3541 matches found
CVE-2025-2258
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...
CVE-2025-2258
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...
CVE-2025-2259
The TALOS report confirms a concrete vulnerability: Eclipse ThreadX NetX Duo HTTP server PUT handling can trigger an integer underflow in _nx_web_http_server_put_process when Content-Length in the first packet is smaller than data in the second, potentially writing a very large file and causing d...
CVE-2025-2259 Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...
CVE-2025-2259 Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...
CVE-2025-2260
Summary: CVE-2025-2260 affects the NetX Duo HTTP server component in Eclipse ThreadX NetX Duo (netxduo) prior to 6.4.3. The root cause is a missing file close after an error during PUT handling, causing the server to respond with 404 for subsequent file requests. Affects both NetX Duo Web Compone...
CVE-2025-2260 Eclipse ThreadX NetX Duo HTTP component server denial of service
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...
CVE-2025-2260 Eclipse ThreadX NetX Duo HTTP component server denial of service
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...
CVE-2025-2258 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...
CVE-2025-2258
NetX Duo HTTP server (Eclipse ThreadX NetX Duo) is affected for versions before 6.4.3. The issue is an integer underflow in the PUT handling path, where a Content-Length smaller than the actual data leads to underflow in the length calculation inside _nx_web_http_server_put_process, causing the s...
CVE-2025-2258 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...
Eclipse ThreadX NetX Duo 安全漏洞
Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.3, which stems from an integer overflow and could result in a denial of service...
Security Bulletin: There is a vulnerability in jetty-server-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763)
Summary There is a vulnerability in jetty-server-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includ...
Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-9823)
Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to deial-of-service attack due to issues with OutofMemory errors related with DosFilter. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty's DosFilter which can be...
Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-6763)
Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to an open redirect attack due to issues with HttpURI parsing and validation checks. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servle...
Security Bulletin: Multiple vulnerabilities disclosed in IBM Eclipse SDK affect IBM SPSS Collaboration and Deployment Services
Summary Multiple vulnerabilities disclosed in IBM Eclipse SDK affect IBM SPSS Collaboration and Deployment Services CVE-2024-8184, CVE-2024-6763, CVE-2024-29857, CVE-2024-30172, CVE-2024-30171, CVE-2021-28170, CVE-2023-48795, CVE-2023-33201, CVE-2023-33202, CVE-2023-4218, CVE-2023-36478,...
Malicious code in eclipse-tractusx-github-io (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5357a55497ee86b69ff4768aee0d28461a0f024df6f74c50c2511d1032cf3128 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2609 Malicious code in eclipse-tractusx-github-io (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5357a55497ee86b69ff4768aee0d28461a0f024df6f74c50c2511d1032cf3128 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in its dependencies (CVE-2022-45688, CVE-2023-28439, CVE-2023-33201, CVE-2023-41900, CVE-2023-36479, CVE-2023-40167, CVE-2023-36478, )
Summary Multiple vulnerabilities over HuTool, JSON-java, CKEditor4, Bouncy Castle and Eclipse Jetty is affecting IBM Sterling Control Center v6.2.1.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is...
Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Java and Node.js
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2025-26791, CVE-2025-1470, CVE-2025-1471. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression,...