Search CVE reports
51 – 60 of 1355 results
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
1 affected package
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 7 of 11
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application...
1 affected package
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libspring-java | Fixed | Fixed | Fixed | Fixed |
Some fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps....
2 affected packages
pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pjproject | — | — | — | Vulnerable |
| ring | Not in release | — | Fixed | Fixed |
Some fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API...
2 affected packages
pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pjproject | — | — | — | Vulnerable |
| ring | Not in release | — | Fixed | Fixed |
Some fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed...
2 affected packages
pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pjproject | — | — | — | Vulnerable |
| ring | Not in release | — | Fixed | Fixed |
Some fixes available 2 of 14
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set...
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | Vulnerable |
| ring | Not in release | — | Fixed | Fixed |
Some fixes available 4 of 14
Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer,...
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | Fixed |
| ring | Not in release | — | Fixed | Fixed |
Some fixes available 4 of 14
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | Fixed |
| ring | Not in release | — | Fixed | Fixed |
Some fixes available 4 of 14
Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | Fixed |
| ring | Not in release | — | Fixed | Fixed |
Some fixes available 4 of 14
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | Fixed |
| ring | Not in release | — | Fixed | Fixed |