Filtered by vendor Redhat Subscriptions
Filtered by product Rhev Manager Subscriptions
Total 182 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-20860 2 Redhat, Vmware 9 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 6 more 2024-08-02 7.5 High
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
CVE-2023-20861 2 Redhat, Vmware 8 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 5 more 2024-08-02 6.5 Medium
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.