Lucene search
K

159 matches found

nvd
nvd
added 2024/09/04 4:15 p.m.54 views

CVE-2024-8391

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

7.5CVSS0.0058EPSS
Exploits0References2
cve
cve
added 2024/09/04 3:27 p.m.119 views

CVE-2024-8391

CVE-2024-8391 affects Eclipse Vert.x gRPC server components (io.vertx:vertx-grpc-server and vertx-grpc-client) across Vert.x 4.3.0–4.5.9. The underlying issue is an unbounded maximum payload length in the gRPC server, which can lead to memory exhaustion and denial of service. The fix is available...

7.5CVSS6.2AI score0.0058EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/09/04 3:27 p.m.25 views

CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

6.9CVSS7AI score0.0058EPSS
Exploits0References2
cvelist
cvelist
added 2024/09/04 3:27 p.m.63 views

CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

6.9CVSS0.0058EPSS
Exploits0References2
osv
osv
added 2024/09/04 3:27 p.m.23 views

CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

6.9CVSS7AI score0.0058EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/09/04 12:0 a.m.5 views

Eclipse Vert.x 安全漏洞

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in Eclipse Vert.x versions 4.3.0 through 4.5.9 that stems from the gRPC server not limiting the maximum length of the message load...

7.5CVSS7.4AI score0.0058EPSS
Exploits0References4
redhat
redhat
added 2024/07/25 7:26 p.m.30 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.

Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

10CVSS7AI score0.0481EPSS
Exploits2References12
ibm
ibm
added 2024/06/25 9:2 a.m.26 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1300).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component. Vert. x is a toolkit to build reactive microservices.It is used to create a highly scalable and performant event-driven architecture for managing Kafka clusters. Vulnerability Details...

5.4CVSS6AI score0.01055EPSS
Exploits0Affected Software1
nessus
nessus
added 2024/06/13 12:0 a.m.15 views

RHEL 6 : vert.x (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx CVE-2024-1023 Not...

6.5CVSS6.8AI score0.01639EPSS
Exploits0References1
ibm
ibm
added 2024/05/31 10:42 a.m.62 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...

7CVSS7.2AI score0.0138EPSS
Exploits2Affected Software1
ibm
ibm
added 2024/05/20 6:22 a.m.64 views

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 271. Vulnerability Details CVEID:CVE-2024-1023 DESCRIPTION: Eclipse Vert.x is vulnerable to a denial of service, caused by a memory leak due to the use of Netty...

6.5CVSS7AI score0.01639EPSS
Exploits1Affected Software1
redhat
redhat
added 2024/04/29 2:26 a.m.37 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 2 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

7.5CVSS7AI score0.91969EPSS
Exploits2References7
ibm
ibm
added 2024/04/27 1:48 p.m.37 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for April 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF004. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...

6.5CVSS7.5AI score0.01639EPSS
Exploits1Affected Software1
github
github
added 2024/04/02 9:30 a.m.35 views

Eclipse Vert.x vulnerable to a memory leak in TCP servers

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...

5.4CVSS6.9AI score0.01055EPSS
Exploits0References18Affected Software1
nvd
nvd
added 2024/04/02 8:15 a.m.17 views

CVE-2024-1300

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...

5.4CVSS6AI score0.01055EPSS
Exploits0References11
cve
cve
added 2024/04/02 7:33 a.m.272 views

CVE-2024-1300

CVE-2024-1300 affects the Eclipse Vert.x toolkit. The issue causes a memory leak in TLS/SNI-enabled TCP servers when processing an unknown SNI, leading to SSL context caching in the server name map and potential JVM out-of-memory. Public details in the provided documents specify the vulnerability...

5.4CVSS5.8AI score0.01055EPSS
Exploits0References11
cvelist
cvelist
added 2024/04/02 7:33 a.m.23 views

CVE-2024-1300 Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...

5.4CVSS5.5AI score0.01055EPSS
Exploits0References11
vulnrichment
vulnrichment
added 2024/04/02 7:33 a.m.59 views

CVE-2024-1300 Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...

5.4CVSS6.5AI score0.01055EPSS
Exploits0References11
github
github
added 2024/03/27 9:30 a.m.92 views

Eclipse Vert.x memory leak

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

6.5CVSS6.8AI score0.01639EPSS
Exploits0References16Affected Software1
nvd
nvd
added 2024/03/27 8:15 a.m.29 views

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

6.5CVSS6.6AI score0.01639EPSS
Exploits0References12
Rows per page
Query Builder