Lucene search
K

902 matches found

EUVD
EUVD
added 2026/06/15 8:46 p.m.11 views

EUVD-2026-36467

Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length...

7.5CVSS5.2AI score0.00371EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/13 5:29 a.m.85 views

AutoVAPT

█████╗ ██╗ ██╗████████╗ ██████╗ ██╗ ██╗ █████╗ ██████╗...

9.3CVSS8AI score0.9923EPSS
Exploits55
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.11 views

SUSE CVE-2026-44250

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.11 views

SUSE CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 4:16 p.m.13 views

CVE-2026-48059

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

8.7CVSS0.00606EPSS
Exploits0References10
NVD
NVD
added 2026/06/12 4:16 p.m.14 views

CVE-2026-48748

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS0.00366EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 4:16 p.m.4 views

UBUNTU-CVE-2026-48006

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

8.7CVSS5.3AI score0.00489EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 4:16 p.m.4 views

UBUNTU-CVE-2026-50010

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...

7.5CVSS5.3AI score0.00269EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 4:16 p.m.5 views

UBUNTU-CVE-2026-48748

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 4:16 p.m.4 views

UBUNTU-CVE-2026-48059

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

8.7CVSS5.5AI score0.00606EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 3:16 p.m.4 views

UBUNTU-CVE-2026-46340

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

7.5CVSS5.5AI score0.00371EPSS
Exploits0References5
CVE
CVE
added 2026/06/12 2:50 p.m.151 views

CVE-2026-50010

Netty CVE-2026-50010 affects 4.1.135.Final and 4.2.15.Final. When using SimpleTrustManagerFactory.engineGetTrustManagers(), a user-supplied plain X509TrustManager is wrapped in X509TrustManagerWrapper. This wrapper makes the trust manager appear as X509ExtendedTrustManager but implements checkSer...

7.5CVSS5.3AI score0.00269EPSS
Exploits0References11Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 2:36 p.m.12 views

CVE-2026-48006 Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

8.7CVSS5.3AI score0.00489EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:23 p.m.7 views

CVE-2026-47244 Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

5.3CVSS5.2AI score0.00292EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:23 p.m.69 views

CVE-2026-47244

Netty HTTP/2 CVE-2026-47244 affects Netty 4.1.135.Final and 4.2.15.Final. Before patch, DefaultHttp2Connection.DefaultEndpoint initializes maxActiveStreams/maxStreams to Integer.MAX_VALUE and Http2Settings does not insert SETTINGS_MAX_CONCURRENT_STREAMS by default, so a Netty HTTP/2 server can ad...

5.3CVSS5.2AI score0.00292EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/12 2:6 p.m.35 views

CVE-2026-44894 Netty's Default QUIC token handler accepts any client-supplied token

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS0.00143EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/12 1:9 a.m.12 views

CVE-2026-44487

A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final...

8.2CVSS5.1AI score0.00689EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-50009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset...

4.8CVSS5.5AI score0.00204EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in th...

7.5CVSS5.5AI score0.00366EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 10:16 p.m.7 views

DEBIAN-CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References1
Rows per page
Query Builder