Search CVE reports
131 – 140 of 41750 results
A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the...
1 affected package
libspring-java
| Package | 22.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
1 affected package
libspring-java
| Package | 22.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0...
1 affected package
libspring-java
| Package | 22.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0...
1 affected package
libspring-java
| Package | 22.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
1 affected package
libspring-java
| Package | 22.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected...
1 affected package
libspring-java
| Package | 22.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0...
1 affected package
libspring-java
| Package | 22.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verification path. Impact summary:...
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 22.04 LTS |
|---|---|
| edk2 | Not affected |
| nodejs | Vulnerable |
| openssl | Not affected |
| openssl-fips | Not affected |
| openssl1.0 | Not in release |
Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which...
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 22.04 LTS |
|---|---|
| edk2 | Not affected |
| nodejs | Vulnerable |
| openssl | Not affected |
| openssl-fips | Not affected |
| openssl1.0 | Not in release |
Some fixes available 1 of 2
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact...
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 22.04 LTS |
|---|---|
| edk2 | Not affected |
| nodejs | Vulnerable |
| openssl | Fixed |
| openssl-fips | Not in release |
| openssl1.0 | Not in release |