Lucene search
K

1889 matches found

Debian CVE
Debian CVE
added 2020/09/19 3:45 a.m.26 views

CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

8.7CVSS7.5AI score0.10736EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/09/19 12:0 a.m.10 views

PT-2020-5502 · Spring · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 4.3.0 through 4.3.28 Spring Framework versions 5.0.0 through 5.0.18 Spring Framework versions 5.1.0 through 5.1.17 Spring Framework versions 5.2.0 through 5.2.8 Description: The issue is related to insecure privilege...

8.7CVSS7.1AI score0.10736EPSS
Exploits1References56
Spring Security Advisories
Spring Security Advisories
added 2020/09/17 12:0 a.m.6 views

RFD Protection Bypass via jsessionid

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

8.7CVSS7.3AI score0.10736EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.2 views

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.03607EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/07/24 12:0 a.m.9 views

The vulnerabilities of the spring-webmvc and spring-webflux modules of the Spring Framework allow attackers to perform cross-site request forgery attacks.

The vulnerability of the spring-webmvc and spring-webflux modules of the Spring Framework is related to the lack of protection against Cross-Site Request Forgery CSRF attacks. Exploiting this vulnerability allows a malicious actor to perform CSRF attacks remotely...

5.3CVSS6.2AI score0.02382EPSS
Exploits1References4Affected Software16
Tenable Nessus
Tenable Nessus
added 2020/07/24 12:0 a.m.45 views

MySQL Enterprise Monitor 4.x < 4.0.10 / 8.x < 8.0.15 DoS (Jul 2019 CPU)

A denial of service DoS vulnerability exists in MySQL Enterprise Monitor due the use of a vulnerable Spring Framework version. Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for rang...

7.5CVSS7.3AI score0.09513EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/07/24 12:0 a.m.97 views

MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the following vulnerabilities in its subcomponents: - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is...

9.8CVSS8AI score0.99993EPSS
Exploits41References4
RedHat Linux
RedHat Linux
added 2020/07/23 3:10 p.m.1 views

springframework: DoS Attack via Range Requests

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS7.2AI score0.09513EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/07 4:58 p.m.43 views

Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System

Summary Multiple vulnerabilities identified in Open Source used in IBM Cloud Pak System. IBM Cloud Pak System addressed vulnerabilities. Vulnerability Details CVEID: CVE-2018-11771 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the corre...

9.8CVSS1.4AI score0.95821EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/02 7:10 p.m.41 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2019-10172 DESCRIPTION: Jackson-mapper-asl could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. By sending a...

9.8CVSS1AI score0.88077EPSS
Exploits12Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/15 7:34 p.m.83 views

Denial of Service in Spring Framework

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS2AI score0.09513EPSS
Exploits0References23Affected Software1
OSV
OSV
added 2020/06/15 7:34 p.m.29 views

GHSA-FFVQ-7W96-97P7 Denial of Service in Spring Framework

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS7.2AI score0.09513EPSS
Exploits0References23
BDU FSTEC
BDU FSTEC
added 2020/06/10 12:0 a.m.5 views

The vulnerability of the Spring Framework component of the Oracle Retail Order Broker software product allows a hacker to gain full control over the application.

The vulnerability of the Spring Framework component of the Oracle Retail Order Broker product exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow an attacker to gain full control over the application using the HTTP protocol...

8CVSS7.2AI score0.88077EPSS
Exploits2References29Affected Software22
CNVD
CNVD
added 2020/06/09 12:0 a.m.1 views

Genesis has an XSS vulnerability

Genesis is based on Spring + Spring MVC + Mybatis to build the developer community , forum system . Genesis has an XSS vulnerability that can be exploited by an attacker to obtain sensitive information such as user cookies...

6.1AI score
Exploits0
CNVD
CNVD
added 2020/06/05 12:0 a.m.2 views

XSS Vulnerability in Blog-System Personal Blog System

Blog-System personal blog system based on Spring Spring MVC Mybatis Maven way to build. Blog-System personal blog system has an XSS vulnerability that can be exploited by attackers to obtain user cookie information...

6.3AI score
Exploits0
CNVD
CNVD
added 2020/06/05 12:0 a.m.3 views

Unauthorized Access Vulnerability in Blog-System Personal Blog System Backend

Blog-System personal blog system based on Spring Spring MVC Mybatis Maven way to build. Blog-System personal blog system background unauthorized access vulnerability, attackers can use the vulnerability to directly access the system background functional pages...

6.9AI score
Exploits0
CNVD
CNVD
added 2020/06/01 12:0 a.m.0 views

XSS Vulnerability in JAVAPMS Portal Management System

JAVAPMS portal management system to SpringMVC + Spring + Hibernate + Freemarker + Html5 + jQuery for the technical core architecture , for individual webmasters , commercial enterprises , government agencies , educational institutions and other various units of the organization's information port...

6.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/22 5:46 p.m.29 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-15756)

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager. Vulnerability Details CVE-ID: CVE-2018-15756 Description: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the...

7.5CVSS0.09513EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/05/15 6:58 p.m.8 views

GHSA-27XJ-RQX5-2255 jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...

8.1CVSS7.1AI score0.03607EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.62 views

Oracle Identity Manager Connector Multiple Vulnerabilities (April 2020 CPU)

The remote host is missing the April 2020 Critical Patch Update for Oracle Identity Manager Connector. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: General Apache ActiveMQ. The supported...

7.5CVSS6.8AI score0.12357EPSS
Exploits0References3
Rows per page
Query Builder