Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Spring framework'
2022-04-14
CVE-2022-22968
CWE-178
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
2022-04-01
CVE-2022-22965
CWE-94
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
2022-01-10
CVE-2021-22060
NVD-CWE-noinfo
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
2021-10-28
CVE-2021-22096
NVD-CWE-Other
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
>>>
Vendor:
Vmware
132
Produkty
Workstation
Studio
Gsx server
Esx server
ACE
Player
Server
Infrastructure
Virtualcenter
Vmware workstation
Vmware server
Vmware player
ESXI
Remote console
ESX
Ace 2
Fusion
Vmware player 2
Vmware ace
Vmware esx
Vmware esxi
Movie decoder
Vmware virtualcenter
Hyperic hq
Tc server
Operations manager
Lab manager
Stage manager
Vcenter
Vcenter lab manager
Vcenter stage manager
VMRC
Vix api
View manager
Spring framework
Vcenter server
Springsource spring security
Open-vm-tools
Virtual infrastructure client
Springsource spring framework
AMS
Vcenter update manager
Zimbra desktop
Vcenter chargeback manager
VIEW
Vsphere
Vcenter orchestrator
Vshield manager
VMA
Horizon
Vcenter operations
Capacityiq
Ovf tool
Vcenter server appliance
Vi-client
Vsphere client
Vcloud director
Tools
Vm-support
NSX
Vcloud networking and security
Airwatch
Vcloud automation center
Rabbitmq
Vsphere data protection
Horizon client
Horizon view client
Vrealize orchestrator
Vrealize business
Vrealize automation
Vcloud automation identity appliance
Vrealize log insight
Nsx edge
Vcloud networking and security edge
Workstation player
Workstation pro
Photon os
Identity manger
Fusion pro
Vrealize operations
Horizon view
Spring security
Airwatch inbox
Airwatch agent
Horizon daas
Unified access gateway
Spring advanced message queuing protocol
Harbor
Spring data rest
Spring boot
Xenon
Spring integration zip
Spring integration
Installbuilder
Vsphere esxi
Workspace one
Intelligent hub
Workspace one boxer
Workspace one content
Workspace one intelligent hub
Zobacz wszystkie produkty dla producenta
Vmware
Copyright
2024
, cxsecurity.com
Back to Top