1854 matches found
UBUNTU-CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
Input validation
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
CVE-2021-22096
CVE-2021-22096 affects Spring Framework versions 5.3.0–5.3.10, 5.2.0–5.2.17 and older unsupported versions. The issue allows a user to provide malicious input to cause the insertion of additional log entries. Connected Nessus/IBM entries describe a follow-up (CVE-2021-22060) that broadens input c...
CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
Vmware Spring Framework 安全漏洞
Vmware Spring Framework is the United States, Vmware Vmware company's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Vmware Spring Framework that originates from bypassing Spring Framework...
Oracle MySQL Enterprise Monitor (Oct 2021 CPU)
The 8.0.25 versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Spring Security. Supported...
Security Bulletin: IBM Security Risk Manager on CP4S is affected by multiple vulnerabilities
Summary IBM Security Risk Manager on CP4S has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...
Security Bulletin: A vulnerability in Spring Framework affects IBM Watson Machine Learning Accelerator
Summary A vulnerability exists in Spring Framework version used by IBM Watson Machine Learning Accelerator. Spring framework upgrade to version 5.2.15 which resolves these vulnerabilities, is available on IBM Fix Central. Vulnerability Details CVEID: CVE-2021-22118 DESCRIPTION: VMware Tanzu Sprin...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2021-20227 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a use-after-free flaw in the SELECT query function in src/select.c. By sending a specially-crafted request, a...
Demo: A Guide to Virtual Machine App Security
Enhance your virtual machine VM application security from vulnerabilities in your Spring Framework Java application by reviewing these guidelines...
Demo: A Guide to Virtual Machine App Security
Enhance your virtual machine VM application security from vulnerabilities in your Spring Framework Java application by reviewing these guidelines...
UReport 代码注入漏洞
UReport is a high-performance pure Java reporting engine based on the Spring architecture. The vulnerability stems from a lack of access control to the designer page. An attacker can exploit this vulnerability to execute arbitrary code...
Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a specially-crafted jsessionid path...
Security Bulletin: A Privilege Escalation vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool and its Agent
Summary A Privilege Escalation related vulnerability has been found in Pivotal Spring Framework used by IBM LKS Administration & Reporting Tool ART and its Agent. A fix has been published. Vulnerability Details CVEID: CVE-2021-22118 DESCRIPTION: VMware Tanzu Spring Framework could allow a local...
springframework: RFD protection bypass via jsessionid
In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...
The vulnerability of the Spring Framework software, caused by privilege management errors, allows a hacker to read and rewrite any files they desire.
The vulnerability of the Spring Framework software is caused by privilege management errors. Exploiting this vulnerability allows an attacker to read and rewrite any files at will...
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
CVE-2021-29500
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...