Unity Linux 20.1070e Security Update: netty (UTSA-2026-017768)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017768 advisory. Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. I...

Astra Linux - уязвимость в netty

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.61.Final there is a vulnerability that enables request smuggling. The...

Security Bulletin: Netty Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-21295)

Summary Netty is vulnerable to HTTP request smuggling, caused by improper validation of Content-Length header by the Http2MultiplexHandler on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-cor...

CVE-2025-14299

CVE-2025-14299 affects TP-LINK Tapo C200 V3’s HTTPS server. The flaw is improper validation of the Content-Length header, which can trigger an integer overflow and cause excessive memory allocation, leading to a denial of service. An unauthenticated attacker on the same local network can craft HT...

GHSA-7G3R-8C6V-HFMR Consul key/value endpoint is vulnerable to denial of service

Consul and Consul Enterprise’s “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

CVE-2025-11374

Consul and Consul Enterprise’s “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

CVE-2025-11374

Consul and Consul Enterprise’s “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

EUVD-2020-7681

Malware in sbrugna...

K000156538: HTTP::Daemon vulnerability CVE-2022-31081

Security Advisory Description HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl...

Important: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update

Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available updates to RHBQ 2.13.8.SP3. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SUSE CVE-2021-21295

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a...

DEBIAN-CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

CLSA-2021-1634925634 Fixed 9 CVEs in squid34

CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack - CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-25097: fix improper input validation allowing HTTP smuggling from trusted client -...

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

CLSA-2021-1629902677 Fix of CVE: CVE-2020-14058, CVE-2020-15049

CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack...

Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tier CVE-2021-21409

Summary Netty is used by IBM Spectrum Scale Transparent Cloud Tiering. IBM Spectrum Scale Transparent Cloud Tiering has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-21409 DESCRIPTION: Netty is vulnerable to request smuggling, caused by improper validation of request, caused...

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

DEBIAN-CVE-2021-21409

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.61.Final there is a vulnerability that enables request smuggling. The...

GHSA-F256-J965-7F32 Possible request smuggling in HTTP/2 due missing validation of content-length

Impact The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1 This is a followup of...

DEBIAN-CVE-2021-21295

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a...