Lucene search
+L

20 matches found

osv
osv
added 2026/07/08 7:6 p.m.1 views

SUSE-SU-2026:2802-1 Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issue This update for netty, netty-tcnative fixes the following issues Upgrade netty to upstream version 4.1.135, netty-tcnative to upstream version 2.0.79: - CVE-2026-44249: IPv6 Subnet Filter Bypass via Incorrect Comparator Masking...

10CVSS7AI score0.00606EPSS
Exploits0References37
nessus
nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : netty, netty-tcnative (SUSE-SU-2026:2308-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2308-1 advisory. This update for netty, netty-tcnative fixes the following issues - CVE-2026-41417: missing validations leads t...

9.8CVSS6.9AI score0.00969EPSS
Exploits11References37
snyk
snyk
added 2026/06/12 4:39 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in RedisArrayAggregator. An attacker who sends a small RESP array header declaring a very large element count can force the aggregator to reserve a large ArrayList via the...

8.7CVSS5.3AI score0.0038EPSS
Exploits0References2
snyk
snyk
added 2026/06/12 4:39 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in shouldWaitForDynamicTableUpdates in QpackDecoder. An attacker can open an indefinite number of persistently blocked streams by sending headers that reference dynamic table entries...

8.7CVSS5.3AI score0.00366EPSS
Exploits0References2
osv
osv
added 2026/06/09 8:13 a.m.7 views

SUSE-SU-2026:2308-1 Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues - CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. - CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...

9.8CVSS6.8AI score0.00969EPSS
Exploits11References25
vulnersosv
vulnersosv
added 2026/06/08 11:2 p.m.7 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3026 more potentially affected by CVE-2026-47244 via io.netty:netty-codec-http2 (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-47244 Source advisory: OSV:GHSA-5X3R-WRVG-RP6Q...

5.3CVSS5.7AI score0.00292EPSS
Exploits0
snyk
snyk
added 2026/06/08 11:2 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded nesting of composite buffers in the SCTP message reassembly process. An attacker can exhaust system memory and cause a denial of service by sending a large number of...

8.7CVSS5.7AI score0.0038EPSS
Exploits0References2
snyk
snyk
added 2026/06/08 10:59 p.m.7 views

Improper Verification of Source of a Communication Channel

Overview Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel due to improper validation in the validateToken function. An attacker can cause the server to treat unvalidated client addresses as validated by supplying any non-empty token...

8.7CVSS5.5AI score0.00143EPSS
Exploits0References2
snyk
snyk
added 2026/06/08 7:2 p.m.9 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the lack of an enforced maximum header size limit in the default configuration of the Http3ConnectionHandler. An attacker can exhaust server memory and cause application crashes by...

8.7CVSS5.5AI score0.00279EPSS
Exploits0References2
snyk
snyk
added 2026/05/06 11:10 p.m.7 views

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the handling of TCP connections with ALLOWHALFCLOSURE enabled when a remote peer sends a FIN followed by a RST. An attacker can cause resource exhaustion or high CPU utilization by...

8.7CVSS5.8AI score0.00408EPSS
Exploits0References2
osv
osv
added 2026/04/15 1:37 p.m.4 views

SUSE-SU-2026:1353-1 Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues: Upidate to 4.1.132: - CVE-2026-33870: incorrectly parses quoted strings in HTTP/1.1 can lead to request smuggling bsc1261031. - CVE-2026-33871: sending a flood of CONTINUATION frames can lead to a denial of service bsc1261043...

8.7CVSS5.9AI score0.01125EPSS
Exploits1References5
snyk
snyk
added 2026/03/26 6:48 p.m.2 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the parsing of quoted strings within chunked transfer encoding extension values. An attacker can inject arbitrary HTTP requests into a connection by crafting chunk extensions containing carriage return or line...

8.7CVSS6AI score0.0064EPSS
Exploits1References2
osv
osv
added 2025/09/09 10:35 a.m.4 views

SUSE-SU-2025:03114-1 Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues: Upgrade to upstream version 4.1.126. Security issues fixed: - CVE-2025-58057: decompression codecs allocating a large number of buffers after processing specially crafted input can cause a denial of service bsc1249134. -...

8.2CVSS7AI score0.01049EPSS
Exploits3References7
nessus
nessus
added 2025/08/20 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2021-43797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty pri...

6.5CVSS6.9AI score0.02682EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2025/08/13 7:6 p.m.10 views

ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +17982 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.123.Final)

io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...

8.2CVSS6.9AI score0.01049EPSS
Exploits1
redhatcve
redhatcve
added 2025/02/04 11:37 p.m.11 views

CVE-2024-40642

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

8.1CVSS7.2AI score0.00671EPSS
Exploits1
nessus
nessus
added 2024/12/24 12:0 a.m.17 views

SUSE SLED15: jctools / jctools-channels / jctools-experimental / jctools-javadoc / etc (SUSE-SU-2024:4407-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4407-1 advisory. - CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java...

5.5CVSS6.8AI score0.00408EPSS
Exploits1References5
suse
suse
added 2024/12/23 8:49 a.m.5 views

Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative

This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues: CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in netty...

5.6CVSS7.6AI score0.00408EPSS
Exploits1References6
osv
osv
added 2024/12/23 8:49 a.m.9 views

SUSE-SU-2024:4407-1 Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative

This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues: - CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in nett...

5.5CVSS7.5AI score0.00408EPSS
Exploits1References4
osv
osv
added 2022/09/23 11:4 a.m.4 views

OESA-2022-1930 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages...

6.5CVSS6.9AI score0.02682EPSS
Exploits0References2
Rows per page
Query Builder