Lucene search
K

2786 matches found

redhat
redhat
added 2026/07/02 12:3 a.m.5 views

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS6.8AI score0.01125EPSS
Exploits0References5
redhat
redhat
added 2026/07/02 12:3 a.m.5 views

netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS6.1AI score0.00606EPSS
Exploits0References7
redhat
redhat
added 2026/07/02 12:3 a.m.6 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS6.6AI score0.0064EPSS
Exploits1References8
redhat
redhat
added 2026/07/02 12:3 a.m.5 views

netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli br, Zstandard zstd, or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an...

7.5CVSS5.9AI score0.00887EPSS
Exploits1References5
redhat
redhat
added 2026/07/02 12:3 a.m.4 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.9AI score0.00573EPSS
Exploits0References7
ibm
ibm
added 2026/06/30 11:9 a.m.6 views

Security Bulletin: Due to use of IBM Storage Scale, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Storage Scale affect IBM Cloud Pak System. These vulnerabilities were addressed in IBM Cloud Pak System v2.3.5.1. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions...

8.8CVSS6AI score0.02164EPSS
Exploits3Affected Software3
ibm
ibm
added 2026/06/30 10:2 a.m.5 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application...

8.7CVSS6.8AI score0.01125EPSS
Exploits0Affected Software1
ibm
ibm
added 2026/06/26 5:3 p.m.4 views

Security Bulletin: Vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js. Vulnerabilities include the authentication, authorization, and other security controls being rendered inactive on intended requests,...

8.2CVSS7.3AI score0.01594EPSS
Exploits0Affected Software1
ibm
ibm
added 2026/06/26 6:15 a.m.4 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.12.0 Vulnerability Details CVEID:CVE-2026-42578 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandl...

9.1CVSS6.5AI score0.00969EPSS
Exploits4Affected Software1
redhatcve
redhatcve
added 2026/06/25 11:8 p.m.7 views

CVE-2026-41715

A flaw was found in Reactor Netty HTTP client. In specific scenarios, a remote attacker could exploit this vulnerability when the HTTP client is explicitly configured to follow redirects from a secure endpoint to an insecure one. This could lead to the leakage of sensitive credentials. Mitigation...

6.5CVSS5.9AI score0.00172EPSS
Exploits0References4
ibm
ibm
added 2026/06/25 6:37 p.m.6 views

Security Bulletin: Vulnerabilities in Spring, Tomcat, Netty, Picomatch might affect IBM Storage Protect Plus

Summary IBM Storage Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Netty, Picomatch . Vulnerabilities include stack-based buffer overflow, improper encoding or escaping of output, deserialization of untrusted data, improper restriction of operations within the bounds of a memo...

9.1CVSS7.3AI score0.0504EPSS
Exploits4Affected Software1
ibm
ibm
added 2026/06/25 5:40 p.m.3 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-44249 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. In netty-handler...

10CVSS6AI score0.00887EPSS
Exploits1Affected Software1
osv
osv
added 2026/06/24 1:32 p.m.9 views

ROOT-APP-MAVEN-CVE-2025-22227 CVE-2025-22227 in io.root.io.projectreactor.netty:reactor-netty-http - Patched by Root

Root has patched CVE-2025-22227 in the io.root.io.projectreactor.netty:reactor-netty-http package for Root:Maven. Multiple fixed versions available...

6.1CVSS5.2AI score0.0034EPSS
Exploits0
redos
redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0023

The vulnerability in Netty is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS6.8AI score0.00887EPSS
Exploits1
redos
redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0032

The vulnerability in Netty is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS6.7AI score0.00455EPSS
Exploits0
redos
redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0021

The vulnerability in Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP request smuggling attack...

7.5CVSS6.6AI score0.0064EPSS
Exploits1
redos
redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0022

The vulnerability in Netty is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

8.7CVSS6.8AI score0.01125EPSS
Exploits0
redos
redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0033

The vulnerability in Netty is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote attacker to inject arbitrary HTTP headers...

7.5CVSS7AI score0.00952EPSS
Exploits1
redos
redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0030

The vulnerability in Netty is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

9.1CVSS6.8AI score0.00969EPSS
Exploits1
redos
redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0029

The vulnerability in Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP request smuggling attack...

9.8CVSS6.8AI score0.00607EPSS
Exploits1
Rows per page
Query Builder