1、Citrix ADC & Citrix Gateway远程代码执行漏洞
代码语言:javascript复制CVE:CVE-2023-3519
影响版本:
NetScaler ADC 和 NetScaler Gateway 13.1 < 13.1-49.13
NetScaler ADC 和 NetScaler Gateway 13.0 < 13.0-91.13
NetScaler ADC 13.1-FIPS < 13.1-37.159
NetScaler ADC 12.1-FIPS < 12.1-55.297
NetScaler ADC 12.1-NDcPP < 12.1-55.297https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
2、Atlassian Confluence Data Center & Server远程代码执行漏洞
代码语言:javascript复制CVE:
CVE-2023-22508
CVE-2023-22505
CVE-2023-22506
影响版本:
CVE-2023-22508
7.19.8 <= Confluence Data Center & Server < 8.2.0
CVE-2023-22505
8.0.0 <= Confluence Data Center & Server < 8.3.2、8.4.0
CVE-2023-22506
8.0.0 <= Bamboo Data Center & Server < 9.2.3、9.3.1https://jira.atlassian.com/browse/CONFSERVER-88221
https://jira.atlassian.com/browse/CONFSERVER-88265
https://jira.atlassian.com/browse/BAM-22400
3、OpenSSH ssh-agent远程代码执行漏洞
代码语言:javascript复制CVE:CVE-2023-38408
影响版本:
OpenSSH 版本< 9.3p2https://www.openssh.com/releasenotes.html#9.3p2
4、泛微e-cology SQL注入漏洞
代码语言:javascript复制CVE:CVE-2023-3793
影响版本:
泛微e-cology版本<10.58.0https://vuldb.com/?id.235061
5、Apache Shiro身份验证绕过漏洞
代码语言:javascript复制CVE:CVE-2023-34478
影响版本:
Apache Shiro版本 < 1.12.0
Apache Shiro版本 < 2.0.0-alpha-3https://www.mail-archive.com/announce@apache.org/msg08364.html
6、Metabase远程代码执行漏洞
代码语言:javascript复制CVE:CVE-2023-38646
影响版本:
Metabase开源版本< v0.46.6.1
Metabase企业版本< v1.46.6.1
Metabase开源版本< v0.45.4.1
Metabase企业版本< v1.45.4.1
Metabase开源版本< v0.44.7.1
Metabase企业版本< v1.44.7.1
Metabase开源版本< v0.43.7.2
Metabase企业版本< v1.43.7.2https://www.metabase.com/blog/security-advisory
7、VMware Tanzu Application Service for VMs & Isolation Segment信息泄露漏洞
代码语言:javascript复制CVE:CVE-2023-20891
影响版本:
VMware Tanzu Application Service for VMs 4.0.x < 4.0.5
VMware Tanzu Application Service for VMs 3.0.x < 3.0.14
VMware Tanzu Application Service for VMs 2.13.x < 2.13.24
VMware Tanzu Application Service for VMs 2.11.x < 2.11.42
Isolation Segment 4.0.x < 4.0.4
Isolation Segment 3.0.x < 3.0.13
Isolation Segment 2.13.x < 2.13.20
Isolation Segment 2.11.x < 2.11.35https://www.vmware.com/security/advisories/VMSA-2023-0016.html
8、Apache Jackrabbit 远程代码执行漏洞
代码语言:javascript复制CVE:CVE-2023-37895
影响版本:
Apache Jackrabbit Webapp (jackrabbit-webapp) 2.21.0 < 2.21.18 Apache Jackrabbit Webapp (jackrabbit-webapp) 1.0.0 < 2.20.11 Apache Jackrabbit Standalone (jackrabbit-standalone 和 jackrabbit-standalone-components) 2.21.0 < 2.21.18
Apache Jackrabbit Standalone (jackrabbit-standalone 和 jackrabbit-standalone-components) 1.0.0 < 2.20.11https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw
9、Jeecg-Boot SQL注入漏洞
代码语言:javascript复制CVE:CVE-2023-38992
影响版本:
Jeecg-Boot版本 < 3.5.3https://github.com/jeecgboot/jeecg-boot/issues/5173
10、QNAP QVPN Device Client for Windows代码执行漏洞
代码语言:javascript复制CVE:CVE-2022-27595
影响版本:
CVE-2022-27595:
QNAP QVPN Device Client for Windows < 2.0.0.1316
注:适用于 macOS、Android 和 iOS 的QVPN Device Client不受该漏洞影响。
CVE-2022-27600:
QTS < 5.0.1.2277 build 20230112
QTS < 4.5.4.2280 build 20230112
QuTS Hero < h5.0.1.2277 build 20230112
QuTS Hero < h4.5.4.2374 build 20230417
QuTScloud < c5.0.1.2374 build 20230419
QVR Pro Appliance < 2.3.1.0476https://www.qnap.com/en-us/security-advisory/qsa-23-04
11、Metabase H2远程代码执行漏洞
代码语言:javascript复制CVE:CVE-2023-37470
影响版本:
Metabase Open Source < v0.46.6.4
Metabase Enterprise < v1.46.6.4
Metabase Open Source < v0.45.4.3
Metabase Enterprise < v1.45.4.3
Metabase Open Source < v0.44.7.3
Metabase Enterprise < v1.44.7.3
Metabase Open Source < v0.43.7.3
Metabase Enterprise < v1.43.7.3https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83
12、IBM SDK Java Technology Edition任意代码执行漏洞
代码语言:javascript复制CVE:CVE-2022-40609
影响版本:
IBM SDK, Java Technology Edition<= 8.0.8.0
IBM SDK, Java Technology Edition<=7.1.5.18https://www.ibm.com/support/pages/node/7017032
13、Ivanti Endpoint Manager Mobile 路径遍历漏洞
代码语言:javascript复制CVE:CVE-2023-35081
影响版本:
Ivanti Endpoint Manager<=11.10
Ivanti Endpoint Manager<=11.9
Ivanti Endpoint Manager<=11.8https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
推荐阅读:
CVE-2023-38286|Spring Boot Admin 远程代码执行漏洞
CVE-2023-25135|vBulletin反序列化代码执行漏洞
Clash for Windows远程代码执行漏洞
