22 matches found
CVE-2022-41915
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling DefaultHttpHeadesr.set with an iterator of values, header value validation was not performed, allowing malicious header values in the iterator to...
Oracle Siebel Server <= 23.5 (July 2023 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: EAI JSON-java. Supported versions that are affected are 23.5 and prior...
Security Bulletin: IBM SPSS Analytic Server is affected by vulnerability in Netty (CVE-2022-41915)
Summary Netty is used by IBM SPSS Analytic Server. The latest patch includes Netty 4.1.109.Final to fix the vulnerability. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an...
Oracle Database Server (Jul 2024 CPU)
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be...
Security Bulletin: Netty is vulnerable to CVE-2022-41915 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Netty which is vulnerable to CVE-2022-41915. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an iterator of value...
SUSE SLED15: netty / netty-javadoc / netty-poms / netty-tcnative / etc (SUSE-SU-2023:2096-2)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2096-2 advisory. netty: - Security fixes included in this version update from 4.1.75 to 4.1.90: CVE-2022-24823:...
SUSE SLED15: netty / netty-javadoc / netty-poms / netty-tcnative / etc (SUSE-SU-2023:2096-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2096-1 advisory. netty: - Security fixes included in this version update from 4.1.75 to 4.1.90: CVE-2022-24823:...
SUSE: Security Advisory (SUSE-SU-2023:2096-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerability in Netty affects IBM Process Mining . CVE-2022-41881
Summary There is a vulnerability in Netty that could allow a remote authenticated attacker to execute denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
SUSE-SU-2023:2096-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues: netty: - Security fixes included in this version update from 4.1.75 to 4.1.90: CVE-2022-24823: Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files for Java 6 and lower in...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Netty
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Netty. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an iterator of values...
Ubuntu: Security Advisory (USN-6049-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6049-1: Netty vulnerabilities
It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. CVE-2020-11612 It wa...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to HTTP response splitting due to Netty (CVE-2022-41915)
Summary Netty is used by IBM UrbanCode Deploy UCD for network communication. An attacker may be able to inject HTTP/1.1 response header and cause the server to return a split resonse. CVE-2022-41915 Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response...
Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is affected by vulnerability in Netty (CVE-2022-41915)
Summary Netty CVE-2022-41915 is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library for the Probe for Message Bus integrations. The latest patch includes Netty 4.1.86.Final to fix the vulnerability. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is...
Security Bulletin: Operations Dashboard is vulnerable to denial of service and response splitting due to vulnerabilities in Netty (CVE-2022-41881 and CVE-2022-41915)
Summary Operations Dashboard is vulnerable to denial of service and response splitting due to vulnerabilities in Netty with details below. Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. B...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Netty HTTP response splitting (CVE-2022-41915)
Summary Potential security bypass vulnerability in Netty-CVE-2022-41915 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response...
Debian dla-3268 : libnetty-java - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3268 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3268-1 [email protected]...
CVE-2022-41915 vulnerabilities
Vulnerabilities for packages: apache-nifi...
CVE-2022-41915 vulnerabilities
Vulnerabilities for packages: apache-nifi...