CVE-2025-0727

The CVE-2025-0727 entry concerns Eclipse ThreadX NetX Duo NetX HTTP server that allows an attacker to trigger an integer underflow and DoS by sending crafted HTTP PUT requests with mismatched Content-Length. Affected: NetX Duo before version 6.4.2 (per CVE-0727); related follow-ups indicate an in...

CVE-2025-0727 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...

CVE-2025-0728 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaroun...

CVE-2025-0728

The CVE-2025-0728 issue affects the NetX HTTP server in Eclipse ThreadX NetX Duo prior to version 6.4.2. A crafted network packet with Content-Length smaller than the data can trigger an integer underflow in the HTTP PUT path, leading to a denial of service. A workaround is to disable HTTP PUT su...

USN-7282-1: tomcat7 vulnerabilities

It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code...

PT-2025-7469 · Eclipse · Eclipse Threadx Netx Duo

Name of the Vulnerable Software and Affected Versions: Eclipse ThreadX NetX Duo versions prior to 6.4.2 Description: The issue allows an attacker to cause an integer underflow and a subsequent denial of service by writing a very large file or by sending specially crafted packets with Content-Leng...

Ubuntu: Security Advisory (USN-7282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-7470 · Eclipse · Eclipse Threadx Netx Duo

Name of the Vulnerable Software and Affected Versions: Eclipse ThreadX NetX Duo versions prior to 6.4.2 Description: The issue allows an attacker to cause an integer underflow and a subsequent denial of service by writing a very large file or by sending specially crafted packets with Content-Leng...

Ubuntu 16.04 LTS : tomcat7 vulnerabilities (USN-7282-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7282-1 advisory. It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to...

CVE-2024-24824

Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...

CVE-2024-45842

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests...

CVE-2024-45842

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests...

CVE-2024-45842

The CVE-2024-45842 issue affects Sharp and Toshiba Tec MFPs (multifunction printers). Root cause: improper processing of URI data in HTTP PUT requests, leading to a path traversal vulnerability. Impact: unintended internal files may be retrieved when processing crafted HTTP requests. Connected so...

CVE-2024-45842

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests...

[SECURITY] Fedora 39 Update: curl-8.2.1-5.fc39

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

[SECURITY] Fedora 40 Update: curl-8.6.0-8.fc40

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Design/Logic Flaw

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

Arbitrary Code Execution

Graylog is vulnerable to Arbitrary Code Execution. The vulnerability is due to a lack of class validation, which allows an attacker to send a HTTP PUT request to the /api/system/clusterconfig/ endpoint which results in the loading of arbitrary classes. This issue can be exploited by an attacker b...

CVE-2024-24824 graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request

Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...

CVE-2024-24824 graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request

Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...