065 严重 1.13.1 1.15.1 org.apache.parquet/parquet-avro: Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30065

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-04-01 08:15 修改: 2026-06-17 09:08

org.apache.pinot:pinot-common CVE-2024-56325 严重 0.12.1 1.3.0 Apache Pinot Vulnerable to Authentication Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56325

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-04-01 09:15 修改: 2026-06-17 08:12

org.jboss.netty:netty CVE-2019-20444 严重 3.2.6.Final 4.0.0 netty: HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20444

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-01-29 21:15 修改: 2026-06-17 02:30

org.postgresql:postgresql CVE-2024-1597 严重 42.7.1 42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1597

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-02-19 13:15 修改: 2026-06-17 07:04

com.fasterxml.jackson.core:jackson-databind CVE-2020-10650 高危 2.4.0 2.9.10.4 A deserialization flaw was discovered in jackson-databind through 2.9. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-12-26 20:15 修改: 2026-06-17 02:48

com.fasterxml.jackson.core:jackson-databind CVE-2020-10673 高危 2.4.0 2.9.10.4, 2.6.7.4 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-03-18 22:15 修改: 2026-06-17 02:48

com.fasterxml.jackson.core:jackson-databind CVE-2020-24616 高危 2.4.0 2.9.10.6 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-08-25 18:15 修改: 2026-06-17 03:05

com.fasterxml.jackson.core:jackson-databind CVE-2020-24750 高危 2.4.0 2.6.7.5, 2.9.10.6 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-09-17 19:15 修改: 2026-06-17 03:06

com.fasterxml.jackson.core:jackson-databind CVE-2020-35490 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13

com.fasterxml.jackson.core:jackson-databind CVE-2020-35491 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13

com.fasterxml.jackson.core:jackson-databind CVE-2020-35728 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-12-27 05:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36179 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36180 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36181 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36182 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36183 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36184 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36185 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36186 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36187 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36188 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36189 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.4.0 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-03-11 07:15 修改: 2026-06-17 03:15

com.fasterxml.jackson.core:jackson-databind CVE-2021-20190 高危 2.4.0 2.9.10.7, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-19 17:15 修改: 2026-06-17 03:33

com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.4.0 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04

com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.4.0 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04

com.google.code.gson:gson CVE-2022-25647 高危 2.7 2.8.9 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25647

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-05-01 16:15 修改: 2026-06-17 04:33

com.google.code.gson:gson CVE-2022-25647 高危 2.8.5 2.8.9 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25647

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-05-01 16:15 修改: 2026-06-17 04:33

com.google.protobuf:protobuf-java CVE-2021-22569 高危 3.15.6 3.16.1, 3.18.2, 3.19.2 protobuf-java: potential DoS in the parsing procedure for binary data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-01-10 14:10 修改: 2026-06-17 03:37

com.google.protobuf:protobuf-java CVE-2022-3509 高危 3.15.6 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Textformat parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59

com.google.protobuf:protobuf-java CVE-2022-3510 高危 3.15.6 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Message-Type Extensions parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59

com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.15.6 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19

com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.25.1 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19

com.google.protobuf:protobuf-java CVE-2021-22569 高危 3.7.1 3.16.1, 3.18.2, 3.19.2 protobuf-java: potential DoS in the parsing procedure for binary data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-01-10 14:10 修改: 2026-06-17 03:37

com.google.protobuf:protobuf-java CVE-2022-3509 高危 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Textformat parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59

com.google.protobuf:protobuf-java CVE-2022-3510 高危 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Message-Type Extensions parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59

com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.7.1 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19

com.mchange:c3p0 CVE-2026-27830 高危 0.9.5.4 0.12.0 c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27830

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-02-26 01:16 修改: 2026-06-30 03:17

com.mchange:mchange-commons-java CVE-2026-27727 高危 0.2.15 0.4.0 com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27727

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-02-25 17:25 修改: 2026-07-02 12:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.15.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.nimbusds:nimbus-jose-jwt CVE-2023-52428 高危 4.41.1 9.37.2 nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52428

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-02-11 05:15 修改: 2026-06-17 06:42

com.squareup.wire:wire-runtime-jvm CVE-2026-45799 高危 4.8.1 Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45799

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

commons-beanutils:commons-beanutils CVE-2019-10086 高危 1.7.0 1.9.4 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10086

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-08-20 21:15 修改: 2026-06-17 02:10

commons-beanutils:commons-beanutils CVE-2025-48734 高危 1.7.0 1.11.0 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30

commons-beanutils:commons-beanutils CVE-2014-0114 高危 1.9.3 1.9.4 1: Class Loader manipulation via request parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2014-0114

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2014-04-30 10:49 修改: 2026-05-06 22:30

commons-beanutils:commons-beanutils CVE-2019-10086 高危 1.9.3 1.9.4 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10086

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-08-20 21:15 修改: 2026-06-17 02:10

commons-beanutils:commons-beanutils CVE-2025-48734 高危 1.9.3 1.11.0 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30

commons-io:commons-io CVE-2024-47554 高危 2.11.0 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57

io.airlift:aircompressor CVE-2024-36114 高危 0.25 0.27 Decompressors can crash the JVM and leak memory content in Aircompressor

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36114

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-05-29 21:15 修改: 2026-06-17 07:36

io.airlift:aircompressor CVE-2025-67721 高危 0.25 2.0.3 aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67721

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-12-12 23:15 修改: 2026-06-17 09:58

io.grpc:grpc-netty-shaded CVE-2025-55163 高危 1.59.0 1.75.0 netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.15.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

io.netty:netty CVE-2019-16869 高危 3.10.5.Final netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16869

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-09-26 16:15 修改: 2026-06-17 02:22

io.netty:netty CVE-2021-37136 高危 3.10.5.Final 4.0.0 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00

io.netty:netty CVE-2021-37137 高危 3.10.5.Final 4.0.0 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00

io.netty:netty-all CVE-2019-16869 高危 4.1.34.Final 4.1.42.Final netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16869

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-09-26 16:15 修改: 2026-06-17 02:22

io.netty:netty-codec CVE-2026-42583 高危 4.1.101.Final 4.1.133.Final netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-dns CVE-2026-42579 高危 4.1.101.Final 4.2.13.Final, 4.1.133.Final netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19

io.netty:netty-codec-haproxy CVE-2026-44893 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44893

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17

io.netty:netty-codec-haproxy CVE-2026-48059 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48059

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http CVE-2026-33870 高危 4.1.101.Final 4.1.132.Final, 4.2.10.Final io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http CVE-2026-42584 高危 4.1.101.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19

io.netty:netty-codec-http CVE-2026-42587 高危 4.1.101.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2025-55163 高危 4.1.101.Final 4.2.4.Final, 4.1.124.Final netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41

io.netty:netty-codec-http2 CVE-2026-33871 高危 4.1.101.Final 4.1.132.Final, 4.2.11.Final netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2026-42587 高危 4.1.101.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17

io.netty:netty-codec-redis CVE-2026-44250 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44250

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-11 22:16 修改: 2026-06-30 03:19

io.netty:netty-codec-redis CVE-2026-44890 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44890

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-11 22:16 修改: 2026-06-30 03:20

io.netty:netty-codec-redis CVE-2026-48006 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48006

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 16:16 修改: 2026-06-30 03:20

io.netty:netty-codec-redis CVE-2026-50011 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-codec-redis: Netty: Denial of Service via malicious Redis array header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50011

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 16:16 修改: 2026-06-30 03:20

io.netty:netty-codec-smtp CVE-2025-59419 高危 4.1.101.Final 4.2.7.Final, 4.1.128.Final io.netty/netty-codec-smtp: Netty netty-codec-smtp SMTP Command Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59419

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-10-15 16:15 修改: 2026-06-17 09:46

io.netty:netty-handler CVE-2025-24970 高危 4.1.101.Final 4.1.118.Final io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59

io.netty:netty-handler CVE-2026-44249 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-11 22:16 修改: 2026-07-03 13:17

io.netty:netty-handler CVE-2026-45416 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17

io.netty:netty-handler CVE-2026-50010 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17

io.netty:netty-resolver-dns CVE-2026-45674 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17

io.netty:netty-resolver-dns CVE-2026-47691 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17

io.netty:netty-transport-sctp CVE-2026-46340 高危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46340

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 15:16 修改: 2026-06-30 03:20

net.minidev:json-smart CVE-2024-57699 高危 2.5.0 2.5.2 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-57699

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-02-05 22:15 修改: 2026-06-17 08:13

ch.qos.logback:logback-core CVE-2023-6378 高危 1.4.8 1.3.12, 1.4.12, 1.2.13 logback: serialization vulnerability in logback receiver

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50

com.fasterxml.jackson.core:jackson-core CVE-2025-52999 高危 2.13.4 2.15.0 com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37

org.apache.avro:avro CVE-2023-39410 高危 1.7.7 1.11.3 apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39410

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-09-29 17:15 修改: 2026-06-17 06:12

org.apache.commons:commons-vfs2 CVE-2025-27553 高危 2.3 2.10.0 apache-commons-vfs: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27553

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-03-23 15:15 修改: 2026-06-17 09:03

com.fasterxml.jackson.core:jackson-core CVE-2025-52999 高危 2.4.0 2.15.0 com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.13.4.2 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

org.apache.hadoop:hadoop-common CVE-2020-9492 高危 3.1.3 3.2.2, 3.1.4, 2.10.1 hadoop: WebHDFS client might send SPNEGO authorization header

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9492

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-01-26 18:16 修改: 2026-06-17 03:28

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.13.4.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2018-12022 高危 2.4.0 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: improper polymorphic deserialization of types from Jodd-db library

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-03-21 16:00 修改: 2026-06-17 01:37

org.apache.ignite:ignite-core CVE-2025-48977 高危 2.15.0 2.18.0 Apache Ignite REST API Has a Relative Path Traversal Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48977

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-28 10:16 修改: 2026-06-17 09:30

org.apache.kafka:kafka-clients CVE-2026-35554 高危 3.6.1 3.9.2, 4.0.2, 4.1.2 Apache Kafka Clients: Apache Kafka Clients: Information disclosure and data corruption due to race condition in producer buffer management

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35554

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-04-07 14:16 修改: 2026-06-17 10:40

com.fasterxml.jackson.core:jackson-databind CVE-2018-5968 高危 2.4.0 2.8.11.1, 2.9.4, 2.7.9.5 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2018-01-22 04:29 修改: 2026-06-17 02:01

org.apache.parquet:parquet-avro CVE-2025-46762 高危 1.13.1 1.15.2 org.apache.parquet/parquet-avro: Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46762

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-05-06 10:15 修改: 2026-06-17 09:26

com.fasterxml.jackson.core:jackson-databind CVE-2019-12086 高危 2.4.0 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-05-17 17:29 修改: 2026-06-17 02:14

org.apache.thrift:libthrift CVE-2026-43869 高危 0.19.0 0.23.0 Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43869

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-05 08:16 修改: 2026-07-01 13:17

org.apache.thrift:libthrift CVE-2019-0205 高危 0.9.3-1 0.13.0 thrift: Endless loop when feed with specific input data

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-0205

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-10-29 19:15 修改: 2026-06-17 02:07

org.apache.thrift:libthrift CVE-2020-13949 高危 0.9.3-1 0.14.0 libthrift: potential DoS when processing untrusted payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13949

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-02-12 20:15 修改: 2026-06-17 02:53

org.apache.thrift:libthrift CVE-2026-43869 高危 0.9.3-1 0.23.0 Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43869

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-05 08:16 修改: 2026-07-01 13:17

org.apache.zookeeper:zookeeper CVE-2024-51504 高危 3.9.1 3.9.3 org.apache.zookeeper: Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51504

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-11-07 10:15 修改: 2026-06-17 08:05

org.apache.zookeeper:zookeeper CVE-2026-24281 高危 3.9.1 3.8.6, 3.9.5 Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24281

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-03-07 09:16 修改: 2026-07-03 13:17

org.apache.zookeeper:zookeeper CVE-2026-24308 高危 3.9.1 3.9.5, 3.8.6 Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24308

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-03-07 09:16 修改: 2026-07-03 13:17

org.codehaus.jettison:jettison CVE-2022-40150 高危 1.1 1.5.2 jettison: memory exhaustion via user-supplied XML or JSON data

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40150

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-09-16 10:15 修改: 2026-06-17 05:01

org.codehaus.jettison:jettison CVE-2022-45685 高危 1.1 1.5.2 jettison: stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON data

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45685

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-12-13 15:15 修改: 2026-06-17 05:10

org.codehaus.jettison:jettison CVE-2022-45693 高危 1.1 1.5.2 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45693

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-12-13 15:15 修改: 2026-06-17 05:10

org.codehaus.jettison:jettison CVE-2023-1436 高危 1.1 1.5.4 jettison: Uncontrolled Recursion in JSONArray

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1436

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-03-22 06:15 修改: 2026-06-17 05:27

org.eclipse.jetty.http2:http2-common CVE-2024-22201 高危 11.0.18 9.4.54, 10.0.20, 11.0.20 jetty: stop accepting new connections from valid clients

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22201

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-02-26 16:27 修改: 2026-06-17 07:10

org.eclipse.jetty.http2:http2-common CVE-2025-5115 高危 11.0.18 9.4.58, 10.0.26, 11.0.26 jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5115

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-08-20 20:15 修改: 2026-06-17 09:47

org.eclipse.jetty:jetty-http CVE-2026-2332 高危 11.0.18 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17

org.eclipse.jetty:jetty-server CVE-2018-12545 高危 9.3.24.v20180605 9.4.12.v20180830, 9.3.25.v20180904 jetty: large settings frames causing denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12545

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-03-27 20:29 修改: 2026-06-17 01:37

org.eclipse.jetty:jetty-server CVE-2021-28165 高危 9.3.24.v20180605 9.4.39, 10.0.2, 11.0.2 jetty: Resource exhaustion when receiving an invalid large TLS frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28165

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-04-01 15:15 修改: 2026-06-17 03:45

org.eclipse.jetty:jetty-webapp CVE-2020-27216 高危 9.3.24.v20180605 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3 jetty: local temporary directory hijacking vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-27216

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-10-23 13:15 修改: 2026-06-17 03:08

org.elasticsearch:elasticsearch CVE-2023-31418 高危 6.8.23 7.17.13, 8.9.0 elasticsearch: uncontrolled resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31418

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-10-26 18:15 修改: 2026-06-17 05:56

com.fasterxml.jackson.core:jackson-databind CVE-2019-14439 高危 2.4.0 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: Polymorphic typing issue related to logback/JNDI

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-07-30 11:15 修改: 2026-06-17 02:18

org.jboss.netty:netty CVE-2015-2156 高危 3.2.6.Final 3.9.8.Final, 3.10.3.Final netty: HttpOnly cookie bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-2156

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2017-10-18 15:29 修改: 2025-04-20 01:37

org.jboss.netty:netty CVE-2019-16869 高危 3.2.6.Final netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16869

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-09-26 16:15 修改: 2026-06-17 02:22

org.jboss.netty:netty CVE-2021-37136 高危 3.2.6.Final 4.0.0 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00

org.jboss.netty:netty CVE-2021-37137 高危 3.2.6.Final 4.0.0 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00

org.lz4:lz4-java CVE-2025-12183 高危 1.8.0 1.8.1 lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12183

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-11-28 16:15 修改: 2026-06-17 08:31

org.lz4:lz4-java CVE-2025-66566 高危 1.8.0 lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66566

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-12-05 18:15 修改: 2026-06-17 09:57

com.fasterxml.jackson.core:jackson-databind CVE-2019-14892 高危 2.4.0 2.6.7.3, 2.8.11.5, 2.9.10 jackson-databind: Serialization gadgets in classes of the commons-configuration package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-03-02 17:15 修改: 2026-06-17 02:19

org.postgresql:postgresql CVE-2026-42198 高危 42.7.1 42.7.11 jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-04-29 16:16 修改: 2026-06-30 03:19

org.xerial.snappy:snappy-java CVE-2023-34455 高危 1.0.5 1.1.10.1 snappy-java: Unchecked chunk length leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34455

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-06-15 18:15 修改: 2026-06-17 06:03

org.xerial.snappy:snappy-java CVE-2023-43642 高危 1.0.5 1.1.10.4 snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43642

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-09-25 20:15 修改: 2026-06-17 06:26

org.yaml:snakeyaml CVE-2017-18640 高危 1.11 1.26 snakeyaml: Billion laughs attack via alias feature

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-18640

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-12-12 03:15 修改: 2026-06-17 01:13

org.yaml:snakeyaml CVE-2022-1471 高危 1.11 2.0 SnakeYaml: Constructor Deserialization Remote Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-12-01 11:15 修改: 2026-06-17 04:22

org.yaml:snakeyaml CVE-2022-25857 高危 1.11 1.31 snakeyaml: Denial of Service due to missing nested depth limitation for collections

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-08-30 05:15 修改: 2026-06-17 04:34

software.amazon.ion:ion-java CVE-2024-21634 高危 1.0.2 1.10.5 ion-java: ion-java: Ion Java StackOverflow vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21634

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-01-03 23:15 修改: 2026-06-17 07:09

com.google.guava:guava CVE-2023-2976 中危 31.1-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

commons-lang:commons-lang CVE-2025-48924 中危 2.6 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

io.netty:netty-resolver-dns CVE-2026-45673 中危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

io.netty:netty-transport-native-kqueue CVE-2026-45536 中危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

io.netty:netty-transport-native-kqueue CVE-2026-45536 中危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

commons-lang:commons-lang CVE-2025-48924 中危 2.6 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

io.opentelemetry:opentelemetry-api CVE-2026-45292 中危 1.31.0 1.62.0 opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-28 17:16 修改: 2026-07-03 13:17

io.opentelemetry:opentelemetry-extension-trace-propagators CVE-2026-45292 中危 1.31.0 1.62.0 opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-28 17:16 修改: 2026-07-03 13:17

io.projectreactor.netty:reactor-netty-http CVE-2025-22227 中危 1.0.39 1.3.0-M5, 1.2.8 io.projectreactor.netty/reactor-netty: Reactor Netty Credential Leak via Redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22227

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-07-16 10:15 修改: 2026-06-17 08:45

commons-net:commons-net CVE-2021-37533 中危 3.6 3.9.0 apache-commons-net: FTP client trusts the host from PASV response by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37533

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-12-03 15:15 修改: 2026-06-17 04:00

ch.qos.logback:logback-core CVE-2025-11226 中危 1.4.8 1.5.19, 1.3.16 ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16

com.fasterxml.jackson.core:jackson-core CVE-2025-49128 中危 2.4.0 2.13.0 com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-06-06 22:15 修改: 2026-06-17 09:30

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.4.0 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.apache.commons:commons-compress CVE-2024-25710 中危 1.21 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16

org.apache.commons:commons-compress CVE-2024-26308 中危 1.21 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:17

org.apache.commons:commons-compress CVE-2023-42503 中危 1.23.0 1.24.0 apache-commons-compress: Denial of service via CPU consumption for malformed TAR file

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42503

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-09-14 08:15 修改: 2026-06-17 06:23

org.apache.commons:commons-compress CVE-2024-25710 中危 1.23.0 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16

org.apache.commons:commons-compress CVE-2024-26308 中危 1.23.0 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:17

org.apache.commons:commons-compress CVE-2024-25710 中危 1.25.0 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16

org.apache.commons:commons-compress CVE-2024-26308 中危 1.25.0 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:17

org.apache.commons:commons-configuration2 CVE-2024-29131 中危 2.1.1 2.10.1 commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29131

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-03-21 09:15 修改: 2026-06-17 07:22

org.apache.commons:commons-configuration2 CVE-2024-29133 中危 2.1.1 2.10.1 commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29133

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-03-21 09:15 修改: 2026-06-17 07:22

org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.14.0 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.8 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

com.azure:azure-identity CVE-2024-35255 中危 1.11.1 1.12.2 azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-06-11 17:16 修改: 2026-06-17 07:34

org.apache.commons:commons-vfs2 CVE-2025-30474 中危 2.3 2.10.0 Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30474

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-03-23 15:15 修改: 2026-06-17 09:08

com.google.protobuf:protobuf-java CVE-2022-3171 中危 3.15.6 3.21.7, 3.20.3, 3.19.6, 3.16.3 protobuf-java: timeout in parser leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-10-12 23:15 修改: 2026-06-17 04:58

ch.qos.logback:logback-core CVE-2024-12798 中危 1.4.8 1.5.13, 1.3.15 logback-core: arbitrary code execution via JaninoEventEvaluator

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00

com.fasterxml.jackson.core:jackson-databind CVE-2026-50193 中危 2.13.4.2 2.14.0 jackson-databind: Jackson-databind: Denial of Service via deeply nested JSON processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50193

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:05

io.netty:netty CVE-2019-20445 中危 3.10.5.Final 4.0.0 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20445

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-01-29 21:15 修改: 2026-06-17 02:30

org.apache.httpcomponents:httpclient CVE-2020-13956 中危 4.4.1 4.5.13, 5.0.3 apache-httpclient: incorrect handling of malformed authority component in request URIs

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-12-02 17:15 修改: 2026-06-17 02:53

org.apache.httpcomponents:httpclient CVE-2020-13956 中危 4.5.2 4.5.13, 5.0.3 apache-httpclient: incorrect handling of malformed authority component in request URIs

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-12-02 17:15 修改: 2026-06-17 02:53

io.netty:netty CVE-2021-21290 中危 3.10.5.Final 4.0.0 netty: Information disclosure via the local system temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-02-08 20:15 修改: 2026-06-17 03:35

io.netty:netty CVE-2021-21295 中危 3.10.5.Final 4.0.0 netty: possible request smuggling in HTTP/2 due missing validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-03-09 19:15 修改: 2026-06-17 03:35

io.netty:netty CVE-2021-21409 中危 3.10.5.Final 4.0.0 netty: Request smuggling via content-length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-03-30 15:15 修改: 2026-06-17 03:35

org.apache.kafka:kafka-clients CVE-2024-31141 中危 3.6.1 3.7.1 kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-31141

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-11-19 09:15 修改: 2026-06-17 07:27

org.apache.kafka:kafka-clients CVE-2025-27817 中危 3.6.1 3.9.1 org.apache.kafka: Kafka Client Arbitrary File Read SSRF

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27817

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-06-10 08:15 修改: 2026-06-17 09:04

org.apache.kafka:kafka-clients CVE-2026-33558 中危 3.6.1 3.9.2, 4.0.1 Apache Kafka exposes sensitive information in its DEBUG logs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33558

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-04-20 14:16 修改: 2026-06-17 10:37

io.netty:netty CVE-2021-43797 中危 3.10.5.Final 4.0.0 netty: control chars in header names may lead to HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-12-09 19:15 修改: 2026-06-17 04:11

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.13.4.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.13.4.2 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

io.netty:netty-codec CVE-2025-58057 中危 4.1.101.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.13.4 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.google.protobuf:protobuf-java CVE-2022-3171 中危 3.7.1 3.21.7, 3.20.3, 3.19.6, 3.16.3 protobuf-java: timeout in parser leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-10-12 23:15 修改: 2026-06-17 04:58

com.jayway.jsonpath:json-path CVE-2023-51074 中危 2.7.0 2.9.0 json-path: stack-based buffer overflow in Criteria.parse method

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51074

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-12-27 21:15 修改: 2026-06-17 06:40

org.apache.thrift:libthrift CVE-2018-11798 中危 0.9.3-1 0.12.0 thrift: Improper Access Control grants access to files outside the webservers docroot path

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11798

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-01-07 17:29 修改: 2026-06-17 01:36

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.15.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.fasterxml.jackson.core:jackson-databind CVE-2019-12384 中危 2.4.0 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-06-24 16:15 修改: 2026-06-17 02:14

com.fasterxml.jackson.core:jackson-databind CVE-2019-12814 中危 2.4.0 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-06-19 14:15 修改: 2026-06-17 02:15

org.apache.zookeeper:zookeeper CVE-2024-23944 中危 3.9.1 3.8.4, 3.9.2 Apache-ZooKeeper: Apache ZooKeeper: Information disclosure in persistent watcher handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23944

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-03-15 11:15 修改: 2026-06-17 07:13

org.apache.zookeeper:zookeeper CVE-2025-58457 中危 3.9.1 3.9.4 org.apache.zookeeper/zookeeper: Apache ZooKeeper: Insufficient Permission Check

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58457

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-09-24 10:15 修改: 2026-06-17 09:44

io.netty:netty-codec-http CVE-2024-29025 中危 4.1.101.Final 4.1.108.Final netty-codec-http: Allocation of Resources Without Limits or Throttling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-03-25 20:15 修改: 2026-06-17 07:22

io.netty:netty-codec-http CVE-2025-67735 中危 4.1.101.Final 4.2.8.Final, 4.1.129.Final netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58

io.netty:netty-codec-http CVE-2026-41417 中危 4.1.101.Final 4.1.133.Final, 4.2.13.Final netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46

io.netty:netty-codec-http CVE-2026-42580 中危 4.1.101.Final 4.2.13.Final, 4.1.133.Final netty: Netty: Request smuggling via chunk size parser integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

org.codehaus.jettison:jettison CVE-2022-40149 中危 1.1 1.5.1 jettison: parser crash by stackoverflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40149

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-09-16 10:15 修改: 2026-06-17 05:01

io.netty:netty-codec-http CVE-2026-42581 中危 4.1.101.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19

io.netty:netty-codec-http CVE-2026-42585 中危 4.1.101.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-50020 中危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

org.eclipse.jetty:jetty-http CVE-2024-6763 中危 11.0.18 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18

org.eclipse.jetty:jetty-http CVE-2023-40167 中危 9.3.24.v20180605 9.4.52, 10.0.16, 11.0.16, 12.0.1 jetty: Improper validation of HTTP/1 content-length

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40167

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-09-15 20:15 修改: 2026-06-17 06:16

org.eclipse.jetty:jetty-http CVE-2024-6763 中危 9.3.24.v20180605 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18

org.eclipse.jetty:jetty-server CVE-2024-8184 中危 11.0.18 12.0.9, 10.0.24, 11.0.24, 9.4.56 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:22

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.4.0 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.nimbusds:nimbus-jose-jwt CVE-2025-53864 中危 4.41.1 10.0.2, 9.37.4 com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39

org.eclipse.jetty:jetty-server CVE-2019-10241 中危 9.3.24.v20180605 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10241

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-04-22 20:29 修改: 2026-06-17 02:10

org.eclipse.jetty:jetty-server CVE-2019-10246 中危 9.3.24.v20180605 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 jetty: Directory Listing on Windows reveals Resource Base path

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10246

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-04-22 20:29 修改: 2026-06-17 02:10

org.eclipse.jetty:jetty-server CVE-2019-10247 中危 9.3.24.v20180605 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 jetty: error path information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10247

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2019-04-22 20:29 修改: 2026-06-17 02:10

org.eclipse.jetty:jetty-server CVE-2023-26048 中危 9.3.24.v20180605 9.4.51.v20230217, 10.0.14, 11.0.14 jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26048

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-04-18 21:15 修改: 2026-06-17 05:42

org.eclipse.jetty:jetty-server CVE-2024-8184 中危 9.3.24.v20180605 12.0.9, 10.0.24, 11.0.24, 9.4.56 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:22

com.nimbusds:nimbus-jose-jwt CVE-2025-53864 中危 9.37.2 10.0.2, 9.37.4 com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39

io.netty:netty-codec-http2 CVE-2026-47244 中危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

org.elasticsearch:elasticsearch CVE-2023-49921 中危 6.8.23 7.17.16, 8.11.2 elasticsearch: Insertion of Sensitive Information into Log File

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49921

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-07-26 05:15 修改: 2026-06-17 06:36

org.elasticsearch:elasticsearch CVE-2024-23444 中危 6.8.23 8.13.0, 7.17.23 Elasticsearch stores private key on disk unencrypted

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23444

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-07-31 18:15 修改: 2026-06-17 07:12

org.elasticsearch:elasticsearch CVE-2024-43709 中危 6.8.23 7.17.21, 8.13.3 elasticsearch: Elasticsearch allocation of resources without limits or throttling leads to crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43709

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-01-21 11:15 修改: 2026-06-17 07:51

org.elasticsearch:elasticsearch CVE-2024-52979 中危 6.8.23 7.17.25, 8.16.0 elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52979

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-05-01 14:15 修改: 2026-06-17 08:07

org.glassfish:javax.el CVE-2021-28170 中危 3.0.1-b12 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28170

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-05-26 22:15 修改: 2026-06-17 03:45

org.iq80.snappy:snappy CVE-2024-36124 中危 0.3 0.5 snappy: tries to read outside the bounds of the given byte arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36124

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-06-03 15:15 修改: 2026-06-17 07:36

io.netty:netty-codec-http2 CVE-2026-48043 中危 4.1.101.Final 4.1.135.Final, 4.2.15.Final netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2026-50560 中危 4.1.101.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

io.netty:netty-codec-mqtt CVE-2026-44248 中危 4.1.101.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-mqtt: Netty: Denial of Service due to excessive resource consumption from crafted MQTT 5 header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44248

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19

com.squareup.okio:okio CVE-2023-3635 中危 1.17.5 3.4.0, 1.17.6 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-07-12 19:15 修改: 2026-06-17 06:14

com.squareup.okio:okio CVE-2023-3635 中危 1.6.0 3.4.0, 1.17.6 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-07-12 19:15 修改: 2026-06-17 06:14

org.jboss.netty:netty CVE-2019-20445 中危 3.2.6.Final 4.0.0 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20445

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-01-29 21:15 修改: 2026-06-17 02:30

org.jboss.netty:netty CVE-2021-21290 中危 3.2.6.Final 4.0.0 netty: Information disclosure via the local system temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-02-08 20:15 修改: 2026-06-17 03:35

org.jboss.netty:netty CVE-2021-21295 中危 3.2.6.Final 4.0.0 netty: possible request smuggling in HTTP/2 due missing validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-03-09 19:15 修改: 2026-06-17 03:35

org.jboss.netty:netty CVE-2021-21409 中危 3.2.6.Final 4.0.0 netty: Request smuggling via content-length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-03-30 15:15 修改: 2026-06-17 03:35

org.jboss.netty:netty CVE-2021-43797 中危 3.2.6.Final 4.0.0 netty: control chars in header names may lead to HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-12-09 19:15 修改: 2026-06-17 04:11

com.fasterxml.woodstox:woodstox-core CVE-2022-40152 中危 5.0.3 6.4.0, 5.4.0 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40152

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-09-16 10:15 修改: 2026-06-17 05:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.15.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

io.netty:netty-codec-redis CVE-2026-42586 中危 4.1.101.Final 4.2.13.Final, 4.1.133.Final netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42586

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.15.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

org.webjars:swagger-ui CVE-2018-25031 中危 3.23.11 4.1.3 Spoofing attack in swagger-ui

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-25031

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-03-11 07:15 修改: 2026-06-17 01:54

io.netty:netty-common CVE-2024-47535 中危 4.1.101.Final 4.1.115.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57

io.netty:netty-common CVE-2025-25193 中危 4.1.101.Final 4.1.118.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00

org.xerial.snappy:snappy-java CVE-2023-34453 中危 1.0.5 1.1.10.1 snappy-java: Integer overflow in shuffle leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34453

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-06-15 17:15 修改: 2026-06-17 06:03

org.xerial.snappy:snappy-java CVE-2023-34454 中危 1.0.5 1.1.10.1 snappy-java: Integer overflow in compress leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34454

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-06-15 17:15 修改: 2026-06-17 06:03

com.google.guava:guava CVE-2023-2976 中危 26.0-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2023-2976 中危 29.0-android 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2023-2976 中危 30.1-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

org.yaml:snakeyaml CVE-2022-38749 中危 1.11 1.31 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-38750 中危 1.11 1.31 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-38751 中危 1.11 1.31 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-38752 中危 1.11 1.32 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-41854 中危 1.11 1.32 dev-java/snakeyaml: DoS via stack overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-11-11 13:15 修改: 2026-06-17 05:03

commons-httpclient:commons-httpclient CVE-2012-5783 中危 3.1 4.0 jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

漏洞详情: https://avd.aquasec.com/nvd/cve-2012-5783

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2012-11-04 22:55 修改: 2026-04-29 01:13

org.eclipse.jetty:jetty-xml GHSA-58qw-p7qm-5rvh 低危 9.3.24.v20180605 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823 Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations

漏洞详情: https://github.com/advisories/GHSA-58qw-p7qm-5rvh

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-07-10 21:52 修改: 2026-02-10 20:06

ch.qos.logback:logback-core CVE-2026-1225 低危 1.4.8 1.5.25 ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15

io.netty:netty-handler-proxy CVE-2026-42578 低危 4.1.101.Final 4.1.133.Final, 4.2.13.Final netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19

org.eclipse.jetty:jetty-http CVE-2025-11143 低危 11.0.18 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29

com.google.guava:guava CVE-2020-8908 低危 31.1-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

com.google.guava:guava CVE-2020-8908 低危 26.0-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

org.eclipse.jetty:jetty-http CVE-2022-2047 低危 9.3.24.v20180605 9.4.47, 10.0.10, 11.0.10 jetty-http: improver hostname input handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2047

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2022-07-07 21:15 修改: 2026-06-17 04:41

io.netty:netty-codec-http CVE-2025-58056 低危 4.1.101.Final 4.1.125.Final, 4.2.5.Final netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43

ch.qos.logback:logback-core CVE-2026-9828 低危 1.4.8 1.5.33 Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9828

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2026-05-28 14:16 修改: 2026-06-17 11:05

com.google.guava:guava CVE-2020-8908 低危 29.0-android 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

ch.qos.logback:logback-core CVE-2024-12801 低危 1.4.8 1.5.13, 1.3.15 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00

com.google.guava:guava CVE-2020-8908 低危 30.1-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

org.apache.hadoop:hadoop-common CVE-2024-23454 低危 3.1.3 3.4.0 Apache Hadoop: Temporary File Local Information Disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23454

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2024-09-25 08:15 修改: 2026-06-17 07:12

commons-configuration:commons-configuration CVE-2025-46392 低危 1.10 apache-commons-configuration: Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46392

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-05-09 10:15 修改: 2026-06-17 09:26

commons-configuration:commons-configuration CVE-2025-46392 低危 1.10 apache-commons-configuration: Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46392

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-05-09 10:15 修改: 2026-06-17 09:26

org.eclipse.jetty:jetty-server CVE-2021-34428 低危 9.3.24.v20180605 9.4.41, 10.0.3, 11.0.3 jetty: SessionListener can prevent a session from being invalidated breaking logout

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-34428

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2021-06-22 15:15 修改: 2026-06-17 03:55

org.eclipse.jetty:jetty-server CVE-2023-26049 低危 9.3.24.v20180605 9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0 jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26049

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2023-04-18 21:15 修改: 2026-06-17 05:42

commons-configuration:commons-configuration CVE-2025-46392 低危 1.6 apache-commons-configuration: Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46392

镜像层: sha256:1c4d458cc1cc0ef5a9cf83f9bf8c08fc349c95b0b060d15371b5a309598f2254

发布日期: 2025-05-09 10:15 修改: 2026-06-17 09:26

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×