Lucene search
K

2376 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 12:9 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Summary Multiple vulnerabilities were addressed in IBM Tivoli Network Manager IP Edition 4.2.0.24 IFix 1 Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of...

9.9CVSS6.6AI score0.01127EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/11 12:40 a.m.13 views

CLEANSTART-2026-CC73064 In Eclipse Jetty, the HTTP/1

Multiple security vulnerabilities affect the apache-zookeeper package. In Eclipse Jetty, the HTTP/1. See references for individual vulnerability details...

9.8CVSS7.6AI score0.01127EPSS
Exploits3References16
RedHat Linux
RedHat Linux
added 2026/06/10 8:29 p.m.9 views

org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests

A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...

7.5CVSS5.5AI score0.00625EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/10 8:29 p.m.11 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS5.5AI score0.00706EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/10 8:25 p.m.11 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS5.5AI score0.00706EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/10 8:25 p.m.8 views

org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests

A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...

7.5CVSS5.5AI score0.00625EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.15 views

org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests

A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...

7.5CVSS5.5AI score0.00625EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.9 views

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.4AI score0.01127EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.18 views

Important: Red Hat Security Advisory: HawtIO 4.4.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.4.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

10CVSS7.3AI score0.01945EPSS
Exploits10References1
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.11 views

org.eclipse.jetty.ee10/jetty-ee10: early return from the JASPIAuthenticator class without clearing ThreadLocal variables

A flaw was found in Eclipse Jetty. The JASPIAuthenticator class is responsible for handling authentication checks. During these checks, the class sets two ThreadLocal variables to store authentication state. Under certain conditions, the authentication process can return early without properly...

7.4CVSS5.5AI score0.00529EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:16 a.m.13 views

CVE-2026-40984

In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17...

7.5CVSS0.00623EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/09 3:47 a.m.19 views

EUVD-2026-35320

In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17...

7.5CVSS5.4AI score0.00623EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 3:47 a.m.106 views

CVE-2026-40984

CVE-2026-40984 details (from provided sources): Affects Micrometer HTTP server instrumentations across micrometer-core and micrometer-jetty variants (various versions listed in the initial entry). The vulnerability is a DoS triggered by specially crafted HTTP requests. The CVSS v3.1 base score is...

7.5CVSS5.4AI score0.00623EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47643

Name of the Vulnerable Software and Affected Versions micrometer-core versions 1.16.0 through 1.16.5 micrometer-core versions 1.15.0 through 1.15.11 micrometer-core versions 1.14.0 through 1.14.15 micrometer-core versions 1.13.0 through 1.13.18 micrometer-core versions 1.9.0 through 1.9.17...

7.5CVSS5.8AI score0.00623EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

VMware Micrometer 资源管理错误漏洞

VMware Micrometer is an application monitoring metric collection framework developed by the American company VMware. There is a resource management vulnerability in VMware Micrometer; this vulnerability stems from the ability for users to submit custom HTTP requests, which may lead to denial of...

7.5CVSS5.4AI score0.00623EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/08 12:0 a.m.13 views

Allocation of Resources Without Limits or Throttling

Overview io.micrometer:micrometer-jetty12 is a Micrometer instrumentation for Jetty 12 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP server metrics instrumentation in Micrometer. An attacker can cause denial of service by sending...

8.2CVSS5.5AI score0.00623EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 3:30 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Jetty

Summary There are vulnerabilities in Jetty used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2025-11143, CVE-2026-2332. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has...

9.1CVSS7AI score0.01127EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/02 11:27 a.m.12 views

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.8AI score0.01127EPSS
Exploits1References6
OSV
OSV
added 2026/05/30 6:3 p.m.22 views

RLSA-2026:20568 Important: jmc security update

JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications...

7.5CVSS5.8AI score0.01127EPSS
Exploits1References3
Rockylinux
Rockylinux
added 2026/05/30 6:3 p.m.22 views

jmc security update

An update is available for jmc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced s...

9.1CVSS5.8AI score0.01127EPSS
Exploits1
Rows per page
Query Builder