Search CVE reports
41 – 50 of 1340 results
CVE-2022-22950
Medium priorityn Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
1 affected package
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-22965
High prioritySome fixes available 5 of 9
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application...
1 affected package
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libspring-java | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2022-24763
Medium prioritySome fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps....
2 affected packages
pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pjproject | — | — | — | Needs evaluation | Needs evaluation |
| ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2022-24764
Medium prioritySome fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API...
2 affected packages
pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pjproject | — | — | — | Needs evaluation | Needs evaluation |
| ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2022-24754
Medium prioritySome fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed...
2 affected packages
pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pjproject | — | — | — | Needs evaluation | Needs evaluation |
| ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2022-23608
Low prioritySome fixes available 2 of 15
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set...
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pjproject | — | — | — | Needs evaluation | Needs evaluation |
| ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2021-43303
Medium prioritySome fixes available 2 of 15
Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer,...
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pjproject | — | — | — | Needs evaluation | Needs evaluation |
| ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2021-43302
Medium prioritySome fixes available 2 of 15
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pjproject | — | — | — | Needs evaluation | Needs evaluation |
| ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2021-43301
Medium prioritySome fixes available 2 of 15
Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pjproject | — | — | — | Needs evaluation | Needs evaluation |
| ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2021-43300
Medium prioritySome fixes available 2 of 15
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pjproject | — | — | — | Needs evaluation | Needs evaluation |
| ring | Not in release | — | Fixed | Fixed | Ignored |