Lucene search
K

113 matches found

CVE
CVE
added 2025/04/02 1:41 p.m.54 views

CVE-2024-50595

CVE-2024-50595 is a vulnerability in STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0 where an integer underflow in the NetX Duo HTTP server PUT handling can trigger denial of service. Specifically, in the NetX Duo Component HTTP Server (nx_http_server.c), processing of HTTP PUT requests can lead to an ...

7.5CVSS6.9AI score0.00707EPSS
Exploits1References2Affected Software10
Cvelist
Cvelist
added 2025/04/02 1:41 p.m.27 views

CVE-2024-50596

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects t...

4.3CVSS0.00707EPSS
Exploits1References1
Talos
Talos
added 2025/04/02 12:0 a.m.6 views

STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server chunked PUT request integer underflow vulnerability

Talos Vulnerability Report TALOS-2024-2102 STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server chunked PUT request integer underflow vulnerability April 2, 2025 CVE Number CVE-2024-50594,CVE-2024-50595 SUMMARY An integer underflow vulnerability exists in the HTTP server PUT request functionality of...

7.5CVSS5.2AI score0.00707EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.8 views

PT-2025-14501 · Stmicroelectronics · X-Cube-Azrtos-Wl +1

Name of the Vulnerable Software and Affected Versions: STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0 STMicroelectronics X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server version 1.1.0 Description: A denial of service issue exists in the NetX Component HTTP server functionality. This can be...

6.5CVSS8.1AI score0.00708EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2025/02/14 12:0 a.m.6 views

CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...

8.6CVSS5.3AI score0.0051EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/06 1:3 a.m.11 views

CVE-2022-21593

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OHS Config MBeans. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP...

7.1CVSS6.7AI score0.00631EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:24 a.m.10 views

CVE-2024-20436

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a null pointer dereference when accessin...

8.6CVSS7AI score0.0086EPSS
Exploits0References1
CVE
CVE
added 2025/02/03 6:59 a.m.53 views

CVE-2024-10395

CVE-2024-10395 affects Zephyr RTOS components (notably the http_server code path handling content-type inference) due to missing validation of input length in http_server_get_content_type_from_extension. Multiple connected sources describe a Buffer Under-read rooted in insufficient length checks,...

8.6CVSS8.6AI score0.003EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/03 6:59 a.m.8 views

CVE-2024-10395 net: lib: http_server: Buffer Under-read

No proper validation of the length of user input in httpservergetcontenttypefromextension...

8.6CVSS6.9AI score0.003EPSS
Exploits0References1
CVE
CVE
added 2025/01/21 4:35 p.m.71 views

CVE-2024-45687

CVE-2024-45687 involves Improper Neutralization of CRLF Sequences in HTTP Headers in Payara Server and Payara Micro (Grizzly, REST Management Interface modules). Affected products/versions include Payara Server 4.1.151–4.1.2.191.51; 5.20.0–5.70.0; 5.2020.2–5.2022.5; 6.2022.1–6.2024.12; 6.0.0–6.21...

2.4CVSS6.6AI score0.00225EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 1:54 p.m.6 views

BIT-NODE-MIN-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

6.5CVSS6.8AI score0.01155EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/12/04 12:0 a.m.10 views

Dell 3000cn Improper Authentication (CVE-2006-2113)

The embedded HTTP server in Fuji Xerox Printing Systems FXPS print engine, as used in products including 1 Dell 3000cn through 5110cn and 2 Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which...

6.4CVSS5.8AI score0.019EPSS
Exploits0References17
BDU FSTEC
BDU FSTEC
added 2024/01/11 12:0 a.m.8 views

The vulnerability of the Reactor Netty HTTP server, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Reactor Netty HTTP server is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures through specially crafted HTTP requests...

5.3CVSS7.2AI score0.00906EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/12/01 12:0 a.m.4 views

The vulnerability of the uC-HTTP server, related to writing beyond the buffer boundary, allows attackers to execute arbitrary code.

The vulnerability of the uC-HTTP server is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted HTTP request...

10CVSS8.5AI score0.01475EPSS
Exploits1References3Affected Software3
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.9 views

PT-2023-8560 · Unknown · Weston Embedded Uc-Http

Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 3.01.01 Description: A memory corruption issue exists in the HTTP Server Host header parsing functionality. This can be triggered by a specially crafted network packet, potentially leading to code execution. An...

9.8CVSS9.6AI score0.01672EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.8 views

PT-2023-7289 · Unknown · Weston Embedded Uc-Http

Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 3.01.01 Description: A memory corruption issue exists in the HTTP Server form boundary functionality. This can be triggered by a specially crafted network packet, potentially leading to code execution. An...

10CVSS9.6AI score0.01672EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2023/02/28 12:0 a.m.11 views

The vulnerability of the Micrium real-time operating system’s HTTP server allows attackers to execute arbitrary code.

The vulnerability of a real-time Micrium operating system’s HTTP server relates to buffer overflow attacks. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by sending a specially crafted HTTP request...

10CVSS8.6AI score0.01862EPSS
Exploits1References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 5:32 p.m.34 views

Security Bulletin: IBM Aspera Orchestrator affected by Apache HTTP Server vulnerability (CVE-2022-30556)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-30556 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in modlua with websockets. An attacker could exploi...

7.5CVSS8.4AI score0.04687EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/01/31 12:0 a.m.6 views

The vulnerability of the httpd parse_ping_result API of the microprogramming software for InHand Networks’ InRouter302 routers arises from copying buffers without checking the size of the input data. This allows attackers to execute arbitrary code.

The vulnerability of the httpd parsepingresult API of the microprogramming software for InHand Networks InRouter302 lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...

8.2CVSS7.4AI score0.01256EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.52 views

PT-2023-5866

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.57 Bamboo Data Center and Server versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 F5 NGINX products affected versions not specified gRPC-Go versions prior to 1.56.3, 1.57.1, and 1.58.3 IBM HTTP...

7.8CVSS8.5AI score0.99999EPSS
Exploits19
Rows per page
Query Builder