category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-50020	Netty’s HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted_CVE-2026-50020 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before ...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50011	Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length_CVE-2026-50011 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisAr...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50010	Netty’s wrapping plain trust manager silently disables hostname verification_CVE-2026-50010 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleT...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 4.8	CVE-2026-50009	Netty QUIC stateless reset token material exposed through header-visible connection IDs_CVE-2026-50009 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the sta...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-48748	Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion_CVE-2026-48748 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulner...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-48059	Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion_CVE-2026-48059 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAP...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-48043	netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion_CVE-2026-48043 Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and ...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-48006	Netty’s Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator_CVE-2026-48006 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the Red...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-47691	Netty has Insufficient Bailiwick Validation for NS Records_CVE-2026-47691 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 4.4	CVE-2026-47190	IPAM controller service account granted unnecessary full access to Secrets_CVE-2026-47190 IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole gra...	metal3-io	ip-address-manager < 1.11.7	Jun 12, 2026	CVE