CVE search results

71 – 80 of 1340 results

Detailed view

Sort by:

CVE-2020-5408

Medium priority

Not in release

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of...

1 affected package

libspring-security-2.0-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libspring-security-2.0-java	—	—	Not in release	Not in release	Not in release

CVE-2020-5407

Medium priority

Ignored

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user...

1 affected package

libspring-security-2.0-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libspring-security-2.0-java	—	—	Not in release	Not in release	Not in release

CVE-2011-4915

Low priority

Ignored

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

18 affected packages

linux, linux-armadaxp, linux-ec2, linux-flo, linux-fsl-imx51...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
linux	—	—	—	—	—
linux-armadaxp	—	—	—	—	—
linux-ec2	—	—	—	—	—
linux-flo	—	—	—	—	—
linux-fsl-imx51	—	—	—	—	—
linux-goldfish	—	—	—	—	—
linux-grouper	—	—	—	—	—
linux-lts-backport-maverick	—	—	—	—	—
linux-lts-backport-natty	—	—	—	—	—
linux-lts-backport-oneiric	—	—	—	—	—
linux-lts-quantal	—	—	—	—	—
linux-lts-raring	—	—	—	—	—
linux-lts-saucy	—	—	—	—	—
linux-maguro	—	—	—	—	—
linux-mako	—	—	—	—	—
linux-manta	—	—	—	—	—
linux-mvl-dove	—	—	—	—	—
linux-ti-omap4	—	—	—	—	—

CVE-2020-5397

Medium priority

Needs evaluation

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libspring-java	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2020-5398

Medium priority

Needs evaluation

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libspring-java	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2013-6430

Medium priority

Ignored

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libspring-java	—	—	—	—	Not affected

CVE-2016-1000027

Negligible priority

Ignored

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or...

1 affected package

libspring-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libspring-java	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2012-6111

Low priority

Ignored

gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function

1 affected package

gnome-keyring

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
gnome-keyring	—	—	—	Not affected	Not affected

CVE-2012-5578

Medium priority

Some fixes available 5 of 6

Python keyring has insecure permissions on new databases allowing world-readable files to be created

1 affected package

python-keyring

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python-keyring	—	—	—	—	—

CVE-2007-3732

Medium priority

Ignored

In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling...

22 affected packages

linux, linux-armadaxp, linux-flo, linux-goldfish, linux-grouper...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
linux	—	—	—	—	Not affected
linux-armadaxp	—	—	—	—	Not in release
linux-flo	—	—	—	—	Not affected
linux-goldfish	—	—	—	—	Not affected
linux-grouper	—	—	—	—	Not in release
linux-linaro-omap	—	—	—	—	Not in release
linux-linaro-shared	—	—	—	—	Not in release
linux-linaro-vexpress	—	—	—	—	Not in release
linux-lts-quantal	—	—	—	—	Not in release
linux-lts-raring	—	—	—	—	Not in release
linux-lts-saucy	—	—	—	—	Not in release
linux-lts-trusty	—	—	—	—	Not in release
linux-lts-utopic	—	—	—	—	Not in release
linux-lts-vivid	—	—	—	—	Not in release
linux-lts-wily	—	—	—	—	Not in release
linux-lts-xenial	—	—	—	—	Not in release
linux-maguro	—	—	—	—	Not in release
linux-mako	—	—	—	—	Not affected
linux-manta	—	—	—	—	Not in release
linux-qcm-msm	—	—	—	—	Not in release
linux-raspi2	—	—	—	—	Not affected
linux-ti-omap4	—	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports