Lucene search
K

2758 matches found

CVE
CVE
added 2017/10/18 3:0 p.m.125 views

CVE-2015-2156

CVE-2015-2156 concerns Netty (and Play Framework): improper validation of cookie name/value characters can bypass HttpOnly and expose sensitive data. In IBM StreamSets Data Collector context, this vulnerability affects versions 5.0.0–6.4.1 and remediation is to upgrade to IBM StreamSets Data Coll...

7.5CVSS7.3AI score0.05434EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2017/10/18 3:0 p.m.25 views

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5AI score0.05434EPSS
Exploits0References12
NVD
NVD
added 2017/08/30 12:29 a.m.15 views

CVE-2017-13763

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited...

7.5CVSS7.6AI score0.0106EPSS
Exploits0References2
Prion
Prion
added 2017/08/30 12:29 a.m.13 views

Design/Logic Flaw

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited...

5CVSS7.5AI score0.0106EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/08/30 12:29 a.m.18 views

CVE-2017-13763

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited...

7.5CVSS6.9AI score
Exploits0References2
Cvelist
Cvelist
added 2017/08/30 12:0 a.m.25 views

CVE-2017-13763

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited...

7.6AI score0.0106EPSS
Exploits0References2
CNVD
CNVD
added 2017/08/30 12:0 a.m.2 views

Unspecified Vulnerability in ONOS

ONOS is a new carrier-grade SDN network operating system. An unspecified vulnerability exists in ONOS versions 1.8.0, 1.9.0, and 1.10.0. An attacker can exploit the vulnerability to make the Netty payload size unlimited...

7.5CVSS7.4AI score0.0106EPSS
Exploits0References1
CVE
CVE
added 2017/08/30 12:0 a.m.52 views

CVE-2017-13763

CVE-2017-13763 affects ONOS versions 1.8.0, 1.9.0, and 1.10.0. The root cause is lack of an upper bound on memory allocation for Netty payloads, i.e., Netty payload size is not limited. This has been linked to a denial-of-service risk on ONOS clusters (e.g., nodes timing out when connecting to th...

7.5CVSS7.5AI score0.0106EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2017/05/04 3:34 a.m.10 views

Predictable Filenames

netty-codec-http is vulnerable to predictable filenames for the temporary files. The vulnerability exists because it takes user provided file name as part of the temporary file name, allowing a malicious user to overwrite arbitrary files via a symlink attack...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/04/19 4:23 p.m.2 views

netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl

An infinite-loop vulnerability was discovered in Netty's OpenSslEngine handling of renegotiation. An attacker could exploit this flaw to cause a denial of service. Note: Netty is only vulnerable if renegotiation is enabled default setting...

7.8CVSS6.6AI score0.11259EPSS
Exploits0References4
NVD
NVD
added 2017/04/13 2:59 p.m.19 views

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

7.8CVSS7.3AI score0.11259EPSS
Exploits0References9
OSV
OSV
added 2017/04/13 2:59 p.m.37 views

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

7.5CVSS6.7AI score
Exploits0References9
OSV
OSV
added 2017/04/13 2:59 p.m.2 views

DEBIAN-CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

7.5CVSS5.9AI score0.11259EPSS
Exploits0References1
Prion
Prion
added 2017/04/13 2:59 p.m.18 views

Input validation

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

7.8CVSS7AI score0.11259EPSS
Exploits0References9Affected Software4
UbuntuCve
UbuntuCve
added 2017/04/13 2:59 p.m.36 views

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

7.8CVSS6.8AI score0.11259EPSS
Exploits0References1
OSV
OSV
added 2017/04/13 2:59 p.m.4 views

UBUNTU-CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

7.5CVSS7.2AI score0.11259EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/04/13 2:0 p.m.56 views

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

7.8CVSS5.7AI score0.11259EPSS
Exploits0
CVE
CVE
added 2017/04/13 2:0 p.m.119 views

CVE-2016-4970

Netty CVE-2016-4970 affects OpenSslEngine in Netty 4.0.x prior to 4.0.37.Final and 4.1.x prior to 4.1.1.Final. The issue arises from improper handling of renegotiation, enabling remote attackers to cause a denial of service via an infinite loop. Remediation is to upgrade to Netty 4.0.37.Final or ...

7.8CVSS7.2AI score0.11259EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2017/04/13 2:0 p.m.34 views

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

7.3AI score0.11259EPSS
Exploits0References9
CNVD
CNVD
added 2017/02/28 12:0 a.m.3 views

IBM Development Package for Apache Spark Denial of Service Vulnerability

IBM Development Package for Apache Spark is a software development kit. A denial of service vulnerability exists in IBM Development Package for Apache Spark, which can be exploited to launch a denial of service attack. In addition, the Apache Development Package for Apache Spark is vulnerable to ...

7.8CVSS6.7AI score0.11259EPSS
Exploits0References1
Rows per page
Query Builder