Lucene search
K

17 matches found

OSV
OSV
added 5 days ago11 views

ROOT-APP-MAVEN-CVE-2025-59419 CVE-2025-59419 in io.root.io.netty:netty-codec-smtp - Patched by Root

Root has patched CVE-2025-59419 in the io.root.io.netty:netty-codec-smtp package for Root:Maven. Multiple fixed versions available...

5.3CVSS7.1AI score0.01594EPSS
Exploits0
Debian
Debian
added 2026/03/11 10:20 p.m.14 views

[SECURITY] [DSA 6160-1] netty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6160-1 [email protected] https://www.debian.org/security/ Markus Koschany March 11, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.8AI score0.01594EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:28 p.m.6 views

Security Bulletin: SMTP Command Injection Vulnerability in Netty SMTP Codec (Fixed in 4.1.129.Final and 4.2.8.Final) affect IBM watsonx.data

Summary Netty versions prior to 4.1.129.Final and 4.2.8.Final contains an SMTP command injection vulnerability in its SMTP codec due to improper CRLF validation. Attackers who control SMTP parameters can inject arbitrary commands, potentially forging emails that pass SPF and DKIM checks. Upgradin...

6.9CVSS7.2AI score0.01594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 4:6 p.m.11 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to command injection due to the Netty package (CVE-2025-59419)

Summary Netty is used by DataStage on Cloud Pak for Data as part of the event processing functionality. Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec ...

6.9CVSS7.7AI score0.01594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/18 1:19 a.m.20 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.12.0 Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty...

9.1CVSS7.7AI score0.01594EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2025:4087-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4087-1 advisory. - CVE-2025-59419: fixed SMTP command injection vulnerability that allowed email forgery bsc1252097 Tenabl...

6.9CVSS7.6AI score0.01594EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/11/13 12:0 a.m.2 views

openSUSE Security Advisory (SUSE-SU-2025:4087-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS6.8AI score0.01594EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/11/12 7:35 p.m.6 views

Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues: CVE-2025-59419: fixed SMTP command injection vulnerability that allowed email forgery bsc1252097 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.9CVSS7.3AI score0.01594EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2025/10/25 12:0 a.m.5 views

netty-4.1.128-1.1 on GA media (moderate)

netty-4.1.128-1.1 on GA media Announcement ID: openSUSE-SU-2025:15667-1 Rating: moderate Cross-References: CVE-2025-59419 CVSS scores: CVE-2025-59419 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2025-59419 SUSE : 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

6.9CVSS7.2AI score0.01594EPSS
Exploits0
OSV
OSV
added 2025/10/24 2:33 p.m.6 views

OESA-2025-2529 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

6.9CVSS7.6AI score0.01594EPSS
Exploits0References2
OSV
OSV
added 2025/10/24 2:33 p.m.8 views

OESA-2025-2526 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

6.9CVSS7.8AI score0.01594EPSS
Exploits0References2
Wolfi
Wolfi
added 2025/10/17 1:47 p.m.6 views

CVE-2025-59419 vulnerabilities

Vulnerabilities for packages: thingsboard, celeborn, management-api-for-apache-cassandra-5.0, trino, tez...

6.9CVSS6.6AI score0.01594EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/15 5:12 p.m.6 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2230 more potentially affected by CVE-2025-59419 via io.netty:netty-codec-smtp (>=4.1.100.Final <=4.1.127.Final)

io.netty:netty-codec-smtp MAVEN version =4.1.100.Final, =0.0.86, =0.0.86, =0.0.86, =0.0.1, =2.0.24, =1.1.9, =0.0.1, =0.3.36, =1.9.0, =2.0.0, =2.4.0, =2.4.0, =0.0.15, =4.0.0, =5.0.2 and more Source cves: CVE-2025-59419 Source advisory: OSV:GHSA-JQ43-27X9-3V86...

6.9CVSS6.5AI score0.01594EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/15 4:46 p.m.7 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2230 more potentially affected by CVE-2025-59419 via io.netty:netty-codec-smtp (>=4.1.100.Final <=4.1.127.Final)

io.netty:netty-codec-smtp MAVEN version =4.1.100.Final, =0.0.86, =0.0.86, =0.0.86, =0.0.1, =2.0.24, =1.1.9, =0.0.1, =0.3.36, =1.9.0, =2.0.0, =2.4.0, =2.4.0, =0.0.15, =4.0.0, =5.0.2 and more Source cves: CVE-2025-59419 Source advisory: SNYK:JAVA-IONETTY-13560334...

6.9CVSS6.5AI score0.01594EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/15 4:46 p.m.7 views

ai.spice:spiceai (=0.6.0), cn.hserver:hserver (=3.7.0) +529 more potentially affected by CVE-2025-59419 via io.netty:netty-codec-smtp (>=4.2.0.Alpha1 <=4.2.6.Final)

io.netty:netty-codec-smtp MAVEN version =4.2.0.Alpha1, =4.2.6.Final is affected by a known vulnerability. The following packages have a transitive dependency on io.netty:netty-codec-smtp and may be impacted: - ai.spice:spiceai =0.6.0 - cn.hserver:hserver =3.7.0 - cn.hserver:hserver-netty-web...

6.9CVSS6.5AI score0.01594EPSS
Exploits0
Cvelist
Cvelist
added 2025/10/15 3:42 p.m.11 views

CVE-2025-59419 Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

6.9CVSS0.01594EPSS
Exploits0References2
Circl
Circl
added 2025/10/15 2:36 p.m.5 views

CVE-2025-59419

creationtimestamp| type| source ---|---|--- 2025-10-15 14:36:33+00:00| published-proof-of-concept| https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86 2025-10-15 16:53:27+00:00| seen| https://mastodon.social/users/chrisvest/statuses/115379221747646716 2025-10-22 00:05:07+00:00|...

6.9CVSS6.9AI score0.01594EPSS
Exploits0References11
Rows per page
Query Builder