Search CVE reports
101 – 110 of 41184 results
Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability. Affected versions: Spring...
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the...
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0...
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0...
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected...
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0...
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Double-free When Checking OCSP Stapled Response
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 20.04 LTS |
|---|---|
| edk2 | Not affected |
| nodejs | Not affected |
| openssl | Not affected |
| openssl-fips | — |
| openssl1.0 | — |
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to...
1 affected package
apache2
| Package | 20.04 LTS |
|---|---|
| apache2 | Needs evaluation |