Search CVE reports

101 – 110 of 1353 results

Detailed view

Sort by:

CVE-2018-11039

Medium priority

Vulnerable

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	Not affected	Not affected	Not affected	Not affected

CVE-2018-1258

Medium priority

Not in release

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that...

1 affected package

libspring-security-2.0-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-security-2.0-java	—	—	—	Not in release

CVE-2018-1257

Low priority

Vulnerable

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	Not affected	Not affected	Not affected	Not affected

CVE-2018-1275

Medium priority

Ignored

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	—	—	—	Not affected

CVE-2018-1272

Medium priority

Ignored

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A)...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	—	—	—	Not affected

CVE-2018-1271

Negligible priority

Ignored

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	—	—	—	Not affected

CVE-2018-1270

High priority

Some fixes available 2 of 3

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	—	—	—	Fixed

CVE-2015-9016

Medium priority

Fixed

In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation...

32 affected packages

linux, linux-armadaxp, linux-aws, linux-azure, linux-euclid...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux	—	—	—	Not affected
linux-armadaxp	—	—	—	Not in release
linux-aws	—	—	—	Not affected
linux-azure	—	—	—	Not affected
linux-euclid	—	—	—	Not in release
linux-flo	—	—	—	Not in release
linux-gcp	—	—	—	Not affected
linux-gke	—	—	—	Not in release
linux-goldfish	—	—	—	Not in release
linux-grouper	—	—	—	Not in release
linux-hwe	—	—	—	Not affected
linux-hwe-edge	—	—	—	Fixed
linux-kvm	—	—	—	Not affected
linux-linaro-omap	—	—	—	Not in release
linux-linaro-shared	—	—	—	Not in release
linux-linaro-vexpress	—	—	—	Not in release
linux-lts-quantal	—	—	—	Not in release
linux-lts-raring	—	—	—	Not in release
linux-lts-saucy	—	—	—	Not in release
linux-lts-trusty	—	—	—	Not in release
linux-lts-utopic	—	—	—	Not in release
linux-lts-vivid	—	—	—	Not in release
linux-lts-wily	—	—	—	Not in release
linux-lts-xenial	—	—	—	Not in release
linux-maguro	—	—	—	Not in release
linux-mako	—	—	—	Not in release
linux-manta	—	—	—	Not in release
linux-oem	—	—	—	Not affected
linux-qcm-msm	—	—	—	Not in release
linux-raspi2	—	—	—	Not affected
linux-snapdragon	—	—	—	Not affected
linux-ti-omap4	—	—	—	Not in release

CVE-2018-7566

Medium priority

Some fixes available 14 of 23

The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

98 affected packages

linux-aws, linux-azure, linux, linux-azure-edge, linux-euclid...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux-aws	Not affected	Not affected	Not affected	Not affected
linux-azure	Not affected	Not affected	Not affected	Not affected
linux	Not affected	Not affected	Not affected	Not affected
linux-azure-edge	Not in release	Not in release	Not in release	Not affected
linux-euclid	—	—	—	Not in release
linux-flo	—	—	—	Not in release
linux-gcp	Not affected	Not affected	Not affected	Not affected
linux-gke	Not affected	Not affected	Ignored	Not in release
linux-goldfish	—	—	—	Not in release
linux-grouper	—	—	—	Not in release
linux-hwe	Not in release	Not in release	Not in release	Not affected
linux-hwe-edge	Not in release	Not in release	Not in release	Not affected
linux-kvm	Not in release	Not affected	Not affected	Not affected
linux-lts-quantal	—	—	—	Not in release
linux-lts-raring	—	—	—	Not in release
linux-lts-saucy	—	—	—	Not in release
linux-lts-trusty	—	—	—	Not in release
linux-lts-utopic	—	—	—	Not in release
linux-lts-vivid	—	—	—	Not in release
linux-lts-wily	—	—	—	Not in release
linux-lts-xenial	Not in release	Not in release	Not in release	Not in release
linux-maguro	—	—	—	Not in release
linux-mako	—	—	—	Not in release
linux-manta	—	—	—	Not in release
linux-oem	Not in release	Not in release	Not in release	Not affected
linux-raspi2	Not in release	Not in release	Ignored	Not affected
linux-snapdragon	Not in release	Not in release	Not in release	Not affected
linux-hwe-5.4	Not in release	Not in release	Not in release	Not affected
linux-hwe-5.15	Not in release	Not in release	Not affected	Not in release
linux-hwe-6.8	Not in release	Not affected	Not in release	Not in release
linux-aws-5.4	Not in release	Not in release	Not in release	Not affected
linux-aws-5.15	Not in release	Not in release	Not affected	Not in release
linux-aws-hwe	Not in release	Not in release	Not in release	Not in release
linux-azure-4.15	Not in release	Not in release	Not in release	Not affected
linux-azure-5.4	Not in release	Not in release	Not in release	Not affected
linux-azure-5.15	Not in release	Not in release	Not affected	Not in release
linux-azure-fde	Not affected	Not affected	Ignored	Not in release
linux-azure-fde-5.15	Not in release	Not in release	Ignored	Not in release
linux-bluefield	Not in release	Not in release	Not affected	Not in release
linux-fips	Not in release	Not affected	Not affected	Not affected
linux-aws-fips	Not in release	Not affected	Not affected	Not affected
linux-azure-fips	Not in release	Not affected	Not affected	Not affected
linux-gcp-fips	Not in release	Not affected	Not affected	Not affected
linux-gcp-4.15	Not in release	Not in release	Not in release	Not affected
linux-gcp-5.4	Not in release	Not in release	Not in release	Not affected
linux-gcp-5.15	Not in release	Not in release	Not affected	Not in release
linux-gkeop	Not affected	Not affected	Not affected	Not in release
linux-gkeop-5.15	Not in release	Not in release	Not affected	Not in release
linux-ibm	Not affected	Not affected	Not affected	Not in release
linux-ibm-5.4	Not in release	Not in release	Not in release	Not affected
linux-ibm-5.15	Not in release	Not in release	Not affected	Not in release
linux-intel	Not affected	Not in release	Not in release	Not in release
linux-intel-iotg	Not in release	Not affected	Not in release	Not in release
linux-intel-iotg-5.15	Not in release	Not in release	Not affected	Not in release
linux-iot	Not in release	Not in release	Not affected	Not in release
linux-intel-iot-realtime	Not in release	Not affected	Not in release	Not in release
linux-lowlatency	Not affected	Not affected	Not in release	Not in release
linux-lowlatency-hwe-5.15	Not in release	Not in release	Not affected	Not in release
linux-lowlatency-hwe-6.8	Not in release	Not affected	Not in release	Not in release
linux-nvidia	Not affected	Not affected	Not in release	Not in release
linux-nvidia-6.5	Not in release	Not affected	Not in release	Not in release
linux-nvidia-6.8	Not in release	Not affected	Not in release	Not in release
linux-nvidia-lowlatency	Not affected	Not in release	Not in release	Not in release
linux-oracle	Not affected	Not affected	Not affected	Not affected
linux-oracle-5.4	Not in release	Not in release	Not in release	Not affected
linux-oracle-5.15	Not in release	Not in release	Not affected	Not in release
linux-oem-6.8	Not affected	Not in release	Not in release	Not in release
linux-raspi	Not affected	Not affected	Not affected	Not in release
linux-raspi-5.4	Not in release	Not in release	Not in release	Not affected
linux-raspi-realtime	Not affected	Not in release	Not in release	Not in release
linux-realtime	Not affected	Not affected	Not in release	Not in release
linux-riscv	Not affected	Ignored	Ignored	Not in release
linux-riscv-5.15	Not in release	Not in release	Not affected	Not in release
linux-riscv-6.8	Not in release	Not affected	Not in release	Not in release
linux-xilinx-zynqmp	Not in release	Not affected	Not affected	Not in release
linux-aws-6.8	Not in release	Not affected	Not in release	Not in release
linux-gcp-6.8	Not in release	Not affected	Not in release	Not in release
linux-oracle-6.8	Not in release	Not affected	Not in release	Not in release
linux-azure-6.8	Not in release	Not affected	Not in release	Not in release
linux-oem-6.11	Not affected	Not in release	Not in release	Not in release
linux-hwe-6.11	Ignored	Not in release	Not in release	Not in release
linux-hwe-6.14	Not affected	Not in release	Not in release	Not in release
linux-aws-6.14	Not affected	Not in release	Not in release	Not in release
linux-azure-6.11	Ignored	Not in release	Not in release	Not in release
linux-azure-nvidia	Not affected	Not in release	Not in release	Not in release
linux-gcp-6.11	Ignored	Not in release	Not in release	Not in release
linux-gcp-6.14	Not affected	Not in release	Not in release	Not in release
linux-ibm-6.8	Not in release	Not affected	Not in release	Not in release
linux-lowlatency-hwe-6.11	Ignored	Not in release	Not in release	Not in release
linux-nvidia-tegra	Not affected	Not affected	Not in release	Not in release
linux-nvidia-tegra-5.15	Not in release	Not in release	Not affected	Not in release
linux-nvidia-tegra-igx	Not in release	Not affected	Not in release	Not in release
linux-oracle-6.14	Not affected	Not in release	Not in release	Not in release
linux-oem-6.14	Not affected	Not in release	Not in release	Not in release
linux-riscv-6.14	Not affected	Not in release	Not in release	Not in release
linux-nvidia-6.11	Not affected	Not in release	Not in release	Not in release
linux-realtime-6.8	Not in release	Not affected	Not in release	Not in release
linux-realtime-6.14	Not affected	Not in release	Not in release	Not in release

CVE-2018-1199

Medium priority

Vulnerable

Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page: