Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2024/06/06 8:4 a.m.14 views

Sensitive Information Disclosure

netty-incubator-codec-ohttp is vulnerable to Sensitive Information Disclosure. The vulnerability due to an error in the BoringSSLAEADContext which results the encryption nonce overflowing. An attacker can manipulate the nonce repetition by causing the sequence number to overflow, which decreases...

9.1CVSS6.7AI score0.00404EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2024/06/05 4:53 p.m.16 views

GHSA-G762-H86W-8749 BoringSSLAEADContext in Netty Repeats Nonces

Summary BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to...

5.9CVSS7.5AI score0.00404EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2024/06/05 4:53 p.m.29 views

BoringSSLAEADContext in Netty Repeats Nonces

Summary BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to...

9.1CVSS5.9AI score0.00404EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2024/06/04 10:15 p.m.12 views

CVE-2024-36121

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which...

9.1CVSS6AI score0.00404EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2024/06/04 9:13 p.m.17 views

CVE-2024-36121 netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which...

5.9CVSS7.2AI score0.00404EPSS
Exploits1References2
OSV
OSVadded 2024/06/04 9:13 p.m.14 views

CVE-2024-36121 netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which...

5.9CVSS9AI score0.00404EPSS
Exploits1References4
Cvelist
Cvelistadded 2024/06/04 9:13 p.m.21 views

CVE-2024-36121 netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which...

5.9CVSS6AI score0.00404EPSS
Exploits1References2
Rows per page
Query Builder