Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.5 views

SUSE SLED15 / SLES15 Security Update : netty, netty-tcnative (SUSE-SU-2026:2308-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2308-1 advisory. This update for netty, netty-tcnative fixes the following issues - CVE-2026-41417: missing validations leads t...

9.8CVSS6.9AI score0.00969EPSS
Exploits11References37
OSV
OSV
added 2026/05/16 12:0 a.m.4 views

OPENSUSE-SU-2026:10795-1 netty-4.1.133-1.1 on GA media

These are all security issues fixed in the netty-4.1.133-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS5.8AI score0.00969EPSS
Exploits11References12
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.7 views

SUSE CVE-2026-42580

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

7.3CVSS5.8AI score0.00364EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.19 views

SUSE CVE-2026-42584

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103,...

5.6CVSS5.8AI score0.0075EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT...

7.5CVSS7AI score0.00952EPSS
Exploits1References3
NVD
NVD
added 2026/05/13 7:17 p.m.19 views

CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

7.5CVSS0.00455EPSS
Exploits0References5
NVD
NVD
added 2026/05/13 7:17 p.m.13 views

CVE-2026-42581

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

9.8CVSS0.00607EPSS
Exploits1References10
NVD
NVD
added 2026/05/13 7:17 p.m.26 views

CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS0.00952EPSS
Exploits1References10
OSV
OSV
added 2026/05/13 7:17 p.m.7 views

UBUNTU-CVE-2026-42585

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

7.5CVSS5.8AI score0.00248EPSS
Exploits1References4
OSV
OSV
added 2026/05/13 7:17 p.m.4 views

UBUNTU-CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 6:4 p.m.39 views

CVE-2026-42580 Netty: HTTP Request Smuggling due to incorrect chunk size parsing

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

6.5CVSS0.00364EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/05/13 6:1 p.m.56 views

CVE-2026-42579

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...

9.1CVSS5.8AI score0.00969EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/13 5:57 p.m.53 views

CVE-2026-42578 Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

6.3CVSS0.00952EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 5:57 p.m.13 views

CVE-2026-42578 Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

6.3CVSS6.9AI score0.00952EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/05/13 5:54 p.m.16 views

CVE-2026-42581

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

9.8CVSS5.8AI score0.00607EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained a resource management vulnerability. This...

7.5CVSS6.9AI score0.00429EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained a resource management vulnerability. This...

7.5CVSS6.6AI score0.00455EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.17 views

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework developed by the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained environmental issues. These issues stemmed...

9.8CVSS6.9AI score0.00607EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/07 12:22 a.m.12 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling when parsed HTTP requests contain malformed Transfer-Encoding headers...

8.7CVSS5.8AI score0.00248EPSS
Exploits1References2
OSV
OSV
added 2026/05/06 10:16 p.m.8 views

DEBIAN-CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.00307EPSS
Exploits1References1
Rows per page
Query Builder