【已解答】Neuss 扫描出来的弱点，有修复计划吗？

区域[Plugin Name]	区域[Severity]	区域[Exploit?]	区域[First Discovered]	区域[Last Observed]
OpenSSL 1.0.2 < 1.0.2w Vulnerability	Low	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2y Multiple Vulnerabilities	Low	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2za Vulnerability	High	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2zd Vulnerability	High	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2ze Vulnerability	Critical	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2zf Vulnerability	Critical	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.1.1 < 1.1.1p Vulnerability	Critical	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.1.1 < 1.1.1q Vulnerability	Medium	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.1.1 < 1.1.1t Multiple Vulnerabilities	High	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2zg Multiple Vulnerabilities	High	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.1.1 < 1.1.1u Multiple Vulnerabilities	Medium	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2zh Multiple Vulnerabilities	Medium	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.1.1 < 1.1.1v Multiple Vulnerabilities	Medium	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2zi Multiple Vulnerabilities	Medium	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.1.1 < 1.1.1w Vulnerability	High	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
libcurl 7.9.1 < 8.4.0 Cookie Injection	Low	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
libcurl 7.69 < 8.4.0 Heap Buffer Overflow	Critical	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.1.1 < 1.1.1x Multiple Vulnerabilities	Medium	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2zj Multiple Vulnerabilities	Medium	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
Curl 7.46.0 <= 8.4.0 Information Disclosure (CVE-2023-46218)	Medium	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
Curl 7.44.0 < 8.7.0 HTTP/2 Push Headers Memory-leak (CVE-2024-2398)	High	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
Dnspython < 2.6.0rc1 DoS	High	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.1.1 < 1.1.1y Multiple Vulnerabilities	High	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
Oracle MySQL Server 8.0.x < 8.0.37 (January 2025 CPU)	Medium	No	Apr 20, 2025 19:01:33 UTC	Jun 29, 2025 19:01:43 UTC
aioHTTP < 3.9.4 XSS	Medium	No	Nov 14, 2024 19:02:38 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2zc Vulnerability	Medium	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.1.1 < 1.1.1za Vulnerability	Critical	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2zk Vulnerability	Critical	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
Oracle MySQL Server 8.0.x < 8.0.38 (July 2024 CPU)	Medium	No	Apr 20, 2025 19:01:33 UTC	Jun 29, 2025 19:01:43 UTC
Oracle MySQL Server 8.0.x < 8.0.39 (October 2024 CPU)	Medium	No	Apr 20, 2025 19:01:33 UTC	Jun 29, 2025 19:01:43 UTC
Curl 7.32.0 < 8.9.1 DoS (CVE-2024-7264)	Medium	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
libcurl 7.32.0 < 8.9.1 DoS (CVE-2024-7264)	Medium	Yes	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
Curl 7.41.0 < 8.10.0 Security Bypass (CVE-2024-8096)	Medium	No	Oct 17, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.1.1 < 1.1.1zb Vulnerability	Medium	No	Oct 18, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
OpenSSL 1.0.2 < 1.0.2zl Vulnerability	Medium	No	Oct 18, 2024 19:02:46 UTC	Jun 29, 2025 19:01:43 UTC
Oracle MySQL Server 8.0.x < 8.0.40 (January 2025 CPU)	Critical	Yes	Apr 20, 2025 19:01:33 UTC	Jun 29, 2025 19:01:43 UTC
NumPy < 1.22.0 Vulnerability - CVE-2021-34141	Medium	Yes	May 27, 2025 19:01:33 UTC	Jun 29, 2025 19:01:43 UTC
NumPy < 1.22.2 Null Pointer Dereference	Medium	Yes	May 27, 2025 19:01:33 UTC	Jun 29, 2025 19:01:43 UTC
Curl 7.74.0 < 8.10.1 Input Misinterpretation (CVE-2024-9681)	Medium	Yes	Nov 10, 2024 19:02:42 UTC	Jun 29, 2025 19:01:43 UTC
Curl 6.5 < 8.11.1 Information Disclosure (CVE-2024-11053)	Low	No	Dec 14, 2024 19:02:36 UTC	Jun 29, 2025 19:01:43 UTC
Oracle MySQL Server 8.0.x < 8.0.41 (January 2025 CPU)	Medium	Yes	Apr 20, 2025 19:01:33 UTC	Jun 29, 2025 19:01:43 UTC
Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)	High	Yes	Feb 14, 2025 19:01:36 UTC	Jun 29, 2025 19:01:43 UTC

阿珂 · 发表于 2025-6-30 15:05:16

这个是系统的组件问题
一般升级系统即可

dzmaster · 发表于 2025-7-1 10:22:24

阿珂发表于 2025-6-30 15:05
这个是系统的组件问题
一般升级系统即可

不是系统组件，举个例子，
Path          : /www/server/mysql/lib/private/libssl.so.1.1
  Reported version : 1.1.1o
  Fixed version : 1.1.1t

  Path          : /www/server/mysql/lib/private/libcrypto.so.1.1
  Reported version : 1.1.1o
  Fixed version : 1.1.1t

  Path          : /usr/local/openssl111/lib/libssl.so.1.1
  Reported version : 1.1.1o
  Fixed version : 1.1.1t

dzmaster · 发表于 2025-7-1 10:29:34

阿珂发表于 2025-6-30 15:05
这个是系统的组件问题
一般升级系统即可

不全是，比如
Path          : /www/server/mysql/lib/private/libssl.so.1.1
  Reported version : 1.1.1o
  Fixed version : 1.1.1p

  Path          : /www/server/mysql/lib/private/libcrypto.so.1.1
  Reported version : 1.1.1o
  Fixed version : 1.1.1p

阿珂 · 发表于 2025-7-1 17:27:17

这个后续会考虑的

█菠萝云买2送1活动！12G内存99元	cncsz专注海外服务器+站群	A3招租，联系qq394030111	香港CN2物理机8核32G，398元/月	【UStat】免费易用的网站分析平台
高防服务器，无视一切流量攻击	【阿里云】宝塔一键部署，低至5折	香港站群金牌Gold 6138大促销	【阿里云】宝塔一键部署，低至5折	OV/EV SSL证书，可当日签发
█ 易探云·香港/美国vps仅9元 █	▶CPS云◀海外大带宽vps服务器	OV/EV SSL证书，可当日签发	【云防护】专注域名和网站安全防护	【UStat】免费易用的网站分析平台