Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 1338 results


CVE-2024-38828

Medium priority
Needs evaluation

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-48426

Medium priority
Needs evaluation

A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).

4 affected packages

assimp, qt6-3d, qt6-quick3d, spring

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
assimp Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qt6-3d Needs evaluation Needs evaluation Not in release
qt6-quick3d Needs evaluation Needs evaluation Not in release
spring Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-48425

Medium priority
Needs evaluation

A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at...

4 affected packages

assimp, qt6-3d, qt6-quick3d, spring

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
assimp Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qt6-3d Needs evaluation Needs evaluation Not in release
qt6-quick3d Needs evaluation Needs evaluation Not in release
spring Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-48424

Medium priority
Needs evaluation

A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.

4 affected packages

assimp, qt6-3d, qt6-quick3d, spring

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
assimp Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qt6-3d Needs evaluation Needs evaluation Not in release
qt6-quick3d Needs evaluation Needs evaluation Not in release
spring Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38820

Medium priority
Needs evaluation

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-37154

Medium priority
Needs evaluation

check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.

1 affected packages

monitoring-plugins

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
monitoring-plugins Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38809

Medium priority
Needs evaluation

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38816

Medium priority
Needs evaluation

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38807

Medium priority
Needs evaluation

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38808

Medium priority
Needs evaluation

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages