Lucene search
K

96 matches found

RedHat Linux
RedHat Linux
added 2024/05/07 4:21 p.m.50 views

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 3.8.4 release

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

7CVSS6.6AI score0.0138EPSS
Exploits1References23
RedHat Linux
RedHat Linux
added 2024/04/29 2:26 a.m.34 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 2 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

7.5CVSS7AI score0.91969EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2024/04/03 12:18 p.m.72 views

CVE-2024-29025

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

5.3CVSS5.4AI score0.0138EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2023/12/12 12:0 a.m.4 views

The vulnerability of the io.netty package: The netty-codec-http network programming framework from Netty allows attackers to exploit it to disclose protected information.

The vulnerability of the io.netty package: The netty-codec-http network programming framework in Netty is related to deficiencies in the system’s controlled zones. Exploiting this vulnerability can allow attackers to disclose protected information...

5.5CVSS6.6AI score0.01044EPSS
Exploits1References9Affected Software22
Tenable Nessus
Tenable Nessus
added 2023/01/12 12:0 a.m.41 views

FreeBSD : cassandra3 -- multiple vulnerabilities (53caf29b-9180-11ed-acbe-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 53caf29b-9180-11ed-acbe-b42e991fc52e advisory. - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI...

7.5CVSS6.7AI score0.37618EPSS
Exploits6References13
Veracode
Veracode
added 2022/12/13 2:14 a.m.39 views

HTTP Response Splitting

netty-codec-http is vulnerable to HTTP response splitting attack. The vulnerability exists in the setObject function of DefaultHeaders.java as it takes the arrays and iterators as arguments, providing a way to bypass value validation allowing an attacker to inject malicious header values into the...

6.5CVSS6.8AI score0.00885EPSS
Exploits1References8Affected Software2
RedHat Linux
RedHat Linux
added 2022/11/03 2:55 p.m.9 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.6 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.2 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/04 4:2 p.m.3 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/04 4:46 a.m.7 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/16 2:52 p.m.5 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/06 4:0 p.m.2 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/06 3:54 p.m.3 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/18 10:56 a.m.5 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.02682EPSS
Exploits0References5
OSV
OSV
added 2022/05/06 12:15 p.m.6 views

DEBIAN-CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

5.5CVSS6.8AI score0.01044EPSS
Exploits1References1
CVE
CVE
added 2022/05/06 12:5 p.m.530 views

CVE-2022-24823

CVE-2022-24823 affects Netty’s io.netty:netty-codec-http prior to 4.1.77.Final, describing an insufficient fix for CVE-2021-21290. When Netty’s multipart decoders handle uploads and temporary disk storage is enabled, local information can be disclosed via the system temporary directory. This affe...

5.5CVSS6.7AI score0.01044EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2022/05/06 12:0 a.m.3 views

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in Netty's package io.netty:netty-codec-http versions prior to 4.1.77, which stems from...

5.5CVSS7.2AI score0.01044EPSS
Exploits1References22
ATTACKERKB
ATTACKERKB
added 2022/04/11 8:15 p.m.8 views

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...

5.9CVSS6.4AI score0.04935EPSS
Exploits0References8
OSV
OSV
added 2022/04/11 8:15 p.m.27 views

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...

5.9CVSS6.4AI score0.04935EPSS
Exploits0References3
Rows per page
Query Builder