Lucene search
+L

428 matches found

osv
osv
added 2020/10/16 5:3 p.m.7 views

GHSA-8HXH-R6F7-JF45 Memory exhaustion in http4s-async-http-client with large or malicious compressed responses

Impact A server we connect to with http4s-async-http-client could theoretically respond with a large or malicious compressed stream and exhaust memory in the client JVM. It does not affect http4s servers, other client backends, or clients that speak only to trusted servers. This is related to a...

6.9AI score
Exploits0References2
ibm
ibm
added 2020/10/09 7:48 p.m.25 views

Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability

Summary IBM Security Guardium Insights has addressed the following vulnerability Vulnerability Details CVEID: CVE-2019-20445 DESCRIPTION: Netty could provide weaker than expected security, caused by non-proper handling of Content-Length and Transfer-Encoding in the HttpObjectDecoder.java. A remot...

9.1CVSS0.6AI score0.13474EPSS
Exploits2Affected Software1
ibm
ibm
added 2020/10/09 7:47 p.m.19 views

Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability

Summary IBM Security Guardium Insights has addressed the following vulnerability Vulnerability Details CVEID: CVE-2020-4173 DESCRIPTION: IBM Guardium Activity Insights does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by...

4.3CVSS0.8AI score0.00921EPSS
Exploits0Affected Software1
ibm
ibm
added 2020/09/30 5:41 p.m.38 views

Security Bulletin: A vulnerability in Netty affects IBM Netcool Agile Service Manager

Summary A vulnerability in Netty used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the CVE. Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a...

7.5CVSS1.5AI score0.09438EPSS
Exploits0Affected Software1
ibm
ibm
added 2020/09/27 6:10 p.m.28 views

Security Bulletin: IBM Cloud Private is vulnerable to a Netty vulnerability (CVE-2020-11612)

Summary IBM Cloud Private is vulnerable to a Netty vulnerability Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoders. By sending a large ZlibEncoded...

7.5CVSS0.6AI score0.09438EPSS
Exploits0Affected Software1
ibm
ibm
added 2020/09/27 5:17 p.m.20 views

Security Bulletin: IBM Cloud Private is vulnerable to a Netty vulnerability (CVE-2020-7238)

Summary IBM Cloud Private is vulnerable to a Netty vulnerability Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling Transfer-Encoding whitespace and a later Content-Length header. By sending a specially-crafted...

7.5CVSS0.5AI score0.03617EPSS
Exploits1Affected Software1
redhat
redhat
added 2020/07/29 6:21 a.m.12 views

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

9.1CVSS7.1AI score0.13474EPSS
Exploits1References4
vulnersosv
vulnersosv
added 2020/06/30 9:1 p.m.5 views

ai.databand.azkaban:azkaban-web-server (=3.18.0), at.salzburgresearch.nodekeeper:nodekeeper-java (>=1.0 <=1.2) +2130 more potentially affected by CVE-2015-2156 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.9.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.0, =0.3.1, =1.0, =1.16.0, =1.16.0, =1.0, =0.2.0, =0.1.5, =0.1.5, =0.5.0 and more Source cves: CVE-2015-2156 Source advisory: OSV:GHSA-XFV3-RRFM-F2RV...

7.5CVSS7.1AI score0.05434EPSS
Exploits0
vulnersosv
vulnersosv
added 2020/06/30 9:1 p.m.4 views

at.iem:sysson_2.11 (>=1.14.1 <=1.15.0), at.iem:sysson_2.12 (>=1.14.1 <=1.15.0) +1032 more potentially affected by CVE-2015-2156 via io.netty:netty (>=3.10.0.Final <=3.10.2.Final)

io.netty:netty MAVEN version =3.10.0.Final, =1.14.1, =1.14.1, =2.5.0-beta.0, =2.5.0-beta.0, =2.5.0-beta.0, =2.5.0-beta.0, =3.2.2, =3.2.2, =2.5.0-beta.0, =2.5.0-beta.0, =2.5.0-beta.0, =3.5.3, =2.5.0-beta.0, =2.5.0-beta.0, =3.4.0, =3.5.7-jre7.0 and more Source cves: CVE-2015-2156 Source advisory:...

7.5CVSS7.1AI score0.05434EPSS
Exploits0
vulnersosv
vulnersosv
added 2020/05/21 9:9 p.m.6 views

com.github.taymindis:channeling-camel (>=2.3.1 <=2.3.2), com.github.taymindis:channeling-camel-springboot (>=2.3.1 <=2.3.2) +47 more potentially affected by CVE-2020-11973 via org.apache.camel:camel-netty (>=3.0.0 <=3.22.4)

org.apache.camel:camel-netty MAVEN version =3.0.0, =2.3.1, =2.3.1, =0.46, =0.3, =0.5, =1.3.0, =1.3.0, =1.3.0, =0.1.0, =0.1.0, =0.10.1, =0.10.1, =3.21.0 and more Source cves: CVE-2020-11973 Source advisory: OSV:GHSA-H79P-32MX-FJJ9...

9.8CVSS7.2AI score0.06592EPSS
Exploits0
redhat
redhat
added 2020/04/22 12:8 p.m.73 views

Low: Red Hat Security Advisory: AMQ Online security update

An update of the Red Hat OpenShift Container Platform 3.11 and 4.1 container images is now available for Red Hat AMQ Online. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.5CVSS7AI score0.09438EPSS
Exploits0References3
osv
osv
added 2020/04/07 6:15 p.m.1 views

DEBIAN-CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...

7.5CVSS7AI score0.09438EPSS
Exploits0References1
redhat
redhat
added 2020/03/23 8:21 a.m.5 views

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

9.1CVSS7.1AI score0.13474EPSS
Exploits1References4
redhat
redhat
added 2020/03/12 5:5 p.m.4 views

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

9.1CVSS7.1AI score0.13474EPSS
Exploits1References4
redhat
redhat
added 2020/03/12 5:2 p.m.4 views

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

9.1CVSS7.1AI score0.13474EPSS
Exploits1References4
vulnersosv
vulnersosv
added 2020/02/21 6:55 p.m.4 views

com.barchart.http:barchart-http-handlers (>=1.0.6 <=1.0.7), com.barchart.http:barchart-http-server (>=1.0.6 <=1.0.7) +14 more potentially affected by CVE-2019-20444 via io.netty:netty (>=4.0.0.Alpha1 <=4.0.0.Alpha8)

io.netty:netty MAVEN version =4.0.0.Alpha1, =1.0.6, =1.0.6, =0.3, =0.3, =0.2, =1.3.0, =1.0.0.Alpha1, =1.0.0.Alpha2 and more Source cves: CVE-2019-20444 Source advisory: OSV:GHSA-CQQJ-4P63-RRMM...

9.1CVSS6.8AI score0.08914EPSS
Exploits1
vulnersosv
vulnersosv
added 2020/02/21 6:55 p.m.4 views

com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2019-20444 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2019-20444 Source advisory: OSV:GHSA-CQQJ-4P63-RRMM...

9.1CVSS6.8AI score0.08914EPSS
Exploits1
vulnersosv
vulnersosv
added 2020/02/21 6:55 p.m.3 views

com.barchart.http:barchart-http-handlers (>=1.0.6 <=1.0.7), com.barchart.http:barchart-http-server (>=1.0.6 <=1.0.7) +14 more potentially affected by CVE-2019-20445 via io.netty:netty (>=4.0.0.Alpha1 <=4.0.0.Alpha8)

io.netty:netty MAVEN version =4.0.0.Alpha1, =1.0.6, =1.0.6, =0.3, =0.3, =0.2, =1.3.0, =1.0.0.Alpha1, =1.0.0.Alpha2 and more Source cves: CVE-2019-20445 Source advisory: OSV:GHSA-P2V9-G2QV-P635...

9.1CVSS6.8AI score0.13474EPSS
Exploits1
vulnersosv
vulnersosv
added 2020/02/21 6:55 p.m.3 views

com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2019-20445 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2019-20445 Source advisory: OSV:GHSA-P2V9-G2QV-P635...

9.1CVSS6.8AI score0.13474EPSS
Exploits1
prion
prion
added 2020/02/19 7:15 p.m.21 views

Design/Logic Flaw

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled...

4.3CVSS6.4AI score0.0126EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder