Search CVE reports
71 – 80 of 1337 results
CVE-2020-5397
Medium prioritySpring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only...
1 affected packages
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-5398
Medium priorityIn Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a...
1 affected packages
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2013-6430
Medium priorityThe JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting...
1 affected packages
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libspring-java | — | — | — | — | Not affected |
CVE-2016-1000027
Negligible priorityPivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or...
1 affected packages
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libspring-java | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2012-6111
Low prioritygnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
1 affected packages
gnome-keyring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnome-keyring | — | — | — | Not affected | Not affected |
CVE-2012-5578
Medium prioritySome fixes available 5 of 6
Python keyring has insecure permissions on new databases allowing world-readable files to be created
1 affected packages
python-keyring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-keyring | — | — | — | — | — |
CVE-2007-3732
Medium priorityIn Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling...
22 affected packages
linux, linux-armadaxp, linux-flo, linux-goldfish, linux-grouper...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Not affected |
| linux-armadaxp | — | — | — | — | Not in release |
| linux-flo | — | — | — | — | Not affected |
| linux-goldfish | — | — | — | — | Not affected |
| linux-grouper | — | — | — | — | Not in release |
| linux-linaro-omap | — | — | — | — | Not in release |
| linux-linaro-shared | — | — | — | — | Not in release |
| linux-linaro-vexpress | — | — | — | — | Not in release |
| linux-lts-quantal | — | — | — | — | Not in release |
| linux-lts-raring | — | — | — | — | Not in release |
| linux-lts-saucy | — | — | — | — | Not in release |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Not affected |
| linux-manta | — | — | — | — | Not in release |
| linux-qcm-msm | — | — | — | — | Not in release |
| linux-raspi2 | — | — | — | — | Not affected |
| linux-ti-omap4 | — | — | — | — | Not in release |
CVE-2010-2243
Low priorityA vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.
11 affected packages
linux, linux-armadaxp, linux-ec2, linux-fsl-imx51, linux-lts-backport-maverick...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | — |
| linux-armadaxp | — | — | — | — | — |
| linux-ec2 | — | — | — | — | — |
| linux-fsl-imx51 | — | — | — | — | — |
| linux-lts-backport-maverick | — | — | — | — | — |
| linux-lts-backport-natty | — | — | — | — | — |
| linux-lts-backport-oneiric | — | — | — | — | — |
| linux-lts-quantal | — | — | — | — | — |
| linux-lts-raring | — | — | — | — | — |
| linux-mvl-dove | — | — | — | — | — |
| linux-ti-omap4 | — | — | — | — | — |
CVE-2014-8181
Low priorityThe kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
27 affected packages
linux, linux-armadaxp, linux-aws, linux-flo, linux-gke...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Not affected |
| linux-armadaxp | — | — | — | — | Not in release |
| linux-aws | — | — | — | — | Not affected |
| linux-flo | — | — | — | — | Not affected |
| linux-gke | — | — | — | — | Not affected |
| linux-goldfish | — | — | — | — | Not affected |
| linux-grouper | — | — | — | — | Not in release |
| linux-hwe | — | — | — | — | Not affected |
| linux-hwe-edge | — | — | — | — | Not affected |
| linux-linaro-omap | — | — | — | — | Not in release |
| linux-linaro-shared | — | — | — | — | Not in release |
| linux-linaro-vexpress | — | — | — | — | Not in release |
| linux-lts-quantal | — | — | — | — | Not in release |
| linux-lts-raring | — | — | — | — | Not in release |
| linux-lts-saucy | — | — | — | — | Not in release |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Not affected |
| linux-manta | — | — | — | — | Not in release |
| linux-qcm-msm | — | — | — | — | Not in release |
| linux-raspi2 | — | — | — | — | Not affected |
| linux-snapdragon | — | — | — | — | Not affected |
| linux-ti-omap4 | — | — | — | — | Not in release |
CVE-2011-3923
Medium priorityApache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
2 affected packages
libspring-2.5-java, libstruts1.2-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libspring-2.5-java | — | — | — | Not in release | Not in release |
| libstruts1.2-java | — | — | — | Not in release | Not in release |