Search CVE reports
11 – 20 of 1357 results
EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are...
1 affected package
libspring-java
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different,...
1 affected package
libstring-compare-constanttime-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libstring-compare-constanttime-perl | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system...
1 affected package
libspring-java
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all...
1 affected package
libspring-java
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.
1 affected package
libspring-java
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
4 affected packages
assimp, qt6-3d, qt6-quick3d, spring
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| assimp | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| qt6-3d | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | — |
| qt6-quick3d | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | — |
| spring | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at...
4 affected packages
assimp, qt6-3d, qt6-quick3d, spring
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| assimp | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| qt6-3d | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | — |
| qt6-quick3d | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | — |
| spring | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.
4 affected packages
assimp, qt6-3d, qt6-quick3d, spring
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| assimp | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| qt6-3d | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | — |
| qt6-quick3d | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | — |
| spring | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
1 affected package
libspring-java
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.
1 affected package
monitoring-plugins
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| monitoring-plugins | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |