Search CVE reports
31 – 40 of 1351 results
Some fixes available 2 of 11
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted...
4 affected packages
asterisk, pjproject, ring, sip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| asterisk | Needs evaluation | Vulnerable | Not affected | Not affected |
| pjproject | — | Not in release | Not in release | Vulnerable |
| ring | Not in release | Not in release | Fixed | Fixed |
| sip | — | Not in release | Not in release | Not in release |
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following...
1 affected package
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a...
1 affected package
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media...
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pjproject | — | Not in release | Not in release | Needs evaluation |
| ring | Not in release | Not in release | Needs evaluation | Needs evaluation |
Some fixes available 2 of 14
PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users...
3 affected packages
asterisk, pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pjproject | — | Not in release | Not in release | Needs evaluation |
| ring | Not in release | Not in release | Fixed | Fixed |
Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.
18 affected packages
linux, linux-armadaxp, linux-ec2, linux-flo, linux-fsl-imx51...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| linux | — | — | — | — |
| linux-armadaxp | — | — | — | — |
| linux-ec2 | — | — | — | — |
| linux-flo | — | — | — | — |
| linux-fsl-imx51 | — | — | — | — |
| linux-goldfish | — | — | — | — |
| linux-grouper | — | — | — | — |
| linux-lts-backport-maverick | — | — | — | — |
| linux-lts-backport-natty | — | — | — | — |
| linux-lts-backport-oneiric | — | — | — | — |
| linux-lts-quantal | — | — | — | — |
| linux-lts-raring | — | — | — | — |
| linux-lts-saucy | — | — | — | — |
| linux-maguro | — | — | — | — |
| linux-mako | — | — | — | — |
| linux-manta | — | — | — | — |
| linux-mvl-dove | — | — | — | — |
| linux-ti-omap4 | — | — | — | — |
Some fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer...
2 affected packages
pjproject, ring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pjproject | Not in release | Not in release | Not in release | Vulnerable |
| ring | Not in release | — | Fixed | Fixed |
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with...
2 affected packages
libspring-java, libspring-security-2.0-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libspring-security-2.0-java | — | — | — | — |
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not...
2 affected packages
libspring-java, libspring-security-2.0-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libspring-security-2.0-java | — | — | — | — |
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
1 affected package
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |