Lucene search
K

427 matches found

IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for...

9.1CVSS6.9AI score0.00533EPSS
Exploits0Affected Software1
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0023

The vulnerability in Netty is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS6.8AI score0.00887EPSS
Exploits1
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0022

The vulnerability in Netty is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

8.7CVSS6.8AI score0.01125EPSS
Exploits0
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0033

The vulnerability in Netty is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote attacker to inject arbitrary HTTP headers...

7.5CVSS7AI score0.00952EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 2:26 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote...

9.8CVSS6.7AI score0.0115EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:20 p.m.3 views

Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

8.7CVSS6.7AI score0.01125EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.3 views

Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

7.5CVSS6.5AI score0.0064EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 2:46 p.m.5 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request Smullging Vulnerability in Netty (CVE-2026-33870)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the Server/Agent/Relay communication system. CVE-2026-33870. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

7.5CVSS5.9AI score0.0064EPSS
Exploits1Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Netty

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder had a CRLF injection in the request URI during request construction. This led to request smuggling when HttpRequestEncoder w...

6.5CVSS6.6AI score0.00292EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.17 views

netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager X509TrustManager, it fails to perform...

7.5CVSS5.3AI score0.00269EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.9 views

netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message

A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2TYPESSL TLV Type-Length-Value header. This can lead to an IndexOutOfBoundsException...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References7
Veracode
Veracode
added 2026/06/16 6:57 p.m.10 views

Improper Certificate Validation

Netty is vulnerable to Improper Certificate Validation. The vulnerability is due to improper wrapping of user-supplied X509TrustManager instances that bypasses hostname verification during TLS certificate validation, which allows an attacker to perform man-in-the-middle attacks using certificates...

7.5CVSS5.2AI score0.00269EPSS
Exploits0References14Affected Software1
Veracode
Veracode
added 2026/06/16 6:38 p.m.9 views

HTTP Request Smuggling

Netty is vulnerable to HTTP Request Smuggling. The vulnerability is due to HttpObjectDecoder improperly ignoring non-CRLF control characters before the request line, which allows an attacker to create request-boundary confusion between front-end and back-end components and potentially smuggle...

5.3CVSS5.2AI score0.00232EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/16 2:19 a.m.12 views

SUSE CVE-2026-50010

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...

7.5CVSS5.3AI score0.00269EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:19 p.m.8 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Uncontrolled Resource Consumption.

Summary netty-codec-4.1.127.Final.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42583. Vulnerability Details CVEID:CVE-2026-42583 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocate...

7.5CVSS5.3AI score0.00429EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.12 views

CVE-2026-50010

A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager X509TrustManager, it fails to perform...

7.5CVSS5AI score0.00269EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.20 views

CVE-2026-45416

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00461EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 4:16 p.m.6 views

UBUNTU-CVE-2026-50011

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

7.5CVSS5.3AI score0.0038EPSS
Exploits0References5
CVE
CVE
added 2026/06/12 2:52 p.m.55 views

CVE-2026-50011

Netty CVE-2026-50011 affects RedisArrayAggregator in Netty (prior to 4.1.135.Final and 4.2.15.Final). A RESP header can claim a large initial ArrayList capacity, taken from the wire before child messages exist, enabling unbounded pre-allocation. This can cause memory consumption issues. The issue...

7.5CVSS5.3AI score0.0038EPSS
Exploits0References7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 10:57 a.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-42577 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fail...

9.8CVSS7AI score0.00745EPSS
Exploits5Affected Software1
Rows per page
Query Builder