Lucene search
K

914 matches found

Snyk
Snyk
added 2026/05/15 10:40 a.m.15 views

Malicious Package

Overview apple-infra-final-escape is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.7 views

SUSE CVE-2026-42580

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

7.3CVSS5.8AI score0.00364EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.19 views

SUSE CVE-2026-42584

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103,...

5.6CVSS5.8AI score0.0073EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/14 7:14 p.m.11 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the computehashtosign function. An attacker can cause heap corruption and potentially crash the application by triggering a failure in EVPDigestFinal after memory has already been freed, leading to a second free operation...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/14 5:16 p.m.14 views

CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/14 2:36 p.m.27 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/14 1:6 p.m.9 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References7
NVD
NVD
added 2026/05/13 7:17 p.m.19 views

CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

7.5CVSS0.00455EPSS
Exploits0References5
OSV
OSV
added 2026/05/13 7:17 p.m.14 views

DEBIAN-CVE-2026-42585

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

7.5CVSS5.8AI score0.00248EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 7:17 p.m.13 views

CVE-2026-42581

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

9.8CVSS0.00591EPSS
Exploits1References10
NVD
NVD
added 2026/05/13 7:17 p.m.26 views

CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS0.00927EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2026/05/13 7:17 p.m.14 views

CVE-2026-42586

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder RedisEncoder writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF \r\n characters. Since the...

7.1CVSS6.8AI score0.00198EPSS
Exploits1References2
OSV
OSV
added 2026/05/13 7:17 p.m.7 views

UBUNTU-CVE-2026-42581

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

9.8CVSS5.8AI score0.00591EPSS
Exploits1References4
CVE
CVE
added 2026/05/13 6:12 p.m.23 views

CVE-2026-42585

Netty CVE-2026-42585 affects Netty prior to versions 4.2.13.Final and 4.1.133.Final, where improper parsing of malformed Transfer-Encoding can enable HTTP request smuggling. Public advisories and OSV entries confirm the issue and that fixes are available in 4.2.13.Final and 4.1.133.Final. Affecte...

7.5CVSS5.8AI score0.00248EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/13 6:6 p.m.21 views

CVE-2026-42582

Netty (HTTP/3) vulnerable in QpackDecoder.decodeHuffmanEncodedLiteral prior to 4.2.13.Final: the non-Huffman path may allocate byte[length] without verifying length

7.5CVSS5.8AI score0.00437EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 6:4 p.m.39 views

CVE-2026-42580 Netty: HTTP Request Smuggling due to incorrect chunk size parsing

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

6.5CVSS0.00364EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/05/13 6:1 p.m.56 views

CVE-2026-42579

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...

9.1CVSS5.8AI score0.00944EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/13 6:0 p.m.8 views

CVE-2026-42577 Netty: epoll transport denial of service via RST on half-closed TCP connection

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

7.5CVSS5.8AI score0.00408EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 5:57 p.m.53 views

CVE-2026-42578 Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

6.3CVSS0.00927EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained a resource management vulnerability. This...

7.5CVSS6.9AI score0.00429EPSS
Exploits1References1
Rows per page
Query Builder