2758 matches found
CVE-2015-2156
CVE-2015-2156 concerns Netty (and Play Framework): improper validation of cookie name/value characters can bypass HttpOnly and expose sensitive data. In IBM StreamSets Data Collector context, this vulnerability affects versions 5.0.0–6.4.1 and remediation is to upgrade to IBM StreamSets Data Coll...
CVE-2015-2156
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...
CVE-2017-13763
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited...
Design/Logic Flaw
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited...
CVE-2017-13763
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited...
CVE-2017-13763
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited...
Unspecified Vulnerability in ONOS
ONOS is a new carrier-grade SDN network operating system. An unspecified vulnerability exists in ONOS versions 1.8.0, 1.9.0, and 1.10.0. An attacker can exploit the vulnerability to make the Netty payload size unlimited...
CVE-2017-13763
CVE-2017-13763 affects ONOS versions 1.8.0, 1.9.0, and 1.10.0. The root cause is lack of an upper bound on memory allocation for Netty payloads, i.e., Netty payload size is not limited. This has been linked to a denial-of-service risk on ONOS clusters (e.g., nodes timing out when connecting to th...
Predictable Filenames
netty-codec-http is vulnerable to predictable filenames for the temporary files. The vulnerability exists because it takes user provided file name as part of the temporary file name, allowing a malicious user to overwrite arbitrary files via a symlink attack...
netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
An infinite-loop vulnerability was discovered in Netty's OpenSslEngine handling of renegotiation. An attacker could exploit this flaw to cause a denial of service. Note: Netty is only vulnerable if renegotiation is enabled default setting...
CVE-2016-4970
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...
CVE-2016-4970
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...
DEBIAN-CVE-2016-4970
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...
Input validation
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...
CVE-2016-4970
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...
UBUNTU-CVE-2016-4970
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...
CVE-2016-4970
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...
CVE-2016-4970
Netty CVE-2016-4970 affects OpenSslEngine in Netty 4.0.x prior to 4.0.37.Final and 4.1.x prior to 4.1.1.Final. The issue arises from improper handling of renegotiation, enabling remote attackers to cause a denial of service via an infinite loop. Remediation is to upgrade to Netty 4.0.37.Final or ...
CVE-2016-4970
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...
IBM Development Package for Apache Spark Denial of Service Vulnerability
IBM Development Package for Apache Spark is a software development kit. A denial of service vulnerability exists in IBM Development Package for Apache Spark, which can be exploited to launch a denial of service attack. In addition, the Apache Development Package for Apache Spark is vulnerable to ...