Search CVE reports
31 – 40 of 1338 results
CVE-2022-22976
Medium prioritySpring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not...
2 affected packages
libspring-java, libspring-security-2.0-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libspring-security-2.0-java | — | — | — | — | — |
CVE-2022-22971
Low priorityIn spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
1 affected packages
libspring-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-22970
Low priorityIn spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to...
1 affected packages
libspring-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-24792
Medium priorityPJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The...
3 affected packages
asterisk, pjproject, ring
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Needs evaluation | Needs evaluation | — |
CVE-2011-4917
Low priorityIn the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.
18 affected packages
linux, linux-armadaxp, linux-ec2, linux-flo, linux-fsl-imx51...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | — | — | — |
linux-armadaxp | — | — | — | — | — |
linux-ec2 | — | — | — | — | — |
linux-flo | — | — | — | — | — |
linux-fsl-imx51 | — | — | — | — | — |
linux-goldfish | — | — | — | — | — |
linux-grouper | — | — | — | — | — |
linux-lts-backport-maverick | — | — | — | — | — |
linux-lts-backport-natty | — | — | — | — | — |
linux-lts-backport-oneiric | — | — | — | — | — |
linux-lts-quantal | — | — | — | — | — |
linux-lts-raring | — | — | — | — | — |
linux-lts-saucy | — | — | — | — | — |
linux-maguro | — | — | — | — | — |
linux-mako | — | — | — | — | — |
linux-manta | — | — | — | — | — |
linux-mvl-dove | — | — | — | — | — |
linux-ti-omap4 | — | — | — | — | — |
CVE-2022-22968
Medium priorityIn Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed...
1 affected packages
libspring-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-24793
Medium prioritySome fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who...
3 affected packages
pjproject, ring, sflphone
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Fixed | Fixed | Ignored |
sflphone | — | — | — | — | Ignored |
CVE-2022-24786
Medium priorityPJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses...
3 affected packages
pjproject, ring, sflphone
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Needs evaluation | Needs evaluation | Ignored |
sflphone | — | — | — | — | Ignored |
CVE-2022-22950
Medium priorityn Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
1 affected packages
libspring-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-22965
High priorityA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application...
1 affected packages
libspring-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |