Search CVE reports

101 – 110 of 1357 results

Detailed view

Sort by:

CVE-2018-15756

Medium priority

Vulnerable

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the...

1 affected package

libspring-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2017-2634

Medium priority

Ignored

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in...

27 affected packages

linux, linux-armadaxp, linux-aws, linux-flo, linux-gke...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux	—	—	—	—	—
linux-armadaxp	—	—	—	—	—
linux-aws	—	—	—	—	—
linux-flo	—	—	—	—	—
linux-gke	—	—	—	—	—
linux-goldfish	—	—	—	—	—
linux-grouper	—	—	—	—	—
linux-hwe	—	—	—	—	—
linux-hwe-edge	—	—	—	—	—
linux-linaro-omap	—	—	—	—	—
linux-linaro-shared	—	—	—	—	—
linux-linaro-vexpress	—	—	—	—	—
linux-lts-quantal	—	—	—	—	—
linux-lts-raring	—	—	—	—	—
linux-lts-saucy	—	—	—	—	—
linux-lts-trusty	—	—	—	—	—
linux-lts-utopic	—	—	—	—	—
linux-lts-vivid	—	—	—	—	—
linux-lts-wily	—	—	—	—	—
linux-lts-xenial	—	—	—	—	—
linux-maguro	—	—	—	—	—
linux-mako	—	—	—	—	—
linux-manta	—	—	—	—	—
linux-qcm-msm	—	—	—	—	—
linux-raspi2	—	—	—	—	—
linux-snapdragon	—	—	—	—	—
linux-ti-omap4	—	—	—	—	—

CVE-2017-7558

Low priority

Some fixes available 4 of 8

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when...

74 affected packages

linux, linux-aws, linux-azure, linux-euclid, linux-flo...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux	—	Not affected	Not affected	Not affected	Not affected
linux-aws	—	Not affected	Not affected	Not affected	Not affected
linux-azure	—	Not affected	Not affected	Not affected	Ignored
linux-euclid	—	—	—	—	Not in release
linux-flo	—	—	—	—	Not in release
linux-gcp	—	Not affected	Not affected	Not affected	Ignored
linux-gke	—	Not affected	Not affected	Ignored	Not in release
linux-goldfish	—	—	—	—	Not in release
linux-grouper	—	—	—	—	Not in release
linux-hwe	—	Not in release	Not in release	Not in release	Ignored
linux-hwe-edge	—	Not in release	Not in release	Not in release	Ignored
linux-kvm	—	Not in release	Not affected	Not affected	Not affected
linux-lts-quantal	—	—	—	—	Not in release
linux-lts-raring	—	—	—	—	Not in release
linux-lts-saucy	—	—	—	—	Not in release
linux-lts-trusty	—	—	—	—	Not in release
linux-lts-utopic	—	—	—	—	Not in release
linux-lts-vivid	—	—	—	—	Not in release
linux-lts-wily	—	—	—	—	Not in release
linux-lts-xenial	—	Not in release	Not in release	Not in release	Not in release
linux-maguro	—	—	—	—	Not in release
linux-mako	—	—	—	—	Not in release
linux-manta	—	—	—	—	Not in release
linux-oem	—	Not in release	Not in release	Not in release	Ignored
linux-raspi2	—	Not in release	Not in release	Ignored	Not affected
linux-snapdragon	—	Not in release	Not in release	Not in release	Not affected
linux-hwe-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-hwe-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-hwe-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-aws-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-aws-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-aws-hwe	—	Not in release	Not in release	Not in release	Not in release
linux-azure-4.15	—	Not in release	Not in release	Not in release	Not affected
linux-azure-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-azure-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-azure-fde	—	Not affected	Not affected	Ignored	Not in release
linux-azure-fde-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-bluefield	—	Not in release	Not in release	Not affected	Not in release
linux-fips	—	Not in release	Not affected	Not affected	Not affected
linux-aws-fips	—	Not in release	Not affected	Not affected	Not affected
linux-azure-fips	—	Not in release	Not affected	Not affected	Not affected
linux-gcp-fips	—	Not in release	Not affected	Not affected	Not affected
linux-gcp-4.15	—	Not in release	Not in release	Not in release	Not affected
linux-gcp-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-gcp-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-gkeop	—	Not affected	Not affected	Not affected	Not in release
linux-gkeop-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-ibm	—	Not affected	Not affected	Not affected	Not in release
linux-ibm-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-ibm-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-intel	—	Not affected	Not in release	Not in release	Not in release
linux-intel-iotg	—	Not in release	Not affected	Not in release	Not in release
linux-intel-iotg-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-iot	—	Not in release	Not in release	Not affected	Not in release
linux-intel-iot-realtime	—	Not in release	Not affected	Not in release	Not in release
linux-lowlatency	—	Not affected	Not affected	Not in release	Not in release
linux-lowlatency-hwe-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-lowlatency-hwe-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-nvidia	—	Not affected	Not affected	Not in release	Not in release
linux-nvidia-6.5	—	Not in release	Not affected	Not in release	Not in release
linux-nvidia-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-nvidia-lowlatency	—	Not affected	Not in release	Not in release	Not in release
linux-oracle	—	Not affected	Not affected	Not affected	Not affected
linux-oracle-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-oracle-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-oem-6.8	—	Not affected	Not in release	Not in release	Not in release
linux-raspi	—	Not affected	Not affected	Not affected	Not in release
linux-raspi-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-raspi-realtime	—	Not affected	Not in release	Not in release	Not in release
linux-realtime	—	Not affected	Not affected	Not in release	Not in release
linux-riscv	—	Not affected	Ignored	Ignored	Not in release
linux-riscv-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-riscv-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-xilinx-zynqmp	—	Not in release	Not affected	Not affected	Not in release

CVE-2018-11040

Medium priority

Vulnerable

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding)...

1 affected package

libspring-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2018-11039

Medium priority

Vulnerable

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using...

1 affected package

libspring-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2018-1258

Medium priority

Not in release

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that...

1 affected package

libspring-security-2.0-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-security-2.0-java	—	—	—	—	Not in release

CVE-2018-1257

Low priority

Vulnerable

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through...

1 affected package

libspring-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2018-1275

Medium priority

Ignored

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through...

1 affected package

libspring-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	—	—	—	—	Not affected

CVE-2018-1272

Medium priority

Ignored

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A)...

1 affected package

libspring-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	—	—	—	—	Not affected

CVE-2018-1271

Negligible priority

Ignored

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are...

1 affected package

libspring-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-java	—	—	—	—	Not affected

Export to JSON

Results by page: