quay.io/keycloak/keycloak:21.1.2 linux/amd64

quay.io/keycloak/keycloak:21.1.2 - Trivy安全扫描结果 扫描时间: 2025-01-10 18:22
全部漏洞信息
低危漏洞:44 中危漏洞:95 高危漏洞:42 严重漏洞:1

系统OS: redhat 9.2 扫描引擎: Trivy 扫描时间: 2025-01-10 18:22

quay.io/keycloak/keycloak:21.1.2 (redhat 9.2) (redhat)
低危漏洞:36 中危漏洞:55 高危漏洞:13 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
glibc CVE-2023-4911 高危 2.34-60.el9 2.34-60.el9_2.7 glibc: buffer overflow in ld.so leading to privilege escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4911

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-10-03 18:15 修改: 2024-09-17 19:46
glibc CVE-2024-2961 高危 2.34-60.el9 2.34-100.el9_4.2 glibc: Out of bounds write in iconv may lead to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15
glibc CVE-2024-33599 高危 2.34-60.el9 2.34-100.el9_4.2 glibc: stack-based buffer overflow in netgroup cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
glibc-common CVE-2023-4911 高危 2.34-60.el9 2.34-60.el9_2.7 glibc: buffer overflow in ld.so leading to privilege escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4911

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-10-03 18:15 修改: 2024-09-17 19:46
glibc-common CVE-2024-2961 高危 2.34-60.el9 2.34-100.el9_4.2 glibc: Out of bounds write in iconv may lead to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15
glibc-common CVE-2024-33599 高危 2.34-60.el9 2.34-100.el9_4.2 glibc: stack-based buffer overflow in netgroup cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
glibc-langpack-en CVE-2023-4911 高危 2.34-60.el9 2.34-60.el9_2.7 glibc: buffer overflow in ld.so leading to privilege escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4911

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-10-03 18:15 修改: 2024-09-17 19:46
glibc-langpack-en CVE-2024-2961 高危 2.34-60.el9 2.34-100.el9_4.2 glibc: Out of bounds write in iconv may lead to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15
glibc-langpack-en CVE-2024-33599 高危 2.34-60.el9 2.34-100.el9_4.2 glibc: stack-based buffer overflow in netgroup cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
java-17-openjdk-headless CVE-2024-20918 高危 1:17.0.7.0.7-3.el9 1:17.0.10.0.7-2.el9 OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20918

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-01-16 22:15 修改: 2024-02-15 03:18
java-17-openjdk-headless CVE-2024-20932 高危 1:17.0.7.0.7-3.el9 1:17.0.10.0.7-2.el9 OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20932

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-01-16 22:15 修改: 2024-08-30 16:35
java-17-openjdk-headless CVE-2024-20952 高危 1:17.0.7.0.7-3.el9 1:17.0.10.0.7-2.el9 OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20952

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-01-16 22:15 修改: 2024-08-30 16:35
java-17-openjdk-headless CVE-2024-21147 高危 1:17.0.7.0.7-3.el9 1:17.0.12.0.7-2.el9 OpenJDK: RangeCheckElimination array index overflow (8323231)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21147

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-16 23:15 修改: 2024-08-13 00:49
glibc-common CVE-2024-33600 中危 2.34-60.el9 2.34-100.el9_4.2 glibc: null pointer dereferences after failed netgroup cache insertion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
glibc CVE-2024-33600 中危 2.34-60.el9 2.34-100.el9_4.2 glibc: null pointer dereferences after failed netgroup cache insertion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
glibc CVE-2023-4527 中危 2.34-60.el9 2.34-60.el9_2.7 glibc: Stack read overflow in getaddrinfo in no-aaaa mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4527

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
glibc CVE-2023-4806 中危 2.34-60.el9 2.34-60.el9_2.7 glibc: potential use-after-free in getaddrinfo()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
glibc-langpack-en CVE-2023-4527 中危 2.34-60.el9 2.34-60.el9_2.7 glibc: Stack read overflow in getaddrinfo in no-aaaa mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4527

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
glibc-langpack-en CVE-2023-4806 中危 2.34-60.el9 2.34-60.el9_2.7 glibc: potential use-after-free in getaddrinfo()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
glibc-langpack-en CVE-2023-4813 中危 2.34-60.el9 2.34-60.el9_2.7 glibc: potential use-after-free in gaih_inet()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15
glibc-langpack-en CVE-2024-33600 中危 2.34-60.el9 2.34-100.el9_4.2 glibc: null pointer dereferences after failed netgroup cache insertion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
glibc CVE-2023-4813 中危 2.34-60.el9 2.34-60.el9_2.7 glibc: potential use-after-free in gaih_inet()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15
glibc-common CVE-2023-4527 中危 2.34-60.el9 2.34-60.el9_2.7 glibc: Stack read overflow in getaddrinfo in no-aaaa mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4527

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
glibc-common CVE-2023-4806 中危 2.34-60.el9 2.34-60.el9_2.7 glibc: potential use-after-free in getaddrinfo()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
glibc-common CVE-2023-4813 中危 2.34-60.el9 2.34-60.el9_2.7 glibc: potential use-after-free in gaih_inet()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15
java-17-openjdk-headless CVE-2023-22025 中危 1:17.0.7.0.7-3.el9 1:17.0.9.0.9-2.el9 OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22025

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-10-17 22:15 修改: 2024-02-01 02:11
java-17-openjdk-headless CVE-2023-22036 中危 1:17.0.7.0.7-3.el9 1:17.0.8.0.7-2.el9 OpenJDK: ZIP file parsing infinite loop (8302483)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22036

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-07-18 21:15 修改: 2024-01-26 16:48
java-17-openjdk-headless CVE-2023-22041 中危 1:17.0.7.0.7-3.el9 1:17.0.8.0.7-2.el9 OpenJDK: weakness in AES implementation (8308682)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22041

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-07-18 21:15 修改: 2024-01-26 16:48
java-17-openjdk-headless CVE-2023-22049 中危 1:17.0.7.0.7-3.el9 1:17.0.8.0.7-2.el9 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22049

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-07-18 21:15 修改: 2024-06-21 19:15
java-17-openjdk-headless CVE-2023-22081 中危 1:17.0.7.0.7-3.el9 1:17.0.9.0.9-2.el9 OpenJDK: certificate path validation issue during client authentication (8309966)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22081

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-10-17 22:15 修改: 2024-02-16 15:55
java-17-openjdk-headless CVE-2023-25193 中危 1:17.0.7.0.7-3.el9 1:17.0.8.0.7-2.el9 harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25193

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-02-04 20:15 修改: 2023-11-07 04:08
java-17-openjdk-headless CVE-2023-48161 中危 1:17.0.7.0.7-3.el9 1:17.0.13.0.11-3.el9 giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48161

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-11-22 06:15 修改: 2023-11-29 18:48
java-17-openjdk-headless CVE-2024-20919 中危 1:17.0.7.0.7-3.el9 1:17.0.10.0.7-2.el9 OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20919

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-02-17 02:15 修改: 2024-12-09 16:42
java-17-openjdk-headless CVE-2024-20921 中危 1:17.0.7.0.7-3.el9 1:17.0.10.0.7-2.el9 OpenJDK: range check loop optimization issue (8314307)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20921

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-02-17 02:15 修改: 2024-11-05 16:35
java-17-openjdk-headless CVE-2024-20945 中危 1:17.0.7.0.7-3.el9 1:17.0.10.0.7-2.el9 OpenJDK: logging of digital signature private keys (8316976)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-20945

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-02-17 02:15 修改: 2024-11-12 19:35
java-17-openjdk-headless CVE-2024-21011 中危 1:17.0.7.0.7-3.el9 1:17.0.11.0.9-2.el9 OpenJDK: long Exception message leading to crash (8319851)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21011

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-04-16 22:15 修改: 2024-11-21 21:15
java-17-openjdk-headless CVE-2024-21068 中危 1:17.0.7.0.7-3.el9 1:17.0.11.0.9-2.el9 OpenJDK: integer overflow in C1 compiler address generation (8322122)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21068

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-04-16 22:15 修改: 2024-12-06 19:22
java-17-openjdk-headless CVE-2024-21094 中危 1:17.0.7.0.7-3.el9 1:17.0.11.0.9-2.el9 OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21094

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-04-16 22:15 修改: 2024-07-03 01:46
java-17-openjdk-headless CVE-2024-21131 中危 1:17.0.7.0.7-3.el9 1:17.0.12.0.7-2.el9 OpenJDK: potential UTF8 size overflow (8314794)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21131

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-16 23:15 修改: 2024-12-05 22:02
java-17-openjdk-headless CVE-2024-21138 中危 1:17.0.7.0.7-3.el9 1:17.0.12.0.7-2.el9 OpenJDK: Excessive symbol length can lead to infinite loop (8319859)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21138

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-16 23:15 修改: 2024-12-05 22:05
java-17-openjdk-headless CVE-2024-21140 中危 1:17.0.7.0.7-3.el9 1:17.0.12.0.7-2.el9 OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21140

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-16 23:15 修改: 2024-08-01 13:46
java-17-openjdk-headless CVE-2024-21145 中危 1:17.0.7.0.7-3.el9 1:17.0.12.0.7-2.el9 OpenJDK: Out-of-bounds access in 2D image handling (8324559)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21145

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-16 23:15 修改: 2024-12-16 20:13
java-17-openjdk-headless CVE-2024-21208 中危 1:17.0.7.0.7-3.el9 1:17.0.13.0.11-3.el9 JDK: HTTP client improper handling of maxHeaderSize (8328286)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21208

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-10-15 20:15 修改: 2024-10-31 13:35
java-17-openjdk-headless CVE-2024-21210 中危 1:17.0.7.0.7-3.el9 1:17.0.13.0.11-3.el9 JDK: Array indexing integer overflow (8328544)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21210

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-10-15 20:15 修改: 2024-10-31 13:35
java-17-openjdk-headless CVE-2024-21217 中危 1:17.0.7.0.7-3.el9 1:17.0.13.0.11-3.el9 JDK: Unbounded allocation leads to out-of-memory error (8331446)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21217

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-10-15 20:15 修改: 2024-10-18 18:29
java-17-openjdk-headless CVE-2024-21235 中危 1:17.0.7.0.7-3.el9 1:17.0.13.0.11-3.el9 JDK: Integer conversion error leads to incorrect range check (8332644)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21235

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-10-15 20:15 修改: 2024-10-18 18:30
libcap CVE-2023-2603 中危 2.48-8.el9 2.48-9.el9_2 libcap: Integer Overflow in _libcap_strdup()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2603

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-06-06 20:15 修改: 2024-10-10 16:32
ncurses-base CVE-2023-29491 中危 6.2-8.20210508.el9 6.2-10.20210508.el9 ncurses: Local users can trigger security-relevant memory corruption via malformed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15
ncurses-libs CVE-2023-29491 中危 6.2-8.20210508.el9 6.2-10.20210508.el9 ncurses: Local users can trigger security-relevant memory corruption via malformed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15
nspr CVE-2023-5388 中危 4.34.0-18.el9_1 4.35.0-4.el9_3 nss: timing attack against RSA decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5388

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-03-19 12:15 修改: 2024-11-14 22:35
nspr CVE-2023-6135 中危 4.34.0-18.el9_1 4.35.0-6.el9_3 nss: vulnerable to Minerva side-channel information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6135

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-12-19 14:15 修改: 2024-01-07 11:15
nspr CVE-2024-6602 中危 4.34.0-18.el9_1 Mozilla: Memory corruption in NSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
nss CVE-2023-5388 中危 3.79.0-18.el9_1 3.90.0-4.el9_3 nss: timing attack against RSA decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5388

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-03-19 12:15 修改: 2024-11-14 22:35
nss CVE-2023-6135 中危 3.79.0-18.el9_1 3.90.0-6.el9_3 nss: vulnerable to Minerva side-channel information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6135

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-12-19 14:15 修改: 2024-01-07 11:15
nss CVE-2024-6602 中危 3.79.0-18.el9_1 Mozilla: Memory corruption in NSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
nss-softokn CVE-2023-5388 中危 3.79.0-18.el9_1 3.90.0-4.el9_3 nss: timing attack against RSA decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5388

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-03-19 12:15 修改: 2024-11-14 22:35
nss-softokn CVE-2023-6135 中危 3.79.0-18.el9_1 3.90.0-6.el9_3 nss: vulnerable to Minerva side-channel information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6135

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-12-19 14:15 修改: 2024-01-07 11:15
nss-softokn CVE-2024-6602 中危 3.79.0-18.el9_1 Mozilla: Memory corruption in NSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
nss-softokn-freebl CVE-2023-5388 中危 3.79.0-18.el9_1 3.90.0-4.el9_3 nss: timing attack against RSA decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5388

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-03-19 12:15 修改: 2024-11-14 22:35
nss-softokn-freebl CVE-2023-6135 中危 3.79.0-18.el9_1 3.90.0-6.el9_3 nss: vulnerable to Minerva side-channel information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6135

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-12-19 14:15 修改: 2024-01-07 11:15
nss-softokn-freebl CVE-2024-6602 中危 3.79.0-18.el9_1 Mozilla: Memory corruption in NSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
nss-sysinit CVE-2023-5388 中危 3.79.0-18.el9_1 3.90.0-4.el9_3 nss: timing attack against RSA decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5388

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-03-19 12:15 修改: 2024-11-14 22:35
nss-sysinit CVE-2023-6135 中危 3.79.0-18.el9_1 3.90.0-6.el9_3 nss: vulnerable to Minerva side-channel information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6135

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-12-19 14:15 修改: 2024-01-07 11:15
nss-sysinit CVE-2024-6602 中危 3.79.0-18.el9_1 Mozilla: Memory corruption in NSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
nss-util CVE-2023-5388 中危 3.79.0-18.el9_1 3.90.0-4.el9_3 nss: timing attack against RSA decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5388

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-03-19 12:15 修改: 2024-11-14 22:35
nss-util CVE-2023-6135 中危 3.79.0-18.el9_1 3.90.0-6.el9_3 nss: vulnerable to Minerva side-channel information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6135

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-12-19 14:15 修改: 2024-01-07 11:15
nss-util CVE-2024-6602 中危 3.79.0-18.el9_1 Mozilla: Memory corruption in NSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6602

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-07-09 15:15 修改: 2024-11-26 14:15
sqlite-libs CVE-2023-7104 中危 3.34.1-6.el9_1 3.34.1-7.el9_3 sqlite: heap-buffer-overflow at sessionfuzz

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7104

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-12-29 10:15 修改: 2024-05-17 02:34
ncurses-libs CVE-2023-50495 低危 6.2-8.20210508.el9 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
ca-certificates CVE-2023-37920 低危 2022.2.54-90.2.el9_0 2024.2.69_v8.0.303-91.4.el9_4 python-certifi: Removal of e-Tugra root certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37920

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-07-25 21:15 修改: 2023-08-12 06:16
glibc-common CVE-2024-33601 低危 2.34-60.el9 2.34-100.el9_4.2 glibc: netgroup cache may terminate daemon on memory allocation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
glibc-common CVE-2024-33602 低危 2.34-60.el9 2.34-100.el9_4.2 glibc: netgroup cache assumes NSS callback uses in-buffer strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
nspr CVE-2020-12413 低危 4.34.0-18.el9_1 nss: Information exposure when DH secret are reused across multiple TLS connections

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nspr CVE-2024-7531 低危 4.34.0-18.el9_1 mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
glibc CVE-2024-33601 低危 2.34-60.el9 2.34-100.el9_4.2 glibc: netgroup cache may terminate daemon on memory allocation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
java-17-openjdk-headless CVE-2022-3857 低危 1:17.0.7.0.7-3.el9 libpng: Null pointer dereference leads to segmentation fault

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3857

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-03-06 23:15 修改: 2024-10-09 04:15
java-17-openjdk-headless CVE-2023-22006 低危 1:17.0.7.0.7-3.el9 1:17.0.8.0.7-2.el9 OpenJDK: HTTP client insufficient file name validation (8302475)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22006

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-07-18 21:15 修改: 2024-01-26 16:48
nss CVE-2020-12413 低危 3.79.0-18.el9_1 nss: Information exposure when DH secret are reused across multiple TLS connections

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nss CVE-2024-7531 低危 3.79.0-18.el9_1 mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
java-17-openjdk-headless CVE-2023-22044 低危 1:17.0.7.0.7-3.el9 1:17.0.8.0.7-2.el9 OpenJDK: modulo operator array indexing issue (8304460)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22044

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-07-18 21:15 修改: 2023-07-27 17:34
java-17-openjdk-headless CVE-2023-22045 低危 1:17.0.7.0.7-3.el9 1:17.0.8.0.7-2.el9 OpenJDK: array indexing integer overflow issue (8304468)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22045

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-07-18 21:15 修改: 2024-01-26 16:04
java-17-openjdk-headless CVE-2024-21012 低危 1:17.0.7.0.7-3.el9 1:17.0.11.0.9-2.el9 OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21012

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-04-16 22:15 修改: 2024-11-13 18:35
nss-softokn CVE-2020-12413 低危 3.79.0-18.el9_1 nss: Information exposure when DH secret are reused across multiple TLS connections

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nss-softokn CVE-2024-7531 低危 3.79.0-18.el9_1 mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
glibc CVE-2024-33602 低危 2.34-60.el9 2.34-100.el9_4.2 glibc: netgroup cache assumes NSS callback uses in-buffer strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libcap CVE-2023-2602 低危 2.48-8.el9 2.48-9.el9_2 libcap: Memory Leak on pthread_create() Error

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2602

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-06-06 20:15 修改: 2023-11-30 05:15
libgcc CVE-2022-27943 低危 11.3.1-4.3.el9 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2022-03-26 13:15 修改: 2023-11-07 03:45
nss-softokn-freebl CVE-2020-12413 低危 3.79.0-18.el9_1 nss: Information exposure when DH secret are reused across multiple TLS connections

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nss-softokn-freebl CVE-2024-7531 低危 3.79.0-18.el9_1 mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
glibc-langpack-en CVE-2024-33601 低危 2.34-60.el9 2.34-100.el9_4.2 glibc: netgroup cache may terminate daemon on memory allocation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
ncurses-base CVE-2022-29458 低危 6.2-8.20210508.el9 ncurses: segfaulting OOB read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
ncurses-base CVE-2023-45918 低危 6.2-8.20210508.el9 ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
nss-sysinit CVE-2020-12413 低危 3.79.0-18.el9_1 nss: Information exposure when DH secret are reused across multiple TLS connections

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nss-sysinit CVE-2024-7531 低危 3.79.0-18.el9_1 mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
ncurses-base CVE-2023-50495 低危 6.2-8.20210508.el9 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
glibc-langpack-en CVE-2024-33602 低危 2.34-60.el9 2.34-100.el9_4.2 glibc: netgroup cache assumes NSS callback uses in-buffer strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
ncurses-libs CVE-2022-29458 低危 6.2-8.20210508.el9 ncurses: segfaulting OOB read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
nss-util CVE-2020-12413 低危 3.79.0-18.el9_1 nss: Information exposure when DH secret are reused across multiple TLS connections

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12413

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-02-16 22:15 修改: 2023-02-28 19:49
nss-util CVE-2024-7531 低危 3.79.0-18.el9_1 mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7531

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-08-06 13:15 修改: 2024-10-30 21:35
pcre2 CVE-2022-41409 低危 10.40-2.el9 pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-07-18 14:15 修改: 2023-07-27 03:46
pcre2-syntax CVE-2022-41409 低危 10.40-2.el9 pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2023-07-18 14:15 修改: 2023-07-27 03:46
ncurses-libs CVE-2023-45918 低危 6.2-8.20210508.el9 ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918

镜像层: sha256:e54dc53d0edbbc96d3307fdea7bc1ed433d9083a1aab033dc3b38fd8b4fb165a

发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
sqlite-libs CVE-2023-36191 低危 3.34.1-6.el9_1 sqlite: CLI fault on missing -nonce

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36191

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2023-06-23 02:15 修改: 2023-11-07 04:16
sqlite-libs CVE-2024-0232 低危 3.34.1-6.el9_1 sqlite: use-after-free bug in jsonParseAddNodeArray

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0232

镜像层: sha256:8eca1024ce55cfbc5a6f80be6699e4e88a7d17a61ceb218b34c78d882031ce9b

发布日期: 2024-01-16 14:15 修改: 2024-09-28 04:15
Java (jar)
低危漏洞:8 中危漏洞:40 高危漏洞:29 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.postgresql:postgresql CVE-2024-1597 严重 42.5.1 42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1597

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-02-19 13:15 修改: 2024-06-10 17:16
com.thoughtworks.xstream:xstream CVE-2024-47072 高危 1.4.20 1.4.21 com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47072

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-11-08 00:15 修改: 2024-11-08 19:01
commons-io:commons-io CVE-2024-47554 高危 2.7 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-10-03 12:15 修改: 2024-12-04 15:15
io.netty:netty-codec-http2 GHSA-xpw8-rcwv-8f8p 高危 4.1.86.Final 4.1.100.Final io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
io.quarkus.http:quarkus-http-core CVE-2024-12397 高危 4.1.9 5.3.4 io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12397

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-12-12 09:15 修改: 2024-12-12 09:15
io.quarkus.resteasy.reactive:resteasy-reactive CVE-2023-6267 高危 2.13.8.Final 2.13.9.Final, 3.2.9.Final quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6267

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-01-25 19:15 修改: 2024-12-04 08:15
io.quarkus:quarkus-core CVE-2024-2700 高危 2.13.8.Final 3.9.2, 3.8.4, 3.2.12.Final quarkus-core: Leak of local configuration properties into Quarkus applications

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2700

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-04 14:15 修改: 2024-12-12 22:15
io.quarkus:quarkus-vertx-http CVE-2023-4853 高危 2.13.8.Final 2.16.11.Final, 3.2.6.Final, 3.3.3 quarkus: HTTP security policy bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4853

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-09-20 10:15 修改: 2023-12-21 01:02
mysql:mysql-connector-java CVE-2023-22102 高危 8.0.30 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2023)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22102

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-10-17 22:15 修改: 2023-10-31 19:20
org.apache.commons:commons-compress CVE-2024-25710 高危 1.21 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
org.apache.sshd:sshd-common CVE-2024-41909 高危 2.9.2 2.12.0 mina-sshd: integrity check bypass vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41909

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-08-12 16:15 修改: 2024-08-30 18:32
org.apache.sshd:sshd-common CVE-2024-41909 高危 2.9.2 2.12.0 mina-sshd: integrity check bypass vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41909

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-08-12 16:15 修改: 2024-08-30 18:32
org.keycloak:keycloak-core CVE-2023-6841 高危 21.1.2 24.0.0 keycloak: Amount of attributes per object is not limited and it may lead to DOS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6841

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-09-10 17:15 修改: 2024-10-01 14:15
org.keycloak:keycloak-core CVE-2024-10039 高危 21.1.2 26.0.6 keycloak-core: mTLS passthrough

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10039

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
org.keycloak:keycloak-quarkus-server CVE-2024-10451 高危 21.1.2 24.0.9, 26.0.6 org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10451

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-11-25 08:15 修改: 2024-11-25 08:15
org.keycloak:keycloak-saml-core CVE-2024-8698 高危 21.1.2 22.0.13, 24.0.8, 25.0.6 keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8698

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-09-19 16:15 修改: 2024-12-12 20:15
org.keycloak:keycloak-services CVE-2023-6291 高危 21.1.2 23.0.3 keycloak: redirect_uri validation bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6291

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-01-26 15:15 修改: 2024-02-06 16:09
org.keycloak:keycloak-services CVE-2024-10270 高危 21.1.2 24.0.9, 26.0.6 org.keycloak:keycloak-services: Keycloak Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10270

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-11-25 08:15 修改: 2024-11-25 08:15
org.keycloak:keycloak-services CVE-2024-1132 高危 21.1.2 22.0.10, 24.0.3 keycloak: path transversal in redirection validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1132

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-17 14:15 修改: 2024-07-03 01:45
org.keycloak:keycloak-services CVE-2024-1249 高危 21.1.2 22.0.10, 24.0.3 keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1249

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-17 14:15 修改: 2024-06-24 06:15
org.keycloak:keycloak-services CVE-2024-2419 高危 21.1.2 22.0.10, 24.0.3 keycloak: path traversal in the redirect validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2419

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-17 14:15 修改: 2024-04-17 16:15
org.keycloak:keycloak-services CVE-2024-3656 高危 21.1.2 24.0.5 keycloak: Unguarded admin REST API endpoints allows low privilege users to use administrative functionalities

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3656

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-10-09 19:15 修改: 2024-12-23 14:15
org.keycloak:keycloak-services CVE-2024-4540 高危 21.1.2 24.0.5 keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4540

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-06-03 16:15 修改: 2024-06-03 23:15
org.keycloak:keycloak-services CVE-2024-7341 高危 21.1.2 22.0.12, 24.0.7, 25.0.5 wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7341

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-09-09 19:15 修改: 2024-10-04 12:48
com.h2database:h2 CVE-2022-45868 高危 2.1.214 2.2.220 The web-based admin console in H2 Database Engine before 2.2.220 can b ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45868

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2022-11-23 21:15 修改: 2024-08-03 15:15
org.wildfly.security:wildfly-elytron-http-oidc CVE-2023-6236 高危 1.20.4.Final 2.2.5.Final EAP: OIDC app attempting to access the second tenant, the user should be prompted to log

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6236

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-10 01:15 修改: 2024-06-18 13:15
org.wildfly.security:wildfly-elytron-http-oidc CVE-2023-6236 高危 1.20.4.Final 2.2.5.Final EAP: OIDC app attempting to access the second tenant, the user should be prompted to log

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6236

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-10 01:15 修改: 2024-06-18 13:15
org.wildfly.security:wildfly-elytron-realm-token CVE-2024-1233 高危 1.20.1.Final EAP: wildfly-elytron has a SSRF security issue

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1233

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-09 07:15 修改: 2024-06-04 17:15
org.wildfly.security:wildfly-elytron-realm-token CVE-2024-1233 高危 1.20.4.Final EAP: wildfly-elytron has a SSRF security issue

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1233

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-09 07:15 修改: 2024-06-04 17:15
org.yaml:snakeyaml CVE-2022-1471 高危 1.33 2.0 SnakeYaml: Constructor Deserialization Remote Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2022-12-01 11:15 修改: 2024-06-21 19:15
org.bouncycastle:bcprov-jdk15on CVE-2024-29857 中危 1.70 1.78 org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-05-14 15:17 修改: 2024-12-06 14:15
org.bouncycastle:bcprov-jdk15on CVE-2024-29857 中危 1.70 1.78 org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-05-14 15:17 修改: 2024-12-06 14:15
org.bouncycastle:bcprov-jdk15on CVE-2024-30171 中危 1.70 1.78 bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-05-14 15:21 修改: 2024-08-19 18:35
org.bouncycastle:bcprov-jdk15on CVE-2024-30171 中危 1.70 1.78 bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-05-14 15:21 修改: 2024-08-19 18:35
org.infinispan:infinispan-cachestore-remote CVE-2023-5384 中危 14.0.9.Final 15.0.0.Dev07, 14.0.25.Final infinispan: Credentials returned from configuration as clear text

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5384

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
org.infinispan:infinispan-client-hotrod CVE-2023-5384 中危 14.0.9.Final 15.0.0.Dev07, 14.0.25.Final infinispan: Credentials returned from configuration as clear text

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5384

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
org.infinispan:infinispan-commons CVE-2023-5384 中危 14.0.9.Final 15.0.0.Dev07, 14.0.25.Final infinispan: Credentials returned from configuration as clear text

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5384

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
org.infinispan:infinispan-core CVE-2023-5384 中危 14.0.9.Final 15.0.0.Dev07, 14.0.25.Final infinispan: Credentials returned from configuration as clear text

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5384

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
com.google.guava:guava CVE-2023-2976 中危 30.1-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
io.quarkus:quarkus-core CVE-2023-2974 中危 2.13.8.Final 2.16.8.Final quarkus-core: TLS protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported TLS protocol

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2974

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-07-04 14:15 修改: 2023-11-07 04:13
org.keycloak:keycloak-core CVE-2023-0105 中危 21.1.2 22.0.1 keycloak: impersonation and lockout possible through incorrect handling of email trust

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0105

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-01-13 06:15 修改: 2023-01-23 18:31
org.keycloak:keycloak-core CVE-2023-6927 中危 21.1.2 23.0.4 keycloak: open redirect via "form_post.jwt" JARM response mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6927

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-12-18 23:15 修改: 2024-01-09 21:15
org.keycloak:keycloak-core CVE-2024-7260 中危 21.1.2 24.0.7 keycloak-core: Open Redirect on Account page

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7260

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-09-09 19:15 修改: 2024-10-01 14:15
org.keycloak:keycloak-core CVE-2024-7318 中危 21.1.2 24.0.7, 25.0.4 keycloak-core: One Time Passcode (OTP) is valid longer than expiration timeSeverity

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7318

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-09-09 19:15 修改: 2024-10-07 20:15
io.netty:netty-common CVE-2024-47535 中危 4.1.86.Final 4.1.115 netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-11-12 16:15 修改: 2024-11-13 17:01
org.keycloak:keycloak-quarkus-server CVE-2024-10492 中危 21.1.2 26.0.6 keycloak-quarkus-server: Keycloak path trasversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10492

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-11-25 08:15 修改: 2024-11-25 08:15
org.keycloak:keycloak-quarkus-server CVE-2024-9666 中危 21.1.2 26.0.6 org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9666

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-11-25 08:15 修改: 2024-11-25 08:15
io.vertx:vertx-core CVE-2024-1300 中危 4.3.4 4.4.8, 4.5.3 io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1300

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-02 08:15 修改: 2024-11-25 03:15
io.vertx:vertx-web CVE-2023-24815 中危 4.3.4 4.3.8 vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24815

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-02-09 18:15 修改: 2023-02-17 13:57
io.netty:netty-handler CVE-2023-34462 中危 4.1.86.Final 4.1.94.Final netty: SniHandler 16MB allocation leads to OOM

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-06-22 23:15 修改: 2024-06-21 19:15
com.squareup.okio:okio-jvm CVE-2023-3635 中危 3.0.0 3.4.0 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-07-12 19:15 修改: 2023-10-25 15:17
org.apache.commons:commons-compress CVE-2024-26308 中危 1.21 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-02-19 09:15 修改: 2024-03-21 19:54
org.apache.james:apache-mime4j-core CVE-2024-21742 中危 0.8.9 0.8.10 Mime4J: Mime4J DOM header injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21742

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-02-27 17:15 修改: 2024-02-29 01:44
org.apache.santuario:xmlsec CVE-2023-44483 中危 2.2.3 2.3.4, 2.2.6, 3.0.3 santuario: Private Key disclosure in debug-log output

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44483

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-10-20 10:15 修改: 2023-10-27 18:49
io.netty:netty-codec-http CVE-2024-29025 中危 4.1.86.Final 4.1.108.Final netty-codec-http: Allocation of Resources Without Limits or Throttling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-03-25 20:15 修改: 2024-06-21 22:15
io.quarkus.resteasy.reactive:resteasy-reactive CVE-2024-1726 中危 2.13.8.Final 3.8.0, 3.7.4, 3.2.11.Final quarkus: security checks for some inherited endpoints performed after serialization in RESTEasy Reactive may trigger a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1726

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-25 17:15 修改: 2024-04-25 17:24
org.keycloak:keycloak-services CVE-2023-3597 中危 21.1.2 22.0.10, 24.0.3 keycloak: secondary factor bypass in step-up authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3597

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-25 13:15 修改: 2024-08-07 10:15
org.keycloak:keycloak-services CVE-2023-6134 中危 21.1.2 23.0.3 keycloak: reflected XSS via wildcard in OIDC redirect_uri

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6134

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-12-14 22:15 修改: 2024-02-02 16:18
org.keycloak:keycloak-services CVE-2023-6484 中危 21.1.2 22.0.9, 23.0.5 keycloak: Log Injection during WebAuthn authentication or registration

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6484

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-25 16:15 修改: 2024-04-25 17:25
org.keycloak:keycloak-services CVE-2023-6544 中危 21.1.2 22.0.10, 24.0.3 keycloak: Authorization Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6544

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-25 16:15 修改: 2024-04-25 17:24
org.keycloak:keycloak-services CVE-2023-6717 中危 21.1.2 22.0.10, 24.0.3 keycloak: XSS via assertion consumer service URL in SAML POST-binding flow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6717

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-25 16:15 修改: 2024-08-29 19:15
org.keycloak:keycloak-services CVE-2023-6787 中危 21.1.2 22.0.10, 24.0.3 keycloak: session hijacking via re-authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6787

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-04-25 16:15 修改: 2024-07-03 01:44
org.keycloak:keycloak-services CVE-2024-4629 中危 21.1.2 22.0.12, 24.0.7, 25.0.4 keycloak: potential bypass of brute force protection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4629

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-09-03 20:15 修改: 2024-09-16 15:51
org.keycloak:keycloak-services CVE-2024-8883 中危 21.1.2 22.0.13, 24.0.8, 25.0.6 Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8883

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-09-19 16:15 修改: 2024-11-26 19:15
org.apache.sshd:sshd-common CVE-2023-35887 中危 2.9.2 2.9.3 apache-mina-sshd: information exposure in SFTP server implementations

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-35887

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-07-10 16:15 修改: 2023-11-21 14:38
org.apache.sshd:sshd-common CVE-2023-35887 中危 2.9.2 2.9.3 apache-mina-sshd: information exposure in SFTP server implementations

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-35887

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-07-10 16:15 修改: 2023-11-21 14:38
org.bitbucket.b_c:jose4j CVE-2023-51775 中危 0.9.3 0.9.4 jose4j: denial of service via specially crafted JWE

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51775

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-02-29 01:42 修改: 2024-08-14 19:35
org.bitbucket.b_c:jose4j CVE-2023-51775 中危 0.9.3 0.9.4 jose4j: denial of service via specially crafted JWE

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51775

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-02-29 01:42 修改: 2024-08-14 19:35
org.bouncycastle:bcprov-jdk15on CVE-2023-33201 中危 1.70 bouncycastle: potential blind LDAP injection attack using a self-signed certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-07-05 03:15 修改: 2023-08-24 19:15
org.bouncycastle:bcprov-jdk15on CVE-2023-33201 中危 1.70 bouncycastle: potential blind LDAP injection attack using a self-signed certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-07-05 03:15 修改: 2023-08-24 19:15
org.keycloak:keycloak-services CVE-2023-0657 低危 21.1.2 22.0.10, 24.0.3 keycloak: impersonation via logout token exchange

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0657

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-11-17 11:15 修改: 2024-11-18 17:11
org.keycloak:keycloak-services CVE-2024-1722 低危 21.1.2 24.0.0 keycloak-core: DoS via account lockout

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1722

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-02-29 01:43 修改: 2024-02-29 13:49
com.google.guava:guava CVE-2020-8908 低危 30.1-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
io.quarkus.resteasy.reactive:resteasy-reactive-common CVE-2023-0481 低危 2.13.8.Final 3.0.0.Alpha4 quarkus: insecure permissions on temp files

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0481

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2023-02-24 18:15 修改: 2023-03-07 01:44
org.keycloak:keycloak-ldap-federation CVE-2022-2232 低危 21.1.2 23.0.1 keycloak: LDAP injection on username input

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2232

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-11-14 15:15 修改: 2024-11-15 13:58
org.keycloak:keycloak-ldap-federation CVE-2024-5967 低危 21.1.2 25.0.1, 22.0.12, 24.0.6 keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5967

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-06-18 12:15 修改: 2024-09-09 19:15
org.keycloak:keycloak-services CVE-2021-3754 低危 21.1.2 24.0.1 keycloak: allows using email as username

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3754

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2022-08-26 16:15 修改: 2022-09-01 16:00
org.keycloak:keycloak-services CVE-2022-2232 低危 21.1.2 23.0.1 keycloak: LDAP injection on username input

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2232

镜像层: sha256:f51bb4d0f202aa5b9b2730ff1a2126c8d69cc432c61f2281dcf6cd3bf4f99275

发布日期: 2024-11-14 15:15 修改: 2024-11-15 13:58