Lucene search
K

220 matches found

RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.13 views

CVE-2026-48043

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

7.5CVSS5AI score0.00594EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.15 views

CVE-2026-44893

A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2TYPESSL TLV Type-Length-Value header. This can lead to an IndexOutOfBoundsException...

7.5CVSS5AI score0.00594EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/11 8:19 p.m.7 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the parsing process of nested PP2TYPESSL TLVs within the HAProxy PROXY protocol v2 codec. An attacker can cause memory exhaustion by sending syntactically valid headers containing...

8.7CVSS5.6AI score0.00606EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 8:19 p.m.6 views

GHSA-H2QV-FJ59-J46J Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion

Impact The HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested PP2TYPESSL TLVs type-length-value records at depth two or greater. The leak occurs on the successful parse path — no exception is...

8.7CVSS5.7AI score0.00606EPSS
Exploits0References5
Atlassian
Atlassian
added 2026/06/11 5:31 p.m.7 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Crowd Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity HTTP Request Smuggling vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, 7.2.0 of Crowd Data Center. This HTTP...

9.1CVSS5.4AI score0.00633EPSS
Exploits1
Snyk
Snyk
added 2026/06/11 1:26 p.m.7 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper cleanup of pooled direct-memory buffers in the RedisArrayAggregator function. An attacker can exhaust the JVM-wide direct-memory pool by repeatedly opening and closing...

8.7CVSS5.5AI score0.00489EPSS
Exploits0References2
Atlassian
Atlassian
added 2026/06/11 12:0 p.m.6 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Service Management Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 a...

8.7CVSS5.4AI score0.01125EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 11:2 p.m.5 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3026 more potentially affected by CVE-2026-47244 via io.netty:netty-codec-http2 (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-47244 Source advisory: OSV:GHSA-5X3R-WRVG-RP6Q...

5.3CVSS5.7AI score0.00292EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 11:2 p.m.7 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +19976 more potentially affected by CVE-2026-47244 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.134.Final)

io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

5.3CVSS5.7AI score0.00292EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 10:59 p.m.5 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +1044 more potentially affected by CVE-2026-44894 via io.netty:netty-codec-classes-quic (>=4.2.10.Final <=4.2.14.Final)

io.netty:netty-codec-classes-quic MAVEN version =4.2.10.Final, =0.1.0, =0.1.0, =0.0.1-alfa, =0.0.1-demo, =6.0.1, =4.0.3-M1, =1.21.9, =1.0.5, =3.6.4, =1.0.1, =26.2.1, =26.6.1 and more Source cves: CVE-2026-44894 Source advisory: OSV:GHSA-CMM3-54F8-PX4J...

7.5CVSS5.7AI score0.00143EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 7:2 p.m.6 views

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +6289 more potentially affected by CVE-2026-44893 via io.netty:netty-codec-haproxy (>=4.1.100.Final <=4.1.134.Final)

io.netty:netty-codec-haproxy MAVEN version =4.1.100.Final, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.0.86, =0.0.86, =0.0.86, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 -...

7.5CVSS5.7AI score0.00594EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 7:2 p.m.6 views

ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +431 more potentially affected by CVE-2026-44890 via io.netty:netty-codec-redis (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-codec-redis MAVEN version =4.2.0.Final, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-44890 Source advisory: OSV:GHSA-6GHJ-FRRJ-JJJ3...

7.5CVSS5.7AI score0.00371EPSS
Exploits0
Snyk
Snyk
added 2026/06/08 7:2 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the decodeLength function. An attacker can exhaust the server's direct memory pool by sending continuous streams of digits without a terminating \r\n across multiple concurren...

8.7CVSS5.5AI score0.00371EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/08 7:2 p.m.7 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2478 more potentially affected by CVE-2026-44890 via io.netty:netty-codec-redis (>=4.1.0.Final <=4.1.134.Final)

io.netty:netty-codec-redis MAVEN version =4.1.0.Final, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.0.1, =0.0.9 and more Source cves: CVE-2026-44890 Source advisory: OSV:GHSA-6GHJ-FRRJ-JJJ3...

7.5CVSS5.7AI score0.00371EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 7:1 p.m.5 views

ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +431 more potentially affected by CVE-2026-44250 via io.netty:netty-codec-redis (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-codec-redis MAVEN version =4.2.0.Final, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-44250 Source advisory: OSV:GHSA-3244-J874-RHC2...

7.5CVSS5.7AI score0.00371EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 7:1 p.m.9 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2478 more potentially affected by CVE-2026-44250 via io.netty:netty-codec-redis (>=4.1.0.Final <=4.1.134.Final)

io.netty:netty-codec-redis MAVEN version =4.1.0.Final, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.0.1, =0.0.9 and more Source cves: CVE-2026-44250 Source advisory: OSV:GHSA-3244-J874-RHC2...

7.5CVSS5.7AI score0.00371EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:22 p.m.9 views

CVE-2026-41207

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References3Affected Software1
Atlassian
Atlassian
added 2026/06/02 4:30 p.m.9 views

Injection io.netty:netty-codec-dns Dependency in Confluence Data Center

This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 7.0.1, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1, 9.1.0, 9.2.0,...

9.1CVSS5.3AI score0.00818EPSS
Exploits1
Atlassian
Atlassian
added 2026/06/02 4:30 p.m.6 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center

This High severity HTTP Request Smuggling vulnerability was introduced in versions 7.0.1, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a...

7.5CVSS5.2AI score0.00248EPSS
Exploits1
Atlassian
Atlassian
added 2026/06/02 4:30 p.m.7 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center

This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity HTTP Request Smuggling vulnerability was introduced in versions 7.0.1, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1, 9.1.0,...

9.1CVSS5.3AI score0.00633EPSS
Exploits1
Rows per page
Query Builder