Lucene search
K

198 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2024-29025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The...

5.3CVSS6.7AI score0.0138EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2023-34462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The...

6.5CVSS6.7AI score0.02459EPSS
Exploits1References3
OSV
OSV
added 2024/08/05 9:29 p.m.25 views

GHSA-F984-3WX8-GRP9 XXL-RPC Deserialization of Untrusted Data vulnerability

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

9.5CVSS9.8AI score0.01046EPSS
Exploits0References4
OSV
OSV
added 2024/08/05 9:29 p.m.19 views

GHSA-4HVC-QWR2-F8RV Redisson vulnerable to Deserialization of Untrusted Data

Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...

9.6CVSS9.4AI score0.01036EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/08/05 9:29 p.m.32 views

XXL-RPC Deserialization of Untrusted Data vulnerability

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

10CVSS8.3AI score0.01046EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/03/25 8:15 p.m.3 views

DEBIAN-CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

5.3CVSS6.8AI score0.0138EPSS
Exploits1References1
OSV
OSV
added 2024/03/25 8:15 p.m.13 views

UBUNTU-CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

5.3CVSS6.8AI score0.0138EPSS
Exploits1References7
OSV
OSV
added 2023/12/15 11:6 a.m.7 views

OESA-2023-1905 netty security update

Asynchronous event-driven network application Java framework. Security Fixes: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion...

7.5CVSS8.9AI score0.01466EPSS
Exploits1References2
OSV
OSV
added 2023/12/15 11:6 a.m.4 views

OESA-2023-1906 netty security update

Asynchronous event-driven network application Java framework. Security Fixes: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion...

7.5CVSS8.9AI score0.01466EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/12/12 12:0 a.m.4 views

The vulnerability of the frame decoding function in the Netty network programming framework allows a hacker to trigger a service failure.

The vulnerability of the frame decoding function in the Netty network programming framework is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS6.7AI score0.0628EPSS
Exploits0References11Affected Software37
BDU FSTEC
BDU FSTEC
added 2023/12/12 12:0 a.m.4 views

The vulnerability of the Netty network programming framework lies in its improper handling of control characters, which allows attackers to compromise the integrity of the protected information.

The vulnerability of the Netty network programming framework is related to incorrect processing of control characters. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of the protected information...

7.8CVSS6.9AI score0.02682EPSS
Exploits0References11Affected Software41
BDU FSTEC
BDU FSTEC
added 2023/11/01 12:0 a.m.4 views

The vulnerability of the Netty network programming framework is related to errors during the verification of TLS certificates, which allow attackers to carry out “man-in-the-middle” attacks.

The vulnerability of the Netty network programming framework is related to errors during the verification of TLS certificates. Exploiting this vulnerability allows a remote attacker to carry out a “man-in-the-middle” attack...

7.4CVSS7.2AI score0.00448EPSS
Exploits0References10Affected Software2
NVD
NVD
added 2023/10/18 10:15 p.m.40 views

CVE-2023-45146

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

10CVSS9.7AI score0.01046EPSS
Exploits0References2
Prion
Prion
added 2023/10/18 10:15 p.m.24 views

Remote code execution

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

7.5CVSS9.8AI score0.01046EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/18 9:56 p.m.104 views

CVE-2023-45146

CVE-2023-45146 affects XXL-RPC’s Netty-based TCP server using Hessian serialization. The root cause is insecure deserialization of untrusted objects, allowing an attacker to remotely supply malicious serialized data that, when deserialized, leads to arbitrary code execution and full machine takeo...

10CVSS9.8AI score0.01046EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/18 9:56 p.m.20 views

CVE-2023-45146 Remote code execution in XXL-RPC

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

9CVSS8.2AI score0.01046EPSS
Exploits0References1
NVD
NVD
added 2023/10/04 8:15 p.m.32 views

CVE-2023-42809

Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...

9.6CVSS9.7AI score0.01036EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/09/14 12:0 a.m.8 views

The vulnerability of the Bzip2Decoder decoder in the Netty network programming framework allows a hacker to cause a service failure.

The vulnerability of the Bzip2Decoder decoder in the Netty network programming framework is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS6.7AI score0.05651EPSS
Exploits0References16Affected Software20
BDU FSTEC
BDU FSTEC
added 2023/09/08 12:0 a.m.5 views

The vulnerability of the SniHandler component in the Netty network programming framework, which allows a hacker to trigger a service failure.

The vulnerability of the SniHandler component in the Netty network programming framework is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

6.8CVSS6.7AI score0.02459EPSS
Exploits1References8Affected Software12
Vulnrichment
Vulnrichment
added 2023/06/22 11:0 p.m.20 views

CVE-2023-34462 netty-handler SniHandler 16MB allocation

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle...

6.5CVSS7.3AI score0.02459EPSS
Exploits1References5
Rows per page
Query Builder