Lucene search
K

192 matches found

RedHat Linux
RedHat Linux
added 2026/03/05 8:0 p.m.6 views

netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

A flaw was found in Netty. With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service...

7.5CVSS6.5AI score0.00561EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/02 5:37 p.m.7 views

Security Bulletin: Rational Performance Tester contains vulnerabilities related to the Netty framework

Summary Due to the use of Netty, Rational Performance Tester contains vulnerabilities that could allow HTTP request smuggling or a denial of service attack. CVE-2025-58056, CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network...

7.5CVSS6.6AI score0.00631EPSS
Exploits2Affected Software1
UbuntuCve
UbuntuCve
added 2025/12/16 1:15 a.m.5 views

CVE-2025-67735

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

6.5CVSS6.7AI score0.00292EPSS
Exploits1References2
OSV
OSV
added 2025/12/16 1:15 a.m.2 views

UBUNTU-CVE-2025-67735

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

6.5CVSS6.7AI score0.00292EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2025/12/16 12:19 a.m.5 views

CVE-2025-67735

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

6.5CVSS6.2AI score0.00292EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/09 4:54 a.m.8 views

Security Bulletin: Netty Affected by Decompression Flaw Where BrotliDecoder Allocates Unlimited Buffers, Enabling DoS, affects watsonx.data

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...

7.5CVSS6.5AI score0.00561EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: netty (UTSA-2025-991102)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991102 advisory. Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP...

6.9CVSS7.9AI score0.01617EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/10 10:23 a.m.19 views

Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector

Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 6.4.0. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setti...

9.8CVSS8.3AI score0.19312EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 7:8 p.m.18 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

7.5CVSS7.2AI score0.02164EPSS
Exploits2Affected Software1
OSV
OSV
added 2025/10/24 2:33 p.m.5 views

OESA-2025-2528 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

6.9CVSS8AI score0.01617EPSS
Exploits0References2
OSV
OSV
added 2025/10/24 2:33 p.m.7 views

OESA-2025-2526 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

6.9CVSS7.8AI score0.01617EPSS
Exploits0References2
NVD
NVD
added 2025/10/15 4:15 p.m.8 views

CVE-2025-59419

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

6.9CVSS0.01617EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/15 3:42 p.m.2 views

CVE-2025-59419 Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

6.9CVSS7.6AI score0.01617EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/10/15 3:42 p.m.8 views

CVE-2025-59419

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

6.9CVSS7.8AI score0.01617EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/15 12:0 a.m.5 views

PT-2025-42370

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.128.Final and 4.2.7.Final Description Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return r and Line Feed characters in user-supplied parameters. The...

7.5CVSS6.7AI score0.01966EPSS
Exploits1References371
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0647

Malware in sbrugna...

5.9CVSS6.3AI score0.18891EPSS
Exploits0References135
Veracode
Veracode
added 2025/10/06 4:44 p.m.5 views

HTTP Request Smuggling

io.netty, netty-codec-http is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrectly accepting standalone newline characters LF as a chunk-size line terminator instead of requiring CRLF per HTTP/1.1 standards, which allows an attacker to craft malicious requests that are...

7.5CVSS7AI score0.00631EPSS
Exploits1References10Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1918

Malicious code in bioql PyPI...

5.5CVSS6.3AI score0.01044EPSS
Exploits1References17
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0832

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.0138EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.35 views

EUVD-2024-2493

Malicious code in bioql PyPI...

9.6CVSS8.1AI score0.01036EPSS
Exploits1References5
Rows per page
Query Builder