113 matches found
CVE-2024-50595
CVE-2024-50595 is a vulnerability in STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0 where an integer underflow in the NetX Duo HTTP server PUT handling can trigger denial of service. Specifically, in the NetX Duo Component HTTP Server (nx_http_server.c), processing of HTTP PUT requests can lead to an ...
CVE-2024-50596
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects t...
STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server chunked PUT request integer underflow vulnerability
Talos Vulnerability Report TALOS-2024-2102 STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server chunked PUT request integer underflow vulnerability April 2, 2025 CVE Number CVE-2024-50594,CVE-2024-50595 SUMMARY An integer underflow vulnerability exists in the HTTP server PUT request functionality of...
PT-2025-14501 · Stmicroelectronics · X-Cube-Azrtos-Wl +1
Name of the Vulnerable Software and Affected Versions: STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0 STMicroelectronics X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server version 1.1.0 Description: A denial of service issue exists in the NetX Component HTTP server functionality. This can be...
CVE-2025-26819
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...
CVE-2022-21593
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OHS Config MBeans. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP...
CVE-2024-20436
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a null pointer dereference when accessin...
CVE-2024-10395
CVE-2024-10395 affects Zephyr RTOS components (notably the http_server code path handling content-type inference) due to missing validation of input length in http_server_get_content_type_from_extension. Multiple connected sources describe a Buffer Under-read rooted in insufficient length checks,...
CVE-2024-10395 net: lib: http_server: Buffer Under-read
No proper validation of the length of user input in httpservergetcontenttypefromextension...
CVE-2024-45687
CVE-2024-45687 involves Improper Neutralization of CRLF Sequences in HTTP Headers in Payara Server and Payara Micro (Grizzly, REST Management Interface modules). Affected products/versions include Payara Server 4.1.151–4.1.2.191.51; 5.20.0–5.70.0; 5.2020.2–5.2022.5; 6.2022.1–6.2024.12; 6.0.0–6.21...
BIT-NODE-MIN-2024-27982
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...
Dell 3000cn Improper Authentication (CVE-2006-2113)
The embedded HTTP server in Fuji Xerox Printing Systems FXPS print engine, as used in products including 1 Dell 3000cn through 5110cn and 2 Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which...
The vulnerability of the Reactor Netty HTTP server, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the Reactor Netty HTTP server is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures through specially crafted HTTP requests...
The vulnerability of the uC-HTTP server, related to writing beyond the buffer boundary, allows attackers to execute arbitrary code.
The vulnerability of the uC-HTTP server is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted HTTP request...
PT-2023-8560 · Unknown · Weston Embedded Uc-Http
Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 3.01.01 Description: A memory corruption issue exists in the HTTP Server Host header parsing functionality. This can be triggered by a specially crafted network packet, potentially leading to code execution. An...
PT-2023-7289 · Unknown · Weston Embedded Uc-Http
Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 3.01.01 Description: A memory corruption issue exists in the HTTP Server form boundary functionality. This can be triggered by a specially crafted network packet, potentially leading to code execution. An...
The vulnerability of the Micrium real-time operating system’s HTTP server allows attackers to execute arbitrary code.
The vulnerability of a real-time Micrium operating system’s HTTP server relates to buffer overflow attacks. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by sending a specially crafted HTTP request...
Security Bulletin: IBM Aspera Orchestrator affected by Apache HTTP Server vulnerability (CVE-2022-30556)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-30556 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in modlua with websockets. An attacker could exploi...
The vulnerability of the httpd parse_ping_result API of the microprogramming software for InHand Networks’ InRouter302 routers arises from copying buffers without checking the size of the input data. This allows attackers to execute arbitrary code.
The vulnerability of the httpd parsepingresult API of the microprogramming software for InHand Networks InRouter302 lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...
PT-2023-5866
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.57 Bamboo Data Center and Server versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 F5 NGINX products affected versions not specified gRPC-Go versions prior to 1.56.3, 1.57.1, and 1.58.3 IBM HTTP...