Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

227 matches found

RedHat Linux
RedHat Linuxadded 3 days ago6 views

netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00609EPSS
Exploits0References7
RedHat Linux
RedHat Linuxadded 3 days ago5 views

netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00609EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 5 days ago4 views

CVE-2026-45416

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00609EPSS
Exploits0References6
OSV
OSVadded 2026/06/12 3:16 p.m.2 views

UBUNTU-CVE-2026-45416

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

7.5CVSS5.5AI score0.00609EPSS
Exploits0References5
CVE
CVEadded 2026/06/12 2:10 p.m.96 views

CVE-2026-45416

Netty CVE-2026-45416 affects pre-4.1.135.Final and pre-4.2.15.Final versions. In SslClientHelloHandler.decode(), the 24-bit TLS handshake length is read and, if a ClientHello does not fit in the first record, Netty eagerly allocates ctx.alloc().buffer(handshakeLength). If maxClientHelloLength is ...

7.5CVSS5.4AI score0.00609EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/06/12 12:0 a.m.7 views

FreeBSD : h2o -- heap overrun parsing zero-length SNI (fba766f4-ccda-4e1b-8875-ab857c6a6532)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fba766f4-ccda-4e1b-8875-ab857c6a6532 advisory. h2o project reports: When h2o receives a TLS or QUIC ClientHello containing a zero-length SNI extension...

5.5AI score0.00052EPSS
Exploits0References3
Snyk
Snykadded 2026/06/08 11:1 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...

8.7CVSS5.4AI score0.00609EPSS
Exploits0References2
OSV
OSVadded 2026/06/08 11:1 p.m.10 views

GHSA-X4GW-5CX5-PGMH Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates ctx.alloc.bufferhandshakeLength line 161. The guard at line 140 is handshakeLength maxClientHelloLength && maxClientHelloLength != 0, and the...

7.5CVSS5.7AI score0.00609EPSS
Exploits0References5
FreeBSD
FreeBSDadded 2026/05/29 12:0 a.m.3 views

h2o -- heap overrun parsing zero-length SNI

h2o project reports: When h2o receives a TLS or QUIC ClientHello containing a zero-length SNI extension, it can overrun the zero-length hostname while copying it. This can trigger a segmentation fault and cause a denial of service...

5.5AI score0.00052EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/05/14 3:1 a.m.8 views

SUSE CVE-2026-44296

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References3
NVD
NVDadded 2026/05/12 10:16 p.m.12 views

CVE-2026-44296

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

7.5CVSS0.00279EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/12 8:52 p.m.8 views

CVE-2026-44296

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.10 views

PT-2026-40447

Name of the Vulnerable Software and Affected Versions Deskflow versions prior to 1.26.0.167 Description Remote, unauthenticated denial of service DoS affects servers running with TLS enabled. When a TCP peer connects to the listening port and the initial bytes are not a valid TLS ClientHello, the...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2026/04/09 11:17 p.m.1 views

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS5.8AI score0.00355EPSS
Exploits0References2
OSV
OSVadded 2026/04/09 11:17 p.m.2 views

UBUNTU-CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS5.8AI score0.00355EPSS
Exploits0References3
AlpineLinux
AlpineLinuxadded 2026/04/09 10:35 p.m.8 views

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS5.2AI score0.00355EPSS
Exploits0
Debian CVE
Debian CVEadded 2026/04/09 10:35 p.m.3 views

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS5.2AI score0.00355EPSS
Exploits0
OSV
OSVadded 2026/04/09 6:16 p.m.1 views

ALPINE-CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.8AI score0.01329EPSS
Exploits0References1
CVE
CVEadded 2026/04/09 6:0 p.m.24 views

CVE-2026-1584

The CVE-2026-1584 entry concerns gnutls. A remote, unauthenticated attacker can trigger a NULL pointer dereference during TLS via a crafted ClientHello that has an invalid PSK binder, causing a server crash and remote DoS. Connected documents confirm this vulnerability across multiple sources (NV...

7.5CVSS5.9AI score0.01329EPSS
Exploits0References3Affected Software2
Cvelist
Cvelistadded 2026/04/09 6:0 p.m.20 views

CVE-2026-1584 Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS0.01329EPSS
Exploits0References3
Rows per page
Query Builder