CVE search results

61 – 70 of 1340 results

Detailed view

Sort by:

CVE-2021-22096

Medium priority

Needs evaluation

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libspring-java	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-42006

Low priority

Vulnerable

An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file.

5 affected packages

cufflinks, libgclib, libgff, stringtie, tophat

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cufflinks	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Ignored
libgclib	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
libgff	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
stringtie	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
tophat	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth...

1 affected package

libspring-security-2.0-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libspring-security-2.0-java	—	Not in release	Not in release	Not in release	Ignored

CVE-2021-29060

Medium priority

Needs evaluation

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string.

1 affected package

node-color-string

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
node-color-string	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2021-22118

Medium priority

Vulnerable

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libspring-java	Not affected	Not affected	Not affected	Not affected	Vulnerable

CVE-2008-2544

Medium priority

Ignored

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.

23 affected packages

linux, linux-armadaxp, linux-flo, linux-goldfish, linux-grouper...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
linux	—	—	—	—	Not affected
linux-armadaxp	—	—	—	—	Not in release
linux-flo	—	—	—	—	Not affected
linux-goldfish	—	—	—	—	Not affected
linux-grouper	—	—	—	—	Not in release
linux-linaro-omap	—	—	—	—	Not in release
linux-linaro-shared	—	—	—	—	Not in release
linux-linaro-vexpress	—	—	—	—	Not in release
linux-lts-quantal	—	—	—	—	Not in release
linux-lts-raring	—	—	—	—	Not in release
linux-lts-saucy	—	—	—	—	Not in release
linux-lts-trusty	—	—	—	—	Not in release
linux-lts-utopic	—	—	—	—	Not in release
linux-lts-vivid	—	—	—	—	Not in release
linux-lts-wily	—	—	—	—	Not in release
linux-lts-xenial	—	—	—	—	Not in release
linux-maguro	—	—	—	—	Not in release
linux-mako	—	—	—	—	Not affected
linux-manta	—	—	—	—	Not in release
linux-qcm-msm	—	—	—	—	Not in release
linux-raspi2	—	—	—	—	Not affected
linux-snapdragon	—	—	—	—	Not affected
linux-ti-omap4	—	—	—	—	Not in release

CVE-2018-21270

Medium priority

Vulnerable

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).

1 affected package

node-stringstream

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
node-stringstream	Not affected	Not affected	Not affected	Vulnerable	Not in release

CVE-2020-15216

Medium priority

Needs evaluation

In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is...

1 affected package

golang-github-russellhaering-goxmldsig

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-github-russellhaering-goxmldsig	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

CVE-2020-5421

Medium priority

Needs evaluation

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libspring-java	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2020-7711

Medium priority

Needs evaluation

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

1 affected package

golang-github-russellhaering-goxmldsig

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-github-russellhaering-goxmldsig	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

Export to JSON

Results by page:

Search CVE reports

CVE-2021-22096

CVE-2021-42006

CVE-2021-22119

CVE-2021-29060

CVE-2021-22118

CVE-2008-2544

CVE-2018-21270

CVE-2020-15216

CVE-2020-5421

CVE-2020-7711