Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 1333 results


CVE-2024-38809

Medium priority
Needs evaluation

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38816

Medium priority
Needs evaluation

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38807

Medium priority
Needs evaluation

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38808

Medium priority
Needs evaluation

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22262

Medium priority
Needs evaluation

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22258

Medium priority
Needs evaluation

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a...

1 affected packages

spring

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spring Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22259

Medium priority
Needs evaluation

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22243

Medium priority
Needs evaluation

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22233

Medium priority
Not affected

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-34053

Medium priority
Needs evaluation

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages