what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

CVE-2020-11612

Status Candidate

Overview

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

Related Files

Ubuntu Security Notice USN-6049-1
Posted May 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6049-1 - It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. It was discovered that Netty created temporary files with excessive permissions. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, and Ubuntu 20.04 ESM.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-11612, CVE-2021-21290, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881, CVE-2022-41915
SHA-256 | 7e20c4b100a01d5436fdc3d622df85ec25fc16ce3f77384791bc1e053d16f411
Debian Security Advisory 4885-1
Posted Apr 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4885-1 - Multiple security issues were discovered in Netty, a Java NIO client/server framework, which could result in HTTP request smuggling, denial of service or information disclosure.

tags | advisory, java, web, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2019-20444, CVE-2019-20445, CVE-2020-11612, CVE-2020-7238, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409
SHA-256 | 6a526fc31321b64c4acb5653a9654f65c2eb9bacc8eeae0a6e619452216f22f7
Red Hat Security Advisory 2021-1313-01
Posted Apr 22, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1313-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include double free, information leakage, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2017-2662, CVE-2019-18874, CVE-2020-11612, CVE-2020-14335, CVE-2020-25633, CVE-2020-9402
SHA-256 | 27f926f5aa6dc020146bbe82a0e986564870461f6b710ded0e468168538e2d5c
Red Hat Security Advisory 2020-5568-01
Posted Dec 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5568-01 - This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse 7.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, bypass, code execution, cross site scripting, denial of service, deserialization, file disclosure, information leakage, memory leak, out of bounds read, privilege escalation, server-side request forgery, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, code execution, xss, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2018-1000873, CVE-2019-0205, CVE-2019-0210, CVE-2019-10202, CVE-2019-10219, CVE-2019-11777, CVE-2019-12406, CVE-2019-12423, CVE-2019-13990, CVE-2019-14900, CVE-2019-17566, CVE-2019-17638, CVE-2019-19343, CVE-2019-2692, CVE-2019-3773, CVE-2019-3774, CVE-2020-10683, CVE-2020-10740, CVE-2020-11612, CVE-2020-11971, CVE-2020-11972, CVE-2020-11973, CVE-2020-11980, CVE-2020-11989, CVE-2020-11994, CVE-2020-13692, CVE-2020-1393
SHA-256 | 4d8c51d0d7d15381aedd8f056934e518c8d3ae79ede9556857b44d07aaa1f17a
Ubuntu Security Notice USN-4600-2
Posted Oct 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4600-2 - USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-20444, CVE-2020-11612
SHA-256 | 2743e423223a69bc2e5a3493c5262e8e506d7718197a2ac2bde20270a2a9ba90
Red Hat Security Advisory 2020-4252-01
Posted Oct 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4252-01 - This release of Red Hat build of Quarkus 1.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10693, CVE-2020-11612, CVE-2020-1714, CVE-2020-1728
SHA-256 | b4187d94d01cb3b93f3ce744b926dc2b8f43c1ccf46fcb7ac42e3bfb33269df5
Red Hat Security Advisory 2020-3779-01
Posted Sep 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3779-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include XML injection, bypass, and improper authorization vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2017-7658, CVE-2019-10172, CVE-2020-10672, CVE-2020-10673, CVE-2020-10714, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11612, CVE-2020-11619, CVE-2020-11620, CVE-2020-1695, CVE-2020-1710, CVE-2020-1719, CVE-2020-1745, CVE-2020-1748, CVE-2020-1757, CVE-2020-8840, CVE-2020-9488, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
SHA-256 | bda9f859f02dbc7e3933821e8b9f636c5252aa584253a3ce3cca3733655cb6b0
Red Hat Security Advisory 2020-3626-01
Posted Sep 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3626-01 - Red Hat Data Grid is a distributed, in-memory datastore. This release of Red Hat Data Grid 8.1.0 replaces Red Hat Data Grid 8.0, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-11612, CVE-2020-9488
SHA-256 | 637a3a27735c2ee5f9135aa2dd799bd97e2069af5df9dd68a49e84031a462ca7
Red Hat Security Advisory 2020-3585-01
Posted Aug 31, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3585-01 - Red Hat JBoss Enterprise Application Platform CD20 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform CD20 includes bug fixes and enhancements. Issues addressed include XML injection, deserialization, man-in-the-middle, memory exhaustion, remote SQL injection, and traversal vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2018-14371, CVE-2019-10172, CVE-2019-14900, CVE-2020-10673, CVE-2020-10683, CVE-2020-10705, CVE-2020-10714, CVE-2020-10719, CVE-2020-10740, CVE-2020-11612, CVE-2020-1719, CVE-2020-1954, CVE-2020-6950
SHA-256 | 8b3a2c2f6830bb1355631c1c8b746bafadd1627926c2cc0323c535706f9f733f
Red Hat Security Advisory 2020-3501-01
Posted Aug 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3501-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, deserialization, and improper authorization vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-10758, CVE-2020-11612, CVE-2020-14307, CVE-2020-1710, CVE-2020-1728, CVE-2020-1748
SHA-256 | e390128d6a2fbef2d35e6bbd560115b1a61fac337fcd0f0f08ca070348829b0b
Red Hat Security Advisory 2020-3197-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3197-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.8.0 serves as an update to Red Hat Process Automation Manager 7.7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-10086, CVE-2019-12406, CVE-2019-12423, CVE-2019-13990, CVE-2019-16869, CVE-2019-17573, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11612, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-1718
SHA-256 | a15ccfa9329679e05a6ecaa4123f1c5d3a9080732413f5c3b568c78c83c33b9b
Red Hat Security Advisory 2020-3196-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3196-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.8.0 serves as an update to Red Hat Decision Manager 7.7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-12406, CVE-2019-12423, CVE-2019-13990, CVE-2019-16869, CVE-2019-17573, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11612, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-1718, CVE-2020-7238
SHA-256 | 19707209eebd7d23d58d5eac714f5aec7fe71e79b5a8b0ea417379cd8fe36ad3
Red Hat Security Advisory 2020-3133-01
Posted Jul 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3133-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.4 serves as a replacement for Red Hat AMQ Broker 7.4.3, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2018-15756, CVE-2020-10727, CVE-2020-11612, CVE-2020-1953
SHA-256 | 33ec272ba760814b950affc8130b7170d412faa133a83258e944a6d59f066d27
Red Hat Security Advisory 2020-2751-01
Posted Jun 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2751-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.7.0 serves as a replacement for Red Hat AMQ Broker 7.6.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-5183, CVE-2020-10727, CVE-2020-11612, CVE-2020-1953
SHA-256 | 86afa8e16589220829347dd236016a327498a1d6af106f5931992adf9a788c30
Red Hat Security Advisory 2020-2618-01
Posted Jun 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2618-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.5.0 serves as a replacement for Red Hat AMQ Streams 1.4.0, and includes security and bug fixes, and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-11612, CVE-2020-1945
SHA-256 | 3ee7934e7a1293c6acdcf22be66e68fc63016a65886517eb784c831ecd60e4dc
Red Hat Security Advisory 2020-2605-01
Posted Jun 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2605-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a memory leak vulnerability.

tags | advisory, protocol, memory leak
systems | linux, redhat
advisories | CVE-2020-11612
SHA-256 | c4fce87f51ba6a78cd5a523dbe03b2ef1ba0c26606903c8bfe0758a86d845003
Red Hat Security Advisory 2020-1422-01
Posted Apr 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1422-01 - This release of Red Hat build of Eclipse Vert.x 3.9.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-11612
SHA-256 | 7c7751f52e2c9ef775e9fa971786dfb556347c919d303ea795904914ccb59775
Red Hat Security Advisory 2020-1538-01
Posted Apr 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1538-01 - The release of Red Hat AMQ Online 1.4.1 serves as a replacement for AMQ online 1.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-11612
SHA-256 | 4cadfe096f7f6cabf0c012002c7f0d349654ebf85096174d5bb3e82c814f3dac
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close